Falsche Weiterleitung von Links und Werbe-Popup unten Rechts

samhe · 17.10.2012, 18:22

zu 1.) ja
zu 2.) ich vermisse nichts

cosinus · 17.10.2012, 19:09

Mach bitte einen CustomScan mit OTL . Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

samhe · 18.10.2012, 19:50

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 18.10.2012 19:12:45 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Downloads
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 1,42 Gb Available Physical Memory | 35,54% Memory free
8,00 Gb Paging File | 4,54 Gb Available in Paging File | 56,78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 78,12 Gb Total Space | 5,94 Gb Free Space | 7,60% Space Free | Partition Type: NTFS
Drive D: | 4,91 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive E: | 84,45 Gb Total Space | 6,81 Gb Free Space | 8,07% Space Free | Partition Type: NTFS
Drive F: | 131,32 Gb Total Space | 21,09 Gb Free Space | 16,06% Space Free | Partition Type: NTFS
Drive H: | 101,56 Gb Total Space | 2,95 Gb Free Space | 2,91% Space Free | Partition Type: NTFS
 
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Java\jre7\bin\javaw.exe (Oracle Corporation)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe ()
PRC - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe (Google)
PRC - C:\Program Files (x86)\BubbleUPnP Server\BubbleUPnPServer.exe ()
PRC - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
PRC - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe (Stardock)
PRC - C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe (Realtime Soft Ltd)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\Google\Google Earth\client\googleearth_free.dll ()
MOD - C:\Program Files (x86)\Google\Google Earth\client\ge_expat.dll ()
MOD - C:\Program Files (x86)\Stardock\ObjectDockFree\zlib.dll ()
MOD - C:\Program Files (x86)\Stardock\ObjectDockFree\CrashRpt.dll ()
MOD - C:\Program Files (x86)\Stardock\ObjectDockFree\DockShellHook.dll ()
MOD - C:\Programme\WinRAR\RarExt32.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (vToolbarUpdater12.2.6) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe ()
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (vpnagent) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (BubbleUPnP Server) -- C:\Program Files (x86)\BubbleUPnP Server\BubbleUPnPServer.exe ()
SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (afcdpsrv) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
SRV - (TeamViewer6) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (AcrSch2Svc) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (BBDemon) -- C:\Programme\Dassault Systemes\B20\win_b64\code\bin\CATSysDemon.exe (Dassault Systemes)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (avgtp) -- C:\Windows\SysNative\drivers\avgtpx64.sys (AVG Technologies)
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (vpnva) -- C:\Windows\SysNative\drivers\vpnva64.sys (Cisco Systems, Inc.)
DRV:64bit: - (acsock) -- C:\Windows\SysNative\drivers\acsock64.sys (Cisco Systems, Inc.)
DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (truecrypt) -- C:\Windows\SysNative\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys (Oracle Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSFilter) -- C:\Windows\SysNative\drivers\avgidsfiltera.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys (Nokia)
DRV:64bit: - (upperdev) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys (Nokia)
DRV:64bit: - (nmwcdc) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia)
DRV:64bit: - (nmwcd) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia)
DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LEqdUsb) -- C:\Windows\SysNative\drivers\LEqdUsb.sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidEqd) -- C:\Windows\SysNative\drivers\LHidEqd.sys (Logitech, Inc.)
DRV:64bit: - (afcdp) -- C:\Windows\SysNative\drivers\afcdp.sys (Acronis)
DRV:64bit: - (tdrpman273) -- C:\Windows\SysNative\drivers\tdrpm273.sys (Acronis)
DRV:64bit: - (timounter) -- C:\Windows\SysNative\drivers\timntr.sys (Acronis)
DRV:64bit: - (snapman) -- C:\Windows\SysNative\drivers\snapman.sys (Acronis)
DRV:64bit: - (WmVirHid) -- C:\Windows\SysNative\drivers\WmVirHid.sys (Logitech Inc.)
DRV:64bit: - (WmBEnum) -- C:\Windows\SysNative\drivers\WmBEnum.sys (Logitech Inc.)
DRV:64bit: - (WmXlCore) -- C:\Windows\SysNative\drivers\WmXlCore.sys (Logitech Inc.)
DRV:64bit: - (WmFilter) -- C:\Windows\SysNative\drivers\WmFilter.sys (Logitech Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (Hp***D) -- C:\Windows\SysNative\drivers\Hp***D.sys (Hewlett-Packard Company)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation                                            )
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia)
DRV:64bit: - (LUMDriver) -- C:\Windows\SysNative\drivers\LUMDriver.sys (IBM)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (UltraMonUtility) -- C:\Program Files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys (Realtime Soft Ltd)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-1472118281-826008748-4271564600-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKU\S-1-5-21-1472118281-826008748-4271564600-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKU\S-1-5-21-1472118281-826008748-4271564600-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1472118281-826008748-4271564600-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1472118281-826008748-4271564600-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 63 5D F4 01 15 D2 CC 01  [binary data]
IE - HKU\S-1-5-21-1472118281-826008748-4271564600-1001\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-1472118281-826008748-4271564600-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1472118281-826008748-4271564600-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-1472118281-826008748-4271564600-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = hxxp://localhost:4002/proxy.pac
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.netvibes.com/privatepage/1#Allgemein"
FF - prefs.js..extensions.enabledAddons: ich@maltegoetz.de:1.4.3
FF - prefs.js..extensions.enabledAddons: stealthyextension@gmail.com:2.3.3
FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.10
FF - prefs.js..extensions.enabledAddons: {dc572301-7619-498c-a57d-39143191b318}:0.4.0.3
FF - prefs.js..extensions.enabledAddons: searchdictcc@roughael:3.4
FF - prefs.js..extensions.enabledAddons: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.4.8.4
FF - prefs.js..network.proxy.ftp: "localhost"
FF - prefs.js..network.proxy.ftp_port: 4001
FF - prefs.js..network.proxy.http: "216.155.139.115"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "64.85.181.45"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "localhost"
FF - prefs.js..network.proxy.ssl_port: 4001
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\***\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\***\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\***\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\***\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012.09.10 21:37:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.04.30 19:13:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.26 12:38:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.08.14 23:27:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_9.0@nokia.com: C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0 [2012.04.02 17:06:29 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\finder@meingutscheincode.de: C:\Program Files (x86)\Mein Gutscheincode Finder\Firefox [2011.08.09 14:15:54 | 000,000,000 | ---D | M]
 
[2012.03.22 01:55:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2012.10.15 23:28:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\1l09kiuo.3\extensions
[2012.03.22 02:39:07 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\1l09kiuo.3\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2012.03.22 02:39:08 | 000,000,000 | ---D | M] (Firefox Companion for eBay) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\1l09kiuo.3\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}
[2012.03.22 02:39:08 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\1l09kiuo.3\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012.03.22 02:39:08 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\1l09kiuo.3\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.03.22 02:39:08 | 000,000,000 | ---D | M] (SignupShield) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\1l09kiuo.3\extensions\{D02B1E87-A8C6-433f-9B5C-2CEC4A072736}
[2012.03.22 02:39:08 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\1l09kiuo.3\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2012.03.22 02:39:07 | 000,000,000 | ---D | M] (YouTube IT) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\1l09kiuo.3\extensions\youtubeit@jarsoft.com.br
[2012.10.15 23:28:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\6kv8cxmu.2\extensions
[2012.03.22 02:38:58 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\6kv8cxmu.2\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.10.15 23:28:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ghh2cgz2.1\extensions
[2012.03.22 02:38:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ghh2cgz2.1\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.03.22 02:38:47 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ghh2cgz2.1\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.10.14 22:53:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\mzzpq0h8.default\extensions
[2012.03.22 02:10:08 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\mzzpq0h8.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.09.16 15:43:04 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\mzzpq0h8.default\extensions\ich@maltegoetz.de
[2012.10.15 23:28:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\xuml876t.***\extensions
[2012.05.25 14:34:38 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\xuml876t.***\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.03.22 02:39:25 | 000,128,185 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\ghh2cgz2.1\extensions\itsalltext@docwhat.gerf.org.xpi
[2012.03.22 02:39:25 | 000,343,406 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\ghh2cgz2.1\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
[2011.07.02 21:58:42 | 000,548,939 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\ghh2cgz2.1\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}.xpi
[2011.03.28 01:14:05 | 000,049,723 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\ghh2cgz2.1\extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}.xpi
[2012.03.22 02:39:28 | 000,608,840 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\ghh2cgz2.1\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.03.22 02:39:28 | 000,691,879 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\ghh2cgz2.1\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2012.09.26 16:10:57 | 000,037,531 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\mzzpq0h8.default\extensions\searchdictcc@roughael.xpi
[2012.07.28 18:32:22 | 000,184,864 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\mzzpq0h8.default\extensions\stealthyextension@gmail.com.xpi
[2012.10.14 22:53:17 | 000,340,281 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\mzzpq0h8.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
[2012.07.25 23:40:26 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\mzzpq0h8.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.07.23 11:11:03 | 000,702,524 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\mzzpq0h8.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
[2012.07.19 00:26:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.09.26 12:38:27 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.28 17:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012.07.14 02:45:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.26 12:38:26 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.07.14 02:45:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.07.14 02:45:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.14 02:45:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.14 02:45:07 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.05.17 19:16:34 | 000,001,392 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 69.10.57.36 www.google-analytics.com.
O1 - Hosts: 69.10.57.36 ad-emea.doubleclick.net.
O1 - Hosts: 69.10.57.36 www.statcounter.com.
O1 - Hosts: 108.163.215.51 www.google-analytics.com.
O1 - Hosts: 108.163.215.51 ad-emea.doubleclick.net.
O1 - Hosts: 108.163.215.51 www.statcounter.com.
O2:64bit: - BHO: (Mein Gutscheincode Finder zeigt automatisch Shopping-Gutscheine an mit denen Sie beim Online-Einkauf sparen können.) - {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - C:\Program Files (x86)\Mein Gutscheincode Finder\Internet Explorer\x64\ConversionOneIE.dll (Conversion One GmbH)
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Mein Gutscheincode Finder zeigt automatisch Shopping-Gutscheine an mit denen Sie beim Online-Einkauf sparen können.) - {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - C:\Program Files (x86)\Mein Gutscheincode Finder\Internet Explorer\x86\ConversionOneIE.dll (Conversion One GmbH)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1472118281-826008748-4271564600-1001..\Run: []  File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe (Stardock)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-1472118281-826008748-4271564600-1001\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-1472118281-826008748-4271564600-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: CC Web-Interface - hxxp://localhost:4002/cookie.cooker/loadifscript File not found
O8:64bit: - Extra context menu item: Formulare ausfüllen (echte Daten) - hxxp://localhost:4002/cookie.cooker/fillscriptp File not found
O8:64bit: - Extra context menu item: Formulare ausfüllen (zufällig) - hxxp://localhost:4002/cookie.cooker/fillscriptr File not found
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Werbung blockieren - hxxp://localhost:4002/cookie.cooker/scriptwerbung File not found
O8 - Extra context menu item: CC Web-Interface - hxxp://localhost:4002/cookie.cooker/loadifscript File not found
O8 - Extra context menu item: Formulare ausfüllen (echte Daten) - hxxp://localhost:4002/cookie.cooker/fillscriptp File not found
O8 - Extra context menu item: Formulare ausfüllen (zufällig) - hxxp://localhost:4002/cookie.cooker/fillscriptr File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Werbung blockieren - hxxp://localhost:4002/cookie.cooker/scriptwerbung File not found
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1472118281-826008748-4271564600-1001\..Trusted Domains: apemap.com ([]http in Trusted sites)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{85317276-E541-4173-BDF8-DA2A88CB496B}: DhcpNameServer = 192.168.2.1 192.168.2.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:64bit: - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll (Stardock)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.10.06 17:01:16 | 000,000,044 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2009.01.03 21:34:30 | 000,000,000 | ---- | M] () - H:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{3304b8f4-408a-11e1-b189-0019665c27b5}\Shell - "" = AutoRun
O33 - MountPoints2\{3304b8f4-408a-11e1-b189-0019665c27b5}\Shell\AutoRun\command - "" = G:\setup.exe
O33 - MountPoints2\{4ead73ec-9e99-11e1-9482-0019665c27b5}\Shell - "" = AutoRun
O33 - MountPoints2\{4ead73ec-9e99-11e1-9482-0019665c27b5}\Shell\AutoRun\command - "" = I:\setup.exe
O33 - MountPoints2\{904b9f4a-b63d-11e0-9031-0019665c27b5}\Shell - "" = AutoRun
O33 - MountPoints2\{904b9f4a-b63d-11e0-9031-0019665c27b5}\Shell\AutoRun\command - "" = D:\Warcraft_DVD.exe
O33 - MountPoints2\{904b9f4d-b63d-11e0-9031-0019665c27b5}\Shell - "" = AutoRun
O33 - MountPoints2\{904b9f4d-b63d-11e0-9031-0019665c27b5}\Shell\AutoRun\command - "" = K:\setup.exe
O33 - MountPoints2\{904b9f4d-b63d-11e0-9031-0019665c27b5}\Shell\dinstall\command - "" = K:\Quake3\directx7\dxsetup.exe
O33 - MountPoints2\{ae5c6c5a-3ac0-11e1-b8dd-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{ae5c6c5a-3ac0-11e1-b8dd-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Setup.exe -- [2011.10.06 17:01:18 | 000,355,920 | R--- | M] (Valve Corporation)
O33 - MountPoints2\{e6de172e-f8d2-11e0-bdd4-0019665c27b5}\Shell - "" = AutoRun
O33 - MountPoints2\{e6de172e-f8d2-11e0-bdd4-0019665c27b5}\Shell\AutoRun\command - "" = L:\setup.exe
O33 - MountPoints2\{e6de172e-f8d2-11e0-bdd4-0019665c27b5}\Shell\dinstall\command - "" = L:\Setup\directx7\dxsetup.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\L\Shell - "" = AutoRun
O33 - MountPoints2\L\Shell\AutoRun\command - "" = L:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.16 20:26:44 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\2K Games
[2012.10.06 19:17:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.10.06 19:12:42 | 000,821,736 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012.10.06 19:12:42 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012.10.06 19:12:32 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012.10.06 19:12:32 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012.10.06 19:12:32 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2012.10.06 14:03:58 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\VIRENPROBLEM
[2012.10.05 21:56:48 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Mountain-Bike Zeitschrift
[2012.10.03 19:56:13 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\MFAData
[2012.10.03 19:56:13 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Avg2013
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.18 19:05:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.18 18:58:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1472118281-826008748-4271564600-1001UA.job
[2012.10.18 16:44:32 | 097,701,046 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012.10.18 16:38:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.17 22:16:15 | 000,000,260 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2012.10.17 18:50:41 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.17 18:50:41 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.17 18:45:27 | 3220,660,224 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.15 11:58:00 | 000,001,060 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1472118281-826008748-4271564600-1001Core.job
[2012.10.09 09:17:55 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.10.09 09:17:55 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.10.08 21:33:15 | 001,621,940 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.10.08 21:33:15 | 000,700,342 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.10.08 21:33:15 | 000,655,054 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.10.08 21:33:15 | 000,149,138 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.10.08 21:33:15 | 000,121,926 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.10.06 19:12:17 | 000,095,208 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2012.10.06 19:12:16 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012.10.06 19:12:16 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2012.10.06 19:12:16 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012.10.06 19:12:16 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012.10.06 19:12:16 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012.10.05 17:53:47 | 000,490,645 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
 
