Verschlüsselungstrojaner (BKA) auf meinem Windows 7 Pc

Filib1990 · 03.07.2012, 23:45

Hey liebes Trojaner-Forum Team,
auch ich habe mir einen dieser "Verschlüsselungs/Polizei Warnung" Trojaner eingefangen
und habe somit leichte Probleme mit einer anständigen Nutzung meines Systems :P

Ich habe mir die Anleitungen die ich für eine rasche Hilfeleistung eurerseits
leisten sollte durchgelesen und Versucht so gut und vollständig als möglich
zu erfüllen!
edit: Nach dem öffnen einer Internetseite hat sich auf einmal dieses Fenster geöffnet das mich der Kinderpornographie beschuldigte und alle anderen aktionen wurden blokiert. über den Taskmanager konnte ich ein paar Programme die schädlich für mich ausgesehen haben schließen und sogar wieder normal mit einem Explorer restart alle Programme nutzen. Habe mich aber doch entschieden da ich es für sinnvoller erachtet habe die Systemprüfung im abgesicherten Modus durchzuführen!

Da mein Computer relativ neu ist und ich mit ziemlicher Sicherheit keine
Cd Emulatoren installiert habe hatte ich defogger nicht angewendet!

Hier erstmals der Scan von Malwarebytes
(überraschenderweise für mich keinen einzigen Trojaner gefunden):

Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.07.03.06

Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
Filib :: FILIB-PC [Administrator]

Schutz: Deaktiviert

03.07.2012 23:49:53
mbam-log-2012-07-03 (23-49-53).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 332997
Laufzeit: 30 Minute(n), 9 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Hier die OTL Scans einmal die OTL Datei:

OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 04.07.2012 00:22:22 - Run 1
OTL by OldTimer - Version 3.2.53.1     Folder = C:\Users\Filib\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,91 Gb Total Physical Memory | 3,02 Gb Available Physical Memory | 77,27% Memory free
7,82 Gb Paging File | 7,05 Gb Available in Paging File | 90,13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 555,07 Gb Total Space | 490,92 Gb Free Space | 88,44% Space Free | Partition Type: NTFS
Drive D: | 40,00 Gb Total Space | 19,98 Gb Free Space | 49,94% Space Free | Partition Type: NTFS
 
Computer Name: FILIB-PC | User Name: Filib | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A2983E6-64C0-4CA2-AC19-F01DC1F0CA45}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{10D4D940-1255-4790-BA32-D9BA8F83DA9D}" = rport=445 | protocol=6 | dir=out | app=system | 
"{2712C87F-0B91-4ECA-A364-476B000237E7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{28297CF6-FDCE-4609-9D5E-56918440FF68}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{29874FEB-E514-4A76-83E5-1912D101E6AB}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{3431290C-D6C1-44F8-BFCE-80857C447625}" = rport=137 | protocol=17 | dir=out | app=system | 
"{41F25EDA-4F14-4F2F-85C3-306C699D7AFE}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{513CBA7A-3C50-4CB8-B4B5-6DA68202496F}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{5DCF1A4D-08BD-4327-8D61-FDF08C527D32}" = lport=445 | protocol=6 | dir=in | app=system | 
"{83A7B532-4A8C-4918-B91B-56FFB8586E94}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{8CBB7E21-077B-403F-BDED-979087A17DAC}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{9AF16A45-AF1E-4823-93DE-DA141BB2BBE0}" = lport=138 | protocol=17 | dir=in | app=system | 
"{9CAFBAB3-5ABC-4062-B2AD-84EC19C97333}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A38FF13E-17AA-49AC-B0A1-CA3F97D42CF7}" = rport=139 | protocol=6 | dir=out | app=system | 
"{AE9413F2-8812-4EB7-8264-ABC675C618B7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{B9F3473E-66B5-4C14-B1AF-84E4F888E2EF}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{D003C03F-6213-49C3-A267-49D15620FEA0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D611168E-665F-421D-B039-F0E617826DFF}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D7510885-DD0C-463F-BDEF-A77FEB8786E2}" = lport=139 | protocol=6 | dir=in | app=system | 
"{DB3FECFE-E1AC-4802-8055-25C9BC36EEE1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{DB89E45F-92F7-40DE-8190-5CCD0009B511}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E0B94EFF-EFC4-4BA3-849F-4EC3F3027FCB}" = lport=137 | protocol=17 | dir=in | app=system | 
"{E0E459FD-4630-4CAA-A106-1318E285E781}" = rport=138 | protocol=17 | dir=out | app=system | 
"{EA7A5514-815D-4A21-BD5B-CB093B5C0795}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{EF720BB2-4882-4EE4-8189-6162F5613F89}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06E23EBE-CFF9-4F76-9E1E-2C7DEFF81F74}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxditime.exe | 
"{0E67BF87-B6B0-4B96-963D-0A2FFF76B5E4}" = protocol=17 | dir=in | app=c:\users\filib\appdata\local\temp\lxdi\wireless\german\lxdiwpss.exe | 
"{16207F27-E370-4AFD-A963-EEA943D13737}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{19F309AD-4D77-40C0-A922-752A19B13F63}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{20248070-2AA9-421A-A47F-E7C18EECB6CA}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxdicoms.exe | 
"{28A04645-A91F-4AEB-B7DB-74F67D32A375}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{2EDBC4E1-0FDD-4001-B2A4-2D62481491F9}" = protocol=6 | dir=in | app=c:\windows\system32\lxdicoms.exe | 
"{3A419A38-607D-4E98-ABAC-DA4826A13130}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdipswx.exe | 
"{3A9359E5-7224-41C1-8DD1-54C18664F305}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{3C6AF7D8-0120-4014-894F-CCDB1144044C}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 3500-4500 series\lxdiamon.exe | 
"{44EE272A-7E81-4D4A-9650-EACEC3B6E88E}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxdicoms.exe | 
"{4B53AE5D-CD0E-494D-9292-A83ED3E3955A}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 3500-4500 series\wireless\lxdiwpss.exe | 
"{4FC7439C-D3A1-475D-A31F-E31704EE3EF7}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 3500-4500 series\lxdimon.exe | 
"{510BA137-41C8-44AE-9917-4DF19B66C5F2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{5BAA8F1A-28F7-4D9F-B23A-1E8D9EAC0263}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{60E7A00E-F75C-405E-A7C7-5708C6AD90F4}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 3500-4500 series\lxdiamon.exe | 
"{61D8F49D-D5C5-48B3-B29A-E5599256DA39}" = protocol=6 | dir=in | app=c:\users\filib\appdata\local\temp\lxdi\wireless\german\lxdiwpss.exe | 
"{64D93C16-863A-47FF-9AC8-EE0D9434B716}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{677A87D6-DA9B-4E9A-A37B-6E9980D4DA52}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdipswx.exe | 
"{6953F860-C803-4399-882F-E15DB3E53515}" = protocol=17 | dir=in | app=c:\windows\system32\lxdicfg.exe | 
"{6C9CC998-492E-49E6-BE1A-E83C00D04406}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6EE12DC5-793B-4EAA-8B92-AF88C678D787}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | 
"{79C9117E-6555-45F8-A171-896259656D94}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 3500-4500 series\lxdimon.exe | 
"{7C773480-F041-4DE7-A41A-500644319587}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{7F9A36C9-2610-4856-A929-451A82BE04CF}" = protocol=17 | dir=in | app=c:\windows\system32\lxdicoms.exe | 
"{88AD8894-0D22-4D04-8245-69A1F9EDF7F4}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 3500-4500 series\wireless\lxdiwpss.exe | 
"{894DD592-95CA-4AFA-AD31-9D46D04371AD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{8E1504FF-98FD-4714-BD26-A466E998FDB1}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdijswx.exe | 
"{8FC2A739-1694-4595-9DEC-FC21E4B02D95}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{9248046D-4A15-4E16-944E-3E8D04CDF4EE}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 3500-4500 series\app4r.exe | 
"{934A969D-325E-4910-9DE6-73B2B3E5A7F6}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 3500-4500 series\app4r.exe | 
"{A36B4486-3470-4586-B13F-BAD000AD0B34}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxditime.exe | 
"{A5D02DFB-D2D3-476D-B3BF-42996628F632}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{A6DDC549-6EA4-445D-9EAD-BC93D5E2F91F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{AA474329-E16D-4026-A445-21A14692F5C1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{AB33CBAE-06A3-4F2F-A186-7EA343BB89E7}" = protocol=6 | dir=out | app=system | 
"{B9D7729B-2ED9-41AC-9761-CB9067DE7013}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{CEC1D9C4-B802-4029-8296-14437A202017}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D3387779-24A1-4061-9297-1BDF05029851}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{DA5DCB23-A050-414D-AB34-4C33190A14D4}" = protocol=6 | dir=in | app=c:\windows\system32\lxdicfg.exe | 
"{DECA9F78-0EE7-4C1A-85F4-51F6E1F80D4E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E208CF46-8B50-4A88-BD1D-640B6A656E89}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{E7B1E7C2-AD81-4F6B-B14A-8F01C76D814E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{EEA913C4-5330-4AC3-94D0-BB6CD1D99EB9}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdijswx.exe | 
"{F8BA434F-3751-4264-BB64-81A691281D5C}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{FBE753C7-B52E-4043-8B1F-2E82E8C5EDFD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"TCP Query User{4A3F8434-E874-4CB1-897D-D62015D4B502}C:\alles\spiele\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\alles\spiele\world of warcraft\launcher.exe | 
"TCP Query User{5D7D4EA9-FDC0-42A6-9BC8-E4AEC58E308F}C:\program files (x86)\lexmark 3500-4500 series\lxdiamon.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 3500-4500 series\lxdiamon.exe | 
"TCP Query User{8707E407-C26E-436E-ABD9-3633178F26CE}C:\program files (x86)\lexmark 3500-4500 series\lxdimon.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 3500-4500 series\lxdimon.exe | 
"UDP Query User{4BE239ED-BAB2-4E44-A327-A9861D6B4919}C:\program files (x86)\lexmark 3500-4500 series\lxdimon.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 3500-4500 series\lxdimon.exe | 
"UDP Query User{7462ACC1-19F1-451B-A927-3BEC3CD468FB}C:\program files (x86)\lexmark 3500-4500 series\lxdiamon.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 3500-4500 series\lxdiamon.exe | 
"UDP Query User{E5932AEA-9C6C-4E34-B285-8BB5E52E856C}C:\alles\spiele\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\alles\spiele\world of warcraft\launcher.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources
"{26A24AE4-039D-4CA4-87B4-2F86416026FF}" = Java(TM) 6 Update 26 (64-bit)
"{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources
"{3C41721F-AF0F-4086-AA1C-4C7F29076228}" = Intel(R) PROSet/Wireless WiFi Software
"{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources
"{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources
"{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Display Control Panel
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 266.39
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.0.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources
"{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E86906FF-C63D-4EAF-ACE7-5F8D55FBEA9A}" = Finger Sensing Pad Driver
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Lexmark 3500-4500 Series" = Lexmark 3500-4500 Series
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"ProInst" = Intel PROSet Wireless
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
"{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack
"{0A9256E0-C924-46DE-921B-F6C4548A1C64}" = Windows Live Messenger
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
"{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema
"{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{241E7104-937A-4366-AD57-8FDDDB003939}" = Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2AD2DD70-27F7-4343-BB4E-DE50A32D854B}" = Windows Live Messenger
"{2C7E8AA1-9C03-4606-BF34-5D99D07964DA}" = Windows Live Messenger
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources
"{32A3A4F4-B792-11D6-A78A-00B0D0160310}" = Java(TM) SE Development Kit 6 Update 31
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3D0C22FA-96D7-4789-BC5B-991A5A99BFFA}" = Windows Live Messenger
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials
"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = CyberLink PowerRecover
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{48106FE4-B1AF-4941-BF3D-83E6C4B7CAF3}" = Alcor Micro USB Card Reader
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A275FD1-2F24-4274-8C01-813F5AD1A92D}" = Windows Live Messenger
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4D141929-141B-4605-95D6-2B8650C1C6DA}" = Windows Live UX Platform Language Pack
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{523DF2BB-3A85-4047-9898-29DC8AEB7E69}" = Windows Live UX Platform Language Pack
"{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{57220148-3B2B-412A-A2E0-82B9DF423696}" = Windows Live Mesh ActiveX-objekt til fjernforbindelser
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
"{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail
"{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker
"{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A563426-3474-41C6-B847-42B39F1485B2}" = Windows Live Messenger
"{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh
"{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}" = Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz
"{6EE9F44A-B8C7-4CDB-B2A9-441AF2AE315A}" = Windows Live Messenger
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer
"{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh
"{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
"{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources
"{7F6021AE-E688-4D03-843A-C2260482BA0D}" = Windows Live Messenger
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common
"{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA4D1C5E-116A-4FF4-AA91-28F526868203}" = watchmi
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-5464-3428-A00000000004}" = Spelling Dictionaries Support For Adobe Reader X
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.3) MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}" = Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}" = Dolby Advanced Audio v2
"{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CA227A9D-09BE-4BFB-9764-48FED2DA5454}" = Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave
"{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E50C224A-BBF2-428D-9DCF-DBF9DF85C40E}" = PHotkey
"{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas
"{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer
"{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live
"{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E7688C7D-DE09-4D43-9785-534EDE9BC18E}" = Windows Live Messenger
"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EE492B20-FB15-4A98-883C-3054354A11F8}" = Windows Live Messenger
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}" = Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις
"{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AmUStor" = Alcor Micro USB Card Reader
"Elasto Mania" = Elasto Mania
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.15.1228
"Google Chrome" = Google Chrome
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = CyberLink PowerRecover
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"ProInst" = Intel PROSet Wireless
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Win2day Poker" = Win2day Poker
"WinLiveSuite" = Windows Live Essentials
"World of Warcraft" = World of Warcraft
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 10.05.2012 06:17:13 | Computer Name = Filib-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: lxdiJSWX.EXE, Version: 4.0.17.0, 
Zeitstempel: 0x4610dd6c  Name des fehlerhaften Moduls: lxdiJSWX.EXE, Version: 4.0.17.0,
 Zeitstempel: 0x4610dd6c  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000000000001454e
ID
 des fehlerhaften Prozesses: 0x47c  Startzeit der fehlerhaften Anwendung: 0x01cd2e9505691ca7
Pfad
 der fehlerhaften Anwendung: C:\Windows\system32\spool\DRIVERS\x64\3\lxdiJSWX.EXE
Pfad
 des fehlerhaften Moduls: C:\Windows\system32\spool\DRIVERS\x64\3\lxdiJSWX.EXE  Berichtskennung:
 4eda19b6-9a89-11e1-9bb5-3860773623dd
 
Error - 10.05.2012 06:17:19 | Computer Name = Filib-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: lxdiJSWX.EXE, Version: 4.0.17.0, 
Zeitstempel: 0x4610dd6c  Name des fehlerhaften Moduls: lxdiJSWX.EXE, Version: 4.0.17.0,
 Zeitstempel: 0x4610dd6c  Ausnahmecode: 0xc000041d  Fehleroffset: 0x000000000001454e
ID
 des fehlerhaften Prozesses: 0x47c  Startzeit der fehlerhaften Anwendung: 0x01cd2e9505691ca7
Pfad
 der fehlerhaften Anwendung: C:\Windows\system32\spool\DRIVERS\x64\3\lxdiJSWX.EXE
Pfad
 des fehlerhaften Moduls: C:\Windows\system32\spool\DRIVERS\x64\3\lxdiJSWX.EXE  Berichtskennung:
 52a75c97-9a89-11e1-9bb5-3860773623dd
 
Error - 11.05.2012 01:54:28 | Computer Name = Filib-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: NvXDSync.exe, Version: 7.17.12.6639,
 Zeitstempel: 0x4d13f16c  Name des fehlerhaften Moduls: NvXDSync.exe, Version: 7.17.12.6639,
 Zeitstempel: 0x4d13f16c  Ausnahmecode: 0xc0000417  Fehleroffset: 0x0000000000061534
ID
 des fehlerhaften Prozesses: 0xe74  Startzeit der fehlerhaften Anwendung: 0x01cd2f3a8639077d
Pfad
 der fehlerhaften Anwendung: C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
Berichtskennung:
 c4b70b75-9b2d-11e1-8e1c-3860773623dd
 
Error - 29.05.2012 07:17:28 | Computer Name = Filib-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: 
 
Error - 31.05.2012 07:20:08 | Computer Name = Filib-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: 
 
Error - 18.06.2012 10:55:48 | Computer Name = Filib-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_257.exe,
 Version: 11.3.300.257, Zeitstempel: 0x4fc82063  Name des fehlerhaften Moduls: NPSWF32_11_3_300_257.dll,
 Version: 11.3.300.257, Zeitstempel: 0x4fc821fc  Ausnahmecode: 0xc0000005  Fehleroffset:
 0x00490fb1  ID des fehlerhaften Prozesses: 0xc7c  Startzeit der fehlerhaften Anwendung:
 0x01cd4d3fa5eb7cc6  Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll
Berichtskennung:
 b03a6055-b955-11e1-b491-3860773623dd
 
Error - 19.06.2012 06:32:54 | Computer Name = Filib-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_257.exe,
 Version: 11.3.300.257, Zeitstempel: 0x4fc82063  Name des fehlerhaften Moduls: NPSWF32_11_3_300_257.dll,
 Version: 11.3.300.257, Zeitstempel: 0x4fc821fc  Ausnahmecode: 0xc0000005  Fehleroffset:
 0x0016b4ac  ID des fehlerhaften Prozesses: 0xb14  Startzeit der fehlerhaften Anwendung:
 0x01cd4e06d4815416  Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll
Berichtskennung:
 203a3093-b9fa-11e1-ad52-3860773623dd
 
Error - 19.06.2012 11:24:03 | Computer Name = Filib-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_257.exe,
 Version: 11.3.300.257, Zeitstempel: 0x4fc82063  Name des fehlerhaften Moduls: NPSWF32_11_3_300_257.dll,
 Version: 11.3.300.257, Zeitstempel: 0x4fc821fc  Ausnahmecode: 0xc0000005  Fehleroffset:
 0x0016b4ac  ID des fehlerhaften Prozesses: 0xf10  Startzeit der fehlerhaften Anwendung:
 0x01cd4e2f8a9d03ec  Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll
Berichtskennung:
 ccc4b011-ba22-11e1-af14-3860773623dd
 
Error - 29.06.2012 20:22:41 | Computer Name = Filib-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_257.exe,
 Version: 11.3.300.257, Zeitstempel: 0x4fc82063  Name des fehlerhaften Moduls: NPSWF32_11_3_300_257.dll,
 Version: 11.3.300.257, Zeitstempel: 0x4fc821fc  Ausnahmecode: 0xc0000005  Fehleroffset:
 0x001a4b75  ID des fehlerhaften Prozesses: 0x1c68  Startzeit der fehlerhaften Anwendung:
 0x01cd56501f016cd6  Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll
Berichtskennung:
 b405bbf7-c249-11e1-8fad-3860773623dd
 
Error - 03.07.2012 07:27:08 | Computer Name = Filib-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_257.exe,
 Version: 11.3.300.257, Zeitstempel: 0x4fc82063  Name des fehlerhaften Moduls: NPSWF32_11_3_300_257.dll,
 Version: 11.3.300.257, Zeitstempel: 0x4fc821fc  Ausnahmecode: 0xc0000005  Fehleroffset:
 0x000ccb60  ID des fehlerhaften Prozesses: 0xed8  Startzeit der fehlerhaften Anwendung:
 0x01cd58ffcc15635e  Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll
Berichtskennung:
 05b440c5-c502-11e1-83cb-3860773623dd
 
[ System Events ]
Error - 28.06.2012 07:58:52 | Computer Name = Filib-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 lxdiCATSCustConnectService erreicht.
 
Error - 28.06.2012 07:58:52 | Computer Name = Filib-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "lxdiCATSCustConnectService" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
Error - 29.06.2012 07:16:47 | Computer Name = Filib-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 lxdiCATSCustConnectService erreicht.
 
Error - 29.06.2012 07:16:47 | Computer Name = Filib-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "lxdiCATSCustConnectService" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
Error - 29.06.2012 10:27:42 | Computer Name = Filib-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 lxdiCATSCustConnectService erreicht.
 
Error - 29.06.2012 10:27:42 | Computer Name = Filib-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "lxdiCATSCustConnectService" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
Error - 29.06.2012 16:15:41 | Computer Name = Filib-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 lxdiCATSCustConnectService erreicht.
 
Error - 29.06.2012 16:15:41 | Computer Name = Filib-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "lxdiCATSCustConnectService" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
Error - 30.06.2012 07:37:24 | Computer Name = Filib-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 lxdiCATSCustConnectService erreicht.
 