========== Files Created - No Company Name ==========
 
[2012.10.17 19:41:59 | 1879,090,530 | ---- | C] () -- C:\Users\***\Desktop\tvs-be-dd51-ded-dl-7p-hdtv-x264-205.mkv
[2012.10.06 20:50:31 | 000,002,012 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk
[2012.10.06 20:50:31 | 000,001,956 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk
[2012.10.06 20:50:31 | 000,001,935 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk
[2012.09.28 11:48:01 | 000,001,112 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1472118281-826008748-4271564600-1001UA.job
[2012.09.28 11:48:00 | 000,001,060 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1472118281-826008748-4271564600-1001Core.job
[2012.07.23 11:59:10 | 000,000,198 | ---- | C] () -- C:\Users\***\defogger_reenable
[2012.06.21 10:37:14 | 003,166,792 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2012.06.19 16:37:12 | 000,001,547 | ---- | C] () -- C:\Users\***\cookies.xml
[2012.05.17 00:49:37 | 000,007,605 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg
[2012.04.15 23:43:52 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll
[2012.04.15 23:43:51 | 004,078,592 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll
[2012.04.15 23:43:51 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012.04.15 23:43:51 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012.04.15 23:43:51 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012.04.15 23:43:50 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012.04.14 00:56:35 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI
[2012.04.06 03:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.04.06 03:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.03.09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.01.14 23:24:30 | 000,282,696 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.01.14 23:24:25 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.12.29 12:49:27 | 000,015,873 | ---- | C] () -- C:\Windows\SysWow64\Inetde.dll
[2011.12.19 03:01:07 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.10.17 18:00:59 | 000,000,524 | ---- | C] () -- C:\Windows\QIII.INI
[2011.10.13 00:33:56 | 000,098,424 | ---- | C] () -- C:\Windows\War3Unin.dat
[2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.09.13 01:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.08.06 21:10:02 | 000,711,749 | ---- | C] () -- C:\Windows\unins000.exe
[2011.08.06 21:10:02 | 000,002,421 | ---- | C] () -- C:\Windows\unins000.dat
[2011.08.02 20:30:08 | 001,598,898 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.07.25 02:19:29 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2011.05.20 22:35:28 | 000,304,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2010.07.27 16:59:11 | 014,162,944 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010.07.27 16:03:24 | 012,867,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2011.07.25 01:01:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Acronis
[2012.01.26 12:53:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\AVG2012
[2012.08.23 19:33:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\aWARemote
[2012.05.08 21:55:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\BOM
[2011.08.09 19:08:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\calibre
[2012.01.25 23:07:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DassaultSystemes
[2012.10.17 18:47:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox
[2012.05.25 14:34:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2011.07.24 17:17:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.07.25 17:55:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Foxit Software
[2012.07.17 16:11:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GetRightToGo
[2012.10.06 20:48:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ
[2012.06.19 17:01:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\JonDo
[2011.07.24 17:42:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech
[2012.09.16 15:25:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mobile Atlas Creator
[2012.04.02 17:07:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia
[2012.06.02 00:11:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Notepad++
[2012.08.26 17:27:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ooVoo Details
[2012.01.13 23:43:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera
[2012.04.02 17:09:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC Suite
[2012.06.06 23:50:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Stardock
[2012.04.10 17:21:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Steinberg
[2012.01.26 00:06:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\streamripper
[2011.08.04 17:47:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer
[2012.07.17 16:15:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TestApp
[2012.07.09 17:12:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\The Creative Assembly
[2012.03.21 23:31:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TrueCrypt
[2007.12.26 01:33:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ubisoft
[2012.08.14 00:45:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Unified Remote
[2012.04.20 20:41:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WinSplit
[2012.04.20 20:37:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Winsplit Revolution
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84

< End of report >

--- --- ---

OTL EXTRAS Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 18.10.2012 19:12:45 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Downloads
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 1,42 Gb Available Physical Memory | 35,54% Memory free
8,00 Gb Paging File | 4,54 Gb Available in Paging File | 56,78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 78,12 Gb Total Space | 5,94 Gb Free Space | 7,60% Space Free | Partition Type: NTFS
Drive D: | 4,91 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive E: | 84,45 Gb Total Space | 6,81 Gb Free Space | 8,07% Space Free | Partition Type: NTFS
Drive F: | 131,32 Gb Total Space | 21,09 Gb Free Space | 16,06% Space Free | Partition Type: NTFS
Drive H: | 101,56 Gb Total Space | 2,95 Gb Free Space | 2,91% Space Free | Partition Type: NTFS
 
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
 
[HKEY_USERS\S-1-5-21-1472118281-826008748-4271564600-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{078B4CC8-E073-4E7E-80AB-34742B5952BE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{09ED3AE6-D44F-4F35-B14B-A2387BCE0CE3}" = rport=137 | protocol=17 | dir=out | app=system | 
"{0C77EC44-FF40-4BE1-A2C3-C444BA18B57C}" = rport=445 | protocol=6 | dir=out | app=system | 
"{0FC029ED-71CB-49A1-A8B4-BE15A59E9704}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{1A6AC68A-17CC-43F1-94DF-649FE7FCDCC1}" = lport=138 | protocol=17 | dir=in | app=system | 
"{2D39306C-44FC-4C31-A799-A2C10A6733C5}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{2F3E21AD-6AB9-4AC7-BBA5-97571FE64CB4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{305228FE-945D-47EA-BA97-25A2B000AF94}" = lport=37674 | protocol=17 | dir=in | name=oovoo udp port 37674 | 
"{3AC9AF6F-BB7B-449B-89B3-AC565AD9D70B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{3DFEEE3E-024D-410B-92EE-984AE0218C9C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4212F013-2033-4821-8DCE-348559222E24}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{435B4881-2E78-4891-95AF-2CEAF693FFA9}" = lport=443 | protocol=17 | dir=in | name=oovoo udp port 443 | 
"{4D8168EB-54A7-4009-B24F-07E7CFF1F1D9}" = rport=138 | protocol=17 | dir=out | app=system |  
"{570B7F9E-1B29-4468-BA39-B84461859782}" = lport=37674 | protocol=6 | dir=in | name=oovoo tcp port 37674 | 
"{5BE9295C-A704-44E3-9BE1-F89162AB25A8}" = rport=139 | protocol=6 | dir=out | app=system | 
"{5CA9A463-7A60-47FE-8C13-19BA0E341F36}" = lport=445 | protocol=6 | dir=in | app=system | 
"{857F0CBC-73F2-4775-8080-8983EE08A846}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{9252C687-D720-43F7-9F50-8C8FBF5BCA0D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{9EDEA6A0-2552-438B-840B-D45EA44B1FA5}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{A509A33B-222B-4FD4-ADC2-6AB42EE62C31}" = lport=137 | protocol=17 | dir=in | app=system | 
"{A5A48236-711F-4AD2-8F88-0CFF3183C4DA}" = lport=37675 | protocol=17 | dir=in | name=oovoo udp port 37675 | 
"{C3FCD76B-9F34-424D-96C7-40C5BC5B8371}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{C3FF7F45-0ED3-431D-ABA1-7C2885A32F34}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{CAD3BEA1-9919-4889-9622-98D4FDA4FE7A}" = lport=139 | protocol=6 | dir=in | app=system | 
"{D1A2314F-2F15-40B8-B7F8-680600C6D344}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D30D74E0-DEDF-4C1F-B842-226C711A3BE5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{DAAB8BC9-39A2-4721-A932-621F33295EAA}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{EC61097A-5471-47AB-81B2-EB8A9852ABCA}" = lport=443 | protocol=6 | dir=in | name=oovoo tcp port 443 | 
"{F3A20B34-3760-4808-8390-89DADDCE27F2}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F70847DE-12EF-4E1D-99D9-C1A6F250FA25}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{FC8CB68B-B4E7-4B4D-A37C-AD37E4C106D0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01910402-19C5-4C19-A205-75079F2027FE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{034E3C3E-FC55-4471-BCE9-908EE5CE5AE0}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{03DA15B3-7BFB-4598-B7D6-CA845E249F09}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe | 
"{04B983C6-1EB8-4B33-9A77-041F3EAA3790}" = protocol=17 | dir=in | app=k:\spiele installationsdateien\tom clancys ghost recon future soldier\gu.exe | 
"{07C71CB5-8B6F-4F49-9EB1-EA0A970B9E47}" = protocol=6 | dir=in | app=c:\program files (x86)\bubbleupnp server\bubbleupnpserver.exe | 
"{0924ABDB-80EE-440A-A4DC-6B26CD50ECAB}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"{0CF65067-BD26-4C85-8E93-4FB84110DFEA}" = protocol=17 | dir=in | app=c:\program files (x86)\winamp remote\bin\orbstreamerclient.exe | 
"{0F07E11D-BB11-44AD-9BA0-16ED03574F18}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
"{106C753E-07C5-471A-9D0D-2FF67A7C5169}" = protocol=17 | dir=in | app=c:\users\***\appdata\local\google\google talk plugin\googletalkplugin.exe | 
"{108D91E4-5C96-4D72-9A77-8E9D9BE1D29F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{1261C267-18E0-4301-B3FF-B687F6727F4A}" = protocol=6 | dir=in | app=h:\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe | 
"{1497E839-6252-4FA3-B0DC-BB7A401319CF}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe | 
"{17DD56A9-BF90-4A88-82A8-61C70CC213E1}" = protocol=17 | dir=in | app=c:\program files (x86)\winamp remote\bin\orb.exe | 
"{19907D94-B7BC-4CBD-9044-E4B74D98B263}" = protocol=6 | dir=in | app=k:\spiele installationsdateien\tom clancys ghost recon future soldier\future soldier.exe | 
"{1B58F347-B067-4B5B-8B67-CC16A49EE8D2}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{1BB856D0-24A6-48E7-A50D-5B965D00E9AE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1E2F34C0-57D5-408A-A6A0-8938EC9117F7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{1E421B85-93A0-4587-9DAD-3FCA5A53DC2F}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe | 
"{2055AC5A-994F-4458-9247-AD36830BF7BF}" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | 
"{228FA7D8-D3FB-400E-AFCF-21F91F086AF6}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{25BB5EAF-1EE4-4FD1-88AC-28F6BBDA16A4}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{287FFE95-6EB4-4622-B405-98788B4C5812}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{2BEEBFAA-FD25-4F8E-9315-8EFBDC56A76B}" = protocol=17 | dir=in | app=c:\program files (x86)\winamp remote\bin\orbir.exe | 
"{32684590-72B4-4BF3-908B-AC886AC5B26A}" = protocol=17 | dir=in | app=e:\battlefield 2\bf2.exe | 
"{331000F5-93CC-4124-885A-166E58389520}" = protocol=6 | dir=in | app=k:\spiele installationsdateien\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{3320B204-2E52-4EFE-B654-7E82E8BD3C61}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe | 
"{3807AA4B-6B89-484E-9740-43B83D25EE64}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe | 
"{3D7EF3B4-8710-44BA-8792-6C7721309D4C}" = protocol=6 | dir=in | app=c:\users\***\desktop\operator\opera\opera.exe | 
"{3DB49D53-964B-41EF-8590-12DC435D3DDB}" = protocol=6 | dir=in | app=e:\battlefield 2\bf2.exe | 
"{3EBD7169-7297-4D66-AB2C-73D4725CD52F}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe | 
"{4701632F-973A-474D-8110-68BD5529C818}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{493E9C8F-90BD-4609-895C-7E49C2BD6665}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe | 
"{49EAFFEE-274C-4267-BE05-778BAB7B21C7}" = protocol=17 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe | 
"{4EE61308-F56F-456F-BEFF-31ED2A02257B}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"{5002062B-BF1C-4B66-B029-29D20F922C91}" = protocol=17 | dir=in | app=i:\spiele installationsdateien\mass effect 3\binaries\win32\masseffect3.exe | 
"{548C1079-AF2F-41E4-9CDC-2656AA3438F1}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{5597EBA4-7A35-495B-8563-CE8FD8EB9807}" = protocol=17 | dir=in | app=k:\spiele installationsdateien\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{57DF6F5D-7EE8-40E8-9DDA-D60F9C648FF9}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe | 
"{5AF4AC0E-18BA-46D5-BCA2-2909DCE53C4C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{5D515A19-439D-4476-B5FF-733C93B8B866}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe | 
"{5EB6F10A-9563-4FE3-83CC-5FDBA0032F0C}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{5F126119-2041-498F-B042-18FFFF0DEBA2}" = protocol=6 | dir=in | app=c:\program files (x86)\winamp remote\bin\orbstreamerclient.exe | 
"{5F9FCB2D-5B4D-4F18-B2F3-295B1C7C296E}" = protocol=17 | dir=in | app=k:\spiele installationsdateien\tom clancys ghost recon future soldier\future soldier.exe | 
"{626A465E-F8D6-4C1C-AE34-1164AB189D49}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe | 
"{66E84C5A-3818-438E-B38A-4BC9BD2C6CB4}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{67D1E638-B62C-498E-89ED-78DE52E73412}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{69A876B5-1A89-4A4A-A80A-89D0CED3A8BD}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{6B3D43CA-33D6-464A-A1AC-4A75F2BA2640}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{6B4E9CFE-4B42-4DBA-BF84-965DBC56F3AF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{6B912972-0255-4CB5-894A-14AA273F040C}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe | 
"{70B1F42C-F86C-4349-9824-59C2732BA7FE}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{710B7386-DCBA-4E5E-9C9B-619085E8176D}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe | 
"{721FCCED-008E-44CF-A164-97381E58BB99}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7266372A-D89B-4748-ABB6-84EF08187469}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe | 
"{75A5CA12-BC4F-49A1-8B1B-0FB2A9986346}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{7689BDD1-6D35-4407-9C28-CD71C88C6167}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe | 
"{7A489788-D083-409F-870D-AD02DD68AEFD}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"{808EA8C4-5849-40EB-8B04-46A97F0F5404}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{81A12718-D09A-48AD-8097-9618F61D76EA}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{837A2252-D187-44CA-9F0A-AE12C6156380}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe | 
"{858445E9-EA5A-470E-8680-D8555C49BEE1}" = protocol=17 | dir=in | app=k:\spiele installationsdateien\age of empires\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{8F86CB9A-C2AF-4FD3-837E-2FB4FF83947B}" = protocol=6 | dir=in | app=k:\spiele installationsdateien\age of empires\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{903C1962-49AF-4F13-8C2D-4D988EAF7183}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
"{904E7C5D-7921-48FD-BDBF-EB0CA0555835}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{953E3DDF-69DE-4D81-B550-0E9B8235A251}" = protocol=17 | dir=in | app=k:\spiele installationsdateien\game of thrones\binaries\win32\shippingpc-agotgame.exe | 
"{953FC129-A8B1-414D-81E8-43FF8FF69803}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{95B8AE58-72E6-4C60-8BF8-D642C6F89110}" = protocol=17 | dir=in | app=c:\users\***\desktop\operator\opera\opera.exe | 
"{97CA1094-E3E0-4AF5-B97A-04AC4F480554}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{98B7B278-FDE2-40E6-BD94-70D861E27BB6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{98B847CC-85E1-4EFF-A272-880BE3610E2A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{9AB1A7F6-F87F-4982-B360-EA5CE94A0A76}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{9B66C02C-B5C4-4BFB-9D0D-03FF21518305}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe | 
"{9DD8700E-89EB-4729-8F76-77BE8BA6CE97}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe | 
"{A1C0C0D1-CD9C-4111-87BE-BED356C5C805}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{A277C6CC-B783-4D88-BC85-DDA7C1D5EB4E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{A3F40A9B-56CA-452E-99CC-C9DBA1C2EE4D}" = protocol=6 | dir=in | app=k:\spiele installationsdateien\tom clancys ghost recon future soldier\gu.exe | 
"{A7175B82-1FE1-4B4C-9DDD-2AA05042ACFC}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe | 
"{A71A52B5-8AD7-46CC-9549-BEAFEF392DD7}" = protocol=17 | dir=in | app=h:\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe | 
"{AB0917B8-9A6E-4774-ABA9-3F1CCCE8B8AA}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{ABA5A8BC-836E-4E04-8A60-4F173171C0BE}" = protocol=6 | dir=out | app=system | 
"{B0BE586B-A317-45FE-96CC-522086C712C1}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{B32CDE66-F0E7-43C3-BCCC-89BC8D6EC928}" = protocol=6 | dir=in | app=c:\users\***\appdata\local\google\google talk plugin\googletalkplugin.exe | 
"{B64E4362-69C4-401D-A987-2FE5B55B2A9C}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe | 
"{B8EF32B3-5460-4DCC-B496-730F72311A2E}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"{BBCD25B2-EE8E-4C37-830F-FBF448FAC637}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe | 
"{BCD1F8EA-33C8-4990-ACF0-8A4118DE86C3}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{BDC1F7C2-58AE-42BD-8944-FB5D0DE2E457}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{C49F0D19-F3C6-4814-878F-8E4DE3C883F7}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe | 
"{C76C90F5-CE25-4B9E-ADDE-3CC6D37A0D61}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{CC015496-A74E-426C-B196-42173FD62D41}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{D1A939A7-18D4-4B48-9DDE-975242B56123}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe | 
"{D32BD8C6-994E-441F-B6CC-D61FB794B13B}" = protocol=6 | dir=in | app=c:\program files (x86)\winamp remote\bin\orb.exe | 
"{D47380CC-AA0E-44EA-8BF0-2BDAEE09FC38}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{D7104812-17A5-4249-886F-A11F7D4B5537}" = protocol=6 | dir=in | app=i:\spiele installationsdateien\mass effect 3\binaries\win32\masseffect3.exe | 
"{D916492F-C9FC-4686-8EB1-01C03BE501E0}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe | 
"{DE0B673C-C2AF-47AB-B7FB-947891A37EA9}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{E029054C-75B4-4E15-B238-A76DD4B62B9D}" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | 
"{E3131C2F-F5B0-4F7D-909D-4F554534BF08}" = protocol=17 | dir=in | app=c:\program files (x86)\winamp remote\bin\orbtray.exe | 
"{E57B5118-A065-48AD-95AF-2B899647AE99}" = protocol=6 | dir=in | app=c:\program files (x86)\winamp remote\bin\orbir.exe | 
"{EABF85A8-1A92-4892-8F5F-0CBF208CA1C6}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{EC617021-BA69-49E9-B98A-C661FF1E0F06}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{EEE9C117-EB29-4FFF-A775-830727351A1E}" = protocol=6 | dir=in | app=h:\tom clancy's rainbow six vegas 2\binaries\r6vegas2_launcher.exe | 
"{F5770572-736D-4607-8D7E-CF78574304EF}" = protocol=6 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe | 
"{FB03578D-775C-4842-A6A5-BC51E83B5EB9}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe | 
"{FCB33E63-3B9F-4A4B-BBE7-580BAF86AC10}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{FD6913C5-48FF-4B14-A036-94DF3C761E88}" = protocol=6 | dir=in | app=c:\program files (x86)\winamp remote\bin\orbtray.exe | 
"{FDDC89BA-ACA9-4A53-AB68-5DD1D9EAAA10}" = protocol=6 | dir=in | app=k:\spiele installationsdateien\game of thrones\binaries\win32\shippingpc-agotgame.exe | 
"TCP Query User{47AF5CBE-C939-4562-A673-E69BB31EDD7A}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{48955574-88C0-40E6-9C0B-72071FA8110C}C:\program files\dassault systemes\b20\win_b64\code\bin\cnext.exe" = protocol=6 | dir=in | app=c:\program files\dassault systemes\b20\win_b64\code\bin\cnext.exe | 
"TCP Query User{48E5B930-7EC5-421F-A7C3-FE7B4866432E}I:\spiele\action\batman.arkham.city.playable.read.nfo-revan\batman arkham city\binaries\win32\batmanac.exe" = protocol=6 | dir=in | app=i:\spiele\action\batman.arkham.city.playable.read.nfo-revan\batman arkham city\binaries\win32\batmanac.exe | 
"TCP Query User{B175A810-D85D-4C4B-A54F-820CE8780191}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"TCP Query User{BFE85978-F122-4905-BE00-37746892293E}H:\spiele installationsdateien\quake 3\quake3.exe" = protocol=6 | dir=in | app=h:\spiele installationsdateien\quake 3\quake3.exe | 
"TCP Query User{CE0DAAC9-6E33-4E50-815D-3631B4B54880}C:\program files\dassault systemes\b20\win_b64\code\bin\orbixd.exe" = protocol=6 | dir=in | app=c:\program files\dassault systemes\b20\win_b64\code\bin\orbixd.exe | 
"TCP Query User{DD32466A-8F02-42EF-AF9F-D445061D345B}C:\users\***\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{196F9384-AABA-4BE8-AD46-69EF7FC27D2C}C:\program files\dassault systemes\b20\win_b64\code\bin\orbixd.exe" = protocol=17 | dir=in | app=c:\program files\dassault systemes\b20\win_b64\code\bin\orbixd.exe | 
"UDP Query User{2FD123BD-11B0-4FA1-A246-0B2A938FE7AE}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"UDP Query User{6DC213CA-523D-4CC6-9DE7-FE295529C301}H:\spiele installationsdateien\quake 3\quake3.exe" = protocol=17 | dir=in | app=h:\spiele installationsdateien\quake 3\quake3.exe | 
"UDP Query User{BAD170AF-437C-4477-A4B9-26530AF9FA55}C:\users\***\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{CD1F5888-3755-450F-9222-03F720D151E4}I:\spiele\action\batman.arkham.city.playable.read.nfo-revan\batman arkham city\binaries\win32\batmanac.exe" = protocol=17 | dir=in | app=i:\spiele\action\batman.arkham.city.playable.read.nfo-revan\batman arkham city\binaries\win32\batmanac.exe | 
"UDP Query User{DE0298BA-2DC4-46E9-9A21-82CE11A8AF51}C:\program files\dassault systemes\b20\win_b64\code\bin\cnext.exe" = protocol=17 | dir=in | app=c:\program files\dassault systemes\b20\win_b64\code\bin\cnext.exe | 
"UDP Query User{F6940AA2-04CF-4BAE-9271-F4934822D353}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp 1.0 RC3
"{10CD364B-FFCC-48BE-B469-B9622A033075}" = Fences
"{119B2F5A-2A06-DB96-FF28-992EC2A10BDF}" = AMD Accelerated Video Transcoding
"{1444D2EE-C7AD-44A8-844F-2634B49353D1}" = Logitech Gaming Software 5.10
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{2E8D6204-D656-8355-1ED3-2988AC52EB0F}" = ccc-utility64
"{344C0D46-2EF4-4BC8-AE03-3DACDA9B9485}" = AVG 2012
"{3ABFAF33-D6EE-9348-CE96-AF51E9D6D2FF}" = AMD Drag and Drop Transcoding
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{537056B7-32A4-4408-9B54-0341963C7C9C}" = UltraMon
"{5831C6D6-309D-DBB5-14F7-FEE57086CEE7}" = AMD Catalyst Install Manager
"{5FCEE21F-6FCB-40BF-B1D1-44144C444EF3}" = Oracle VM VirtualBox 4.1.10
"{63CE6C32-1EB3-4C51-89FC-9FD96A661A9C}" = AMD Media Foundation Decoders
"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{BF46C84D-1AC3-4CC3-A45C-EF6257B80984}" = AVG 2012
"{CF1EB598-B424-436A-B15F-B763846BA970}" = Dassault Systemes Software Prerequisites x86-x64
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
"AVG" = AVG 2012
"CCleaner" = CCleaner
"Dassault Systemes B20_0" = Dassault Systemes Software B20
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"sp6" = Logitech SetPoint 6.32
"WinRAR archiver" = WinRAR archiver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D4C700-2BFE-43E0-A0B4-9512B43C5B9F}" = Catalyst Control Center - Branding
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{04A3A6B0-8E19-49BB-82FF-65C5A55F917D}" = Acronis*True*Image*Home 2011
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{0A35B15C-9CCD-4C0C-BD5B-34ABF8C95813}_is1" = ICQ 7.5 Build #5255 Banner Remover 1.0
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{14C87AA7-08E6-419F-A165-998EBE5023D7}" = Oblivion - Knights of the Nine
"{16D919E6-F019-4E15-BFBE-4A85EF19DA57}" = Oblivion - Spell Tomes
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18C6A8F0-F0E7-4C68-9E14-DD4AED3FE741}_is1" = aWARemote Pro Server version 2.2.1
"{19D614EB-D62A-AEE7-2391-E74126601D59}" = CCC Help Italian
"{1C373820-B9C8-0F7F-8F84-FC1B76A85F27}" = CCC Help Portuguese
"{1E05CF2E-BF5F-4A43-9147-2CCBBE57BC3C}_is1" = Mein Gutscheincode Finder 1.0.0.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20D0FE9A-816F-4218-9F5E-67B4198052FF}" = MOUSE Editor
"{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1" = Geeks3D.com FurMark 1.10.1
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{2C13F8C1-570B-42A9-87B4-8C7903ECD602}" = ObjectDock Free
"{2D35BC33-7D08-D529-DF91-8A15FBF2600E}" = CCC Help Polish
"{2F2E3D62-8B8C-448F-8900-451325E50948}" = Oblivion - Wizard's Tower
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{337788D1-43D1-9A0F-9787-DD00DB512D41}" = Catalyst Control Center Localization All
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{41785C66-90F2-40CE-8CB5-1C94BFC97280}" = Microsoft Chart Controls for Microsoft .NET Framework 3.5
"{4725833D-4325-5C34-57D4-1FE23E5AE578}" = CCC Help Chinese Standard
"{490BF87E-1F75-4453-BF55-9F540543A3CA}" = Steinberg Drum Loop Expansion 01
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A19D6AC-ADE0-4A07-80FF-9C9812C45557}" = Steinberg Cubase 5
"{4AA68A73-DB9C-439D-9481-981C82BD008B}" = Nokia Connectivity Cable Driver
"{4B271648-43CB-DD31-FF24-E7B06D3EE72A}" = Catalyst Control Center InstallProxy
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D454CF8-12FD-464D-B57B-B46FE27B78BB}" = Steinberg LoopMash Content
"{4DC37F33-7AEC-A4CB-56B1-69A402828763}" = CCC Help Japanese
"{50D4CB89-AF34-4978-96DC-C3034062E901}" = Battlefield 2: Special Forces
"{520F4B09-3A51-47A2-82B0-9FF1DC2D20FA}" = Oblivion - Vile Lair
"{532B917B-8235-4FA5-BE36-643A8BB053A5}" = Steinberg REVerence Content 01
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{5710DAC2-8F2A-503C-CFC2-A973ADE0EA4C}" = CCC Help Czech
"{57F66B4D-C3C6-4CE2-AA9C-CDDE448F5DC1}" = ape@map
"{5C763682-4C40-86DA-9C46-31924D7D2C34}" = CCC Help Thai
"{6033673D-2530-4587-8AD0-EB059FC263F9}" = Crysis® 2
"{60E5022D-FA4B-C6A2-1E80-B46EC39096F3}" = CCC Help Chinese Traditional
"{60F34FDF-267C-408F-290E-EC90D841C8CB}" = CCC Help German
"{66B79AE1-C6E2-B958-689C-D0812DE86BAB}" = CCC Help Greek
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A9D1594-7791-48f5-9CAA-DE9BCB968320}" = Mass Effect™ 3
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B39BE0F-0F5E-A8FA-33E4-8481AE39D96C}" = CCC Help Russian
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6D87CAD9-9B94-4421-A439-B25F8DE14575}" = Tom Clancy's Ghost Recon Future Soldier
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{7A25D130-4EC8-11E1-BEA4-B8AC6F97B88E}" = Google Earth
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E19F2AF-7145-51DE-E395-7729A9374973}" = Catalyst Control Center Graphics Previews Common
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{91CB5B8B-4EC8-DBA1-A88D-99FD480567B0}" = CCC Help English
"{924FBAC4-60D2-7981-3C3E-979DF9CBB346}" = CCC Help Finnish
"{92D1CEBC-7C72-4ECF-BFC6-C131EF3FE6A7}" = Nokia Suite
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9530AE42-DAE1-4619-9594-B23487285D17}" = NVIDIA PhysX
"{965D4A7F-25FE-4D0E-8729-43C6236FB03C}" = Unified Remote
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DC939DC-B7A4-D0E2-C582-A442DF1B3EBE}" = CCC Help Spanish
"{A13D16C5-38A9-4D96-9647-59FCCAB12A85}" = Visual Basic for Applications (R) Core - English
"{A1BD938B-F006-6E6D-70B2-47E1DD56F7DE}" = CCC Help Swedish
"{A2AA4204-C05A-4013-888A-AD153139297F}" = PC Connectivity Solution
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A41EB7B5-8883-4795-A587-AAD8A84A010D}" = Cisco AnyConnect Secure Mobility Client
"{A7709081-CE4E-4339-A727-F88E648F92FA}_is1" = Oblivion Improved 1.41
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AC997F93-0757-4ED4-A701-F40C2D654D09}" = Steinberg HALionOne GM Drum Set
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BABF7852-C2DD-6A8A-9956-101720C715C7}" = CCC Help Turkish
"{BB7C2A56-9706-43B8-5A8C-210AF5816106}" = CCC Help French
"{BD86F1AC-B594-46E4-85DC-1258AC9E2232}" = Steinberg Groove Agent ONE Content
"{BD8A0C60-1AEB-11D6-B8E1-00025521AE60}" = VBA (3821b)
"{BEE9DFE1-7CDF-4D1C-A473-3B3DF8FF1431}_is1" = Hot CPU Tester Pro 4.4.1
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}" = Internet Explorer Toolbar 4.6 by SweetPacks
"{C40C3C3D-97CF-44B5-836C-766E374464B3}" = 3DMark Vantage
"{CCF298AF-9CE1-4B26-B251-486E98A34789}" = Windows 7 USB/DVD Download Tool
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFC2CB60-5654-05A7-4D30-C661800A3A92}" = CCC Help Korean
"{D04CE005-D1D2-80F3-84C8-B3524FCD39C3}" = CCC Help Norwegian
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D23CBFDA-C46B-4920-BA70-FC7878A3F05A}" = Steinberg HALionOne Studio Set
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D544AE4C-4152-225B-A897-6756C8986B14}" = Catalyst Control Center
"{D81E9069-3CCC-4405-3751-71E4AFEACC52}" = CCC Help Hungarian
"{D82CDA0D-C182-42C8-8FF2-5649C98D6003}" = Steinberg HALionOne Pro Set
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DFD30824-6BD0-34E1-ABE8-308AD3CBB9A0}" = Google Talk Plugin
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E22AD5D3-EB60-4A8F-835C-6C10E369DCE2}" = Steinberg HALionOne Expression Set
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E70E7159-93B1-470D-9FBD-D8E9EF34B538}" = Steinberg HALionOne
"{E93FF166-DF14-2537-8FB4-96BB5810A96C}" = CCC Help Danish
"{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}" = Update Manager for SweetPacks 1.1
"{EC425CFC-EE78-4A91-AA25-3BFA65B75364}" = Oblivion - Orrery
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF295F5C-7B57-47AA-8889-6B3E8E214E89}" = Oblivion - Mehrunes Razor
"{F01F79AD-1F47-4685-AE4E-CCFA4EA9FF7C}" = Adobe Setup
"{F057965A-D974-4C64-ADB1-4381CD4B8956}" = Steinberg HALionOne GM Set
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F3AFD063-8BAD-485E-B641-E7F5A2C5AE71}" = Steinberg HALionOne Additional Content Set 01
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA9827E1-8A8E-C176-4923-0840A67ED4DE}" = CCC Help Dutch
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"{FB97C283-1F3C-42D4-AE01-ADC1DC12F774}" = Visual Basic for Applications (R) Core
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FD416706-875C-4B0B-A23A-9E740DAE029E}" = Tom Clancy's Rainbow Six Vegas 2
"{FD6B234C-34F2-46DD-856B-A81C0A09538B}" = calibre
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"{FFFFFD17-B460-41EB-93F1-C48ABAD63828}" = Oblivion - Thieves Den
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
"AGOT_is1" = Game of Thrones Version 1.1.0.0
"Allied Intent Xtended" = Allied Intent Xtended 2.0
"Audacity_is1" = Audacity 1.2.6
"Biet-O-Matic v2.14.8" = Biet-O-Matic v2.14.8
"BubbleUPnP Server" = BubbleUPnP Server
"Camouflage" = Camouflage
"Canon RAW Codec" = Canon RAW Codec
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client 
"CookieCooker" = CookieCooker
"DivX Setup" = DivX-Setup
"Driver Cleaner Pro" = DH Driver Cleaner Professional Edition
"ESET Online Scanner" = ESET Online Scanner v3
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Fences" = Fences
"Foxit Reader" = Foxit Reader
"Fraps" = Fraps
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.5.5.221
"Free MP4 Video Converter_is1" = Free MP4 Video Converter version 5.0.6.221
"Free Studio_is1" = Free Studio version 5.0.10
"Free YouTube Download_is1" = Free YouTube Download version 3.0.19.1206
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.22.508
"GPX-Manager 1.3_is1" = GPX-Manager 1.3
"Hamachi" = Hamachi 1.0.1.2
"HijackThis" = HijackThis 2.0.2
"InstallShield_{20D0FE9A-816F-4218-9F5E-67B4198052FF}" = Mouse Editor
"JAP" = JAP
"JoJoSaver_is1" = JoJoSaver 2.2.0
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 8.6.0
"LinuxLive USB Creator" = LinuxLive USB Creator
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nokia Suite" = Nokia Suite
"Notepad++" = Notepad++
"ObjectDock Free" = ObjectDock Free
"Oblivion mod manager_is1" = Oblivion mod manager 1.1.12
"Opera 11.61.1250" = Opera 11.61
"pubradio.co.uk Winamp Playlist Duplicate Remover_is1" = Duplicate Remover 1.1
"PunkBusterSvc" = PunkBuster Services
"Quake III Arena" = Quake III Arena
"Revo Uninstaller" = Revo Uninstaller 1.93
"Risen 2 Dark Waters_is1" = Risen 2 Dark Waters
"Sleeping Dogs_is1" = Sleeping Dogs
"SpeedFan" = SpeedFan (remove only)
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Streamripper" = Streamripper (Remove only)
"SubtitleWorkshop" = Subtitle Workshop 2.51
"TeamViewer 6" = TeamViewer 6
"The KMPlayer" = The KMPlayer (remove only)
"TrueCrypt" = TrueCrypt
"VLC media player" = VLC media player 1.1.11
"Warcraft III" = Warcraft III
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"WinSplit Revolution" = WinSplit Revolution (v11.04)
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1472118281-826008748-4271564600-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Warcraft III" = Warcraft III: All Products
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 31.08.2012 12:06:06 | Computer Name = *** | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
 (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe". Fehler in  Manifest- oder
 Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion
 steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt
 stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
 