Error - 30.06.2012 07:37:24 | Computer Name = Filib-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "lxdiCATSCustConnectService" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
 
< End of report >

--- --- ---

und weiters Extras:
OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 04.07.2012 00:22:22 - Run 1
OTL by OldTimer - Version 3.2.53.1     Folder = C:\Users\Filib\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,91 Gb Total Physical Memory | 3,02 Gb Available Physical Memory | 77,27% Memory free
7,82 Gb Paging File | 7,05 Gb Available in Paging File | 90,13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 555,07 Gb Total Space | 490,92 Gb Free Space | 88,44% Space Free | Partition Type: NTFS
Drive D: | 40,00 Gb Total Space | 19,98 Gb Free Space | 49,94% Space Free | Partition Type: NTFS
 
Computer Name: FILIB-PC | User Name: Filib | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.04 00:03:19 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Filib\Desktop\OTL.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2012.03.26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012.03.26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011.05.02 23:27:50 | 001,517,328 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV:64bit: - [2011.05.02 23:13:54 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2011.05.02 23:10:26 | 000,844,560 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV:64bit: - [2010.12.17 16:46:34 | 000,198,784 | ---- | M] (Conexant Systems Inc.) [Auto | Stopped] -- C:\Windows\SysNative\CxAudMsg64.exe -- (CxAudMsg)
SRV:64bit: - [2010.09.23 04:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2007.06.11 10:15:08 | 000,876,976 | ---- | M] ( ) [Auto | Stopped] -- C:\Windows\SysNative\lxdicoms.exe -- (lxdi_device)
SRV:64bit: - [2007.06.11 10:15:00 | 000,033,712 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxdiserv.exe -- (lxdiCATSCustConnectService)
SRV - [2012.06.17 17:52:01 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.02.15 14:30:18 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.01.03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010.12.24 09:26:00 | 001,997,416 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2010.12.06 13:52:40 | 000,062,464 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\watchmi\TvdService.exe -- (watchmi)
SRV - [2010.11.06 08:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010.10.07 02:46:42 | 000,159,752 | R--- | M] () [Auto | Stopped] -- C:\Program Files (x86)\PHotkey\GFNEXSrv.exe -- (GFNEXSrv)
SRV - [2010.03.18 22:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.12.19 00:40:48 | 000,104,968 | R--- | M] () [Auto | Stopped] -- C:\Program Files (x86)\PHotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007.06.11 10:15:00 | 000,033,712 | ---- | M] () [Auto | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\\lxdiserv.exe -- (lxdiCATSCustConnectService)
SRV - [2007.06.11 10:14:52 | 000,517,040 | ---- | M] ( ) [Auto | Stopped] -- C:\Windows\SysWOW64\lxdicoms.exe -- (lxdi_device)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.03.20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.10.01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011.10.01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011.10.01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011.10.01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011.05.26 09:24:16 | 001,590,912 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2011.05.01 23:33:06 | 008,593,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel(R)
DRV:64bit: - [2011.04.15 01:16:08 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.06 21:52:22 | 012,264,384 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011.02.10 15:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011.02.10 15:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010.12.24 09:26:00 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.11.08 15:52:14 | 000,068,608 | ---- | M] (Sentelic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fspad_xp64.sys -- (fspad_xp64)
DRV:64bit: - [2010.11.08 15:52:14 | 000,068,608 | ---- | M] (Sentelic Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fspad_wlh64.sys -- (fspad_wlh64)
DRV:64bit: - [2010.11.06 08:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.10.15 01:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2010.09.23 22:03:06 | 000,129,008 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
DRV:64bit: - [2010.08.24 18:55:44 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010.02.06 16:49:24 | 000,690,208 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL8192su.sys -- (RTL8192su)
DRV:64bit: - [2009.10.23 17:26:14 | 000,046,592 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:35:42 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.09.11 23:11:46 | 000,014,344 | R--- | M] (PEGATRON) [Kernel | Auto | Stopped] -- C:\Program Files (x86)\PHotkey\PEGAGFN.sys -- (PEGAGFN)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=MDNF&bmod=MDNF
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=MDNF&bmod=MDNF
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{24DBECDD-86CD-44BC-91D2-C4153D7B69BB}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNF_enDE393
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.orf.at"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.17 17:52:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.17 17:52:01 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.01.20 15:25:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Filib\AppData\Roaming\mozilla\Extensions
[2012.05.04 13:24:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Filib\AppData\Roaming\mozilla\Firefox\Profiles\z1ehmlkz.default\extensions
[2012.02.21 16:26:26 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Filib\AppData\Roaming\mozilla\Firefox\Profiles\z1ehmlkz.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.04.26 10:43:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.06.17 17:52:01 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.02.05 16:20:35 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.05 16:20:35 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.05 16:20:35 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.05 16:20:35 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.05 16:20:35 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.05 16:20:35 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.47\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.47\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Filib\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [fspuip] C:\Program Files\FSP\fspuip.exe (Sentelic Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [lxdiamon] C:\Program Files (x86)\Lexmark 3500-4500 Series\lxdiamon.exe ()
O4:64bit: - HKLM..\Run: [lxdimon.exe] C:\Program Files (x86)\Lexmark 3500-4500 Series\lxdimon.exe ()
O4:64bit: - HKLM..\Run: [MedionReminder] C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe (CyberLink)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant systems, Inc.)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [Dolby Advanced Audio v2] C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe (Dolby Laboratories Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [YouCam Mirage] C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink)
O4 - HKLM..\Run: [YouCam Tray] C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe (CyberLink Corp.)
O4 - HKCU..\Run: [Update] C:\Users\Filib\AppData\Roaming\0_0u_l.exe (Koolance)
O4:64bit: - HKLM..\RunOnce: [MedionReminder] C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe (CyberLink)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4 File not found
O9:64bit: - Extra 'Tools' menuitem : eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4 File not found
O9 - Extra Button: eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4 File not found
O9 - Extra 'Tools' menuitem : eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4 File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{62FB12DB-D76C-41CF-B3FA-D6245DB6EA4A}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C0202C20-E07A-4081-8DFF-E4B4ADCF5B00}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{2dc448b9-6ac7-11e1-9ec3-3860773623dd}\Shell - "" = AutoRun
O33 - MountPoints2\{2dc448b9-6ac7-11e1-9ec3-3860773623dd}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.04 00:03:12 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Filib\Desktop\OTL.exe
[2012.07.03 23:25:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.07.03 23:25:49 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.07.03 22:41:47 | 000,000,000 | ---D | C] -- C:\Users\Filib\AppData\Roaming\Malwarebytes
[2012.07.03 22:41:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.03 22:41:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.03 22:41:38 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.03 22:41:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.07.03 22:29:17 | 000,160,256 | ---- | C] (Koolance) -- C:\Users\Filib\AppData\Roaming\0_0u_l.exe
[2012.06.27 16:48:52 | 000,000,000 | ---D | C] -- C:\Users\Filib\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2012.06.27 16:48:34 | 000,000,000 | ---D | C] -- C:\Users\Filib\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ElastoMania111
[2012.06.27 16:48:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElastoMania111
[2012.06.27 16:48:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ElastoMania111
[2012.06.27 16:39:36 | 000,000,000 | ---D | C] -- C:\Users\Filib\AppData\Local\Microsoft Games
[2012.06.15 22:02:01 | 000,000,000 | ---D | C] -- C:\Users\Filib\AppData\Local\Macromedia
[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.04 00:03:19 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Filib\Desktop\OTL.exe
[2012.07.03 23:47:06 | 000,067,584 | -H-- | M] () -- C:\Windows\bootstat.dat
[2012.07.03 23:46:46 | 3151,269,888 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.03 23:37:40 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.03 23:35:58 | 000,283,104 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.07.03 23:28:02 | 001,528,894 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.03 23:28:02 | 000,656,972 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.03 23:28:02 | 000,618,814 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.03 23:28:02 | 000,131,454 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.03 23:28:02 | 000,107,836 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.03 23:25:51 | 000,000,826 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.07.03 22:41:42 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.03 22:40:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.03 22:29:16 | 000,160,256 | ---- | M] (Koolance) -- C:\Users\Filib\AppData\Roaming\0_0u_l.exe
[2012.07.03 11:39:38 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.03 11:39:38 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.30 13:40:48 | 000,002,678 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.07.03 23:25:51 | 000,000,826 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.07.03 22:41:42 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.29 22:21:16 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\lxdicomx.dll
[2012.05.29 22:21:16 | 000,294,912 | ---- | C] () -- C:\Windows\SysWow64\lxdiinst.dll
[2012.05.29 22:21:15 | 001,187,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdiserv.dll
[2012.05.29 22:21:15 | 000,942,080 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdiusb1.dll
[2012.05.29 22:21:15 | 000,614,400 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdipmui.dll
[2012.05.29 22:21:15 | 000,532,480 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdilmpm.dll
[2012.05.29 22:21:15 | 000,356,352 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdiinpa.dll
[2012.05.29 22:21:15 | 000,339,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdiiesc.dll
[2012.05.29 22:21:15 | 000,320,432 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdiih.exe
[2012.05.29 22:21:15 | 000,054,192 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdippls.exe
[2012.05.29 22:21:15 | 000,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdiprox.dll
[2012.05.29 22:21:15 | 000,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdipplc.dll
[2012.05.29 22:21:14 | 000,765,952 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdicomc.dll
[2012.05.29 22:21:14 | 000,671,744 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdihbn3.dll
[2012.05.29 22:21:14 | 000,517,040 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdicoms.exe
[2012.05.29 22:21:14 | 000,360,448 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdicomm.dll
[2012.05.29 22:21:14 | 000,340,912 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdicfg.exe
[2012.04.07 00:48:11 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2012.02.21 12:42:16 | 001,529,424 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.07.15 12:16:31 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.07.15 12:16:29 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.07.15 12:16:28 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
 
========== LOP Check ==========
 
[2012.02.21 16:26:47 | 000,000,000 | ---D | M] -- C:\Users\Filib\AppData\Roaming\DVDVideoSoft
[2012.02.21 16:26:25 | 000,000,000 | ---D | M] -- C:\Users\Filib\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.05.29 22:24:49 | 000,000,000 | ---D | M] -- C:\Users\Filib\AppData\Roaming\Lexmark Productivity Studio
[2012.06.10 11:25:26 | 000,000,000 | ---D | M] -- C:\Users\Filib\AppData\Roaming\SoftGrid Client
[2012.02.21 12:43:26 | 000,000,000 | ---D | M] -- C:\Users\Filib\AppData\Roaming\TP
[2012.07.03 23:28:39 | 000,000,000 | ---D | M] -- C:\Users\Filib\AppData\Roaming\TS3Client
[2012.02.20 17:06:26 | 000,000,000 | ---D | M] -- C:\Users\Filib\AppData\Roaming\ts3overlay
[2012.02.27 12:19:58 | 000,000,000 | ---D | M] -- C:\Users\Filib\AppData\Roaming\Windows Live Writer
[2012.06.26 13:19:21 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >

--- --- ---

Danke im Vorhinein für eure Hilfe, Lg Filib
(Ich hätte euch die Dateien wirklich gerne gezippt nur war das im gesicherten Modus leider nicht möglich)

Hi, sorry das ich meinen Beitrag selbst kommentiere, jedoch habe ich neue Infos zu dem Thema

Ich hatte zuvor MSE installiert nun jedoch, da ich das Gefühl hatte das ich mit Avira Viren-Suchlauf mehr erfolg haben könnte mir Avira geladen, ausgeführt und nun habe ich einen Virus/Trojan mit dem namen "exp/2012-0507.aw" gefunden und in Quarantäne geschoben.

Da ich annehme, dass von dem her auch die oben geposteten Scans nicht mehr aktuell sind werde ich Avira Report, MWB log und OTL log hier neu posten! Hoffe das ist ok und macht das ganze nicht komplizierter!

Avira

Zitat:

Avira Free Antivirus
Erstellungsdatum der Reportdatei: Mittwoch, 04. Juli 2012 12:01

Es wird nach 3833381 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer : Avira AntiVir Personal - Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows 7 Home Premium
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Abgesicherter Modus mit Netzwerk Support
Benutzername : Filib
Computername : FILIB-PC

Versionsinformationen:
BUILD.DAT : 12.0.0.1125 41829 Bytes 02.05.2012 16:34:00
AVSCAN.EXE : 12.3.0.15 466896 Bytes 01.05.2012 22:48:48
AVSCAN.DLL : 12.3.0.15 66256 Bytes 02.05.2012 00:02:50
LUKE.DLL : 12.3.0.15 68304 Bytes 01.05.2012 23:31:47
AVSCPLR.DLL : 12.3.0.14 97032 Bytes 01.05.2012 22:13:36
AVREG.DLL : 12.3.0.17 232200 Bytes 04.07.2012 09:53:13
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 18:18:34
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 23:22:12
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 23:31:36
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 09:58:50
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 10:43:53
VBASE005.VDF : 7.11.34.116 4034048 Bytes 29.06.2012 09:53:05
VBASE006.VDF : 7.11.34.117 2048 Bytes 29.06.2012 09:53:05
VBASE007.VDF : 7.11.34.118 2048 Bytes 29.06.2012 09:53:05
VBASE008.VDF : 7.11.34.119 2048 Bytes 29.06.2012 09:53:05
VBASE009.VDF : 7.11.34.120 2048 Bytes 29.06.2012 09:53:05
VBASE010.VDF : 7.11.34.121 2048 Bytes 29.06.2012 09:53:05
VBASE011.VDF : 7.11.34.122 2048 Bytes 29.06.2012 09:53:05
VBASE012.VDF : 7.11.34.123 2048 Bytes 29.06.2012 09:53:05
VBASE013.VDF : 7.11.34.124 2048 Bytes 29.06.2012 09:53:05
VBASE014.VDF : 7.11.34.201 169472 Bytes 02.07.2012 09:53:06
VBASE015.VDF : 7.11.34.202 2048 Bytes 02.07.2012 09:53:06
VBASE016.VDF : 7.11.34.203 2048 Bytes 02.07.2012 09:53:06
VBASE017.VDF : 7.11.34.204 2048 Bytes 02.07.2012 09:53:06
VBASE018.VDF : 7.11.34.205 2048 Bytes 02.07.2012 09:53:06
VBASE019.VDF : 7.11.34.206 2048 Bytes 02.07.2012 09:53:06
VBASE020.VDF : 7.11.34.207 2048 Bytes 02.07.2012 09:53:06
VBASE021.VDF : 7.11.34.208 2048 Bytes 02.07.2012 09:53:06
VBASE022.VDF : 7.11.34.209 2048 Bytes 02.07.2012 09:53:06
VBASE023.VDF : 7.11.34.210 2048 Bytes 02.07.2012 09:53:06
VBASE024.VDF : 7.11.34.211 2048 Bytes 02.07.2012 09:53:06
VBASE025.VDF : 7.11.34.212 2048 Bytes 02.07.2012 09:53:06
VBASE026.VDF : 7.11.34.213 2048 Bytes 02.07.2012 09:53:06
VBASE027.VDF : 7.11.34.214 2048 Bytes 02.07.2012 09:53:07
VBASE028.VDF : 7.11.34.215 2048 Bytes 02.07.2012 09:53:07
VBASE029.VDF : 7.11.34.216 2048 Bytes 02.07.2012 09:53:07
VBASE030.VDF : 7.11.34.217 2048 Bytes 02.07.2012 09:53:07
VBASE031.VDF : 7.11.35.6 97280 Bytes 04.07.2012 09:53:07
Engineversion : 8.2.10.102
AEVDF.DLL : 8.1.2.8 106867 Bytes 04.07.2012 09:53:12
AESCRIPT.DLL : 8.1.4.28 455035 Bytes 04.07.2012 09:53:12
AESCN.DLL : 8.1.8.2 131444 Bytes 16.02.2012 16:11:36
AESBX.DLL : 8.2.5.12 606578 Bytes 04.07.2012 09:53:13
AERDL.DLL : 8.1.9.15 639348 Bytes 20.01.2012 23:21:32
AEPACK.DLL : 8.2.16.22 807288 Bytes 04.07.2012 09:53:12
AEOFFICE.DLL : 8.1.2.40 201082 Bytes 04.07.2012 09:53:11
AEHEUR.DLL : 8.1.4.58 4993399 Bytes 04.07.2012 09:53:11
AEHELP.DLL : 8.1.23.2 258422 Bytes 04.07.2012 09:53:08
AEGEN.DLL : 8.1.5.30 422261 Bytes 04.07.2012 09:53:08
AEEXP.DLL : 8.1.0.58 82292 Bytes 04.07.2012 09:53:13
AEEMU.DLL : 8.1.3.0 393589 Bytes 20.01.2012 23:21:29
AECORE.DLL : 8.1.25.10 201080 Bytes 04.07.2012 09:53:08
AEBB.DLL : 8.1.1.0 53618 Bytes 20.01.2012 23:21:28
AVWINLL.DLL : 12.3.0.15 27344 Bytes 01.05.2012 22:59:21
AVPREF.DLL : 12.3.0.15 51920 Bytes 01.05.2012 22:44:31
AVREP.DLL : 12.3.0.15 179208 Bytes 01.05.2012 22:13:35
AVARKT.DLL : 12.3.0.15 211408 Bytes 01.05.2012 22:21:32
AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 01.05.2012 22:28:49
SQLITE3.DLL : 3.7.0.1 398288 Bytes 16.04.2012 21:11:02
AVSMTP.DLL : 12.3.0.15 63440 Bytes 01.05.2012 22:51:35
NETNT.DLL : 12.3.0.15 17104 Bytes 01.05.2012 23:33:29
RCIMAGE.DLL : 12.3.0.15 4447952 Bytes 02.05.2012 00:03:51
RCTEXT.DLL : 12.3.0.15 98512 Bytes 02.05.2012 00:03:51

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\Program Files (x86)\Avira\AntiVir Desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Abweichende Gefahrenkategorien........: +JOKE,+PCK,+PFS,+SPR,

Beginn des Suchlaufs: Mittwoch, 04. Juli 2012 12:01

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'D:\'
[INFO] Es wurde kein Virus gefunden!

Der Suchlauf nach versteckten Objekten wird begonnen.
Der Treiber konnte nicht initialisiert werden.

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '70' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '119' Modul(e) wurden durchsucht

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '1497' Dateien ).

Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\' <Boot>
C:\Users\Filib\AppData\Local\Temp\V.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/2012-0507.AW
C:\Users\Filib\AppData\Local\Temp\RarSFX0\avsdklist.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Users\Filib\AppData\Local\Temp\RarSFX0\manualuninstallconfig.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Users\Filib\AppData\Local\Temp\RarSFX0\productreleasenotes.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Users\Filib\AppData\Local\Temp\RarSFX0\qatestedproducts.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Users\Filib\AppData\Local\Temp\RarSFX1\avsdklist.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Users\Filib\AppData\Local\Temp\RarSFX1\manualuninstallconfig.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Users\Filib\AppData\Local\Temp\RarSFX1\productreleasenotes.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Users\Filib\AppData\Local\Temp\RarSFX1\qatestedproducts.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Users\Filib\Downloads\avira_free_antivirus_de.exe
[WARNUNG] Die Datei ist kennwortgeschützt
Beginne mit der Suche in 'D:\' <Recover>

Beginne mit der Desinfektion:
C:\Users\Filib\AppData\Local\Temp\V.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/2012-0507.AW
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '55c6b0c9.qua' verschoben!

Ende des Suchlaufs: Mittwoch, 04. Juli 2012 12:42
Benötigte Zeit: 39:29 Minute(n)

Der Suchlauf wurde vollständig durchgeführt.