Error - 26.09.2012 06:12:07 | Computer Name = *** | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\***\Downloads\esetsmartinstaller_enu.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
 
Error - 01.10.2012 08:59:46 | Computer Name = *** | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\***\Downloads\esetsmartinstaller_enu.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
 
Error - 06.10.2012 10:40:21 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: winamp.exe, Version: 5.6.3.3235, 
Zeitstempel: 0x4fec7b3e  Name des fehlerhaften Moduls: MSVCR90.dll, Version: 9.0.30729.4926,
 Zeitstempel: 0x4a1743c1  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0005680d  ID des fehlerhaften
 Prozesses: 0x1a64  Startzeit der fehlerhaften Anwendung: 0x01cda3cc5857e614  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Winamp\winamp.exe  Pfad des fehlerhaften
 Moduls: C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_508ed732bcbc0e5a\MSVCR90.dll
Berichtskennung:
 c0efe00c-0fc3-11e2-b240-0019665c27b5
 
Error - 06.10.2012 14:48:12 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: MsiExec.exe, Version: 5.0.7600.16385,
 Zeitstempel: 0x4a5bc3e6  Name des fehlerhaften Moduls: WININET.dll, Version: 8.0.7600.16912,
 Zeitstempel: 0x4eb4bbf6  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0003a78c  ID des fehlerhaften
 Prozesses: 0xce4  Startzeit der fehlerhaften Anwendung: 0x01cda3f31e39c697  Pfad der
 fehlerhaften Anwendung: C:\Windows\syswow64\MsiExec.exe  Pfad des fehlerhaften Moduls:
 C:\Windows\syswow64\WININET.dll  Berichtskennung: 60eb65ef-0fe6-11e2-badd-0019665c27b5
 
Error - 06.10.2012 14:54:03 | Computer Name = *** | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 8.0.7600.16912 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 1880    Startzeit: 01cda3f3decced2b    Endzeit: 15    Anwendungspfad:
 C:\Program Files (x86)\Internet Explorer\iexplore.exe    Berichts-ID:   
 
Error - 09.10.2012 04:11:58 | Computer Name = *** | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 15.0.1.4631 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 1634    Startzeit:
 01cda5942438a668    Endzeit: 35    Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID:
 fc978f4f-11e8-11e2-badd-0019665c27b5  
 
Error - 15.10.2012 17:27:22 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7600.16450,
 Zeitstempel: 0x4aebab8d  Name des fehlerhaften Moduls: RTSUltraMonHook.dll_unloaded,
 Version: 0.0.0.0, Zeitstempel: 0x4d0f8eaa  Ausnahmecode: 0xc000041d  Fehleroffset: 
0x00000000710589d4  ID des fehlerhaften Prozesses: 0xc80  Startzeit der fehlerhaften
 Anwendung: 0x01cdaafc6125d78a  Pfad der fehlerhaften Anwendung: C:\Windows\Explorer.EXE
Pfad
 des fehlerhaften Moduls: RTSUltraMonHook.dll  Berichtskennung: 1ad62dc3-170f-11e2-bb15-0019665c27b5
 
Error - 15.10.2012 17:27:22 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: explorer.exe, Version: 6.1.7600.16450,
 Zeitstempel: 0x4aebab8d  Name des fehlerhaften Moduls: RTSUltraMonHook.dll_unloaded,
 Version: 0.0.0.0, Zeitstempel: 0x4d0f8eaa  Ausnahmecode: 0xc000041d  Fehleroffset: 
0x00000000710589d4  ID des fehlerhaften Prozesses: 0x108c  Startzeit der fehlerhaften
 Anwendung: 0x01cdab1b74ee91f5  Pfad der fehlerhaften Anwendung: C:\Windows\explorer.exe
Pfad
 des fehlerhaften Moduls: RTSUltraMonHook.dll  Berichtskennung: 1ad654d3-170f-11e2-bb15-0019665c27b5
 