24714 Verzeichnisse wurden überprüft
458057 Dateien wurden geprüft
1 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
1 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
458056 Dateien ohne Befall
5174 Archive wurden durchsucht
9 Warnungen
1 Hinweise

Malewarebytes

Zitat:

Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.07.04.03

Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
Filib :: FILIB-PC [Administrator]

Schutz: Deaktiviert

04.07.2012 13:02:19
mbam-log-2012-07-04 (13-02-19).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 335013
Laufzeit: 28 Minute(n), 18 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Otl.exe

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 04.07.2012 13:59:01 - Run 3
OTL by OldTimer - Version 3.2.53.1     Folder = C:\Users\Filib\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,91 Gb Total Physical Memory | 2,93 Gb Available Physical Memory | 74,90% Memory free
7,82 Gb Paging File | 7,04 Gb Available in Paging File | 89,98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 555,07 Gb Total Space | 490,20 Gb Free Space | 88,31% Space Free | Partition Type: NTFS
Drive D: | 40,00 Gb Total Space | 19,98 Gb Free Space | 49,94% Space Free | Partition Type: NTFS
 
Computer Name: FILIB-PC | User Name: Filib | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.04 00:03:19 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Filib\Desktop\OTL.exe
PRC - [2012.06.27 09:25:04 | 000,572,000 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\PSI_TRAY.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2012.03.26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012.03.26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011.05.02 23:27:50 | 001,517,328 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV:64bit: - [2011.05.02 23:13:54 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2011.05.02 23:10:26 | 000,844,560 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV:64bit: - [2010.12.17 16:46:34 | 000,198,784 | ---- | M] (Conexant Systems Inc.) [Auto | Stopped] -- C:\Windows\SysNative\CxAudMsg64.exe -- (CxAudMsg)
SRV:64bit: - [2010.09.23 04:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2007.06.11 10:15:08 | 000,876,976 | ---- | M] ( ) [Auto | Stopped] -- C:\Windows\SysNative\lxdicoms.exe -- (lxdi_device)
SRV:64bit: - [2007.06.11 10:15:00 | 000,033,712 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxdiserv.exe -- (lxdiCATSCustConnectService)
SRV - [2012.06.27 09:25:06 | 001,326,176 | ---- | M] (Secunia) [Auto | Stopped] -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2012.06.17 17:52:01 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.02.15 14:30:18 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.01.03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010.12.24 09:26:00 | 001,997,416 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2010.12.06 13:52:40 | 000,062,464 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\watchmi\TvdService.exe -- (watchmi)
SRV - [2010.11.06 08:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010.10.07 02:46:42 | 000,159,752 | R--- | M] () [Auto | Stopped] -- C:\Program Files (x86)\PHotkey\GFNEXSrv.exe -- (GFNEXSrv)
SRV - [2010.03.18 22:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.12.19 00:40:48 | 000,104,968 | R--- | M] () [Auto | Stopped] -- C:\Program Files (x86)\PHotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007.06.11 10:15:00 | 000,033,712 | ---- | M] () [Auto | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\\lxdiserv.exe -- (lxdiCATSCustConnectService)
SRV - [2007.06.11 10:14:52 | 000,517,040 | ---- | M] ( ) [Auto | Stopped] -- C:\Windows\SysWOW64\lxdicoms.exe -- (lxdi_device)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.05.02 15:24:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.04.27 10:20:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.04.25 00:32:27 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.03.20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.12.16 16:20:10 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI)
DRV:64bit: - [2011.10.01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011.10.01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011.10.01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011.10.01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011.05.26 09:24:16 | 001,590,912 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2011.05.01 23:33:06 | 008,593,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel(R)
DRV:64bit: - [2011.04.15 01:16:08 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.06 21:52:22 | 012,264,384 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011.02.10 15:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011.02.10 15:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010.12.24 09:26:00 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.11.08 15:52:14 | 000,068,608 | ---- | M] (Sentelic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fspad_xp64.sys -- (fspad_xp64)
DRV:64bit: - [2010.11.08 15:52:14 | 000,068,608 | ---- | M] (Sentelic Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fspad_wlh64.sys -- (fspad_wlh64)
DRV:64bit: - [2010.11.06 08:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.10.15 01:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2010.09.23 22:03:06 | 000,129,008 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
DRV:64bit: - [2010.08.24 18:55:44 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010.02.06 16:49:24 | 000,690,208 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL8192su.sys -- (RTL8192su)
DRV:64bit: - [2009.10.23 17:26:14 | 000,046,592 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:35:42 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.09.11 23:11:46 | 000,014,344 | R--- | M] (PEGATRON) [Kernel | Auto | Stopped] -- C:\Program Files (x86)\PHotkey\PEGAGFN.sys -- (PEGAGFN)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=MDNF&bmod=MDNF
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=MDNF&bmod=MDNF
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{24DBECDD-86CD-44BC-91D2-C4153D7B69BB}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNF_enDE393
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.orf.at"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.17 17:52:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.17 17:52:01 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.01.20 15:25:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Filib\AppData\Roaming\mozilla\Extensions
[2012.05.04 13:24:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Filib\AppData\Roaming\mozilla\Firefox\Profiles\z1ehmlkz.default\extensions
[2012.02.21 16:26:26 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Filib\AppData\Roaming\mozilla\Firefox\Profiles\z1ehmlkz.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.04.26 10:43:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.06.17 17:52:01 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.02.05 16:20:35 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.05 16:20:35 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.05 16:20:35 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.05 16:20:35 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.05 16:20:35 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.05 16:20:35 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.47\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.47\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Filib\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [fspuip] C:\Program Files\FSP\fspuip.exe (Sentelic Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [lxdiamon] C:\Program Files (x86)\Lexmark 3500-4500 Series\lxdiamon.exe ()
O4:64bit: - HKLM..\Run: [lxdimon.exe] C:\Program Files (x86)\Lexmark 3500-4500 Series\lxdimon.exe ()
O4:64bit: - HKLM..\Run: [MedionReminder] C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe (CyberLink)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant systems, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [Dolby Advanced Audio v2] C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe (Dolby Laboratories Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [YouCam Mirage] C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink)
O4 - HKLM..\Run: [YouCam Tray] C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe (CyberLink Corp.)
O4 - HKCU..\Run: [Update] C:\Users\Filib\AppData\Roaming\0_0u_l.exe (Koolance)
O4:64bit: - HKLM..\RunOnce: [GrpConv] C:\Windows\SysNative\grpconv.exe (Microsoft Corporation)
O4:64bit: - HKLM..\RunOnce: [MedionReminder] C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe (CyberLink)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4 File not found
O9:64bit: - Extra 'Tools' menuitem : eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4 File not found
O9 - Extra Button: eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4 File not found
O9 - Extra 'Tools' menuitem : eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4 File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{62FB12DB-D76C-41CF-B3FA-D6245DB6EA4A}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C0202C20-E07A-4081-8DFF-E4B4ADCF5B00}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{2dc448b9-6ac7-11e1-9ec3-3860773623dd}\Shell - "" = AutoRun
O33 - MountPoints2\{2dc448b9-6ac7-11e1-9ec3-3860773623dd}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.04 13:17:38 | 000,000,000 | ---D | C] -- C:\Users\Filib\AppData\Local\Secunia PSI
[2012.07.04 13:17:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secunia
[2012.07.04 13:11:09 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012.07.04 11:56:32 | 000,000,000 | ---D | C] -- C:\Users\Filib\AppData\Roaming\Avira
[2012.07.04 11:51:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.07.04 11:51:00 | 000,132,832 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.07.04 11:51:00 | 000,098,848 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.07.04 11:51:00 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012.07.04 11:50:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.07.04 11:50:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012.07.04 00:03:12 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Filib\Desktop\OTL.exe
[2012.07.03 23:25:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.07.03 23:25:49 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.07.03 22:41:47 | 000,000,000 | ---D | C] -- C:\Users\Filib\AppData\Roaming\Malwarebytes
[2012.07.03 22:41:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.03 22:41:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.03 22:41:38 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.03 22:41:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.07.03 22:29:17 | 000,160,256 | ---- | C] (Koolance) -- C:\Users\Filib\AppData\Roaming\0_0u_l.exe
[2012.06.27 16:48:52 | 000,000,000 | ---D | C] -- C:\Users\Filib\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2012.06.27 16:48:34 | 000,000,000 | ---D | C] -- C:\Users\Filib\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ElastoMania111
[2012.06.27 16:48:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElastoMania111
[2012.06.27 16:48:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ElastoMania111
[2012.06.27 16:39:36 | 000,000,000 | ---D | C] -- C:\Users\Filib\AppData\Local\Microsoft Games
[2012.06.15 22:02:01 | 000,000,000 | ---D | C] -- C:\Users\Filib\AppData\Local\Macromedia
[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.04 13:17:10 | 000,001,114 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2012.07.04 11:59:03 | 000,067,584 | -H-- | M] () -- C:\Windows\bootstat.dat
[2012.07.04 11:58:59 | 3151,269,888 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.04 11:51:20 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.04 11:51:20 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.04 11:51:13 | 000,002,074 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.07.04 11:48:33 | 001,506,902 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.04 11:48:33 | 000,656,972 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.04 11:48:33 | 000,618,814 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.04 11:48:33 | 000,131,454 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.04 11:48:33 | 000,107,836 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.04 11:44:59 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.04 00:03:19 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Filib\Desktop\OTL.exe
[2012.07.03 23:35:58 | 000,283,104 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.07.03 23:25:51 | 000,000,826 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.07.03 22:41:42 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.03 22:40:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.03 22:29:16 | 000,160,256 | ---- | M] (Koolance) -- C:\Users\Filib\AppData\Roaming\0_0u_l.exe
[2012.06.30 13:40:48 | 000,002,678 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.07.04 13:17:10 | 000,001,114 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2012.07.04 13:17:10 | 000,001,077 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
[2012.07.04 11:51:13 | 000,002,074 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.07.03 23:25:51 | 000,000,826 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.07.03 22:41:42 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.29 22:21:16 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\lxdicomx.dll
[2012.05.29 22:21:16 | 000,294,912 | ---- | C] () -- C:\Windows\SysWow64\lxdiinst.dll
[2012.05.29 22:21:15 | 001,187,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdiserv.dll
[2012.05.29 22:21:15 | 000,942,080 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdiusb1.dll
[2012.05.29 22:21:15 | 000,614,400 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdipmui.dll
[2012.05.29 22:21:15 | 000,532,480 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdilmpm.dll
[2012.05.29 22:21:15 | 000,356,352 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdiinpa.dll
[2012.05.29 22:21:15 | 000,339,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdiiesc.dll
[2012.05.29 22:21:15 | 000,320,432 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdiih.exe
[2012.05.29 22:21:15 | 000,054,192 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdippls.exe
[2012.05.29 22:21:15 | 000,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdiprox.dll
[2012.05.29 22:21:15 | 000,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdipplc.dll
[2012.05.29 22:21:14 | 000,765,952 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdicomc.dll
[2012.05.29 22:21:14 | 000,671,744 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdihbn3.dll
[2012.05.29 22:21:14 | 000,517,040 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdicoms.exe
[2012.05.29 22:21:14 | 000,360,448 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdicomm.dll
[2012.05.29 22:21:14 | 000,340,912 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdicfg.exe
[2012.04.07 00:48:11 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2012.02.21 12:42:16 | 001,529,424 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.07.15 12:16:31 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.07.15 12:16:29 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.07.15 12:16:28 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
 
========== LOP Check ==========
 
[2012.02.21 16:26:47 | 000,000,000 | ---D | M] -- C:\Users\Filib\AppData\Roaming\DVDVideoSoft
[2012.02.21 16:26:25 | 000,000,000 | ---D | M] -- C:\Users\Filib\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.05.29 22:24:49 | 000,000,000 | ---D | M] -- C:\Users\Filib\AppData\Roaming\Lexmark Productivity Studio
[2012.06.10 11:25:26 | 000,000,000 | ---D | M] -- C:\Users\Filib\AppData\Roaming\SoftGrid Client
[2012.02.21 12:43:26 | 000,000,000 | ---D | M] -- C:\Users\Filib\AppData\Roaming\TP
[2012.07.03 23:28:39 | 000,000,000 | ---D | M] -- C:\Users\Filib\AppData\Roaming\TS3Client
[2012.02.20 17:06:26 | 000,000,000 | ---D | M] -- C:\Users\Filib\AppData\Roaming\ts3overlay
[2012.02.27 12:19:58 | 000,000,000 | ---D | M] -- C:\Users\Filib\AppData\Roaming\Windows Live Writer
[2012.06.26 13:19:21 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >

--- --- ---

Leider wurde keine Extra Datei erstellt dieses mal so oft ich auch versucht habe. Hoffe ihr könnt die obrige verwenden, wenn nicht bitte um Hilfe wie ich diese Datei erstellen kann.
Noch eine Frage, ist es wichtig, das sich die Extra Datei noch auf meinem Desktop befindeT? denn ich habe sie derzeit von dort weg verschoeben, da ich ja dachte das eine neue erstellt werden würde

Danke und sorry für den erneuten Post!
Liebe Grüße

cosinus · 05.07.2012, 14:21

Führ bitte auch ESET aus, danach sehen wir weiter.

Hinweis: ESET zeigt durchaus öfter ein paar Fehlalarme. Deswegen soll auch von ESET immer nur erst das Log gepostet und nichts entfernt werden.

ESET Online Scanner
Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.

Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt so öffnen: per Rechtsklick => als Administrator ausführen
Dein Anti-Virus-Programm während des Scans deaktivieren.

Button (<< klick) drücken.
- Firefox-User:
  Bitte esetsmartinstaller_enu.exe downloaden.Das Firefox-Addon auf dem Desktop speichern und dann installieren.
- IE-User:
  müssen das Installieren eines ActiveX Elements erlauben.
Setze den einen Haken bei Yes, i accept the Terms of Use.
Drücke den Button.
Warte bis die Komponenten herunter geladen wurden.
Setze einen Haken bei "Scan archives".
Gehe sicher das bei Remove Found Threats kein Hacken gesetzt ist.
drücken.
Die Signaturen werden herunter geladen.Der Scan beginnt automatisch.

Wenn der Scan beendet wurde

Klicke Finish.
Browser schließen.

Drücke bitte die

+ R Taste und kopiere folgenden Text in das Ausführen Fenster.

Code:

ATTFilter

"%PROGRAMFILES%\Eset\Eset Online Scanner\log.txt"

Hinweis: Falls du ein 64-Bit-Windows einsetzt, lautet der Pfad so:

Code:

ATTFilter

"%PROGRAMFILES(X86)%\Eset\Eset Online Scanner\log.txt"

Poste nun den Inhalt der log.txt.

Filib1990 · 05.07.2012, 16:28

Hello, danke für die Antwort und hier der Log :

Zitat:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=f962c22c0cd5a84090156ff9ebc824b7
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-05 03:26:09
# local_time=2012-07-05 05:26:09 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 103436 103436 0 0
# compatibility_mode=5893 16776574 100 94 14415495 93128745 0 0
# compatibility_mode=8192 67108863 100 0 119 119 0 0
# scanned=121355
# found=3
# cleaned=0
# scan_time=3074
C:\Users\Filib\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\61b1a4a-77f5253f probably a variant of Java/Exploit.CVE-2012-0507.CP trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Filib\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\74424cd3-3ca7c74f probably a variant of Java/Exploit.CVE-2012-0507.CP trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Filib\AppData\Roaming\0_0u_l.exe a variant of Win32/Kryptik.AHVH trojan (unable to clean) 00000000000000000000000000000000 I

Danke noch mal und Lg.

cosinus · 05.07.2012, 16:30

Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

Filib1990 · 05.07.2012, 20:53

Hi Arne, danke für die super schnelle Antwort, leider musste ich arbeiten und somit kann ich erst jetzt antworten!

Also im normalen Modus ist der Pc leider nicht zu starten. Die gleichen Symptome wie bisher. ich fahr hoch zuerst kommen alle Desktop icons + taskleiste dann vercshwinden sie wieder und nix is mehr da.
Ob das Fenster noch kommen würde weiß ich von dem her nicht da ich ihn dann immre dirrekt abmelde über den ctrl alt entf.
Ordner fallen mir keine leeren auf aber in diesem Falle kann ich nur von dem abgesicherten Modus reden!

Lg Filib

edit: ich habe die gefundenen Fehler von ESET nicht gelöscht oder so, passt das eh? Oder hätte ich das machen sollen`?

cosinus · 05.07.2012, 21:08

Naja in diesem Fall ist das schon ok das Löschen mit ESET

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Filib1990 · 05.07.2012, 22:21

So habe die drei Dateien jetzt löschen lassen, falls du brauchst hier wäre der Log für ESET:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=f962c22c0cd5a84090156ff9ebc824b7
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-05 03:26:09
# local_time=2012-07-05 05:26:09 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 103436 103436 0 0
# compatibility_mode=5893 16776574 100 94 14415495 93128745 0 0
# compatibility_mode=8192 67108863 100 0 119 119 0 0
# scanned=121355
# found=3
# cleaned=0
# scan_time=3074
C:\Users\Filib\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\61b1a4a-77f5253f	probably a variant of Java/Exploit.CVE-2012-0507.CP trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Filib\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\74424cd3-3ca7c74f	probably a variant of Java/Exploit.CVE-2012-0507.CP trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Filib\AppData\Roaming\0_0u_l.exe	a variant of Win32/Kryptik.AHVH trojan (unable to clean)	00000000000000000000000000000000	I
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=f962c22c0cd5a84090156ff9ebc824b7
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-05 09:06:44
# local_time=2012-07-05 11:06:44 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 123805 123805 0 0
# compatibility_mode=5893 16776574 100 94 14435864 93149114 0 0
# compatibility_mode=8192 67108863 100 0 20488 20488 0 0
# scanned=121459
# found=3
# cleaned=3
# scan_time=3140
C:\Users\Filib\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\61b1a4a-77f5253f	probably a variant of Java/Exploit.CVE-2012-0507.CP trojan (deleted - quarantined)	00000000000000000000000000000000	C
C:\Users\Filib\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\74424cd3-3ca7c74f	probably a variant of Java/Exploit.CVE-2012-0507.CP trojan (deleted - quarantined)	00000000000000000000000000000000	C
C:\Users\Filib\AppData\Roaming\0_0u_l.exe	a variant of Win32/Kryptik.AHVH trojan (cleaned by deleting - quarantined)	00000000000000000000000000000000	C

Und hier wie von der gewünscht der OTL log

Code:

ATTFilter

23:18 05.07.2012OTL Logfile:

	Code: 

 ATTFilter

  
	OTL logfile created on: 05.07.2012 23:10:54 - Run 4
OTL by OldTimer - Version 3.2.53.1     Folder = C:\Users\Filib\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,91 Gb Total Physical Memory | 2,99 Gb Available Physical Memory | 76,53% Memory free
7,82 Gb Paging File | 7,09 Gb Available in Paging File | 90,59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 555,07 Gb Total Space | 489,49 Gb Free Space | 88,18% Space Free | Partition Type: NTFS
Drive D: | 40,00 Gb Total Space | 19,98 Gb Free Space | 49,94% Space Free | Partition Type: NTFS
 
Computer Name: FILIB-PC | User Name: Filib | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.04 00:03:19 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Filib\Desktop\OTL.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2012.03.26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012.03.26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011.05.02 23:27:50 | 001,517,328 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV:64bit: - [2011.05.02 23:13:54 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2011.05.02 23:10:26 | 000,844,560 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV:64bit: - [2010.12.17 16:46:34 | 000,198,784 | ---- | M] (Conexant Systems Inc.) [Auto | Stopped] -- C:\Windows\SysNative\CxAudMsg64.exe -- (CxAudMsg)
SRV:64bit: - [2010.09.23 04:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2007.06.11 10:15:08 | 000,876,976 | ---- | M] ( ) [Auto | Stopped] -- C:\Windows\SysNative\lxdicoms.exe -- (lxdi_device)
SRV:64bit: - [2007.06.11 10:15:00 | 000,033,712 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxdiserv.exe -- (lxdiCATSCustConnectService)
SRV - [2012.06.27 09:25:06 | 001,326,176 | ---- | M] (Secunia) [Auto | Stopped] -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2012.06.17 17:52:01 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.02.15 14:30:18 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.01.03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010.12.24 09:26:00 | 001,997,416 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2010.12.06 13:52:40 | 000,062,464 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\watchmi\TvdService.exe -- (watchmi)
SRV - [2010.11.06 08:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010.10.07 02:46:42 | 000,159,752 | R--- | M] () [Auto | Stopped] -- C:\Program Files (x86)\PHotkey\GFNEXSrv.exe -- (GFNEXSrv)
SRV - [2010.03.18 22:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.12.19 00:40:48 | 000,104,968 | R--- | M] () [Auto | Stopped] -- C:\Program Files (x86)\PHotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007.06.11 10:15:00 | 000,033,712 | ---- | M] () [Auto | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\\lxdiserv.exe -- (lxdiCATSCustConnectService)
SRV - [2007.06.11 10:14:52 | 000,517,040 | ---- | M] ( ) [Auto | Stopped] -- C:\Windows\SysWOW64\lxdicoms.exe -- (lxdi_device)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.05.02 15:24:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.04.27 10:20:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.04.25 00:32:27 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.03.20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.12.16 16:20:10 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI)
DRV:64bit: - [2011.10.01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011.10.01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011.10.01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011.10.01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011.05.26 09:24:16 | 001,590,912 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2011.05.01 23:33:06 | 008,593,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel(R)
DRV:64bit: - [2011.04.15 01:16:08 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.06 21:52:22 | 012,264,384 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011.02.10 15:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011.02.10 15:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010.12.24 09:26:00 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.11.08 15:52:14 | 000,068,608 | ---- | M] (Sentelic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fspad_xp64.sys -- (fspad_xp64)
DRV:64bit: - [2010.11.08 15:52:14 | 000,068,608 | ---- | M] (Sentelic Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fspad_wlh64.sys -- (fspad_wlh64)
DRV:64bit: - [2010.11.06 08:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.10.15 01:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2010.09.23 22:03:06 | 000,129,008 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
DRV:64bit: - [2010.08.24 18:55:44 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010.02.06 16:49:24 | 000,690,208 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL8192su.sys -- (RTL8192su)
DRV:64bit: - [2009.10.23 17:26:14 | 000,046,592 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:35:42 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.09.11 23:11:46 | 000,014,344 | R--- | M] (PEGATRON) [Kernel | Auto | Stopped] -- C:\Program Files (x86)\PHotkey\PEGAGFN.sys -- (PEGAGFN)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-4056338413-1803659449-3003814670-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=MDNF&bmod=MDNF
IE - HKU\S-1-5-21-4056338413-1803659449-3003814670-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-4056338413-1803659449-3003814670-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=MDNF&bmod=MDNF
IE - HKU\S-1-5-21-4056338413-1803659449-3003814670-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-4056338413-1803659449-3003814670-1001\..\SearchScopes\{24DBECDD-86CD-44BC-91D2-C4153D7B69BB}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNF_enDE393
IE - HKU\S-1-5-21-4056338413-1803659449-3003814670-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.orf.at"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.17 17:52:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.17 17:52:01 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.01.20 15:25:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Filib\AppData\Roaming\mozilla\Extensions
[2012.05.04 13:24:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Filib\AppData\Roaming\mozilla\Firefox\Profiles\z1ehmlkz.default\extensions
[2012.02.21 16:26:26 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Filib\AppData\Roaming\mozilla\Firefox\Profiles\z1ehmlkz.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.04.26 10:43:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.06.17 17:52:01 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.02.05 16:20:35 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.05 16:20:35 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.05 16:20:35 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.05 16:20:35 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.05 16:20:35 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.05 16:20:35 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.47\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.47\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Filib\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKU\S-1-5-21-4056338413-1803659449-3003814670-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [fspuip] C:\Program Files\FSP\fspuip.exe (Sentelic Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [lxdiamon] C:\Program Files (x86)\Lexmark 3500-4500 Series\lxdiamon.exe ()
O4:64bit: - HKLM..\Run: [lxdimon.exe] C:\Program Files (x86)\Lexmark 3500-4500 Series\lxdimon.exe ()
O4:64bit: - HKLM..\Run: [MedionReminder] C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe (CyberLink)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant systems, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [Dolby Advanced Audio v2] C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe (Dolby Laboratories Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [YouCam Mirage] C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink)
O4 - HKLM..\Run: [YouCam Tray] C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe (CyberLink Corp.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4:64bit: - HKLM..\RunOnce: [MedionReminder] C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe (CyberLink)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4 File not found
O9:64bit: - Extra 'Tools' menuitem : eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4 File not found
O9 - Extra Button: eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4 File not found
O9 - Extra 'Tools' menuitem : eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4 File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{62FB12DB-D76C-41CF-B3FA-D6245DB6EA4A}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C0202C20-E07A-4081-8DFF-E4B4ADCF5B00}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{2dc448b9-6ac7-11e1-9ec3-3860773623dd}\Shell - "" = AutoRun
O33 - MountPoints2\{2dc448b9-6ac7-11e1-9ec3-3860773623dd}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
 
MsConfig:64bit - StartUpReg: Skype - hkey= - key= - C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: MsMpSvc - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: MsMpSvc - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Unable to start System Restore Service. Error code 1084
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.05 16:32:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.07.05 16:32:30 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Filib\Desktop\esetsmartinstaller_enu.exe
[2012.07.04 13:17:38 | 000,000,000 | ---D | C] -- C:\Users\Filib\AppData\Local\Secunia PSI
[2012.07.04 13:17:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secunia
[2012.07.04 13:11:09 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012.07.04 11:56:32 | 000,000,000 | ---D | C] -- C:\Users\Filib\AppData\Roaming\Avira
[2012.07.04 11:51:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.07.04 11:51:00 | 000,132,832 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.07.04 11:51:00 | 000,098,848 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.07.04 11:51:00 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012.07.04 11:50:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.07.04 11:50:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012.07.04 00:03:12 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Filib\Desktop\OTL.exe
[2012.07.03 23:25:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.07.03 23:25:49 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.07.03 22:41:47 | 000,000,000 | ---D | C] -- C:\Users\Filib\AppData\Roaming\Malwarebytes
[2012.07.03 22:41:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.03 22:41:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.03 22:41:38 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.03 22:41:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.06.27 16:48:52 | 000,000,000 | ---D | C] -- C:\Users\Filib\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2012.06.27 16:48:34 | 000,000,000 | ---D | C] -- C:\Users\Filib\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ElastoMania111
[2012.06.27 16:48:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElastoMania111
[2012.06.27 16:48:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ElastoMania111
[2012.06.27 16:39:36 | 000,000,000 | ---D | C] -- C:\Users\Filib\AppData\Local\Microsoft Games
[2012.06.15 22:02:01 | 000,000,000 | ---D | C] -- C:\Users\Filib\AppData\Local\Macromedia
[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.05 21:49:00 | 000,067,584 | -H-- | M] () -- C:\Windows\bootstat.dat
[2012.07.05 21:48:47 | 3151,269,888 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.05 21:46:39 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.05 16:32:30 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Filib\Desktop\esetsmartinstaller_enu.exe
[2012.07.04 13:17:10 | 000,001,114 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2012.07.04 11:51:20 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.04 11:51:20 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.04 11:51:13 | 000,002,074 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.07.04 11:48:33 | 001,506,902 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.04 11:48:33 | 000,656,972 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.04 11:48:33 | 000,618,814 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.04 11:48:33 | 000,131,454 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.04 11:48:33 | 000,107,836 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.04 00:03:19 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Filib\Desktop\OTL.exe
[2012.07.03 23:35:58 | 000,283,104 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.07.03 23:25:51 | 000,000,826 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.07.03 22:41:42 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.03 22:40:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.06.30 13:40:48 | 000,002,678 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.07.04 13:17:10 | 000,001,114 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2012.07.04 13:17:10 | 000,001,077 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
[2012.07.04 11:51:13 | 000,002,074 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.07.03 23:25:51 | 000,000,826 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.07.03 22:41:42 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.29 22:21:16 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\lxdicomx.dll
[2012.05.29 22:21:16 | 000,294,912 | ---- | C] () -- C:\Windows\SysWow64\lxdiinst.dll
[2012.05.29 22:21:15 | 001,187,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdiserv.dll
[2012.05.29 22:21:15 | 000,942,080 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdiusb1.dll
[2012.05.29 22:21:15 | 000,614,400 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdipmui.dll
[2012.05.29 22:21:15 | 000,532,480 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdilmpm.dll
[2012.05.29 22:21:15 | 000,356,352 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdiinpa.dll
[2012.05.29 22:21:15 | 000,339,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdiiesc.dll
[2012.05.29 22:21:15 | 000,320,432 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdiih.exe
[2012.05.29 22:21:15 | 000,054,192 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdippls.exe
[2012.05.29 22:21:15 | 000,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdiprox.dll
[2012.05.29 22:21:15 | 000,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdipplc.dll
[2012.05.29 22:21:14 | 000,765,952 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdicomc.dll
[2012.05.29 22:21:14 | 000,671,744 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdihbn3.dll
[2012.05.29 22:21:14 | 000,517,040 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdicoms.exe
[2012.05.29 22:21:14 | 000,360,448 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdicomm.dll
[2012.05.29 22:21:14 | 000,340,912 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdicfg.exe
[2012.04.07 00:48:11 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2012.02.21 12:42:16 | 001,529,424 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.07.15 12:16:31 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.07.15 12:16:29 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.07.15 12:16:28 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
 
========== LOP Check ==========
 
[2012.02.21 16:26:47 | 000,000,000 | ---D | M] -- C:\Users\Filib\AppData\Roaming\DVDVideoSoft
[2012.02.21 16:26:25 | 000,000,000 | ---D | M] -- C:\Users\Filib\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.05.29 22:24:49 | 000,000,000 | ---D | M] -- C:\Users\Filib\AppData\Roaming\Lexmark Productivity Studio
[2012.06.10 11:25:26 | 000,000,000 | ---D | M] -- C:\Users\Filib\AppData\Roaming\SoftGrid Client
[2012.02.21 12:43:26 | 000,000,000 | ---D | M] -- C:\Users\Filib\AppData\Roaming\TP
[2012.07.03 23:28:39 | 000,000,000 | ---D | M] -- C:\Users\Filib\AppData\Roaming\TS3Client
[2012.02.20 17:06:26 | 000,000,000 | ---D | M] -- C:\Users\Filib\AppData\Roaming\ts3overlay
[2012.02.27 12:19:58 | 000,000,000 | ---D | M] -- C:\Users\Filib\AppData\Roaming\Windows Live Writer
[2012.06.26 13:19:21 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.01.25 11:00:39 | 000,000,000 | ---D | M] -- C:\Users\Filib\AppData\Roaming\Adobe
[2012.07.04 11:56:32 | 000,000,000 | ---D | M] -- C:\Users\Filib\AppData\Roaming\Avira
[2012.02.21 16:26:47 | 000,000,000 | ---D | M] -- C:\Users\Filib\AppData\Roaming\DVDVideoSoft
[2012.02.21 16:26:25 | 000,000,000 | ---D | M] -- C:\Users\Filib\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.01.20 15:24:13 | 000,000,000 | ---D | M] -- C:\Users\Filib\AppData\Roaming\Google
[2012.01.20 15:19:42 | 000,000,000 | ---D | M] -- C:\Users\Filib\AppData\Roaming\Identities
[2012.01.20 15:19:28 | 000,000,000 | ---D | M] -- C:\Users\Filib\AppData\Roaming\Intel
[2012.01.20 15:20:28 | 000,000,000 | ---D | M] -- C:\Users\Filib\AppData\Roaming\Intel Corporation
[2012.05.29 22:24:49 | 000,000,000 | ---D | M] -- C:\Users\Filib\AppData\Roaming\Lexmark Productivity Studio
[2011.02.10 22:48:57 | 000,000,000 | ---D | M] -- C:\Users\Filib\AppData\Roaming\Macromedia
[2012.07.03 22:41:47 | 000,000,000 | ---D | M] -- C:\Users\Filib\AppData\Roaming\Malwarebytes
[2010.11.21 09:16:41 | 000,000,000 | ---D | M] -- C:\Users\Filib\AppData\Roaming\Media Center Programs
[2012.05.10 11:18:44 | 000,000,000 | --SD | M] -- C:\Users\Filib\AppData\Roaming\Microsoft
[2012.01.20 15:25:49 | 000,000,000 | ---D | M] -- C:\Users\Filib\AppData\Roaming\Mozilla
[2012.07.03 23:28:38 | 000,000,000 | ---D | M] -- C:\Users\Filib\AppData\Roaming\Skype
[2012.06.10 11:25:26 | 000,000,000 | ---D | M] -- C:\Users\Filib\AppData\Roaming\SoftGrid Client
[2012.02.21 12:43:26 | 000,000,000 | ---D | M] -- C:\Users\Filib\AppData\Roaming\TP
[2012.07.03 23:28:39 | 000,000,000 | ---D | M] -- C:\Users\Filib\AppData\Roaming\TS3Client
[2012.02.20 17:06:26 | 000,000,000 | ---D | M] -- C:\Users\Filib\AppData\Roaming\ts3overlay
[2012.03.10 21:03:44 | 000,000,000 | ---D | M] -- C:\Users\Filib\AppData\Roaming\U3
[2012.02.27 12:19:58 | 000,000,000 | ---D | M] -- C:\Users\Filib\AppData\Roaming\Windows Live Writer
 
< %APPDATA%\*.exe /s >
[2011.06.28 21:32:46 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Filib\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2007.10.23 10:27:20 | 000,110,592 | ---- | M] () -- C:\Users\Filib\AppData\Roaming\U3\temp\cleanup.exe
[2008.05.02 11:41:48 | 003,493,888 | -H-- | M] (SanDisk Corporation) -- C:\Users\Filib\AppData\Roaming\U3\temp\Launchpad Removal.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2010.11.06 08:45:48 | 000,438,808 | ---- | M] (Intel Corporation) MD5=D7921D5A870B11CC1ADAB198A519D50A -- C:\Windows\SysNative\drivers\iaStor.sys
[2010.11.06 08:45:48 | 000,438,808 | ---- | M] (Intel Corporation) MD5=D7921D5A870B11CC1ADAB198A519D50A -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_710b330fb3531234\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[4 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 
<           >

< End of report >
         
 --- --- ---

Danke für die schnelle Bearbeitung! Lg

edit: Der normale nutzer scheint nun nach der Bereinigung durch ESET wieder zu funktionieren, jedoch ist er noch ziemlich langsam :P

cosinus · 06.07.2012, 09:38

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
FF - user.js - File not found
O3 - HKU\S-1-5-21-4056338413-1803659449-3003814670-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{2dc448b9-6ac7-11e1-9ec3-3860773623dd}\Shell - "" = AutoRun
:Files
C:\Users\Filib\AppData\LocalLow\Sun\Java\Deployment\cache
C:\Users\Filib\AppData\Roaming\0_0u_l.exe
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Filib1990 · 06.07.2012, 12:59

Danke, hier ist der entstandene Log:

Code:

ATTFilter

 All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-4056338413-1803659449-3003814670-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2dc448b9-6ac7-11e1-9ec3-3860773623dd}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2dc448b9-6ac7-11e1-9ec3-3860773623dd}\ not found.
========== FILES ==========
C:\Users\Filib\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Users\Filib\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\Filib\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\Filib\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\Filib\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\Filib\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\Filib\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\Filib\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\Filib\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\Filib\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\Filib\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\Filib\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\Filib\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\Filib\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\Filib\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\Filib\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\Filib\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\Filib\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\Filib\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\Filib\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\Filib\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\Filib\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\Filib\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\Filib\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\Filib\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\Filib\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\Filib\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\Filib\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\Filib\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\Filib\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\Filib\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\Filib\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\Filib\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\Filib\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\Filib\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\Filib\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\Filib\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\Filib\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\Filib\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\Filib\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\Filib\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\Filib\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\Filib\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\Filib\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\Filib\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\Filib\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\Filib\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\Filib\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\Filib\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\Filib\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\Filib\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\Filib\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\Filib\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\Filib\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\Filib\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\Filib\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\Filib\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\Filib\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\Filib\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\Filib\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\Filib\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\Filib\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\Filib\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\Filib\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\Filib\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\Filib\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\Filib\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\Filib\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Users\Filib\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
File\Folder C:\Users\Filib\AppData\Roaming\0_0u_l.exe not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56468 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Filib
->Temp folder emptied: 428101746 bytes
->Temporary Internet Files folder emptied: 12902684 bytes
->FireFox cache emptied: 441861470 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 59845 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56468 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 56713588 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67832 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes
RecycleBin emptied: 19865296 bytes
 
Total Files Cleaned = 915,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Filib
->Flash cache emptied: 0 bytes
 
User: Public
 
User: UpdatusUser
->Flash cache emptied: 0 bytes
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.53.1 log created on 07062012_134519

Files\Folders moved on Reboot...
C:\Users\Filib\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...
File C:\Users\Filib\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...

Lg Filib

cosinus · 06.07.2012, 14:10

Ich brauch den Quarantäneordner von OTL. Bitte folgendes machen:

1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf das Packen nicht beeinflussen!
2.) Ordner MovedFiles in C:\_OTL in eine Datei zippen
3.) Die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten!

4.) Wenns erfolgreich war Bescheid sagen
5.) Erst dann wieder den Virenscanner einschalten

Filib1990 · 07.07.2012, 08:48

Ich habe das jetzt hochgeladen, sehe allerdings keine bestätigung hier in diesem Thread, hoffe du hast alles bekommen was du brauchst!

cosinus · 09.07.2012, 10:08

Die Datei ist zwar da, aber viel zu klein.
Wie groß ist deine ZIP?
Hast du wirklich alles also den kompletten Ordner MovedFiles inkl. alle Unterverzeichnisse und darin enthaltene Dateien mit in die ZIP packen lassen? Virenscanner vor dem zippen auch deaktiviert?

Filib1990 · 09.07.2012, 19:22

Die Zip ist 9Kb groß bei mir, aber der gesamte moved files ordner bei mir ist nur 35,6 groß. also weiß nicht ob das nicht eh normal ist so?

Es steht wenn ich auf movedfiles ordner eigentschaften gehe größe 36.5 kb; größe auf datenträger 75kb.
ich bin einfach auf movedfiles mit der rechten maustaste, dann 7zip, dann zu einem archiv hinzufügen, und das hab ich dann hochgeladen, passt das so ?

Lg

cosinus · 10.07.2012, 10:32

Dann vergessen wir das mal mit der zip datei

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C

nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

Filib1990 · 10.07.2012, 11:34

Hi, habe den Suchlauf durchgeführt, es wurde ein OBjekt names Watchmi gefunden. Ich habe es so wie empfohlen jetzt nicht gelöscht! Ist das richtig so oder sollte ich es lieber noch löschen?

Hier der Log

Code:

ATTFilter

 12:29:27.0401 5984	TDSS rootkit removing tool 2.7.45.0 Jul  9 2012 12:46:35
12:29:27.0530 5984	============================================================
12:29:27.0530 5984	Current date / time: 2012/07/10 12:29:27.0530
12:29:27.0530 5984	SystemInfo:
12:29:27.0530 5984	
12:29:27.0530 5984	OS Version: 6.1.7601 ServicePack: 1.0
12:29:27.0530 5984	Product type: Workstation
12:29:27.0530 5984	ComputerName: FILIB-PC
12:29:27.0530 5984	UserName: Filib
12:29:27.0531 5984	Windows directory: C:\Windows
12:29:27.0531 5984	System windows directory: C:\Windows
12:29:27.0531 5984	Running under WOW64
12:29:27.0531 5984	Processor architecture: Intel x64
12:29:27.0531 5984	Number of processors: 4
12:29:27.0531 5984	Page size: 0x1000
12:29:27.0531 5984	Boot type: Normal boot
12:29:27.0531 5984	============================================================
12:29:28.0033 5984	Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:29:28.0038 5984	============================================================
12:29:28.0038 5984	\Device\Harddisk0\DR0:
12:29:28.0039 5984	MBR partitions:
12:29:28.0039 5984	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
12:29:28.0039 5984	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x45625000
12:29:28.0039 5984	\Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x45657800, BlocksNum 0x5000000
12:29:28.0039 5984	============================================================
12:29:28.0071 5984	C: <-> \Device\Harddisk0\DR0\Partition1
12:29:28.0120 5984	D: <-> \Device\Harddisk0\DR0\Partition2
12:29:28.0120 5984	============================================================
12:29:28.0120 5984	Initialize success
12:29:28.0120 5984	============================================================
12:29:53.0345 0468	============================================================
12:29:53.0345 0468	Scan started
12:29:53.0345 0468	Mode: Manual; 
12:29:53.0345 0468	============================================================
12:29:53.0856 0468	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
12:29:53.0859 0468	1394ohci - ok
12:29:53.0940 0468	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
12:29:53.0943 0468	ACPI - ok
12:29:54.0004 0468	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
12:29:54.0005 0468	AcpiPmi - ok
12:29:54.0149 0468	AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
12:29:54.0150 0468	AdobeARMservice - ok
12:29:54.0282 0468	AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
12:29:54.0283 0468	AdobeFlashPlayerUpdateSvc - ok
12:29:54.0336 0468	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
12:29:54.0341 0468	adp94xx - ok
12:29:54.0391 0468	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
12:29:54.0396 0468	adpahci - ok
12:29:54.0448 0468	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
12:29:54.0450 0468	adpu320 - ok
12:29:54.0473 0468	AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
12:29:54.0474 0468	AeLookupSvc - ok
12:29:54.0526 0468	AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
12:29:54.0529 0468	AFD - ok
12:29:54.0557 0468	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
12:29:54.0559 0468	agp440 - ok
12:29:54.0598 0468	ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
12:29:54.0600 0468	ALG - ok
12:29:54.0637 0468	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
12:29:54.0638 0468	aliide - ok
12:29:54.0657 0468	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
12:29:54.0658 0468	amdide - ok
12:29:54.0696 0468	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
12:29:54.0697 0468	AmdK8 - ok
12:29:54.0713 0468	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
12:29:54.0714 0468	AmdPPM - ok
12:29:54.0739 0468	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
12:29:54.0741 0468	amdsata - ok
12:29:54.0769 0468	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
12:29:54.0772 0468	amdsbs - ok
12:29:54.0789 0468	amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
12:29:54.0790 0468	amdxata - ok
12:29:54.0823 0468	AmUStor         (08d51900c07bae4f1fc82fc669b99b79) C:\Windows\system32\drivers\AmUStor.SYS
12:29:54.0824 0468	AmUStor - ok
12:29:54.0943 0468	AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
12:29:54.0944 0468	AntiVirSchedulerService - ok
12:29:54.0974 0468	AntiVirService  (a489be6bb0aa1ff406b488b60542314b) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
12:29:54.0975 0468	AntiVirService - ok
12:29:55.0020 0468	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
12:29:55.0021 0468	AppID - ok
12:29:55.0051 0468	AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
12:29:55.0052 0468	AppIDSvc - ok
12:29:55.0077 0468	Appinfo         (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
12:29:55.0078 0468	Appinfo - ok
12:29:55.0118 0468	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
12:29:55.0120 0468	arc - ok
12:29:55.0149 0468	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
12:29:55.0151 0468	arcsas - ok
12:29:55.0216 0468	ASLDRService    (efd89582b55dd32dc79c1a4eb54612a1) C:\Program Files (x86)\PHotkey\ASLDRSrv.exe
12:29:55.0217 0468	ASLDRService - ok
12:29:55.0247 0468	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
12:29:55.0248 0468	AsyncMac - ok
12:29:55.0285 0468	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
12:29:55.0286 0468	atapi - ok
12:29:55.0347 0468	AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
12:29:55.0352 0468	AudioEndpointBuilder - ok
12:29:55.0358 0468	AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
12:29:55.0362 0468	AudioSrv - ok
12:29:55.0401 0468	avgntflt        (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys
12:29:55.0403 0468	avgntflt - ok
12:29:55.0445 0468	avipbb          (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys
12:29:55.0447 0468	avipbb - ok
12:29:55.0476 0468	avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
12:29:55.0477 0468	avkmgr - ok
12:29:55.0510 0468	AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
12:29:55.0512 0468	AxInstSV - ok
12:29:55.0566 0468	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
12:29:55.0570 0468	b06bdrv - ok
12:29:55.0609 0468	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
12:29:55.0613 0468	b57nd60a - ok
12:29:55.0655 0468	BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
12:29:55.0656 0468	BDESVC - ok
12:29:55.0683 0468	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
12:29:55.0684 0468	Beep - ok
12:29:55.0750 0468	BFE             (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
12:29:55.0756 0468	BFE - ok
12:29:55.0816 0468	BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
12:29:55.0824 0468	BITS - ok
12:29:55.0869 0468	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
12:29:55.0871 0468	blbdrive - ok
12:29:55.0906 0468	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
12:29:55.0907 0468	bowser - ok
12:29:55.0934 0468	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
12:29:55.0935 0468	BrFiltLo - ok
12:29:55.0955 0468	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
12:29:55.0955 0468	BrFiltUp - ok
12:29:55.0989 0468	Browser         (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
12:29:55.0990 0468	Browser - ok
12:29:56.0030 0468	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
12:29:56.0033 0468	Brserid - ok
12:29:56.0063 0468	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
12:29:56.0064 0468	BrSerWdm - ok
12:29:56.0108 0468	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
12:29:56.0109 0468	BrUsbMdm - ok
12:29:56.0127 0468	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
12:29:56.0127 0468	BrUsbSer - ok
12:29:56.0176 0468	BthEnum         (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
12:29:56.0177 0468	BthEnum - ok
12:29:56.0216 0468	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
12:29:56.0217 0468	BTHMODEM - ok
12:29:56.0262 0468	BthPan          (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
12:29:56.0264 0468	BthPan - ok
12:29:56.0320 0468	BTHPORT         (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
12:29:56.0326 0468	BTHPORT - ok
12:29:56.0362 0468	bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
12:29:56.0364 0468	bthserv - ok
12:29:56.0403 0468	BTHUSB          (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
12:29:56.0404 0468	BTHUSB - ok
12:29:56.0434 0468	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
12:29:56.0436 0468	cdfs - ok
12:29:56.0476 0468	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
12:29:56.0478 0468	cdrom - ok
12:29:56.0507 0468	CertPropSvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
12:29:56.0508 0468	CertPropSvc - ok
12:29:56.0575 0468	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
12:29:56.0576 0468	circlass - ok
12:29:56.0620 0468	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
12:29:56.0623 0468	CLFS - ok
12:29:56.0717 0468	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:29:56.0719 0468	clr_optimization_v2.0.50727_32 - ok
12:29:56.0783 0468	clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:29:56.0785 0468	clr_optimization_v2.0.50727_64 - ok
12:29:56.0843 0468	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:29:56.0844 0468	clr_optimization_v4.0.30319_32 - ok
12:29:56.0876 0468	clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:29:56.0877 0468	clr_optimization_v4.0.30319_64 - ok
12:29:56.0922 0468	clwvd           (50f92c943f18b070f166d019dfab3d9a) C:\Windows\system32\DRIVERS\clwvd.sys
12:29:56.0923 0468	clwvd - ok
12:29:56.0948 0468	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
12:29:56.0949 0468	CmBatt - ok
12:29:56.0978 0468	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
12:29:56.0978 0468	cmdide - ok
12:29:57.0018 0468	CNG             (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
12:29:57.0023 0468	CNG - ok
12:29:57.0129 0468	CnxtHdAudService (e0b53d1fef69106b76c06a0d783916e8) C:\Windows\system32\drivers\CHDRT64.sys
12:29:57.0144 0468	CnxtHdAudService - ok
12:29:57.0288 0468	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
12:29:57.0288 0468	Compbatt - ok
12:29:57.0321 0468	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
12:29:57.0322 0468	CompositeBus - ok
12:29:57.0337 0468	COMSysApp - ok
12:29:57.0369 0468	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
12:29:57.0370 0468	crcdisk - ok
12:29:57.0404 0468	CryptSvc        (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
12:29:57.0405 0468	CryptSvc - ok
12:29:57.0539 0468	cvhsvc          (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
12:29:57.0543 0468	cvhsvc - ok
12:29:57.0583 0468	CxAudMsg        (f160b26b26ba4afe8cecc12ed5ac231e) C:\Windows\system32\CxAudMsg64.exe
12:29:57.0585 0468	CxAudMsg - ok
12:29:57.0641 0468	DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
12:29:57.0646 0468	DcomLaunch - ok
12:29:57.0692 0468	defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
12:29:57.0695 0468	defragsvc - ok
12:29:57.0754 0468	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
12:29:57.0756 0468	DfsC - ok
12:29:57.0806 0468	Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
12:29:57.0810 0468	Dhcp - ok
12:29:57.0824 0468	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
12:29:57.0824 0468	discache - ok
12:29:57.0861 0468	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
12:29:57.0863 0468	Disk - ok
12:29:57.0903 0468	Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
12:29:57.0905 0468	Dnscache - ok
12:29:57.0945 0468	dot3svc         (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
12:29:57.0948 0468	dot3svc - ok
12:29:57.0962 0468	DPS             (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
12:29:57.0964 0468	DPS - ok
12:29:57.0999 0468	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
12:29:58.0000 0468	drmkaud - ok
12:29:58.0081 0468	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
12:29:58.0091 0468	DXGKrnl - ok
12:29:58.0125 0468	EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
12:29:58.0126 0468	EapHost - ok
12:29:58.0289 0468	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
12:29:58.0350 0468	ebdrv - ok
12:29:58.0450 0468	EFS             (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
12:29:58.0451 0468	EFS - ok
12:29:58.0530 0468	ehRecvr         (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
12:29:58.0537 0468	ehRecvr - ok
12:29:58.0568 0468	ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
12:29:58.0569 0468	ehSched - ok
12:29:58.0637 0468	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
12:29:58.0642 0468	elxstor - ok
12:29:58.0671 0468	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
12:29:58.0672 0468	ErrDev - ok
12:29:58.0724 0468	EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
12:29:58.0727 0468	EventSystem - ok
12:29:58.0866 0468	EvtEng          (54fc81b0162478a72a93dbbeafb35671) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
12:29:58.0881 0468	EvtEng - ok
12:29:59.0007 0468	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
12:29:59.0009 0468	exfat - ok
12:29:59.0030 0468	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
12:29:59.0033 0468	fastfat - ok
12:29:59.0095 0468	Fax             (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
12:29:59.0102 0468	Fax - ok
12:29:59.0161 0468	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
12:29:59.0162 0468	fdc - ok
12:29:59.0179 0468	fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
12:29:59.0180 0468	fdPHost - ok
12:29:59.0191 0468	FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
12:29:59.0192 0468	FDResPub - ok
12:29:59.0217 0468	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
12:29:59.0219 0468	FileInfo - ok
12:29:59.0235 0468	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
12:29:59.0236 0468	Filetrace - ok
12:29:59.0274 0468	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
12:29:59.0275 0468	flpydisk - ok
12:29:59.0317 0468	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
12:29:59.0321 0468	FltMgr - ok
12:29:59.0402 0468	FontCache       (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
12:29:59.0412 0468	FontCache - ok
12:29:59.0479 0468	FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:29:59.0479 0468	FontCache3.0.0.0 - ok
12:29:59.0524 0468	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
12:29:59.0525 0468	FsDepends - ok
12:29:59.0558 0468	fspad_wlh64     (95d0cb3e794dea8cbe21725811a554dc) C:\Windows\system32\DRIVERS\fspad_wlh64.sys
12:29:59.0559 0468	fspad_wlh64 - ok
12:29:59.0588 0468	fspad_xp64      (95d0cb3e794dea8cbe21725811a554dc) C:\Windows\system32\drivers\fspad_xp64.sys
12:29:59.0589 0468	fspad_xp64 - ok
12:29:59.0612 0468	Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
12:29:59.0613 0468	Fs_Rec - ok
12:29:59.0653 0468	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
12:29:59.0655 0468	fvevol - ok
12:29:59.0681 0468	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
12:29:59.0682 0468	gagp30kx - ok
12:29:59.0753 0468	GFNEXSrv        (ba9051d3745fa546de3660f5f2ef84a5) C:\Program Files (x86)\PHotkey\GFNEXSrv.exe
12:29:59.0754 0468	GFNEXSrv - ok
12:29:59.0824 0468	gpsvc           (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
12:29:59.0831 0468	gpsvc - ok
12:29:59.0891 0468	gupdate         (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:29:59.0892 0468	gupdate - ok
12:29:59.0898 0468	gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:29:59.0899 0468	gupdatem - ok
12:29:59.0920 0468	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
12:29:59.0921 0468	hcw85cir - ok
12:29:59.0995 0468	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
12:29:59.0999 0468	HdAudAddService - ok
12:30:00.0031 0468	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
12:30:00.0032 0468	HDAudBus - ok
12:30:00.0065 0468	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
12:30:00.0066 0468	HidBatt - ok
12:30:00.0088 0468	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
12:30:00.0089 0468	HidBth - ok
12:30:00.0111 0468	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
12:30:00.0112 0468	HidIr - ok
12:30:00.0142 0468	hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
12:30:00.0143 0468	hidserv - ok
12:30:00.0178 0468	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
12:30:00.0179 0468	HidUsb - ok
12:30:00.0200 0468	hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
12:30:00.0201 0468	hkmsvc - ok
12:30:00.0224 0468	HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
12:30:00.0226 0468	HomeGroupListener - ok
12:30:00.0257 0468	HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
12:30:00.0259 0468	HomeGroupProvider - ok
12:30:00.0275 0468	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
12:30:00.0276 0468	HpSAMD - ok
12:30:00.0339 0468	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
12:30:00.0345 0468	HTTP - ok
12:30:00.0361 0468	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
12:30:00.0361 0468	hwpolicy - ok
12:30:00.0413 0468	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
12:30:00.0414 0468	i8042prt - ok
12:30:00.0472 0468	iaStor          (d7921d5a870b11cc1adab198a519d50a) C:\Windows\system32\drivers\iaStor.sys
12:30:00.0474 0468	iaStor - ok
12:30:00.0565 0468	IAStorDataMgrSvc (8fff9083252c16fe3960173722605e9e) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
12:30:00.0566 0468	IAStorDataMgrSvc - ok
12:30:00.0616 0468	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
12:30:00.0620 0468	iaStorV - ok
12:30:00.0738 0468	idsvc           (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:30:00.0746 0468	idsvc - ok
12:30:01.0418 0468	igfx            (66dc0ce2d1867b8178eaa0e11930dbd7) C:\Windows\system32\DRIVERS\igdkmd64.sys
12:30:01.0620 0468	igfx - ok
12:30:01.0755 0468	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
12:30:01.0756 0468	iirsp - ok
12:30:01.0827 0468	IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
12:30:01.0836 0468	IKEEXT - ok
12:30:01.0880 0468	IntcDAud        (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
12:30:01.0884 0468	IntcDAud - ok
12:30:01.0906 0468	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
12:30:01.0907 0468	intelide - ok
12:30:01.0934 0468	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
12:30:01.0934 0468	intelppm - ok
12:30:01.0967 0468	IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
12:30:01.0969 0468	IPBusEnum - ok
12:30:01.0990 0468	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:30:01.0992 0468	IpFilterDriver - ok
12:30:02.0040 0468	iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
12:30:02.0046 0468	iphlpsvc - ok
12:30:02.0070 0468	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
12:30:02.0071 0468	IPMIDRV - ok
12:30:02.0092 0468	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
12:30:02.0094 0468	IPNAT - ok
12:30:02.0119 0468	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
12:30:02.0120 0468	IRENUM - ok
12:30:02.0136 0468	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
12:30:02.0137 0468	isapnp - ok
12:30:02.0168 0468	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
12:30:02.0171 0468	iScsiPrt - ok
12:30:02.0213 0468	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
12:30:02.0214 0468	kbdclass - ok
12:30:02.0247 0468	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
12:30:02.0247 0468	kbdhid - ok
12:30:02.0272 0468	KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:30:02.0273 0468	KeyIso - ok
12:30:02.0290 0468	KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
12:30:02.0292 0468	KSecDD - ok
12:30:02.0306 0468	KSecPkg         (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
12:30:02.0308 0468	KSecPkg - ok
12:30:02.0335 0468	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
12:30:02.0336 0468	ksthunk - ok
12:30:02.0373 0468	KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
12:30:02.0378 0468	KtmRm - ok
12:30:02.0414 0468	L1C             (a4a9ca24e54e81c6c3e469eaeb4b3f42) C:\Windows\system32\DRIVERS\L1C62x64.sys
12:30:02.0416 0468	L1C - ok
12:30:02.0468 0468	LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
12:30:02.0471 0468	LanmanServer - ok
12:30:02.0500 0468	LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
12:30:02.0502 0468	LanmanWorkstation - ok
12:30:02.0530 0468	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
12:30:02.0531 0468	lltdio - ok
12:30:02.0572 0468	lltdsvc         (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
12:30:02.0576 0468	lltdsvc - ok
12:30:02.0590 0468	lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
12:30:02.0591 0468	lmhosts - ok
12:30:02.0631 0468	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
12:30:02.0633 0468	LSI_FC - ok
12:30:02.0659 0468	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
12:30:02.0660 0468	LSI_SAS - ok
12:30:02.0693 0468	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
12:30:02.0694 0468	LSI_SAS2 - ok
12:30:02.0716 0468	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
12:30:02.0718 0468	LSI_SCSI - ok
12:30:02.0744 0468	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
12:30:02.0746 0468	luafv - ok
12:30:02.0832 0468	lxdiCATSCustConnectService (baa003617d899996cf282a3d92aee29b) C:\Windows\system32\spool\DRIVERS\x64\3\\lxdiserv.exe
12:30:02.0834 0468	lxdiCATSCustConnectService - ok
12:30:02.0850 0468	lxdi_device - ok
12:30:02.0912 0468	MBAMProtector   (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
12:30:02.0912 0468	MBAMProtector - ok
12:30:03.0007 0468	MBAMService     (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
12:30:03.0011 0468	MBAMService - ok
12:30:03.0034 0468	Mcx2Svc         (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
12:30:03.0036 0468	Mcx2Svc - ok
12:30:03.0057 0468	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
12:30:03.0058 0468	megasas - ok
12:30:03.0100 0468	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
12:30:03.0103 0468	MegaSR - ok
12:30:03.0143 0468	MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
12:30:03.0144 0468	MMCSS - ok
12:30:03.0167 0468	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
12:30:03.0168 0468	Modem - ok
12:30:03.0197 0468	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
12:30:03.0197 0468	monitor - ok
12:30:03.0238 0468	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
12:30:03.0239 0468	mouclass - ok
12:30:03.0263 0468	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
12:30:03.0263 0468	mouhid - ok
12:30:03.0292 0468	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
12:30:03.0293 0468	mountmgr - ok
12:30:03.0383 0468	MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
12:30:03.0384 0468	MozillaMaintenance - ok
12:30:03.0431 0468	MpFilter        (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
12:30:03.0434 0468	MpFilter - ok
12:30:03.0469 0468	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
12:30:03.0471 0468	mpio - ok
12:30:03.0494 0468	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
12:30:03.0495 0468	mpsdrv - ok
12:30:03.0564 0468	MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
12:30:03.0572 0468	MpsSvc - ok
12:30:03.0590 0468	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
12:30:03.0592 0468	MRxDAV - ok
12:30:03.0630 0468	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:30:03.0633 0468	mrxsmb - ok
12:30:03.0672 0468	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:30:03.0675 0468	mrxsmb10 - ok
12:30:03.0702 0468	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:30:03.0704 0468	mrxsmb20 - ok
12:30:03.0734 0468	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
12:30:03.0735 0468	msahci - ok
12:30:03.0766 0468	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
12:30:03.0768 0468	msdsm - ok
12:30:03.0793 0468	MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
12:30:03.0796 0468	MSDTC - ok
12:30:03.0819 0468	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
12:30:03.0820 0468	Msfs - ok
12:30:03.0835 0468	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
12:30:03.0836 0468	mshidkmdf - ok
12:30:03.0854 0468	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
12:30:03.0855 0468	msisadrv - ok
12:30:03.0895 0468	MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
12:30:03.0897 0468	MSiSCSI - ok
12:30:03.0900 0468	msiserver - ok
12:30:03.0933 0468	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
12:30:03.0934 0468	MSKSSRV - ok
12:30:03.0975 0468	MsMpSvc         (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe
12:30:03.0976 0468	MsMpSvc - ok
12:30:03.0999 0468	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
12:30:04.0000 0468	MSPCLOCK - ok
12:30:04.0008 0468	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
12:30:04.0008 0468	MSPQM - ok
12:30:04.0044 0468	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
12:30:04.0048 0468	MsRPC - ok
12:30:04.0079 0468	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
12:30:04.0079 0468	mssmbios - ok
12:30:04.0102 0468	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
12:30:04.0103 0468	MSTEE - ok
12:30:04.0126 0468	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
12:30:04.0127 0468	MTConfig - ok
12:30:04.0143 0468	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
12:30:04.0144 0468	Mup - ok
12:30:04.0224 0468	MyWiFiDHCPDNS   (4bbb9d9c4df259fae2d172c5bb25ddd0) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
12:30:04.0228 0468	MyWiFiDHCPDNS - ok
12:30:04.0279 0468	napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
12:30:04.0283 0468	napagent - ok
12:30:04.0328 0468	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
12:30:04.0331 0468	NativeWifiP - ok
12:30:04.0386 0468	NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
12:30:04.0396 0468	NDIS - ok