Error - 15.10.2012 17:27:31 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: adwcleaner(1).exe, Version: 2.0.0.5,
 Zeitstempel: 0x4f25baec  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc000041d  Fehleroffset: 0x74494f0d  ID des fehlerhaften
 Prozesses: 0x14f4  Startzeit der fehlerhaften Anwendung: 0x01cdab1bd7b77ad6  Pfad der
 fehlerhaften Anwendung: K:\Download\adwcleaner(1).exe  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: 20206573-170f-11e2-bb15-0019665c27b5
 
[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 10.09.2012 15:30:47 | Computer Name = *** | Source = acvpnagent | ID = 67108866
Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line: 
2169 Invoked Function: CChangeRouteTable::FindBestRouteInterface Return Code: -33095647
 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED 
 
Error - 10.09.2012 15:30:47 | Computer Name = *** | Source = acvpnagent | ID = 67108866
Description = Function: CNetEnvironment::testNetwork File: .\NetEnvironment.cpp Line:
 650 Invoked Function: CHostConfigMgr::DeterminePublicInterface Return Code: -33161196
 (0xFE060014) Description: ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE 
 
Error - 10.09.2012 15:30:52 | Computer Name = *** | Source = acvpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
Line:
 2652 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647 
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED 
 
Error - 10.09.2012 15:30:52 | Computer Name = *** | Source = acvpnagent | ID = 67108866
Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line: 
2169 Invoked Function: CChangeRouteTable::FindBestRouteInterface Return Code: -33095647
 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED 
 
Error - 10.09.2012 15:30:52 | Computer Name = *** | Source = acvpnagent | ID = 67108866
Description = Function: CNetEnvironment::testNetwork File: .\NetEnvironment.cpp Line:
 650 Invoked Function: CHostConfigMgr::DeterminePublicInterface Return Code: -33161196
 (0xFE060014) Description: ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE 
 
Error - 16.09.2012 08:11:51 | Computer Name = *** | Source = acvpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
Line:
 2652 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647 
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED 
 
Error - 16.09.2012 08:11:51 | Computer Name = *** | Source = acvpnagent | ID = 67108866
Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line: 
2169 Invoked Function: CChangeRouteTable::FindBestRouteInterface Return Code: -33095647
 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED 
 
Error - 16.09.2012 08:11:51 | Computer Name = *** | Source = acvpnagent | ID = 67108866
Description = Function: CMainThread::applyHostConfigForNoVpn File: .\MainThread.cpp
Line:
 8261 Invoked Function: CHostConfigMgr::DeterminePublicInterface Return Code: -33161196
 (0xFE060014) Description: ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE 
 
Error - 16.09.2012 08:11:51 | Computer Name = *** | Source = acvpnagent | ID = 67108866
Description = Function: CMainThread::RestoreNetworkConfigToPreAuthConditions File:
 .\MainThread.cpp Line: 9664 Invoked Function: CMainThread::applyHostConfigForNoVpn
Return
 Code: -33161196 (0xFE060014) Description: ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE

 
Error - 16.09.2012 08:11:51 | Computer Name = *** | Source = acvpnagent | ID = 67108866
Description = Function: CMainThread::MainLoop File: .\MainThread.cpp Line: 359 Invoked
 Function: CMainThread::RestoreNetworkConfigToPreAuthConditions Return Code: -33161196
 (0xFE060014) Description: ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE 
 
[ System Events ]
Error - 14.10.2012 08:13:13 | Computer Name = *** | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 14.10.2012 11:39:42 | Computer Name = *** | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden 
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
 an den Computerhersteller, um aktualisierte Firmware zu erhalten.
 
Error - 15.10.2012 05:28:55 | Computer Name = *** | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden 
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
 an den Computerhersteller, um aktualisierte Firmware zu erhalten.
 
Error - 15.10.2012 08:58:15 | Computer Name = *** | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 15.10.2012 13:41:18 | Computer Name = *** | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden 
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
 an den Computerhersteller, um aktualisierte Firmware zu erhalten.
 
Error - 15.10.2012 17:30:22 | Computer Name = *** | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden 
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
 an den Computerhersteller, um aktualisierte Firmware zu erhalten.
 
Error - 16.10.2012 04:56:27 | Computer Name = *** | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden 
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
 an den Computerhersteller, um aktualisierte Firmware zu erhalten.
 
Error - 16.10.2012 12:51:56 | Computer Name = *** | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden 
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
 an den Computerhersteller, um aktualisierte Firmware zu erhalten.
 
Error - 17.10.2012 12:45:10 | Computer Name = *** | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden 
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
 an den Computerhersteller, um aktualisierte Firmware zu erhalten.
 
Error - 18.10.2012 11:51:44 | Computer Name = *** | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
 
< End of report >

--- --- ---

cosinus · 18.10.2012, 20:50

Und wieso machst du keinen CustomScan? Es wurde doch deutlichst beschrieben

samhe · 21.10.2012, 20:04

sorry...
OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 21.10.2012 15:10:54 - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Downloads
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,53 Gb Available Physical Memory | 63,15% Memory free
8,00 Gb Paging File | 6,10 Gb Available in Paging File | 76,34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 78,12 Gb Total Space | 6,16 Gb Free Space | 7,89% Space Free | Partition Type: NTFS
Drive D: | 4,91 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive E: | 84,45 Gb Total Space | 6,81 Gb Free Space | 8,07% Space Free | Partition Type: NTFS
Drive F: | 131,32 Gb Total Space | 21,09 Gb Free Space | 16,06% Space Free | Partition Type: NTFS
Drive H: | 101,56 Gb Total Space | 2,95 Gb Free Space | 2,91% Space Free | Partition Type: NTFS
 
Computer Name: GAMEBASE | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe ()
PRC - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.)
PRC - C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\BubbleUPnP Server\BubbleUPnPServer.exe ()
PRC - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
PRC - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe (Stardock)
PRC - C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe (Realtime Soft Ltd)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Stardock\ObjectDockFree\zlib.dll ()
MOD - C:\Program Files (x86)\Stardock\ObjectDockFree\CrashRpt.dll ()
MOD - C:\Program Files (x86)\Stardock\ObjectDockFree\DockShellHook.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (vToolbarUpdater12.2.6) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe ()
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (vpnagent) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (BubbleUPnP Server) -- C:\Program Files (x86)\BubbleUPnP Server\BubbleUPnPServer.exe ()
SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (afcdpsrv) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
SRV - (TeamViewer6) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (AcrSch2Svc) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (BBDemon) -- C:\Programme\Dassault Systemes\B20\win_b64\code\bin\CATSysDemon.exe (Dassault Systemes)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (avgtp) -- C:\Windows\SysNative\drivers\avgtpx64.sys (AVG Technologies)
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (vpnva) -- C:\Windows\SysNative\drivers\vpnva64.sys (Cisco Systems, Inc.)
DRV:64bit: - (acsock) -- C:\Windows\SysNative\drivers\acsock64.sys (Cisco Systems, Inc.)
DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (truecrypt) -- C:\Windows\SysNative\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys (Oracle Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSFilter) -- C:\Windows\SysNative\drivers\avgidsfiltera.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys (Nokia)
DRV:64bit: - (upperdev) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys (Nokia)
DRV:64bit: - (nmwcdc) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia)
DRV:64bit: - (nmwcd) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia)
DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LEqdUsb) -- C:\Windows\SysNative\drivers\LEqdUsb.sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidEqd) -- C:\Windows\SysNative\drivers\LHidEqd.sys (Logitech, Inc.)
DRV:64bit: - (afcdp) -- C:\Windows\SysNative\drivers\afcdp.sys (Acronis)
DRV:64bit: - (tdrpman273) -- C:\Windows\SysNative\drivers\tdrpm273.sys (Acronis)
DRV:64bit: - (timounter) -- C:\Windows\SysNative\drivers\timntr.sys (Acronis)
DRV:64bit: - (snapman) -- C:\Windows\SysNative\drivers\snapman.sys (Acronis)
DRV:64bit: - (WmVirHid) -- C:\Windows\SysNative\drivers\WmVirHid.sys (Logitech Inc.)
DRV:64bit: - (WmBEnum) -- C:\Windows\SysNative\drivers\WmBEnum.sys (Logitech Inc.)
DRV:64bit: - (WmXlCore) -- C:\Windows\SysNative\drivers\WmXlCore.sys (Logitech Inc.)
DRV:64bit: - (WmFilter) -- C:\Windows\SysNative\drivers\WmFilter.sys (Logitech Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (Hp***D) -- C:\Windows\SysNative\drivers\Hp***D.sys (Hewlett-Packard Company)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation                                            )
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia)
DRV:64bit: - (LUMDriver) -- C:\Windows\SysNative\drivers\LUMDriver.sys (IBM)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (UltraMonUtility) -- C:\Program Files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys (Realtime Soft Ltd)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-1472118281-826008748-4271564600-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKU\S-1-5-21-1472118281-826008748-4271564600-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKU\S-1-5-21-1472118281-826008748-4271564600-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1472118281-826008748-4271564600-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1472118281-826008748-4271564600-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 63 5D F4 01 15 D2 CC 01  [binary data]
IE - HKU\S-1-5-21-1472118281-826008748-4271564600-1001\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-1472118281-826008748-4271564600-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1472118281-826008748-4271564600-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-1472118281-826008748-4271564600-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = hxxp://localhost:4002/proxy.pac
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.netvibes.com/privatepage/1#Allgemein"
FF - prefs.js..extensions.enabledAddons: ich@maltegoetz.de:1.4.3
FF - prefs.js..extensions.enabledAddons: stealthyextension@gmail.com:2.3.3
FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.10
FF - prefs.js..extensions.enabledAddons: {dc572301-7619-498c-a57d-39143191b318}:0.4.0.3
FF - prefs.js..extensions.enabledAddons: searchdictcc@roughael:3.4
FF - prefs.js..extensions.enabledAddons: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.4.8.4
FF - prefs.js..network.proxy.ftp: "localhost"
FF - prefs.js..network.proxy.ftp_port: 4001
FF - prefs.js..network.proxy.http: "216.155.139.115"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "64.85.181.45"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "localhost"
FF - prefs.js..network.proxy.ssl_port: 4001
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\***\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\***\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\***\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\***\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012.09.10 21:37:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.04.30 19:13:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.26 12:38:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.08.14 23:27:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_9.0@nokia.com: C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0 [2012.04.02 17:06:29 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\finder@meingutscheincode.de: C:\Program Files (x86)\Mein Gutscheincode Finder\Firefox [2011.08.09 14:15:54 | 000,000,000 | ---D | M]
 