12:30:04.0423 0468	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
12:30:04.0424 0468	NdisCap - ok
12:30:04.0454 0468	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
12:30:04.0455 0468	NdisTapi - ok
12:30:04.0472 0468	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
12:30:04.0474 0468	Ndisuio - ok
12:30:04.0490 0468	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
12:30:04.0492 0468	NdisWan - ok
12:30:04.0510 0468	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
12:30:04.0511 0468	NDProxy - ok
12:30:04.0534 0468	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
12:30:04.0536 0468	NetBIOS - ok
12:30:04.0562 0468	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
12:30:04.0563 0468	NetBT - ok
12:30:04.0583 0468	Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:30:04.0584 0468	Netlogon - ok
12:30:04.0642 0468	Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
12:30:04.0645 0468	Netman - ok
12:30:04.0682 0468	netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
12:30:04.0689 0468	netprofm - ok
12:30:04.0776 0468	NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:30:04.0776 0468	NetTcpPortSharing - ok
12:30:05.0244 0468	NETwNs64        (ac69618de5bcce8747c9ab0aae1003c1) C:\Windows\system32\DRIVERS\NETwNs64.sys
12:30:05.0420 0468	NETwNs64 - ok
12:30:05.0535 0468	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
12:30:05.0537 0468	nfrd960 - ok
12:30:05.0593 0468	NisDrv          (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
12:30:05.0595 0468	NisDrv - ok
12:30:05.0675 0468	NisSrv          (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe
12:30:05.0678 0468	NisSrv - ok
12:30:05.0728 0468	NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
12:30:05.0731 0468	NlaSvc - ok
12:30:05.0755 0468	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
12:30:05.0756 0468	Npfs - ok
12:30:05.0786 0468	nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
12:30:05.0787 0468	nsi - ok
12:30:05.0802 0468	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
12:30:05.0803 0468	nsiproxy - ok
12:30:05.0914 0468	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
12:30:05.0930 0468	Ntfs - ok
12:30:06.0045 0468	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
12:30:06.0046 0468	Null - ok
12:30:06.0084 0468	nusb3hub        (0ebc9d13cd96c15b1b18d8678a609e4b) C:\Windows\system32\DRIVERS\nusb3hub.sys
12:30:06.0086 0468	nusb3hub - ok
12:30:06.0115 0468	nusb3xhc        (7bdec000d56d485021d9c1e63c2f81ca) C:\Windows\system32\DRIVERS\nusb3xhc.sys
12:30:06.0118 0468	nusb3xhc - ok
12:30:06.0790 0468	nvlddmkm        (5b87b16d2781982e32bab6d359034c37) C:\Windows\system32\DRIVERS\nvlddmkm.sys
12:30:06.0994 0468	nvlddmkm - ok
12:30:07.0158 0468	nvpciflt        (0fb06978e39d3b2bb02d616b71a718dc) C:\Windows\system32\DRIVERS\nvpciflt.sys
12:30:07.0159 0468	nvpciflt - ok
12:30:07.0207 0468	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
12:30:07.0209 0468	nvraid - ok
12:30:07.0226 0468	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
12:30:07.0229 0468	nvstor - ok
12:30:07.0303 0468	NVSvc           (e0978d69d66403beb006bed61b27b883) C:\Windows\system32\nvvsvc.exe
12:30:07.0313 0468	NVSvc - ok
12:30:07.0467 0468	nvUpdatusService (dc49ec481397457aea7d094383c0e1b6) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
12:30:07.0482 0468	nvUpdatusService - ok
12:30:07.0609 0468	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
12:30:07.0611 0468	nv_agp - ok
12:30:07.0642 0468	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
12:30:07.0643 0468	ohci1394 - ok
12:30:07.0726 0468	ose             (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:30:07.0728 0468	ose - ok
12:30:08.0030 0468	osppsvc         (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
12:30:08.0115 0468	osppsvc - ok
12:30:08.0231 0468	p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
12:30:08.0235 0468	p2pimsvc - ok
12:30:08.0286 0468	p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
12:30:08.0291 0468	p2psvc - ok
12:30:08.0339 0468	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
12:30:08.0340 0468	Parport - ok
12:30:08.0357 0468	partmgr         (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
12:30:08.0358 0468	partmgr - ok
12:30:08.0390 0468	PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
12:30:08.0392 0468	PcaSvc - ok
12:30:08.0422 0468	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
12:30:08.0424 0468	pci - ok
12:30:08.0451 0468	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
12:30:08.0452 0468	pciide - ok
12:30:08.0483 0468	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
12:30:08.0485 0468	pcmcia - ok
12:30:08.0523 0468	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
12:30:08.0525 0468	pcw - ok
12:30:08.0563 0468	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
12:30:08.0569 0468	PEAUTH - ok
12:30:08.0636 0468	PEGAGFN         (ee926c59cbd4dc4dc9fbb85014a2f1a5) C:\Program Files (x86)\PHotkey\PEGAGFN.sys
12:30:08.0637 0468	PEGAGFN - ok
12:30:08.0715 0468	PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
12:30:08.0717 0468	PerfHost - ok
12:30:08.0853 0468	pla             (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
12:30:08.0867 0468	pla - ok
12:30:08.0925 0468	PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
12:30:08.0930 0468	PlugPlay - ok
12:30:08.0952 0468	PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
12:30:08.0954 0468	PNRPAutoReg - ok
12:30:08.0975 0468	PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
12:30:08.0978 0468	PNRPsvc - ok
12:30:09.0015 0468	PolicyAgent     (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
12:30:09.0020 0468	PolicyAgent - ok
12:30:09.0052 0468	Power           (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
12:30:09.0055 0468	Power - ok
12:30:09.0099 0468	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
12:30:09.0101 0468	PptpMiniport - ok
12:30:09.0138 0468	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
12:30:09.0139 0468	Processor - ok
12:30:09.0176 0468	ProfSvc         (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
12:30:09.0178 0468	ProfSvc - ok
12:30:09.0195 0468	ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:30:09.0197 0468	ProtectedStorage - ok
12:30:09.0234 0468	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
12:30:09.0235 0468	Psched - ok
12:30:09.0251 0468	PSI             (fb46e9a827a8799ebd7bfa9128c91f37) C:\Windows\system32\DRIVERS\psi_mf.sys
12:30:09.0252 0468	PSI - ok
12:30:09.0356 0468	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
12:30:09.0371 0468	ql2300 - ok
12:30:09.0484 0468	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
12:30:09.0485 0468	ql40xx - ok
12:30:09.0518 0468	QWAVE           (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
12:30:09.0522 0468	QWAVE - ok
12:30:09.0554 0468	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
12:30:09.0555 0468	QWAVEdrv - ok
12:30:09.0571 0468	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
12:30:09.0571 0468	RasAcd - ok
12:30:09.0584 0468	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
12:30:09.0585 0468	RasAgileVpn - ok
12:30:09.0608 0468	RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
12:30:09.0610 0468	RasAuto - ok
12:30:09.0626 0468	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:30:09.0628 0468	Rasl2tp - ok
12:30:09.0654 0468	RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
12:30:09.0659 0468	RasMan - ok
12:30:09.0683 0468	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
12:30:09.0685 0468	RasPppoe - ok
12:30:09.0695 0468	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
12:30:09.0697 0468	RasSstp - ok
12:30:09.0729 0468	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
12:30:09.0733 0468	rdbss - ok
12:30:09.0752 0468	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
12:30:09.0753 0468	rdpbus - ok
12:30:09.0777 0468	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:30:09.0778 0468	RDPCDD - ok
12:30:09.0790 0468	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
12:30:09.0791 0468	RDPENCDD - ok
12:30:09.0810 0468	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
12:30:09.0811 0468	RDPREFMP - ok
12:30:09.0831 0468	RDPWD           (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
12:30:09.0832 0468	RDPWD - ok
12:30:09.0880 0468	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
12:30:09.0883 0468	rdyboost - ok
12:30:10.0003 0468	RegSrvc         (a436f5e7d80bbdbb0826d0f176d5bea8) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
12:30:10.0010 0468	RegSrvc - ok
12:30:10.0033 0468	RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
12:30:10.0035 0468	RemoteAccess - ok
12:30:10.0069 0468	RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
12:30:10.0072 0468	RemoteRegistry - ok
12:30:10.0128 0468	RFCOMM          (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
12:30:10.0131 0468	RFCOMM - ok
12:30:10.0164 0468	RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
12:30:10.0165 0468	RpcEptMapper - ok
12:30:10.0189 0468	RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
12:30:10.0191 0468	RpcLocator - ok
12:30:10.0230 0468	RpcSs           (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
12:30:10.0233 0468	RpcSs - ok
12:30:10.0276 0468	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
12:30:10.0277 0468	rspndr - ok
12:30:10.0306 0468	RTL8167         (baefee35d27a5440d35092ce10267bec) C:\Windows\system32\DRIVERS\Rt64win7.sys
12:30:10.0309 0468	RTL8167 - ok
12:30:10.0381 0468	RTL8192su       (4629c5c4772d223b0ecd1ea8ba7a2a33) C:\Windows\system32\DRIVERS\RTL8192su.sys
12:30:10.0384 0468	RTL8192su - ok
12:30:10.0407 0468	SamSs           (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:30:10.0408 0468	SamSs - ok
12:30:10.0428 0468	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
12:30:10.0430 0468	sbp2port - ok
12:30:10.0464 0468	SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
12:30:10.0467 0468	SCardSvr - ok
12:30:10.0498 0468	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
12:30:10.0499 0468	scfilter - ok
12:30:10.0569 0468	Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
12:30:10.0577 0468	Schedule - ok
12:30:10.0597 0468	SCPolicySvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
12:30:10.0597 0468	SCPolicySvc - ok
12:30:10.0630 0468	SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
12:30:10.0633 0468	SDRSVC - ok
12:30:10.0685 0468	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
12:30:10.0686 0468	secdrv - ok
12:30:10.0709 0468	seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
12:30:10.0711 0468	seclogon - ok
12:30:10.0852 0468	Secunia PSI Agent (f70a51eb03ee7046784ef62efce9528e) C:\Program Files (x86)\Secunia\PSI\PSIA.exe
12:30:10.0864 0468	Secunia PSI Agent - ok
12:30:10.0924 0468	Secunia Update Agent (ad56ceb08eeb517332355fde9e5939c8) C:\Program Files (x86)\Secunia\PSI\sua.exe
12:30:10.0927 0468	Secunia Update Agent - ok
12:30:11.0024 0468	SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
12:30:11.0026 0468	SENS - ok
12:30:11.0043 0468	SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
12:30:11.0045 0468	SensrSvc - ok
12:30:11.0108 0468	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
12:30:11.0109 0468	Serenum - ok
12:30:11.0145 0468	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
12:30:11.0146 0468	Serial - ok
12:30:11.0170 0468	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
12:30:11.0172 0468	sermouse - ok
12:30:11.0223 0468	SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
12:30:11.0225 0468	SessionEnv - ok
12:30:11.0263 0468	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
12:30:11.0265 0468	sffdisk - ok
12:30:11.0269 0468	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
12:30:11.0271 0468	sffp_mmc - ok
12:30:11.0275 0468	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
12:30:11.0276 0468	sffp_sd - ok
12:30:11.0332 0468	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
12:30:11.0333 0468	sfloppy - ok
12:30:11.0418 0468	Sftfs           (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
12:30:11.0426 0468	Sftfs - ok
12:30:11.0513 0468	sftlist         (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
12:30:11.0518 0468	sftlist - ok
12:30:11.0542 0468	Sftplay         (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
12:30:11.0545 0468	Sftplay - ok
12:30:11.0559 0468	Sftredir        (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
12:30:11.0560 0468	Sftredir - ok
12:30:11.0579 0468	Sftvol          (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
12:30:11.0580 0468	Sftvol - ok
12:30:11.0615 0468	sftvsa          (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
12:30:11.0617 0468	sftvsa - ok
12:30:11.0661 0468	SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
12:30:11.0666 0468	SharedAccess - ok
12:30:11.0700 0468	ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
12:30:11.0703 0468	ShellHWDetection - ok
12:30:11.0729 0468	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
12:30:11.0730 0468	SiSRaid2 - ok
12:30:11.0752 0468	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
12:30:11.0754 0468	SiSRaid4 - ok
12:30:11.0799 0468	SkypeUpdate     (db0405d9aad62f0762e0876ac142b7e1) C:\Program Files (x86)\Skype\Updater\Updater.exe
12:30:11.0800 0468	SkypeUpdate - ok
12:30:11.0835 0468	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
12:30:11.0837 0468	Smb - ok
12:30:11.0879 0468	SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
12:30:11.0881 0468	SNMPTRAP - ok
12:30:11.0903 0468	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
12:30:11.0904 0468	spldr - ok
12:30:11.0944 0468	Spooler         (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
12:30:11.0951 0468	Spooler - ok
12:30:12.0144 0468	sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
12:30:12.0201 0468	sppsvc - ok
12:30:12.0317 0468	sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
12:30:12.0319 0468	sppuinotify - ok
12:30:12.0384 0468	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
12:30:12.0389 0468	srv - ok
12:30:12.0421 0468	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
12:30:12.0426 0468	srv2 - ok
12:30:12.0450 0468	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
12:30:12.0452 0468	srvnet - ok
12:30:12.0492 0468	SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
12:30:12.0495 0468	SSDPSRV - ok
12:30:12.0508 0468	SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
12:30:12.0510 0468	SstpSvc - ok
12:30:12.0587 0468	Steam Client Service - ok
12:30:12.0612 0468	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
12:30:12.0613 0468	stexstor - ok
12:30:12.0674 0468	stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
12:30:12.0681 0468	stisvc - ok
12:30:12.0704 0468	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
12:30:12.0705 0468	swenum - ok
12:30:12.0761 0468	swprv           (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
12:30:12.0768 0468	swprv - ok
12:30:12.0851 0468	SysMain         (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
12:30:12.0867 0468	SysMain - ok
12:30:12.0970 0468	TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
12:30:12.0973 0468	TabletInputService - ok
12:30:13.0006 0468	TapiSrv         (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
12:30:13.0011 0468	TapiSrv - ok
12:30:13.0025 0468	TBS             (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
12:30:13.0028 0468	TBS - ok
12:30:13.0157 0468	Tcpip           (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
12:30:13.0176 0468	Tcpip - ok
12:30:13.0409 0468	TCPIP6          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
12:30:13.0417 0468	TCPIP6 - ok
12:30:13.0543 0468	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
12:30:13.0544 0468	tcpipreg - ok
12:30:13.0562 0468	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
12:30:13.0563 0468	TDPIPE - ok
12:30:13.0585 0468	TDTCP           (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
12:30:13.0586 0468	TDTCP - ok
12:30:13.0617 0468	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
12:30:13.0619 0468	tdx - ok
12:30:13.0649 0468	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
12:30:13.0650 0468	TermDD - ok
12:30:13.0705 0468	TermService     (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
12:30:13.0712 0468	TermService - ok
12:30:13.0721 0468	Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
12:30:13.0722 0468	Themes - ok
12:30:13.0743 0468	THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
12:30:13.0745 0468	THREADORDER - ok
12:30:13.0769 0468	TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
12:30:13.0771 0468	TrkWks - ok
12:30:13.0820 0468	TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
12:30:13.0823 0468	TrustedInstaller - ok
12:30:13.0842 0468	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:30:13.0843 0468	tssecsrv - ok
12:30:13.0878 0468	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
12:30:13.0879 0468	TsUsbFlt - ok
12:30:13.0909 0468	TsUsbGD         (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
12:30:13.0910 0468	TsUsbGD - ok
12:30:13.0958 0468	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
12:30:13.0960 0468	tunnel - ok
12:30:13.0982 0468	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
12:30:13.0984 0468	uagp35 - ok
12:30:14.0013 0468	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
12:30:14.0017 0468	udfs - ok
12:30:14.0042 0468	UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
12:30:14.0045 0468	UI0Detect - ok
12:30:14.0077 0468	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
12:30:14.0078 0468	uliagpkx - ok
12:30:14.0104 0468	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
12:30:14.0106 0468	umbus - ok
12:30:14.0143 0468	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
12:30:14.0144 0468	UmPass - ok
12:30:14.0182 0468	upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
12:30:14.0186 0468	upnphost - ok
12:30:14.0216 0468	usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
12:30:14.0217 0468	usbccgp - ok
12:30:14.0255 0468	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
12:30:14.0257 0468	usbcir - ok
12:30:14.0279 0468	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
12:30:14.0280 0468	usbehci - ok
12:30:14.0333 0468	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
12:30:14.0337 0468	usbhub - ok
12:30:14.0364 0468	usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
12:30:14.0366 0468	usbohci - ok
12:30:14.0395 0468	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
12:30:14.0397 0468	usbprint - ok
12:30:14.0417 0468	usbscan         (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
12:30:14.0419 0468	usbscan - ok
12:30:14.0441 0468	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:30:14.0442 0468	USBSTOR - ok
12:30:14.0463 0468	usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
12:30:14.0464 0468	usbuhci - ok
12:30:14.0510 0468	usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
12:30:14.0512 0468	usbvideo - ok
12:30:14.0539 0468	UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
12:30:14.0540 0468	UxSms - ok
12:30:14.0562 0468	VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:30:14.0563 0468	VaultSvc - ok
12:30:14.0598 0468	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
12:30:14.0599 0468	vdrvroot - ok
12:30:14.0647 0468	vds             (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
12:30:14.0654 0468	vds - ok
12:30:14.0681 0468	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
12:30:14.0683 0468	vga - ok
12:30:14.0698 0468	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
12:30:14.0699 0468	VgaSave - ok
12:30:14.0739 0468	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
12:30:14.0742 0468	vhdmp - ok
12:30:14.0770 0468	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
12:30:14.0771 0468	viaide - ok
12:30:14.0797 0468	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
12:30:14.0798 0468	volmgr - ok
12:30:14.0838 0468	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
12:30:14.0841 0468	volmgrx - ok
12:30:14.0877 0468	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
12:30:14.0880 0468	volsnap - ok
12:30:14.0913 0468	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
12:30:14.0915 0468	vsmraid - ok
12:30:15.0009 0468	VSS             (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
12:30:15.0026 0468	VSS - ok
12:30:15.0160 0468	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
12:30:15.0161 0468	vwifibus - ok
12:30:15.0184 0468	vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
12:30:15.0185 0468	vwififlt - ok
12:30:15.0203 0468	vwifimp         (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
12:30:15.0204 0468	vwifimp - ok
12:30:15.0246 0468	W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
12:30:15.0250 0468	W32Time - ok
12:30:15.0270 0468	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
12:30:15.0271 0468	WacomPen - ok
12:30:15.0303 0468	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:30:15.0304 0468	WANARP - ok
12:30:15.0307 0468	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:30:15.0308 0468	Wanarpv6 - ok
12:30:15.0411 0468	WatAdminSvc     (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
12:30:15.0424 0468	WatAdminSvc - ok
12:30:15.0501 0468	watchmi         (878c947c69ee89e4dbff9dbd6155c15d) C:\Program Files (x86)\watchmi\TvdService.exe
12:30:15.0501 0468	watchmi - ok
12:30:15.0590 0468	wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
12:30:15.0607 0468	wbengine - ok
12:30:15.0719 0468	WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
12:30:15.0723 0468	WbioSrvc - ok
12:30:15.0759 0468	wcncsvc         (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
12:30:15.0764 0468	wcncsvc - ok
12:30:15.0780 0468	WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
12:30:15.0782 0468	WcsPlugInService - ok
12:30:15.0822 0468	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
12:30:15.0822 0468	Wd - ok
12:30:15.0882 0468	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
12:30:15.0889 0468	Wdf01000 - ok
12:30:15.0910 0468	WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
12:30:15.0912 0468	WdiServiceHost - ok
12:30:15.0915 0468	WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
12:30:15.0917 0468	WdiSystemHost - ok
12:30:15.0944 0468	WebClient       (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
12:30:15.0948 0468	WebClient - ok
12:30:15.0969 0468	Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
12:30:15.0973 0468	Wecsvc - ok
12:30:15.0988 0468	wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
12:30:15.0990 0468	wercplsupport - ok
12:30:16.0023 0468	WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
12:30:16.0025 0468	WerSvc - ok
12:30:16.0075 0468	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
12:30:16.0075 0468	WfpLwf - ok
12:30:16.0092 0468	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
12:30:16.0093 0468	WIMMount - ok
12:30:16.0124 0468	WinDefend - ok
12:30:16.0130 0468	WinHttpAutoProxySvc - ok
12:30:16.0181 0468	Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
12:30:16.0184 0468	Winmgmt - ok
12:30:16.0305 0468	WinRM           (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
12:30:16.0327 0468	WinRM - ok
12:30:16.0483 0468	Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
12:30:16.0491 0468	Wlansvc - ok
12:30:16.0565 0468	wlcrasvc        (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
12:30:16.0567 0468	wlcrasvc - ok
12:30:16.0745 0468	wlidsvc         (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:30:16.0767 0468	wlidsvc - ok
12:30:16.0894 0468	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
12:30:16.0895 0468	WmiAcpi - ok
12:30:16.0939 0468	wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
12:30:16.0942 0468	wmiApSrv - ok
12:30:16.0975 0468	WMPNetworkSvc - ok
12:30:17.0014 0468	WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
12:30:17.0016 0468	WPCSvc - ok
12:30:17.0033 0468	WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
12:30:17.0037 0468	WPDBusEnum - ok
12:30:17.0063 0468	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
12:30:17.0064 0468	ws2ifsl - ok
12:30:17.0084 0468	wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
12:30:17.0086 0468	wscsvc - ok
12:30:17.0090 0468	WSearch - ok
12:30:17.0136 0468	wsvd            (82e8f5aa03df7dbdb8a33f700d5d8cda) C:\Windows\system32\DRIVERS\wsvd.sys
12:30:17.0138 0468	wsvd - ok
12:30:17.0311 0468	wuauserv        (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
12:30:17.0337 0468	wuauserv - ok
12:30:17.0450 0468	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
12:30:17.0452 0468	WudfPf - ok
12:30:17.0475 0468	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:30:17.0477 0468	WUDFRd - ok
12:30:17.0497 0468	wudfsvc         (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
12:30:17.0500 0468	wudfsvc - ok
12:30:17.0526 0468	WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
12:30:17.0529 0468	WwanSvc - ok
12:30:17.0570 0468	MBR (0x1B8)     (af7e2860d7c52a307fc27eecf18f08df) \Device\Harddisk0\DR0
12:30:20.0112 0468	\Device\Harddisk0\DR0 - ok
12:30:20.0168 0468	Boot (0x1200)   (8af0380f1f1ceee2fec372c9e8961a00) \Device\Harddisk0\DR0\Partition0
12:30:20.0169 0468	\Device\Harddisk0\DR0\Partition0 - ok
12:30:20.0180 0468	Boot (0x1200)   (e7dac6cebb8dd616e59820ae8b2948bb) \Device\Harddisk0\DR0\Partition1
12:30:20.0181 0468	\Device\Harddisk0\DR0\Partition1 - ok
12:30:20.0207 0468	Boot (0x1200)   (26d7c8ff6c0fb1b0f43508d6a5f185e9) \Device\Harddisk0\DR0\Partition2
12:30:20.0208 0468	\Device\Harddisk0\DR0\Partition2 - ok
12:30:20.0209 0468	============================================================
12:30:20.0209 0468	Scan finished
12:30:20.0209 0468	============================================================
12:30:20.0217 5488	Detected object count: 0
12:30:20.0217 5488	Actual detected object count: 0
12:31:42.0965 5192	============================================================
12:31:42.0965 5192	Scan started
12:31:42.0965 5192	Mode: Manual; SigCheck; TDLFS; 
12:31:42.0965 5192	============================================================
12:31:43.0155 5192	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
12:31:43.0238 5192	1394ohci - ok
12:31:43.0357 5192	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
12:31:43.0372 5192	ACPI - ok
12:31:43.0533 5192	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
12:31:43.0608 5192	AcpiPmi - ok
12:31:43.0783 5192	AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
12:31:43.0790 5192	AdobeARMservice - ok
12:31:44.0018 5192	AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
12:31:44.0027 5192	AdobeFlashPlayerUpdateSvc - ok
12:31:44.0132 5192	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
12:31:44.0144 5192	adp94xx - ok
12:31:44.0280 5192	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
12:31:44.0290 5192	adpahci - ok
12:31:44.0385 5192	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
12:31:44.0394 5192	adpu320 - ok
12:31:44.0427 5192	AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
12:31:44.0722 5192	AeLookupSvc - ok
12:31:44.0856 5192	AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
12:31:44.0963 5192	AFD - ok
12:31:44.0997 5192	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
12:31:45.0005 5192	agp440 - ok
12:31:45.0040 5192	ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
12:31:45.0089 5192	ALG - ok
12:31:45.0109 5192	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
12:31:45.0117 5192	aliide - ok
12:31:45.0151 5192	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
12:31:45.0158 5192	amdide - ok
12:31:45.0180 5192	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
12:31:45.0209 5192	AmdK8 - ok
12:31:45.0231 5192	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
12:31:45.0264 5192	AmdPPM - ok
12:31:45.0292 5192	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
12:31:45.0301 5192	amdsata - ok
12:31:45.0336 5192	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
12:31:45.0345 5192	amdsbs - ok
12:31:45.0361 5192	amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
12:31:45.0368 5192	amdxata - ok
12:31:45.0396 5192	AmUStor         (08d51900c07bae4f1fc82fc669b99b79) C:\Windows\system32\drivers\AmUStor.SYS
12:31:45.0442 5192	AmUStor - ok
12:31:45.0517 5192	AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
12:31:45.0535 5192	AntiVirSchedulerService - ok
12:31:45.0560 5192	AntiVirService  (a489be6bb0aa1ff406b488b60542314b) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
12:31:45.0567 5192	AntiVirService - ok
12:31:45.0594 5192	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
12:31:45.0760 5192	AppID - ok
12:31:45.0791 5192	AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
12:31:45.0843 5192	AppIDSvc - ok
12:31:45.0863 5192	Appinfo         (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
12:31:45.0902 5192	Appinfo - ok
12:31:45.0936 5192	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
12:31:45.0944 5192	arc - ok
12:31:45.0965 5192	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
12:31:45.0973 5192	arcsas - ok
12:31:46.0025 5192	ASLDRService    (efd89582b55dd32dc79c1a4eb54612a1) C:\Program Files (x86)\PHotkey\ASLDRSrv.exe
12:31:46.0038 5192	ASLDRService - ok
12:31:46.0075 5192	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
12:31:46.0124 5192	AsyncMac - ok
12:31:46.0146 5192	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
12:31:46.0154 5192	atapi - ok
12:31:46.0228 5192	AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
12:31:46.0280 5192	AudioEndpointBuilder - ok
12:31:46.0286 5192	AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
12:31:46.0315 5192	AudioSrv - ok
12:31:46.0343 5192	avgntflt        (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys
12:31:46.0350 5192	avgntflt - ok
12:31:46.0376 5192	avipbb          (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys
12:31:46.0383 5192	avipbb - ok
12:31:46.0404 5192	avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
12:31:46.0410 5192	avkmgr - ok
12:31:46.0441 5192	AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
12:31:46.0504 5192	AxInstSV - ok
12:31:46.0560 5192	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
12:31:46.0591 5192	b06bdrv - ok
12:31:46.0628 5192	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
12:31:46.0663 5192	b57nd60a - ok
12:31:46.0696 5192	BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
12:31:46.0724 5192	BDESVC - ok
12:31:46.0744 5192	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
12:31:46.0789 5192	Beep - ok
12:31:46.0866 5192	BFE             (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
12:31:46.0916 5192	BFE - ok
12:31:46.0994 5192	BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
12:31:47.0053 5192	BITS - ok
12:31:47.0098 5192	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
12:31:47.0138 5192	blbdrive - ok
12:31:47.0169 5192	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
12:31:47.0205 5192	bowser - ok
12:31:47.0240 5192	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
12:31:47.0264 5192	BrFiltLo - ok
12:31:47.0293 5192	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
12:31:47.0321 5192	BrFiltUp - ok
12:31:47.0349 5192	Browser         (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
12:31:47.0387 5192	Browser - ok
12:31:47.0432 5192	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
12:31:47.0469 5192	Brserid - ok
12:31:47.0503 5192	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
12:31:47.0523 5192	BrSerWdm - ok
12:31:47.0558 5192	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
12:31:47.0584 5192	BrUsbMdm - ok
12:31:47.0621 5192	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
12:31:47.0645 5192	BrUsbSer - ok
12:31:47.0683 5192	BthEnum         (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
12:31:47.0730 5192	BthEnum - ok
12:31:47.0757 5192	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
12:31:47.0784 5192	BTHMODEM - ok
12:31:47.0827 5192	BthPan          (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
12:31:47.0853 5192	BthPan - ok
12:31:47.0915 5192	BTHPORT         (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
12:31:47.0940 5192	BTHPORT - ok
12:31:47.0971 5192	bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
12:31:47.0997 5192	bthserv - ok
12:31:48.0010 5192	BTHUSB          (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
12:31:48.0043 5192	BTHUSB - ok
12:31:48.0076 5192	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
12:31:48.0133 5192	cdfs - ok
12:31:48.0173 5192	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
12:31:48.0201 5192	cdrom - ok
12:31:48.0234 5192	CertPropSvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
12:31:48.0288 5192	CertPropSvc - ok
12:31:48.0314 5192	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
12:31:48.0338 5192	circlass - ok
12:31:48.0397 5192	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
12:31:48.0409 5192	CLFS - ok
12:31:48.0478 5192	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:31:48.0485 5192	clr_optimization_v2.0.50727_32 - ok
12:31:48.0535 5192	clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:31:48.0542 5192	clr_optimization_v2.0.50727_64 - ok
12:31:48.0582 5192	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:31:48.0591 5192	clr_optimization_v4.0.30319_32 - ok
12:31:48.0651 5192	clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:31:48.0658 5192	clr_optimization_v4.0.30319_64 - ok
12:31:48.0683 5192	clwvd           (50f92c943f18b070f166d019dfab3d9a) C:\Windows\system32\DRIVERS\clwvd.sys
12:31:48.0690 5192	clwvd - ok
12:31:48.0709 5192	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
12:31:48.0735 5192	CmBatt - ok
12:31:48.0761 5192	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
12:31:48.0768 5192	cmdide - ok
12:31:48.0837 5192	CNG             (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
12:31:48.0853 5192	CNG - ok
12:31:48.0967 5192	CnxtHdAudService (e0b53d1fef69106b76c06a0d783916e8) C:\Windows\system32\drivers\CHDRT64.sys
12:31:48.0991 5192	CnxtHdAudService - ok
12:31:49.0104 5192	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
12:31:49.0112 5192	Compbatt - ok
12:31:49.0161 5192	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
12:31:49.0206 5192	CompositeBus - ok
12:31:49.0208 5192	COMSysApp - ok
12:31:49.0242 5192	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
12:31:49.0249 5192	crcdisk - ok
12:31:49.0282 5192	CryptSvc        (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
12:31:49.0317 5192	CryptSvc - ok
12:31:49.0470 5192	cvhsvc          (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
12:31:49.0488 5192	cvhsvc - ok
12:31:49.0528 5192	CxAudMsg        (f160b26b26ba4afe8cecc12ed5ac231e) C:\Windows\system32\CxAudMsg64.exe
12:31:49.0536 5192	CxAudMsg - ok
12:31:49.0596 5192	DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
12:31:49.0651 5192	DcomLaunch - ok
12:31:49.0695 5192	defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
12:31:49.0735 5192	defragsvc - ok
12:31:49.0785 5192	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
12:31:49.0820 5192	DfsC - ok
12:31:49.0875 5192	Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
12:31:49.0929 5192	Dhcp - ok
12:31:49.0952 5192	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
12:31:49.0992 5192	discache - ok
12:31:50.0024 5192	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
12:31:50.0031 5192	Disk - ok
12:31:50.0070 5192	Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
12:31:50.0114 5192	Dnscache - ok
12:31:50.0154 5192	dot3svc         (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
12:31:50.0209 5192	dot3svc - ok
12:31:50.0239 5192	DPS             (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
12:31:50.0294 5192	DPS - ok
12:31:50.0315 5192	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
12:31:50.0350 5192	drmkaud - ok
12:31:50.0435 5192	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
12:31:50.0460 5192	DXGKrnl - ok
12:31:50.0490 5192	EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
12:31:50.0524 5192	EapHost - ok
12:31:50.0734 5192	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
12:31:50.0796 5192	ebdrv - ok
12:31:50.0911 5192	EFS             (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
12:31:50.0964 5192	EFS - ok
12:31:51.0041 5192	ehRecvr         (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
12:31:51.0109 5192	ehRecvr - ok
12:31:51.0139 5192	ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
12:31:51.0167 5192	ehSched - ok
12:31:51.0244 5192	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
12:31:51.0257 5192	elxstor - ok
12:31:51.0287 5192	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
12:31:51.0314 5192	ErrDev - ok
12:31:51.0363 5192	EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
12:31:51.0412 5192	EventSystem - ok
12:31:51.0547 5192	EvtEng          (54fc81b0162478a72a93dbbeafb35671) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
12:31:51.0571 5192	EvtEng - ok
12:31:51.0690 5192	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
12:31:51.0738 5192	exfat - ok
12:31:51.0909 5192	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
12:31:51.0972 5192	fastfat - ok
12:31:52.0744 5192	Fax             (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
12:31:52.0827 5192	Fax - ok
12:31:52.0868 5192	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
12:31:52.0909 5192	fdc - ok
12:31:52.0930 5192	fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
12:31:52.0978 5192	fdPHost - ok
12:31:53.0002 5192	FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
12:31:53.0043 5192	FDResPub - ok
12:31:53.0177 5192	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
12:31:53.0185 5192	FileInfo - ok
12:31:53.0196 5192	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
12:31:53.0237 5192	Filetrace - ok
12:31:53.0258 5192	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
12:31:53.0278 5192	flpydisk - ok
12:31:53.0327 5192	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
12:31:53.0337 5192	FltMgr - ok
12:31:53.0422 5192	FontCache       (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
12:31:53.0449 5192	FontCache - ok
12:31:53.0509 5192	FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:31:53.0516 5192	FontCache3.0.0.0 - ok
12:31:53.0554 5192	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
12:31:53.0561 5192	FsDepends - ok
12:31:53.0587 5192	fspad_wlh64     (95d0cb3e794dea8cbe21725811a554dc) C:\Windows\system32\DRIVERS\fspad_wlh64.sys
12:31:53.0620 5192	fspad_wlh64 - ok
12:31:53.0652 5192	fspad_xp64      (95d0cb3e794dea8cbe21725811a554dc) C:\Windows\system32\drivers\fspad_xp64.sys
12:31:53.0659 5192	fspad_xp64 - ok
12:31:53.0686 5192	Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
12:31:53.0693 5192	Fs_Rec - ok
12:31:53.0732 5192	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
12:31:53.0744 5192	fvevol - ok
12:31:53.0767 5192	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
12:31:53.0775 5192	gagp30kx - ok
12:31:53.0854 5192	GFNEXSrv        (ba9051d3745fa546de3660f5f2ef84a5) C:\Program Files (x86)\PHotkey\GFNEXSrv.exe
12:31:53.0861 5192	GFNEXSrv - ok
12:31:53.0951 5192	gpsvc           (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
12:31:53.0993 5192	gpsvc - ok
12:31:54.0059 5192	gupdate         (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:31:54.0065 5192	gupdate - ok
12:31:54.0068 5192	gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:31:54.0075 5192	gupdatem - ok
12:31:54.0093 5192	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
12:31:54.0124 5192	hcw85cir - ok
12:31:54.0173 5192	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
12:31:54.0195 5192	HdAudAddService - ok
12:31:54.0229 5192	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
12:31:54.0254 5192	HDAudBus - ok
12:31:54.0283 5192	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
12:31:54.0313 5192	HidBatt - ok
12:31:54.0352 5192	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
12:31:54.0376 5192	HidBth - ok
12:31:54.0408 5192	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
12:31:54.0418 5192	HidIr - ok
12:31:54.0449 5192	hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
12:31:54.0488 5192	hidserv - ok
12:31:54.0507 5192	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
12:31:54.0516 5192	HidUsb - ok
12:31:54.0543 5192	hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
12:31:54.0592 5192	hkmsvc - ok
12:31:54.0642 5192	HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
12:31:54.0704 5192	HomeGroupListener - ok
12:31:54.0742 5192	HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
12:31:54.0777 5192	HomeGroupProvider - ok
12:31:54.0819 5192	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
12:31:54.0827 5192	HpSAMD - ok
12:31:54.0913 5192	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
12:31:54.0953 5192	HTTP - ok
12:31:54.0967 5192	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
12:31:54.0975 5192	hwpolicy - ok
12:31:55.0001 5192	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
12:31:55.0010 5192	i8042prt - ok
12:31:55.0065 5192	iaStor          (d7921d5a870b11cc1adab198a519d50a) C:\Windows\system32\drivers\iaStor.sys
12:31:55.0076 5192	iaStor - ok
12:31:55.0150 5192	IAStorDataMgrSvc (8fff9083252c16fe3960173722605e9e) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
12:31:55.0156 5192	IAStorDataMgrSvc - ok
12:31:55.0190 5192	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
12:31:55.0202 5192	iaStorV - ok
12:31:55.0330 5192	idsvc           (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:31:55.0345 5192	idsvc - ok
12:31:55.0992 5192	igfx            (66dc0ce2d1867b8178eaa0e11930dbd7) C:\Windows\system32\DRIVERS\igdkmd64.sys
12:31:56.0145 5192	igfx - ok
12:31:56.0284 5192	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
12:31:56.0292 5192	iirsp - ok
12:31:56.0377 5192	IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
12:31:56.0425 5192	IKEEXT - ok
12:31:56.0486 5192	IntcDAud        (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
12:31:56.0511 5192	IntcDAud - ok
12:31:56.0535 5192	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
12:31:56.0543 5192	intelide - ok
12:31:56.0576 5192	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
12:31:56.0603 5192	intelppm - ok
12:31:56.0632 5192	IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
12:31:56.0677 5192	IPBusEnum - ok
12:31:56.0710 5192	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:31:56.0752 5192	IpFilterDriver - ok
12:31:56.0816 5192	iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
12:31:56.0871 5192	iphlpsvc - ok
12:31:56.0913 5192	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
12:31:56.0933 5192	IPMIDRV - ok
12:31:56.0982 5192	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
12:31:57.0038 5192	IPNAT - ok
12:31:57.0071 5192	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
12:31:57.0107 5192	IRENUM - ok
12:31:57.0143 5192	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
12:31:57.0150 5192	isapnp - ok
12:31:57.0185 5192	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
12:31:57.0194 5192	iScsiPrt - ok
12:31:57.0343 5192	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
12:31:57.0350 5192	kbdclass - ok
12:31:57.0461 5192	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
12:31:57.0470 5192	kbdhid - ok
12:31:57.0544 5192	KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:31:57.0552 5192	KeyIso - ok
12:31:57.0608 5192	KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
12:31:57.0616 5192	KSecDD - ok
12:31:57.0644 5192	KSecPkg         (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
12:31:57.0652 5192	KSecPkg - ok
12:31:57.0688 5192	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
12:31:57.0736 5192	ksthunk - ok
12:31:57.0790 5192	KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
12:31:57.0835 5192	KtmRm - ok
12:31:57.0868 5192	L1C             (a4a9ca24e54e81c6c3e469eaeb4b3f42) C:\Windows\system32\DRIVERS\L1C62x64.sys
12:31:57.0874 5192	L1C - ok
12:31:57.0915 5192	LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
12:31:57.0951 5192	LanmanServer - ok
12:31:57.0989 5192	LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
12:31:58.0029 5192	LanmanWorkstation - ok
12:31:58.0047 5192	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
12:31:58.0082 5192	lltdio - ok
12:31:58.0132 5192	lltdsvc         (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
12:31:58.0173 5192	lltdsvc - ok
12:31:58.0197 5192	lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
12:31:58.0237 5192	lmhosts - ok
12:31:58.0263 5192	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
12:31:58.0271 5192	LSI_FC - ok
12:31:58.0303 5192	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
12:31:58.0311 5192	LSI_SAS - ok
12:31:58.0335 5192	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
12:31:58.0343 5192	LSI_SAS2 - ok
12:31:58.0370 5192	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
12:31:58.0379 5192	LSI_SCSI - ok
12:31:58.0398 5192	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
12:31:58.0442 5192	luafv - ok
12:31:58.0507 5192	lxdiCATSCustConnectService (baa003617d899996cf282a3d92aee29b) C:\Windows\system32\spool\DRIVERS\x64\3\\lxdiserv.exe
12:31:58.0514 5192	lxdiCATSCustConnectService - ok
12:31:58.0515 5192	lxdi_device - ok
12:31:58.0541 5192	MBAMProtector   (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
12:31:58.0548 5192	MBAMProtector - ok
12:31:58.0661 5192	MBAMService     (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
12:31:58.0674 5192	MBAMService - ok
12:31:58.0698 5192	Mcx2Svc         (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
12:31:58.0720 5192	Mcx2Svc - ok
12:31:58.0742 5192	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
12:31:58.0751 5192	megasas - ok
12:31:58.0797 5192	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
12:31:58.0807 5192	MegaSR - ok
12:31:58.0828 5192	MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
12:31:58.0883 5192	MMCSS - ok
12:31:58.0908 5192	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
12:31:58.0952 5192	Modem - ok
12:31:58.0970 5192	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
12:31:59.0000 5192	monitor - ok
12:31:59.0023 5192	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
12:31:59.0031 5192	mouclass - ok
12:31:59.0059 5192	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
12:31:59.0081 5192	mouhid - ok
12:31:59.0112 5192	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
12:31:59.0120 5192	mountmgr - ok
12:31:59.0182 5192	MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
12:31:59.0190 5192	MozillaMaintenance - ok
12:31:59.0233 5192	MpFilter        (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
12:31:59.0243 5192	MpFilter - ok
12:31:59.0280 5192	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
12:31:59.0289 5192	mpio - ok
12:31:59.0313 5192	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
12:31:59.0338 5192	mpsdrv - ok
12:31:59.0423 5192	MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
12:31:59.0466 5192	MpsSvc - ok
12:31:59.0510 5192	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
12:31:59.0547 5192	MRxDAV - ok
12:31:59.0587 5192	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:31:59.0620 5192	mrxsmb - ok
12:31:59.0666 5192	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:31:59.0700 5192	mrxsmb10 - ok
12:31:59.0737 5192	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:31:59.0785 5192	mrxsmb20 - ok
12:31:59.0818 5192	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
12:31:59.0825 5192	msahci - ok
12:31:59.0865 5192	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
12:31:59.0873 5192	msdsm - ok
12:31:59.0904 5192	MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
12:31:59.0926 5192	MSDTC - ok
12:31:59.0947 5192	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
12:31:59.0983 5192	Msfs - ok
12:31:59.0997 5192	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
12:32:00.0035 5192	mshidkmdf - ok
12:32:00.0060 5192	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
12:32:00.0068 5192	msisadrv - ok
12:32:00.0106 5192	MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
12:32:00.0150 5192	MSiSCSI - ok
12:32:00.0152 5192	msiserver - ok
12:32:00.0173 5192	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
12:32:00.0212 5192	MSKSSRV - ok
12:32:00.0260 5192	MsMpSvc         (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe
12:32:00.0268 5192	MsMpSvc - ok
12:32:00.0283 5192	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
12:32:00.0329 5192	MSPCLOCK - ok
12:32:00.0347 5192	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
12:32:00.0383 5192	MSPQM - ok
12:32:00.0439 5192	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
12:32:00.0450 5192	MsRPC - ok
12:32:00.0475 5192	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
12:32:00.0483 5192	mssmbios - ok
12:32:00.0509 5192	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
12:32:00.0544 5192	MSTEE - ok
12:32:00.0566 5192	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
12:32:00.0589 5192	MTConfig - ok
12:32:00.0618 5192	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
12:32:00.0625 5192	Mup - ok
12:32:00.0695 5192	MyWiFiDHCPDNS   (4bbb9d9c4df259fae2d172c5bb25ddd0) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
12:32:00.0703 5192	MyWiFiDHCPDNS - ok
12:32:00.0765 5192	napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
12:32:00.0803 5192	napagent - ok
12:32:00.0854 5192	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
12:32:00.0877 5192	NativeWifiP - ok
12:32:00.0955 5192	NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
12:32:00.0973 5192	NDIS - ok
12:32:00.0986 5192	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
12:32:01.0043 5192	NdisCap - ok
12:32:01.0072 5192	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
12:32:01.0115 5192	NdisTapi - ok
12:32:01.0136 5192	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
12:32:01.0170 5192	Ndisuio - ok
12:32:01.0212 5192	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
12:32:01.0249 5192	NdisWan - ok
12:32:01.0274 5192	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
12:32:01.0317 5192	NDProxy - ok
12:32:01.0342 5192	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
12:32:01.0376 5192	NetBIOS - ok
12:32:01.0410 5192	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
12:32:01.0447 5192	NetBT - ok
12:32:01.0467 5192	Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:32:01.0476 5192	Netlogon - ok
12:32:01.0524 5192	Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
12:32:01.0565 5192	Netman - ok
12:32:01.0611 5192	netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
12:32:01.0648 5192	netprofm - ok
12:32:01.0742 5192	NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:32:01.0749 5192	NetTcpPortSharing - ok
12:32:02.0273 5192	NETwNs64        (ac69618de5bcce8747c9ab0aae1003c1) C:\Windows\system32\DRIVERS\NETwNs64.sys
12:32:02.0386 5192	NETwNs64 - ok
12:32:02.0508 5192	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
12:32:02.0516 5192	nfrd960 - ok
12:32:02.0546 5192	NisDrv          (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