[2012.03.22 01:55:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2012.10.15 23:28:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\1l09kiuo.3\extensions
[2012.03.22 02:39:07 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\1l09kiuo.3\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2012.03.22 02:39:08 | 000,000,000 | ---D | M] (Firefox Companion for eBay) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\1l09kiuo.3\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}
[2012.03.22 02:39:08 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\1l09kiuo.3\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012.03.22 02:39:08 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\1l09kiuo.3\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.03.22 02:39:08 | 000,000,000 | ---D | M] (SignupShield) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\1l09kiuo.3\extensions\{D02B1E87-A8C6-433f-9B5C-2CEC4A072736}
[2012.03.22 02:39:08 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\1l09kiuo.3\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2012.03.22 02:39:07 | 000,000,000 | ---D | M] (YouTube IT) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\1l09kiuo.3\extensions\youtubeit@jarsoft.com.br
[2012.10.15 23:28:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\6kv8cxmu.2\extensions
[2012.03.22 02:38:58 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\6kv8cxmu.2\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.10.15 23:28:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ghh2cgz2.1\extensions
[2012.03.22 02:38:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ghh2cgz2.1\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.03.22 02:38:47 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ghh2cgz2.1\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.10.14 22:53:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\mzzpq0h8.default\extensions
[2012.03.22 02:10:08 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\mzzpq0h8.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.09.16 15:43:04 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\mzzpq0h8.default\extensions\ich@maltegoetz.de
[2012.10.15 23:28:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\xuml876t.***\extensions
[2012.05.25 14:34:38 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\xuml876t.***\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.03.22 02:39:25 | 000,128,185 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\ghh2cgz2.1\extensions\itsalltext@docwhat.gerf.org.xpi
[2012.03.22 02:39:25 | 000,343,406 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\ghh2cgz2.1\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
[2011.07.02 21:58:42 | 000,548,939 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\ghh2cgz2.1\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}.xpi
[2011.03.28 01:14:05 | 000,049,723 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\ghh2cgz2.1\extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}.xpi
[2012.03.22 02:39:28 | 000,608,840 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\ghh2cgz2.1\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.03.22 02:39:28 | 000,691,879 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\ghh2cgz2.1\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2012.09.26 16:10:57 | 000,037,531 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\mzzpq0h8.default\extensions\searchdictcc@roughael.xpi
[2012.07.28 18:32:22 | 000,184,864 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\mzzpq0h8.default\extensions\stealthyextension@gmail.com.xpi
[2012.10.14 22:53:17 | 000,340,281 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\mzzpq0h8.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
[2012.07.25 23:40:26 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\mzzpq0h8.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.07.23 11:11:03 | 000,702,524 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\mzzpq0h8.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
[2012.07.19 00:26:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.09.26 12:38:27 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.28 17:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012.07.14 02:45:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.26 12:38:26 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.07.14 02:45:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.07.14 02:45:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.14 02:45:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.14 02:45:07 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.05.17 19:16:34 | 000,001,392 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 69.10.57.36 www.google-analytics.com.
O1 - Hosts: 69.10.57.36 ad-emea.doubleclick.net.
O1 - Hosts: 69.10.57.36 www.statcounter.com.
O1 - Hosts: 108.163.215.51 www.google-analytics.com.
O1 - Hosts: 108.163.215.51 ad-emea.doubleclick.net.
O1 - Hosts: 108.163.215.51 www.statcounter.com.
O2:64bit: - BHO: (Mein Gutscheincode Finder zeigt automatisch Shopping-Gutscheine an mit denen Sie beim Online-Einkauf sparen können.) - {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - C:\Program Files (x86)\Mein Gutscheincode Finder\Internet Explorer\x64\ConversionOneIE.dll (Conversion One GmbH)
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Mein Gutscheincode Finder zeigt automatisch Shopping-Gutscheine an mit denen Sie beim Online-Einkauf sparen können.) - {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - C:\Program Files (x86)\Mein Gutscheincode Finder\Internet Explorer\x86\ConversionOneIE.dll (Conversion One GmbH)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1472118281-826008748-4271564600-1001..\Run: []  File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe (Stardock)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-1472118281-826008748-4271564600-1001\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-1472118281-826008748-4271564600-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: CC Web-Interface - hxxp://localhost:4002/cookie.cooker/loadifscript File not found
O8:64bit: - Extra context menu item: Formulare ausfüllen (echte Daten) - hxxp://localhost:4002/cookie.cooker/fillscriptp File not found
O8:64bit: - Extra context menu item: Formulare ausfüllen (zufällig) - hxxp://localhost:4002/cookie.cooker/fillscriptr File not found
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Werbung blockieren - hxxp://localhost:4002/cookie.cooker/scriptwerbung File not found
O8 - Extra context menu item: CC Web-Interface - hxxp://localhost:4002/cookie.cooker/loadifscript File not found
O8 - Extra context menu item: Formulare ausfüllen (echte Daten) - hxxp://localhost:4002/cookie.cooker/fillscriptp File not found
O8 - Extra context menu item: Formulare ausfüllen (zufällig) - hxxp://localhost:4002/cookie.cooker/fillscriptr File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Werbung blockieren - hxxp://localhost:4002/cookie.cooker/scriptwerbung File not found
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1472118281-826008748-4271564600-1001\..Trusted Domains: apemap.com ([]http in Trusted sites)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{85317276-E541-4173-BDF8-DA2A88CB496B}: DhcpNameServer = 192.168.2.1 192.168.2.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:64bit: - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll (Stardock)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.10.06 17:01:16 | 000,000,044 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2009.01.03 21:34:30 | 000,000,000 | ---- | M] () - H:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{3304b8f4-408a-11e1-b189-0019665c27b5}\Shell - "" = AutoRun
O33 - MountPoints2\{3304b8f4-408a-11e1-b189-0019665c27b5}\Shell\AutoRun\command - "" = G:\setup_the_witcher_2_ee_3.0.1.17.exe
O33 - MountPoints2\{4ead73ec-9e99-11e1-9482-0019665c27b5}\Shell - "" = AutoRun
O33 - MountPoints2\{4ead73ec-9e99-11e1-9482-0019665c27b5}\Shell\AutoRun\command - "" = I:\setup.exe
O33 - MountPoints2\{904b9f4a-b63d-11e0-9031-0019665c27b5}\Shell - "" = AutoRun
O33 - MountPoints2\{904b9f4a-b63d-11e0-9031-0019665c27b5}\Shell\AutoRun\command - "" = D:\Warcraft_DVD.exe
O33 - MountPoints2\{904b9f4d-b63d-11e0-9031-0019665c27b5}\Shell - "" = AutoRun
O33 - MountPoints2\{904b9f4d-b63d-11e0-9031-0019665c27b5}\Shell\AutoRun\command - "" = K:\setup.exe
O33 - MountPoints2\{904b9f4d-b63d-11e0-9031-0019665c27b5}\Shell\dinstall\command - "" = K:\Quake3\directx7\dxsetup.exe
O33 - MountPoints2\{ae5c6c5a-3ac0-11e1-b8dd-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{ae5c6c5a-3ac0-11e1-b8dd-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Setup.exe -- [2011.10.06 17:01:18 | 000,355,920 | R--- | M] (Valve Corporation)
O33 - MountPoints2\{e6de172e-f8d2-11e0-bdd4-0019665c27b5}\Shell - "" = AutoRun
O33 - MountPoints2\{e6de172e-f8d2-11e0-bdd4-0019665c27b5}\Shell\AutoRun\command - "" = L:\setup.exe
O33 - MountPoints2\{e6de172e-f8d2-11e0-bdd4-0019665c27b5}\Shell\dinstall\command - "" = L:\Setup\directx7\dxsetup.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\L\Shell - "" = AutoRun
O33 - MountPoints2\L\Shell\AutoRun\command - "" = L:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
MsConfig:64bit - StartUpFolder: C:^Users^***^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Produktregistrierung.lnk -  - File not found
MsConfig:64bit - StartUpReg: Acronis Scheduler2 Service - hkey= - key= - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Cisco AnyConnect Secure Mobility Agent for Windows - hkey= - key= - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
MsConfig:64bit - StartUpReg: CookieCooker - hkey= - key= - C:\Program Files (x86)\CookieCooker\CookieCooker.exe ()
MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MsConfig:64bit - StartUpReg: facemoods - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: Google Update - hkey= - key= - C:\Users\***\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig:64bit - StartUpReg: LogMeIn Hamachi Ui - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: Malwarebytes' Anti-Malware - hkey= - key= - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
MsConfig:64bit - StartUpReg: MFARestart - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: NokiaSuite.exe - hkey= - key= - C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)
MsConfig:64bit - StartUpReg: ooVoo.exe - hkey= - key= - C:\Program Files (x86)\ooVoo\oovoo.exe (ooVoo LLC)
MsConfig:64bit - StartUpReg: OscarEditor - hkey= - key= - C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe ()
MsConfig:64bit - StartUpReg: ROC_ROC_JULY_P1 - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: SAOB Monitor - hkey= - key= - C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe (Acronis)
MsConfig:64bit - StartUpReg: Skype - hkey= - key= - C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig:64bit - StartUpReg: SpywareTerminatorShield - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: SpywareTerminatorUpdater - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: Steam - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig:64bit - StartUpReg: SweetIM - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: Sweetpacks Communicator - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: TrueImageMonitor.exe - hkey= - key= - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
MsConfig:64bit - StartUpReg: Unified Remote v2 - hkey= - key= - C:\Program Files (x86)\Unified Remote\RemoteServer.exe (Unified Intents AB)
MsConfig:64bit - StartUpReg: vProt - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: WinampAgent - hkey= - key= - C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "bootini" - Reg Error: Key error.
 
SafeBootMin:64bit: 69468810.sys - Driver
SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: 69468810.sys - Driver
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: 69468810.sys - Driver
SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: 69468810.sys - Driver
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)
Drivers32: msacm.ac3acm - C:\Windows\SysWow64\ac3acm.acm (fccHandler)
Drivers32: msacm.l3acm - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\SysWow64\lameACM.acm (hxxp://www.mp3dev.org/)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)
Drivers32: VIDC.HFYU - C:\Windows\SysWow64\huffyuv.dll (Disappearing Inc.)
Drivers32: VIDC.IV41 - C:\Windows\SysWow64\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\Windows\SysWow64\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.LAGS - C:\Windows\SysWow64\lagarith.dll ( )
Drivers32: VIDC.VP70 - C:\Windows\SysWow64\vp7vfw.dll (On2.com)
Drivers32: VIDC.X264 - C:\Windows\SysWow64\x264vfw.dll ()
Drivers32: VIDC.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\Windows\SysWow64\xvidvfw.dll ()
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.18 22:55:32 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Witcher 2
[2012.10.18 22:55:32 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\The Witcher 2
[2012.10.18 22:50:17 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.10.18 22:48:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
[2012.10.16 20:26:44 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\2K Games
[2012.10.06 19:17:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.10.06 14:03:58 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\VIRENPROBLEM
[2012.10.05 21:56:48 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Mountain-Bike Zeitschrift
[2012.10.03 19:56:13 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\MFAData
[2012.10.03 19:56:13 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Avg2013
 
========== Files - Modified Within 30 Days ==========
 
[2012.12.11 19:44:35 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.11 19:44:35 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.11 19:43:49 | 001,621,940 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.12.11 19:43:49 | 000,700,342 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.12.11 19:43:49 | 000,655,054 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.12.11 19:43:49 | 000,149,138 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.12.11 19:43:49 | 000,121,926 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.12.11 19:39:22 | 3220,660,224 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.21 15:05:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.21 14:58:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1472118281-826008748-4271564600-1001UA.job
[2012.10.21 14:55:56 | 098,263,929 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012.10.21 14:46:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.20 21:00:00 | 000,000,260 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2012.10.18 23:22:35 | 000,011,313 | ---- | M] () -- C:\Users\***\Desktop\apk-patcher-0.1b.jar
[2012.10.18 22:54:25 | 001,598,898 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.10.18 22:48:37 | 000,001,031 | ---- | M] () -- C:\Users\Public\Desktop\The Witcher 2 - Assassins of Kings Enhanced Edition.lnk
[2012.10.15 11:58:00 | 000,001,060 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1472118281-826008748-4271564600-1001Core.job
[2012.10.05 17:53:47 | 000,490,645 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
 
========== Files Created - No Company Name ==========
 
[2012.10.18 23:22:35 | 000,011,313 | ---- | C] () -- C:\Users\***\Desktop\apk-patcher-0.1b.jar
[2012.10.18 22:48:37 | 000,001,031 | ---- | C] () -- C:\Users\Public\Desktop\The Witcher 2 - Assassins of Kings Enhanced Edition.lnk
[2012.10.17 19:41:59 | 1879,090,530 | ---- | C] () -- C:\Users\***\Desktop\tvs-be-dd51-ded-dl-7p-hdtv-x264-205.mkv
[2012.10.06 20:50:31 | 000,002,012 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk
[2012.10.06 20:50:31 | 000,001,956 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk
[2012.10.06 20:50:31 | 000,001,935 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk
[2012.09.28 11:48:01 | 000,001,112 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1472118281-826008748-4271564600-1001UA.job
[2012.09.28 11:48:00 | 000,001,060 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1472118281-826008748-4271564600-1001Core.job
[2012.07.23 11:59:10 | 000,000,198 | ---- | C] () -- C:\Users\***\defogger_reenable
[2012.06.21 10:37:14 | 003,166,792 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2012.06.19 16:37:12 | 000,001,547 | ---- | C] () -- C:\Users\***\cookies.xml
[2012.05.17 00:49:37 | 000,007,605 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg
[2012.04.15 23:43:52 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll
[2012.04.15 23:43:51 | 004,078,592 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll
[2012.04.15 23:43:51 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012.04.15 23:43:51 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012.04.15 23:43:51 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012.04.15 23:43:50 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012.04.14 00:56:35 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI
[2012.04.06 03:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.04.06 03:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.03.09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.01.14 23:24:30 | 000,282,696 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.01.14 23:24:25 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.12.29 12:49:27 | 000,015,873 | ---- | C] () -- C:\Windows\SysWow64\Inetde.dll
[2011.12.19 03:01:07 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.10.17 18:00:59 | 000,000,524 | ---- | C] () -- C:\Windows\QIII.INI
[2011.10.13 00:33:56 | 000,098,424 | ---- | C] () -- C:\Windows\War3Unin.dat
[2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.09.13 01:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.08.06 21:10:02 | 000,711,749 | ---- | C] () -- C:\Windows\unins000.exe
[2011.08.06 21:10:02 | 000,002,421 | ---- | C] () -- C:\Windows\unins000.dat
[2011.08.02 20:30:08 | 001,598,898 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.07.25 02:19:29 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2011.05.20 22:35:28 | 000,304,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2010.07.27 16:59:11 | 014,162,944 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010.07.27 16:03:24 | 012,867,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2011.07.25 01:01:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Acronis
[2012.01.26 12:53:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\AVG2012
[2012.08.23 19:33:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\aWARemote
[2012.05.08 21:55:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\BOM
[2011.08.09 19:08:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\calibre
[2012.01.25 23:07:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DassaultSystemes
[2012.12.11 19:53:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox
[2012.05.25 14:34:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2011.07.24 17:17:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.07.25 17:55:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Foxit Software
[2012.07.17 16:11:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GetRightToGo
[2012.10.06 20:48:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ
[2012.06.19 17:01:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\JonDo
[2011.07.24 17:42:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech
[2012.09.16 15:25:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mobile Atlas Creator
[2012.04.02 17:07:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia
[2012.06.02 00:11:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Notepad++
[2012.08.26 17:27:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ooVoo Details
[2012.01.13 23:43:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera
[2012.04.02 17:09:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC Suite
[2012.06.06 23:50:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Stardock
[2012.04.10 17:21:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Steinberg
[2012.01.26 00:06:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\streamripper
[2011.08.04 17:47:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer
[2012.07.17 16:15:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TestApp
[2012.07.09 17:12:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\The Creative Assembly
[2012.03.21 23:31:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TrueCrypt
[2007.12.26 01:33:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ubisoft
[2012.08.14 00:45:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Unified Remote
[2012.04.20 20:41:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WinSplit
[2012.04.20 20:37:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Winsplit Revolution
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.07.25 01:01:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Acronis
[2012.04.02 01:48:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Adobe
[2012.06.15 01:27:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ATI
[2012.01.26 12:53:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\AVG2012
[2012.08.23 19:33:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\aWARemote
[2012.05.08 21:55:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\BOM
[2011.08.09 19:08:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\calibre
[2012.01.25 23:07:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DassaultSystemes
[2012.12.11 19:53:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox
[2012.05.25 14:34:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2011.07.24 17:17:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.07.25 17:55:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Foxit Software
[2012.07.17 16:11:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GetRightToGo
[2012.01.30 20:09:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Hamachi
[2012.10.06 20:48:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ
[2011.07.24 16:13:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Identities
[2012.06.19 17:01:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\JonDo
[2011.07.24 17:42:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech
[2011.07.24 17:37:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Logishrd
[2011.07.24 17:42:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Logitech
[2011.07.24 16:36:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Macromedia
[2012.07.23 15:25:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2009.07.14 20:18:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Media Center Programs
[2012.05.15 23:43:21 | 000,000,000 | --SD | M] -- C:\Users\***\AppData\Roaming\Microsoft
[2012.09.16 15:25:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mobile Atlas Creator
[2012.10.11 21:21:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mozilla
[2012.04.02 17:07:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia
[2012.06.02 00:11:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Notepad++
[2012.08.26 17:27:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ooVoo Details
[2012.01.13 23:43:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera
[2012.04.02 17:09:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC Suite
[2011.07.24 17:28:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Realtime Soft
[2012.08.29 23:10:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Skype
[2012.08.26 16:04:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\skypePM
[2012.06.06 23:50:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Stardock
[2012.04.10 17:21:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Steinberg
[2012.01.26 00:06:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\streamripper
[2011.08.04 17:47:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer
[2012.07.17 16:15:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TestApp
[2012.07.09 17:12:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\The Creative Assembly
[2012.03.21 23:31:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TrueCrypt
[2012.10.03 21:08:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\U3
[2007.12.26 01:33:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ubisoft
[2012.08.14 00:45:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Unified Remote
[2012.08.13 22:44:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\vlc
[2012.08.22 20:45:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Winamp
[2011.07.24 16:38:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WinRAR
[2012.04.20 20:41:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WinSplit
[2012.04.20 20:37:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Winsplit Revolution
 