12:32:02.0554 5192	NisDrv - ok
12:32:02.0636 5192	NisSrv          (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe
12:32:02.0647 5192	NisSrv - ok
12:32:02.0698 5192	NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
12:32:02.0736 5192	NlaSvc - ok
12:32:02.0762 5192	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
12:32:02.0788 5192	Npfs - ok
12:32:02.0816 5192	nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
12:32:02.0855 5192	nsi - ok
12:32:02.0876 5192	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
12:32:02.0919 5192	nsiproxy - ok
12:32:03.0048 5192	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
12:32:03.0075 5192	Ntfs - ok
12:32:03.0207 5192	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
12:32:03.0243 5192	Null - ok
12:32:03.0271 5192	nusb3hub        (0ebc9d13cd96c15b1b18d8678a609e4b) C:\Windows\system32\DRIVERS\nusb3hub.sys
12:32:03.0300 5192	nusb3hub - ok
12:32:03.0338 5192	nusb3xhc        (7bdec000d56d485021d9c1e63c2f81ca) C:\Windows\system32\DRIVERS\nusb3xhc.sys
12:32:03.0356 5192	nusb3xhc - ok
12:32:04.0061 5192	nvlddmkm        (5b87b16d2781982e32bab6d359034c37) C:\Windows\system32\DRIVERS\nvlddmkm.sys
12:32:04.0214 5192	nvlddmkm - ok
12:32:04.0409 5192	nvpciflt        (0fb06978e39d3b2bb02d616b71a718dc) C:\Windows\system32\DRIVERS\nvpciflt.sys
12:32:04.0415 5192	nvpciflt - ok
12:32:04.0450 5192	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
12:32:04.0459 5192	nvraid - ok
12:32:04.0482 5192	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
12:32:04.0490 5192	nvstor - ok
12:32:04.0572 5192	NVSvc           (e0978d69d66403beb006bed61b27b883) C:\Windows\system32\nvvsvc.exe
12:32:04.0590 5192	NVSvc - ok
12:32:04.0756 5192	nvUpdatusService (dc49ec481397457aea7d094383c0e1b6) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
12:32:04.0784 5192	nvUpdatusService - ok
12:32:04.0941 5192	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
12:32:04.0949 5192	nv_agp - ok
12:32:04.0983 5192	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
12:32:05.0005 5192	ohci1394 - ok
12:32:05.0081 5192	ose             (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:32:05.0089 5192	ose - ok
12:32:05.0395 5192	osppsvc         (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
12:32:05.0457 5192	osppsvc - ok
12:32:05.0603 5192	p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
12:32:05.0643 5192	p2pimsvc - ok
12:32:05.0705 5192	p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
12:32:05.0717 5192	p2psvc - ok
12:32:05.0770 5192	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
12:32:05.0796 5192	Parport - ok
12:32:05.0821 5192	partmgr         (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
12:32:05.0829 5192	partmgr - ok
12:32:05.0868 5192	PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
12:32:05.0897 5192	PcaSvc - ok
12:32:05.0944 5192	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
12:32:05.0953 5192	pci - ok
12:32:05.0979 5192	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
12:32:05.0986 5192	pciide - ok
12:32:06.0016 5192	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
12:32:06.0025 5192	pcmcia - ok
12:32:06.0053 5192	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
12:32:06.0060 5192	pcw - ok
12:32:06.0128 5192	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
12:32:06.0169 5192	PEAUTH - ok
12:32:06.0242 5192	PEGAGFN         (ee926c59cbd4dc4dc9fbb85014a2f1a5) C:\Program Files (x86)\PHotkey\PEGAGFN.sys
12:32:06.0248 5192	PEGAGFN - ok
12:32:06.0332 5192	PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
12:32:06.0357 5192	PerfHost - ok
12:32:06.0536 5192	pla             (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
12:32:06.0590 5192	pla - ok
12:32:06.0644 5192	PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
12:32:06.0683 5192	PlugPlay - ok
12:32:06.0703 5192	PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
12:32:06.0723 5192	PNRPAutoReg - ok
12:32:06.0769 5192	PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
12:32:06.0780 5192	PNRPsvc - ok
12:32:06.0832 5192	PolicyAgent     (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
12:32:06.0876 5192	PolicyAgent - ok
12:32:06.0918 5192	Power           (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
12:32:06.0955 5192	Power - ok
12:32:07.0005 5192	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
12:32:07.0046 5192	PptpMiniport - ok
12:32:07.0078 5192	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
12:32:07.0087 5192	Processor - ok
12:32:07.0133 5192	ProfSvc         (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
12:32:07.0156 5192	ProfSvc - ok
12:32:07.0179 5192	ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:32:07.0188 5192	ProtectedStorage - ok
12:32:07.0221 5192	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
12:32:07.0254 5192	Psched - ok
12:32:07.0279 5192	PSI             (fb46e9a827a8799ebd7bfa9128c91f37) C:\Windows\system32\DRIVERS\psi_mf.sys
12:32:07.0286 5192	PSI - ok
12:32:07.0393 5192	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
12:32:07.0417 5192	ql2300 - ok
12:32:07.0549 5192	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
12:32:07.0557 5192	ql40xx - ok
12:32:07.0597 5192	QWAVE           (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
12:32:07.0611 5192	QWAVE - ok
12:32:07.0639 5192	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
12:32:07.0665 5192	QWAVEdrv - ok
12:32:07.0687 5192	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
12:32:07.0729 5192	RasAcd - ok
12:32:07.0756 5192	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
12:32:07.0793 5192	RasAgileVpn - ok
12:32:07.0828 5192	RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
12:32:07.0869 5192	RasAuto - ok
12:32:07.0891 5192	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:32:07.0933 5192	Rasl2tp - ok
12:32:07.0983 5192	RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
12:32:08.0020 5192	RasMan - ok
12:32:08.0047 5192	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
12:32:08.0091 5192	RasPppoe - ok
12:32:08.0114 5192	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
12:32:08.0159 5192	RasSstp - ok
12:32:08.0199 5192	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
12:32:08.0243 5192	rdbss - ok
12:32:08.0269 5192	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
12:32:08.0295 5192	rdpbus - ok
12:32:08.0327 5192	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:32:08.0365 5192	RDPCDD - ok
12:32:08.0369 5192	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
12:32:08.0407 5192	RDPENCDD - ok
12:32:08.0427 5192	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
12:32:08.0451 5192	RDPREFMP - ok
12:32:08.0487 5192	RDPWD           (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
12:32:08.0540 5192	RDPWD - ok
12:32:08.0582 5192	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
12:32:08.0592 5192	rdyboost - ok
12:32:08.0724 5192	RegSrvc         (a436f5e7d80bbdbb0826d0f176d5bea8) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
12:32:08.0739 5192	RegSrvc - ok
12:32:08.0763 5192	RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
12:32:08.0805 5192	RemoteAccess - ok
12:32:08.0846 5192	RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
12:32:08.0882 5192	RemoteRegistry - ok
12:32:08.0951 5192	RFCOMM          (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
12:32:08.0972 5192	RFCOMM - ok
12:32:09.0004 5192	RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
12:32:09.0046 5192	RpcEptMapper - ok
12:32:09.0073 5192	RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
12:32:09.0102 5192	RpcLocator - ok
12:32:09.0173 5192	RpcSs           (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
12:32:09.0202 5192	RpcSs - ok
12:32:09.0250 5192	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
12:32:09.0285 5192	rspndr - ok
12:32:09.0318 5192	RTL8167         (baefee35d27a5440d35092ce10267bec) C:\Windows\system32\DRIVERS\Rt64win7.sys
12:32:09.0338 5192	RTL8167 - ok
12:32:09.0408 5192	RTL8192su       (4629c5c4772d223b0ecd1ea8ba7a2a33) C:\Windows\system32\DRIVERS\RTL8192su.sys
12:32:09.0421 5192	RTL8192su - ok
12:32:09.0446 5192	SamSs           (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:32:09.0455 5192	SamSs - ok
12:32:09.0482 5192	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
12:32:09.0491 5192	sbp2port - ok
12:32:09.0532 5192	SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
12:32:09.0574 5192	SCardSvr - ok
12:32:09.0604 5192	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
12:32:09.0644 5192	scfilter - ok
12:32:09.0738 5192	Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
12:32:09.0794 5192	Schedule - ok
12:32:09.0827 5192	SCPolicySvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
12:32:09.0853 5192	SCPolicySvc - ok
12:32:09.0886 5192	SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
12:32:09.0926 5192	SDRSVC - ok
12:32:09.0971 5192	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
12:32:10.0011 5192	secdrv - ok
12:32:10.0038 5192	seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
12:32:10.0063 5192	seclogon - ok
12:32:10.0221 5192	Secunia PSI Agent (f70a51eb03ee7046784ef62efce9528e) C:\Program Files (x86)\Secunia\PSI\PSIA.exe
12:32:10.0242 5192	Secunia PSI Agent - ok
12:32:10.0305 5192	Secunia Update Agent (ad56ceb08eeb517332355fde9e5939c8) C:\Program Files (x86)\Secunia\PSI\sua.exe
12:32:10.0318 5192	Secunia Update Agent - ok
12:32:10.0444 5192	SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
12:32:10.0482 5192	SENS - ok
12:32:10.0495 5192	SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
12:32:10.0541 5192	SensrSvc - ok
12:32:10.0593 5192	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
12:32:10.0615 5192	Serenum - ok
12:32:10.0653 5192	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
12:32:10.0679 5192	Serial - ok
12:32:10.0710 5192	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
12:32:10.0727 5192	sermouse - ok
12:32:10.0763 5192	SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
12:32:10.0804 5192	SessionEnv - ok
12:32:10.0836 5192	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
12:32:10.0860 5192	sffdisk - ok
12:32:10.0864 5192	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
12:32:10.0884 5192	sffp_mmc - ok
12:32:10.0888 5192	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
12:32:10.0898 5192	sffp_sd - ok
12:32:10.0927 5192	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
12:32:10.0946 5192	sfloppy - ok
12:32:11.0025 5192	Sftfs           (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
12:32:11.0039 5192	Sftfs - ok
12:32:11.0150 5192	sftlist         (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
12:32:11.0162 5192	sftlist - ok
12:32:11.0198 5192	Sftplay         (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
12:32:11.0207 5192	Sftplay - ok
12:32:11.0221 5192	Sftredir        (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
12:32:11.0228 5192	Sftredir - ok
12:32:11.0253 5192	Sftvol          (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
12:32:11.0259 5192	Sftvol - ok
12:32:11.0295 5192	sftvsa          (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
12:32:11.0303 5192	sftvsa - ok
12:32:11.0357 5192	SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
12:32:11.0395 5192	SharedAccess - ok
12:32:11.0452 5192	ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
12:32:11.0488 5192	ShellHWDetection - ok
12:32:11.0513 5192	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
12:32:11.0520 5192	SiSRaid2 - ok
12:32:11.0551 5192	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
12:32:11.0558 5192	SiSRaid4 - ok
12:32:11.0589 5192	SkypeUpdate     (db0405d9aad62f0762e0876ac142b7e1) C:\Program Files (x86)\Skype\Updater\Updater.exe
12:32:11.0596 5192	SkypeUpdate - ok
12:32:11.0632 5192	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
12:32:11.0668 5192	Smb - ok
12:32:11.0697 5192	SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
12:32:11.0724 5192	SNMPTRAP - ok
12:32:11.0754 5192	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
12:32:11.0762 5192	spldr - ok
12:32:11.0824 5192	Spooler         (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
12:32:11.0853 5192	Spooler - ok
12:32:12.0041 5192	sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
12:32:12.0094 5192	sppsvc - ok
12:32:12.0223 5192	sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
12:32:12.0263 5192	sppuinotify - ok
12:32:12.0347 5192	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
12:32:12.0392 5192	srv - ok
12:32:12.0453 5192	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
12:32:12.0464 5192	srv2 - ok
12:32:12.0506 5192	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
12:32:12.0524 5192	srvnet - ok
12:32:12.0560 5192	SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
12:32:12.0606 5192	SSDPSRV - ok
12:32:12.0627 5192	SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
12:32:12.0670 5192	SstpSvc - ok
12:32:12.0716 5192	Steam Client Service - ok
12:32:12.0741 5192	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
12:32:12.0749 5192	stexstor - ok
12:32:12.0816 5192	stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
12:32:12.0845 5192	stisvc - ok
12:32:12.0867 5192	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
12:32:12.0874 5192	swenum - ok
12:32:12.0938 5192	swprv           (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
12:32:12.0980 5192	swprv - ok
12:32:13.0097 5192	SysMain         (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
12:32:13.0138 5192	SysMain - ok
12:32:13.0257 5192	TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
12:32:13.0271 5192	TabletInputService - ok
12:32:13.0310 5192	TapiSrv         (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
12:32:13.0354 5192	TapiSrv - ok
12:32:13.0390 5192	TBS             (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
12:32:13.0433 5192	TBS - ok
12:32:13.0596 5192	Tcpip           (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
12:32:13.0624 5192	Tcpip - ok
12:32:13.0866 5192	TCPIP6          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
12:32:13.0893 5192	TCPIP6 - ok
12:32:14.0038 5192	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
12:32:14.0072 5192	tcpipreg - ok
12:32:14.0091 5192	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
12:32:14.0126 5192	TDPIPE - ok
12:32:14.0147 5192	TDTCP           (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
12:32:14.0171 5192	TDTCP - ok
12:32:14.0205 5192	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
12:32:14.0238 5192	tdx - ok
12:32:14.0280 5192	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
12:32:14.0287 5192	TermDD - ok
12:32:14.0355 5192	TermService     (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
12:32:14.0397 5192	TermService - ok
12:32:14.0416 5192	Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
12:32:14.0429 5192	Themes - ok
12:32:14.0451 5192	THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
12:32:14.0477 5192	THREADORDER - ok
12:32:14.0501 5192	TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
12:32:14.0538 5192	TrkWks - ok
12:32:14.0600 5192	TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
12:32:14.0634 5192	TrustedInstaller - ok
12:32:14.0649 5192	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:32:14.0690 5192	tssecsrv - ok
12:32:14.0731 5192	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
12:32:14.0766 5192	TsUsbFlt - ok
12:32:14.0794 5192	TsUsbGD         (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
12:32:14.0813 5192	TsUsbGD - ok
12:32:14.0857 5192	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
12:32:14.0882 5192	tunnel - ok
12:32:14.0913 5192	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
12:32:14.0921 5192	uagp35 - ok
12:32:14.0963 5192	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
12:32:15.0008 5192	udfs - ok
12:32:15.0049 5192	UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
12:32:15.0069 5192	UI0Detect - ok
12:32:15.0106 5192	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
12:32:15.0114 5192	uliagpkx - ok
12:32:15.0146 5192	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
12:32:15.0171 5192	umbus - ok
12:32:15.0194 5192	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
12:32:15.0218 5192	UmPass - ok
12:32:15.0256 5192	upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
12:32:15.0293 5192	upnphost - ok
12:32:15.0337 5192	usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
12:32:15.0377 5192	usbccgp - ok
12:32:15.0409 5192	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
12:32:15.0439 5192	usbcir - ok
12:32:15.0476 5192	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
12:32:15.0493 5192	usbehci - ok
12:32:15.0551 5192	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
12:32:15.0575 5192	usbhub - ok
12:32:15.0605 5192	usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
12:32:15.0628 5192	usbohci - ok
12:32:15.0658 5192	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
12:32:15.0684 5192	usbprint - ok
12:32:15.0713 5192	usbscan         (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
12:32:15.0724 5192	usbscan - ok
12:32:15.0750 5192	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:32:15.0786 5192	USBSTOR - ok
12:32:15.0814 5192	usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
12:32:15.0831 5192	usbuhci - ok
12:32:15.0878 5192	usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
12:32:15.0909 5192	usbvideo - ok
12:32:15.0946 5192	UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
12:32:15.0986 5192	UxSms - ok
12:32:16.0013 5192	VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:32:16.0022 5192	VaultSvc - ok
12:32:16.0050 5192	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
12:32:16.0058 5192	vdrvroot - ok
12:32:16.0120 5192	vds             (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
12:32:16.0150 5192	vds - ok
12:32:16.0178 5192	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
12:32:16.0188 5192	vga - ok
12:32:16.0205 5192	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
12:32:16.0229 5192	VgaSave - ok
12:32:16.0257 5192	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
12:32:16.0266 5192	vhdmp - ok
12:32:16.0299 5192	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
12:32:16.0307 5192	viaide - ok
12:32:16.0339 5192	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
12:32:16.0346 5192	volmgr - ok
12:32:16.0399 5192	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
12:32:16.0410 5192	volmgrx - ok
12:32:16.0448 5192	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
12:32:16.0458 5192	volsnap - ok
12:32:16.0491 5192	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
12:32:16.0500 5192	vsmraid - ok
12:32:16.0620 5192	VSS             (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
12:32:16.0676 5192	VSS - ok
12:32:16.0800 5192	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
12:32:16.0819 5192	vwifibus - ok
12:32:16.0837 5192	vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
12:32:16.0868 5192	vwififlt - ok
12:32:16.0888 5192	vwifimp         (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
12:32:16.0899 5192	vwifimp - ok
12:32:16.0953 5192	W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
12:32:16.0981 5192	W32Time - ok
12:32:16.0999 5192	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
12:32:17.0017 5192	WacomPen - ok
12:32:17.0056 5192	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:32:17.0100 5192	WANARP - ok
12:32:17.0102 5192	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:32:17.0127 5192	Wanarpv6 - ok
12:32:17.0237 5192	WatAdminSvc     (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
12:32:17.0258 5192	WatAdminSvc - ok
12:32:17.0321 5192	watchmi         (878c947c69ee89e4dbff9dbd6155c15d) C:\Program Files (x86)\watchmi\TvdService.exe
12:32:17.0340 5192	watchmi ( UnsignedFile.Multi.Generic ) - warning
12:32:17.0340 5192	watchmi - detected UnsignedFile.Multi.Generic (1)
12:32:17.0446 5192	wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
12:32:17.0492 5192	wbengine - ok
12:32:17.0633 5192	WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
12:32:17.0659 5192	WbioSrvc - ok
12:32:17.0709 5192	wcncsvc         (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
12:32:17.0743 5192	wcncsvc - ok
12:32:17.0776 5192	WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
12:32:17.0823 5192	WcsPlugInService - ok
12:32:17.0873 5192	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
12:32:17.0880 5192	Wd - ok
12:32:17.0956 5192	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
12:32:17.0970 5192	Wdf01000 - ok
12:32:17.0986 5192	WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
12:32:18.0054 5192	WdiServiceHost - ok
12:32:18.0056 5192	WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
12:32:18.0069 5192	WdiSystemHost - ok
12:32:18.0103 5192	WebClient       (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
12:32:18.0137 5192	WebClient - ok
12:32:18.0171 5192	Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
12:32:18.0221 5192	Wecsvc - ok
12:32:18.0264 5192	wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
12:32:18.0308 5192	wercplsupport - ok
12:32:18.0343 5192	WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
12:32:18.0382 5192	WerSvc - ok
12:32:18.0437 5192	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
12:32:18.0462 5192	WfpLwf - ok
12:32:18.0477 5192	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
12:32:18.0486 5192	WIMMount - ok
12:32:18.0517 5192	WinDefend - ok
12:32:18.0521 5192	WinHttpAutoProxySvc - ok
12:32:18.0584 5192	Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
12:32:18.0625 5192	Winmgmt - ok
12:32:18.0773 5192	WinRM           (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
12:32:18.0815 5192	WinRM - ok
12:32:19.0002 5192	Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
12:32:19.0032 5192	Wlansvc - ok
12:32:19.0096 5192	wlcrasvc        (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
12:32:19.0102 5192	wlcrasvc - ok
12:32:19.0275 5192	wlidsvc         (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:32:19.0306 5192	wlidsvc - ok
12:32:19.0434 5192	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
12:32:19.0454 5192	WmiAcpi - ok
12:32:19.0500 5192	wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
12:32:19.0526 5192	wmiApSrv - ok
12:32:19.0570 5192	WMPNetworkSvc - ok
12:32:19.0587 5192	WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
12:32:19.0604 5192	WPCSvc - ok
12:32:19.0621 5192	WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
12:32:19.0632 5192	WPDBusEnum - ok
12:32:19.0658 5192	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
12:32:19.0695 5192	ws2ifsl - ok
12:32:19.0726 5192	wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
12:32:19.0740 5192	wscsvc - ok
12:32:19.0742 5192	WSearch - ok
12:32:19.0777 5192	wsvd            (82e8f5aa03df7dbdb8a33f700d5d8cda) C:\Windows\system32\DRIVERS\wsvd.sys
12:32:19.0784 5192	wsvd - ok
12:32:19.0934 5192	wuauserv        (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
12:32:19.0968 5192	wuauserv - ok
12:32:20.0105 5192	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
12:32:20.0158 5192	WudfPf - ok
12:32:20.0187 5192	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:32:20.0225 5192	WUDFRd - ok
12:32:20.0249 5192	wudfsvc         (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
12:32:20.0275 5192	wudfsvc - ok
12:32:20.0306 5192	WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
12:32:20.0331 5192	WwanSvc - ok
12:32:20.0353 5192	MBR (0x1B8)     (af7e2860d7c52a307fc27eecf18f08df) \Device\Harddisk0\DR0
12:32:22.0301 5192	\Device\Harddisk0\DR0 - ok
12:32:22.0329 5192	Boot (0x1200)   (8af0380f1f1ceee2fec372c9e8961a00) \Device\Harddisk0\DR0\Partition0
12:32:22.0332 5192	\Device\Harddisk0\DR0\Partition0 - ok
12:32:22.0341 5192	Boot (0x1200)   (e7dac6cebb8dd616e59820ae8b2948bb) \Device\Harddisk0\DR0\Partition1
12:32:22.0343 5192	\Device\Harddisk0\DR0\Partition1 - ok
12:32:22.0368 5192	Boot (0x1200)   (26d7c8ff6c0fb1b0f43508d6a5f185e9) \Device\Harddisk0\DR0\Partition2
12:32:22.0369 5192	\Device\Harddisk0\DR0\Partition2 - ok
12:32:22.0371 5192	============================================================
12:32:22.0371 5192	Scan finished
12:32:22.0371 5192	============================================================
12:32:22.0377 5772	Detected object count: 1
12:32:22.0378 5772	Actual detected object count: 1
12:32:42.0606 5772	watchmi ( UnsignedFile.Multi.Generic ) - skipped by user
12:32:42.0606 5772	watchmi ( UnsignedFile.Multi.Generic ) - User select action: Skip

05.07.2012, 16:30	#4
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Verschlüsselungstrojaner (BKA) auf meinem Windows 7 Pc Hätte da mal zwei Fragen bevor es weiter geht 1.) Geht der normale Modus von Windows (wieder) uneingeschränkt? 2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden? __________________ Logfiles bitte immer in CODE-Tags posten

09.07.2012, 10:08	#12
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Verschlüsselungstrojaner (BKA) auf meinem Windows 7 Pc Die Datei ist zwar da, aber viel zu klein. Wie groß ist deine ZIP? Hast du wirklich alles also den kompletten Ordner MovedFiles inkl. alle Unterverzeichnisse und darin enthaltene Dateien mit in die ZIP packen lassen? Virenscanner vor dem zippen auch deaktiviert? __________________ Logfiles bitte immer in CODE-Tags posten

Verschlüsselungstrojaner (BKA) auf meinem Windows 7 Pc

Plagegeister aller Art und deren Bekämpfung: Verschlüsselungstrojaner (BKA) auf meinem Windows 7 Pc