< %APPDATA%\*.exe /s >
[2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2012.03.16 03:15:46 | 000,871,616 | ---- | M] (Dropbox, Inc.) -- C:\Users\***\AppData\Roaming\Dropbox\bin\DropboxUpdateHelper.exe
[2012.05.24 20:39:56 | 000,177,280 | ---- | M] (Dropbox, Inc.) -- C:\Users\***\AppData\Roaming\Dropbox\bin\Uninstall.exe
[2011.07.24 17:42:17 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
[2012.04.01 20:21:52 | 000,119,808 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe
[2012.07.09 10:58:21 | 010,700,756 | ---- | M] (Symantec Corporation) -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Templates\NIS-TW-30-18-1-0-37-GE.exe
[2012.07.17 16:53:04 | 004,979,000 | ---- | M] (Crawler.com                                                 ) -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Templates\SpywareTerminatorSetup.exe
[2010.03.18 23:59:48 | 000,177,024 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ghh2cgz2.1\FlashGot.exe
[2012.04.25 22:06:57 | 000,158,000 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\mzzpq0h8.default\FlashGot.exe
[2007.10.23 09:27:20 | 000,110,592 | ---- | M] () -- C:\Users\***\AppData\Roaming\U3\temp\cleanup.exe
[2008.05.02 10:41:48 | 003,493,888 | -H-- | M] (SanDisk Corporation) -- C:\Users\***\AppData\Roaming\U3\temp\Launchpad Removal.exe
 
< %SYSTEMDRIVE%\*.exe >
[2009.07.14 03:39:01 | 000,344,576 | ---- | M] (Microsoft Corporation) -- C:\cmd.exe
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\drivers\nvstor.sys
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\SysNative\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012.09.07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.07.14 03:15:21 | 000,462,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\FirewallAPI.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84

< End of report >

--- --- ---

cosinus · 22.10.2012, 09:48

Code:

ATTFilter

DRV:64bit: - (Hp***D) -- C:\Windows\SysNative\drivers\Hp***D.sys (Hewlett-Packard Company)

Was hast du denn da unkenntlich gemacht?

Bitte nur komplette Vor- und Nachnamen unkenntlich machen, nicht wenn nur ein Vorname oder ein Pseudonym da allein steht!

samhe · 25.10.2012, 11:46

Ich habe meinen Benutzernamen automatisch ersetzt. Das war dann wohl ein Versehen.

Soll heißen hpsamd.sys

cosinus · 25.10.2012, 12:05

Wenn du wirklich dein Vorname steht, dann bitte nichts unkenntlich machen, es gibt doch nun wirklich keinen Anlass dafür

Beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:

ATTFilter

:OTL
O2:64bit: - BHO: (Mein Gutscheincode Finder zeigt automatisch Shopping-Gutscheine an mit denen Sie beim Online-Einkauf sparen können.) - {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - C:\Program Files (x86)\Mein Gutscheincode Finder\Internet Explorer\x64\ConversionOneIE.dll (Conversion One GmbH)
O2 - BHO: (Mein Gutscheincode Finder zeigt automatisch Shopping-Gutscheine an mit denen Sie beim Online-Einkauf sparen können.) - {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - C:\Program Files (x86)\Mein Gutscheincode Finder\Internet Explorer\x86\ConversionOneIE.dll (Conversion One GmbH)
O4 - HKLM..\Run: []  File not found
O4 - HKU\S-1-5-21-1472118281-826008748-4271564600-1001..\Run: []  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
MsConfig:64bit - StartUpReg: facemoods - hkey= - key= -  File not found
SafeBootMin:64bit: 69468810.sys - Driver
SafeBootMin: 69468810.sys - Driver
SafeBootNet:64bit: 69468810.sys - Driver
SafeBootNet: 69468810.sys - Driver
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

samhe · 26.10.2012, 15:54

das erste mal ist mir leider OTL abgeschmiert und ich musste es beenden. In Folge eben kein Neustart und dieses Log:

Code:

ATTFilter

Files\Folders moved on Reboot...
File move failed. C:\Users\Sam\AppData\Local\Temp\FXSAPIDebugLogFile.txt scheduled to be moved on reboot.
C:\Users\Sam\AppData\Local\Temp\~DF0985772EB042EFBE.TMP moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

dann hab ich es noch einmal versucht, es scheint dann funktioniert zu haben und hat mir nach einer Aufforderung eines Neustarts folgendes Log ausgespuckt:

Code:

ATTFilter

All processes killed
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1ED16E0A-E8C4-40A0-8BC2-79485D21F796}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1ED16E0A-E8C4-40A0-8BC2-79485D21F796}\ not found.
File C:\Program Files (x86)\Mein Gutscheincode Finder\Internet Explorer\x64\ConversionOneIE.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1ED16E0A-E8C4-40A0-8BC2-79485D21F796}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1ED16E0A-E8C4-40A0-8BC2-79485D21F796}\ not found.
File C:\Program Files (x86)\Mein Gutscheincode Finder\Internet Explorer\x86\ConversionOneIE.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_USERS\S-1-5-21-1472118281-826008748-4271564600-1001\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\facemoods\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SafeBootMin 69468810.sys\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\69468810.sys\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SafeBootNet 69468810.sys\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\69468810.sys\ not found.
Unable to delete ADS C:\ProgramData\TEMP:DFC5A2B2 .
Unable to delete ADS C:\ProgramData\TEMP:430C6D84 .
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: Sam
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1474694 bytes
->Java cache emptied: 15178000 bytes
->FireFox cache emptied: 248465872 bytes
->Opera cache emptied: 2525993 bytes
->Flash cache emptied: 8135 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 26739968 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 6339234062 bytes
 
Total Files Cleaned = 6.326,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 10262012_164415

Files\Folders moved on Reboot...
File\Folder C:\Users\Sam\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
File\Folder C:\Windows\temp\hsperfdata_GAMEBASE$\2196 not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

cosinus · 26.10.2012, 20:13

1. aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!

Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

2. TDSS-Killer

Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

samhe · 28.10.2012, 17:24

Code:

ATTFilter

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-28 17:15:52
-----------------------------
17:15:52.646    OS Version: Windows x64 6.1.7600 
17:15:52.646    Number of processors: 2 586 0x1706
17:15:52.646    ComputerName: GAMEBASE  UserName: Sam
17:15:53.849    Initialize success
17:15:59.618    AVAST engine defs: 12102800
17:16:06.009    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
17:16:06.013    Disk 0 Vendor: ST3250410AS 3.AAE Size: 238475MB BusType: 3
17:16:06.013    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-4
17:16:06.017    Disk 1 Vendor: SAMSUNG_SP2504C VT100-50 Size: 238475MB BusType: 3
17:16:06.036    Disk 0 MBR read successfully
17:16:06.036    Disk 0 MBR scan
17:16:06.040    Disk 0 Windows VISTA default MBR code
17:16:06.044    Disk 0 Partition 1 00     07    HPFS/NTFS NTFS        80000 MB offset 2048
17:16:06.064    Disk 0 Partition 2 80 (A) 83        Linux             70000 MB offset 163842048
17:16:06.083    Disk 0 Partition 3 00     82   Linux swap              2000 MB offset 307202048
17:16:06.087    Disk 0 Partition - 00     05     Extended             86473 MB offset 311298048
17:16:06.103    Disk 0 Partition 4 00     07    HPFS/NTFS NTFS        86472 MB offset 311300096
17:16:06.150    Disk 0 scanning C:\Windows\system32\drivers
17:16:15.677    Service scanning
17:16:35.396    Modules scanning
17:16:35.400    Disk 0 trace - called modules:
17:16:35.415    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys 
17:16:35.419    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c222a0]
17:16:35.423    3 CLASSPNP.SYS[fffff8800189d43f] -> nt!IofCallDriver -> [0xfffffa8004786e40]
17:16:35.427    5 ACPI.sys[fffff88000e0b781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa8004779060]
17:16:35.431    Scan finished successfully
17:17:04.277    Disk 0 MBR has been saved successfully to "C:\Users\Sam\Desktop\trojaner-board\MBR.dat"
17:17:04.277    The log file has been saved successfully to "C:\Users\Sam\Desktop\trojaner-board\aswMBR.txt"

Code:

ATTFilter

17:17:25.0936 2200  TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
17:17:26.0002 2200  ============================================================
17:17:26.0002 2200  Current date / time: 2012/10/28 17:17:26.0002
17:17:26.0002 2200  SystemInfo:
17:17:26.0002 2200  
17:17:26.0002 2200  OS Version: 6.1.7600 ServicePack: 0.0
17:17:26.0002 2200  Product type: Workstation
17:17:26.0002 2200  ComputerName: GAMEBASE
17:17:26.0002 2200  UserName: Sam
17:17:26.0002 2200  Windows directory: C:\Windows
17:17:26.0002 2200  System windows directory: C:\Windows
17:17:26.0002 2200  Running under WOW64
17:17:26.0002 2200  Processor architecture: Intel x64
17:17:26.0002 2200  Number of processors: 2
17:17:26.0002 2200  Page size: 0x1000
17:17:26.0002 2200  Boot type: Normal boot
17:17:26.0002 2200  ============================================================
17:17:26.0886 2200  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:17:26.0886 2200  Drive \Device\Harddisk1\DR1 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:17:26.0886 2200  Drive \Device\Harddisk2\DR2 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
17:17:26.0886 2200  ============================================================
17:17:26.0886 2200  \Device\Harddisk0\DR0:
17:17:26.0886 2200  MBR partitions:
17:17:26.0886 2200  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x9C40000
17:17:26.0902 2200  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x128E1000, BlocksNum 0xA8E4000
17:17:26.0902 2200  \Device\Harddisk1\DR1:
17:17:26.0902 2200  MBR partitions:
17:17:26.0902 2200  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xCB1E166
17:17:26.0902 2200  \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0xCB1F74A, BlocksNum 0x106A4E37
17:17:26.0902 2200  \Device\Harddisk2\DR2:
17:17:26.0902 2200  MBR partitions:
17:17:26.0902 2200  \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07800
17:17:26.0902 2200  ============================================================
17:17:26.0949 2200  C: <-> \Device\Harddisk0\DR0\Partition1
17:17:27.0007 2200  E: <-> \Device\Harddisk0\DR0\Partition2
17:17:27.0007 2200  F: <-> \Device\Harddisk1\DR1\Partition2
17:17:27.0007 2200  H: <-> \Device\Harddisk1\DR1\Partition1
17:17:27.0011 2200  K: <-> \Device\Harddisk2\DR2\Partition1
17:17:27.0011 2200  ============================================================
17:17:27.0011 2200  Initialize success
17:17:27.0011 2200  ============================================================
17:17:56.0436 1368  ============================================================
17:17:56.0436 1368  Scan started
17:17:56.0436 1368  Mode: Manual; SigCheck; TDLFS; 
17:17:56.0436 1368  ============================================================
17:17:56.0768 1368  ================ Scan system memory ========================
17:17:56.0768 1368  System memory - ok
17:17:56.0768 1368  ================ Scan services =============================
17:17:56.0885 1368  [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
17:17:56.0963 1368  1394ohci - ok
17:17:57.0037 1368  7ByteIo - ok
17:17:57.0069 1368  [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI            C:\Windows\system32\DRIVERS\ACPI.sys
17:17:57.0084 1368  ACPI - ok
17:17:57.0104 1368  [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi         C:\Windows\system32\DRIVERS\acpipmi.sys
17:17:57.0166 1368  AcpiPmi - ok
17:17:57.0244 1368  [ C8AC99197698D2C5988EE2A902E2A042 ] AcrSch2Svc      C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
17:17:57.0295 1368  AcrSch2Svc - ok
17:17:57.0342 1368  [ E5568164C070A4988BD79C896920B3C6 ] acsock          C:\Windows\system32\DRIVERS\acsock64.sys
17:17:57.0369 1368  acsock - ok
17:17:57.0491 1368  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
17:17:57.0498 1368  AdobeARMservice - ok
17:17:57.0612 1368  [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
17:17:57.0619 1368  AdobeFlashPlayerUpdateSvc - ok
17:17:57.0674 1368  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
17:17:57.0694 1368  adp94xx - ok
17:17:57.0713 1368  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
17:17:57.0729 1368  adpahci - ok
17:17:57.0748 1368  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
17:17:57.0760 1368  adpu320 - ok
17:17:57.0784 1368  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
17:17:57.0912 1368  AeLookupSvc - ok
17:17:57.0951 1368  [ AE1FCE2CD1E99BEA89183BA8CD320872 ] afcdp           C:\Windows\system32\DRIVERS\afcdp.sys
17:17:57.0963 1368  afcdp - ok
17:17:58.0037 1368  [ AF44F7E027037628F1FAC3C13CDE73E6 ] afcdpsrv        C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
17:17:58.0127 1368  afcdpsrv - ok
17:17:58.0190 1368  [ 6EF20DDF3172E97D69F596FB90602F29 ] AFD             C:\Windows\system32\drivers\afd.sys
17:17:58.0237 1368  AFD - ok
17:17:58.0264 1368  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\DRIVERS\agp440.sys
17:17:58.0272 1368  agp440 - ok
17:17:58.0299 1368  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
17:17:58.0330 1368  ALG - ok
17:17:58.0358 1368  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\DRIVERS\aliide.sys
17:17:58.0366 1368  aliide - ok
17:17:58.0393 1368  [ 20C8A3E435A47F0408A1EA674AFA6194 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
17:17:58.0467 1368  AMD External Events Utility - ok
17:17:58.0483 1368  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\DRIVERS\amdide.sys
17:17:58.0494 1368  amdide - ok
17:17:58.0514 1368  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
17:17:58.0541 1368  AmdK8 - ok
17:17:58.0811 1368  [ 0B45C18B0F3EE996D25BAA4E74884B83 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
17:17:59.0112 1368  amdkmdag - ok
17:17:59.0159 1368  [ 0E57258E5CC4CC7A9A9A877AFDF0CEC6 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
17:17:59.0190 1368  amdkmdap - ok
17:17:59.0217 1368  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
17:17:59.0248 1368  AmdPPM - ok
17:17:59.0272 1368  [ 7A4B413614C055935567CF88A9734D38 ] amdsata         C:\Windows\system32\DRIVERS\amdsata.sys
17:17:59.0280 1368  amdsata - ok
17:17:59.0287 1368  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
17:17:59.0299 1368  amdsbs - ok
17:17:59.0311 1368  [ B4AD0CACBAB298671DD6F6EF7E20679D ] amdxata         C:\Windows\system32\DRIVERS\amdxata.sys
17:17:59.0323 1368  amdxata - ok
17:17:59.0338 1368  [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID           C:\Windows\system32\drivers\appid.sys
17:17:59.0409 1368  AppID - ok
17:17:59.0432 1368  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
17:17:59.0479 1368  AppIDSvc - ok
17:17:59.0510 1368  [ D065BE66822847B7F127D1F90158376E ] Appinfo         C:\Windows\System32\appinfo.dll
17:17:59.0549 1368  Appinfo - ok
17:17:59.0584 1368  [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt         C:\Windows\System32\appmgmts.dll
17:17:59.0623 1368  AppMgmt - ok
17:17:59.0631 1368  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
17:17:59.0643 1368  arc - ok
17:17:59.0655 1368  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
17:17:59.0666 1368  arcsas - ok
17:17:59.0768 1368  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
17:17:59.0776 1368  aspnet_state - ok
17:17:59.0799 1368  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
17:17:59.0842 1368  AsyncMac - ok
17:17:59.0862 1368  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\DRIVERS\atapi.sys
17:17:59.0869 1368  atapi - ok
17:17:59.0897 1368  [ 24464B908E143D2561E9E452FEE97309 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
17:17:59.0905 1368  AtiHDAudioService - ok
17:17:59.0940 1368  [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:18:00.0002 1368  AudioEndpointBuilder - ok
17:18:00.0034 1368  [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv        C:\Windows\System32\Audiosrv.dll
17:18:00.0069 1368  AudioSrv - ok
17:18:00.0252 1368  [ F6A528DE535396C2FB1A4E3C6F00CEC4 ] AVGIDSAgent     C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
17:18:00.0323 1368  AVGIDSAgent - ok
17:18:00.0366 1368  [ 1B2E9FCDC26DC7C81D4131430E2DC936 ] AVGIDSDriver    C:\Windows\system32\DRIVERS\avgidsdrivera.sys
17:18:00.0373 1368  AVGIDSDriver - ok
17:18:00.0409 1368  [ 0F293406F64B48D5D2F0D3A1117F3A83 ] AVGIDSFilter    C:\Windows\system32\DRIVERS\avgidsfiltera.sys
17:18:00.0416 1368  AVGIDSFilter - ok
17:18:00.0440 1368  [ CFFC3A4A638F462E0561CB368B9A7A3A ] AVGIDSHA        C:\Windows\system32\DRIVERS\avgidsha.sys
17:18:00.0448 1368  AVGIDSHA - ok
17:18:00.0467 1368  [ 221FEBAB02D6C97C95558348CC354A85 ] Avgldx64        C:\Windows\system32\DRIVERS\avgldx64.sys
17:18:00.0479 1368  Avgldx64 - ok
17:18:00.0510 1368  [ A6AEC362AAE5E2DDA7445E7690CB0F33 ] Avgmfx64        C:\Windows\system32\DRIVERS\avgmfx64.sys
17:18:00.0518 1368  Avgmfx64 - ok
17:18:00.0565 1368  [ 645C7F0A0E39758A0024A9B1748273C0 ] Avgrkx64        C:\Windows\system32\DRIVERS\avgrkx64.sys
17:18:00.0573 1368  Avgrkx64 - ok
17:18:00.0588 1368  [ F8C3C7ED612A41B05C66358FC9786BFD ] Avgtdia         C:\Windows\system32\DRIVERS\avgtdia.sys
17:18:00.0604 1368  Avgtdia - ok
17:18:00.0631 1368  [ A313C4AE276E3C975A1BC27170AA23C6 ] avgtp           C:\Windows\system32\drivers\avgtpx64.sys
17:18:00.0639 1368  avgtp - ok
17:18:00.0674 1368  [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd           C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
17:18:00.0709 1368  avgwd - ok
17:18:00.0787 1368  [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
17:18:00.0924 1368  AxInstSV - ok
17:18:00.0959 1368  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
17:18:01.0006 1368  b06bdrv - ok
17:18:01.0037 1368  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
17:18:01.0069 1368  b57nd60a - ok
17:18:01.0256 1368  [ B29C7589D02F1E65B9ED806B2C55D546 ] BBDemon         C:\Program Files\Dassault Systemes\B20\win_b64\code\bin\CATSysDemon.exe
17:18:07.0299 1368  BBDemon ( UnsignedFile.Multi.Generic ) - warning
17:18:07.0299 1368  BBDemon - detected UnsignedFile.Multi.Generic (1)
17:18:07.0377 1368  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
17:18:07.0412 1368  BDESVC - ok
17:18:07.0459 1368  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
17:18:07.0498 1368  Beep - ok
17:18:07.0545 1368  [ 4992C609A6315671463E30F6512BC022 ] BFE             C:\Windows\System32\bfe.dll
17:18:07.0612 1368  BFE - ok
17:18:07.0651 1368  [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS            C:\Windows\System32\qmgr.dll
17:18:07.0713 1368  BITS - ok
17:18:07.0733 1368  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
17:18:07.0760 1368  blbdrive - ok
17:18:07.0830 1368  [ 73686FE0B2E0469F89FD2075BE724704 ] Bonjour Service C:\Program Files (x86)\Bonjour\mDNSResponder.exe
17:18:07.0846 1368  Bonjour Service ( UnsignedFile.Multi.Generic ) - warning
17:18:07.0846 1368  Bonjour Service - detected UnsignedFile.Multi.Generic (1)
17:18:07.0881 1368  [ 19D20159708E152267E53B66677A4995 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
17:18:07.0920 1368  bowser - ok
17:18:07.0951 1368  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:18:07.0983 1368  BrFiltLo - ok
17:18:08.0002 1368  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:18:08.0030 1368  BrFiltUp - ok
17:18:08.0053 1368  [ 94FBC06F294D58D02361918418F996E3 ] Browser         C:\Windows\System32\browser.dll
17:18:08.0096 1368  Browser - ok
17:18:08.0123 1368  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
17:18:08.0155 1368  Brserid - ok
17:18:08.0166 1368  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
17:18:08.0198 1368  BrSerWdm - ok
17:18:08.0221 1368  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
17:18:08.0252 1368  BrUsbMdm - ok
17:18:08.0272 1368  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
17:18:08.0299 1368  BrUsbSer - ok
17:18:08.0315 1368  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
17:18:08.0342 1368  BTHMODEM - ok
17:18:08.0377 1368  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
17:18:08.0416 1368  bthserv - ok
17:18:08.0514 1368  [ 5AD69D89E305A9BE144637B74DD4A4C7 ] BubbleUPnP Server C:\Program Files (x86)\BubbleUPnP Server\BubbleUPnPServer.exe
17:18:08.0530 1368  BubbleUPnP Server ( UnsignedFile.Multi.Generic ) - warning
17:18:08.0530 1368  BubbleUPnP Server - detected UnsignedFile.Multi.Generic (1)
17:18:08.0557 1368  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
17:18:08.0596 1368  cdfs - ok
17:18:08.0627 1368  [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
17:18:08.0655 1368  cdrom - ok
17:18:08.0686 1368  [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc     C:\Windows\System32\certprop.dll
17:18:08.0717 1368  CertPropSvc - ok
17:18:08.0741 1368  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
17:18:08.0768 1368  circlass - ok
17:18:08.0787 1368  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
17:18:08.0807 1368  CLFS - ok
17:18:08.0850 1368  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:18:08.0862 1368  clr_optimization_v2.0.50727_32 - ok
17:18:08.0901 1368  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:18:08.0909 1368  clr_optimization_v2.0.50727_64 - ok
17:18:08.0991 1368  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:18:08.0998 1368  clr_optimization_v4.0.30319_32 - ok
17:18:09.0053 1368  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:18:09.0065 1368  clr_optimization_v4.0.30319_64 - ok
17:18:09.0088 1368  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
17:18:09.0100 1368  CmBatt - ok
17:18:09.0104 1368  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\DRIVERS\cmdide.sys
17:18:09.0116 1368  cmdide - ok
17:18:09.0131 1368  [ F95FD4CB7DA00BA2A63CE9F6B5C053E1 ] CNG             C:\Windows\system32\Drivers\cng.sys
17:18:09.0155 1368  CNG - ok
17:18:09.0162 1368  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
17:18:09.0174 1368  Compbatt - ok
17:18:09.0198 1368  [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
17:18:09.0221 1368  CompositeBus - ok
17:18:09.0233 1368  COMSysApp - ok
17:18:09.0264 1368  cpuz135 - ok
17:18:09.0276 1368  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
17:18:09.0287 1368  crcdisk - ok
17:18:09.0319 1368  [ 8C57411B66282C01533CB776F98AD384 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
17:18:09.0362 1368  CryptSvc - ok
17:18:09.0393 1368  [ 4A6173C2279B498CD8F57CAE504564CB ] CSC             C:\Windows\system32\drivers\csc.sys
17:18:09.0444 1368  CSC - ok
17:18:09.0467 1368  [ 873FBF927C06E5CEE04DEC617502F8FD ] CscService      C:\Windows\System32\cscsvc.dll
17:18:09.0518 1368  CscService - ok
17:18:09.0553 1368  [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch      C:\Windows\system32\rpcss.dll
17:18:09.0616 1368  DcomLaunch - ok
17:18:09.0643 1368  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
17:18:09.0694 1368  defragsvc - ok
17:18:09.0737 1368  [ 9C253CE7311CA60FC11C774692A13208 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
17:18:09.0780 1368  DfsC - ok
17:18:09.0799 1368  [ CE3B9562D997F69B330D181A8875960F ] Dhcp            C:\Windows\system32\dhcpcore.dll
17:18:09.0881 1368  Dhcp - ok
17:18:09.0905 1368  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
17:18:09.0951 1368  discache - ok
17:18:09.0983 1368  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
17:18:09.0994 1368  Disk - ok
17:18:10.0030 1368  [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache        C:\Windows\System32\dnsrslvr.dll
17:18:10.0069 1368  Dnscache - ok
17:18:10.0096 1368  [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc         C:\Windows\System32\dot3svc.dll
17:18:10.0147 1368  dot3svc - ok
17:18:10.0166 1368  [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS             C:\Windows\system32\dps.dll
17:18:10.0209 1368  DPS - ok
17:18:10.0244 1368  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
17:18:10.0260 1368  drmkaud - ok
17:18:10.0303 1368  [ 821BF177A24172F5F0EE9B322F58516C ] dtsoftbus01     C:\Windows\system32\DRIVERS\dtsoftbus01.sys
17:18:10.0315 1368  dtsoftbus01 - ok
17:18:10.0362 1368  [ EBCE0B0924835F635F620D19F0529DCE ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
17:18:10.0397 1368  DXGKrnl - ok
17:18:10.0416 1368  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
17:18:10.0459 1368  EapHost - ok
17:18:10.0541 1368  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
17:18:10.0631 1368  ebdrv - ok
17:18:10.0655 1368  [ 0793F40B9B8A1BDD266296409DBD91EA ] EFS             C:\Windows\System32\lsass.exe
17:18:10.0666 1368  EFS - ok
17:18:10.0717 1368  [ B91D81B3B54A54CCAFC03733DBC2E29E ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
17:18:10.0756 1368  ehRecvr - ok
17:18:10.0768 1368  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
17:18:10.0799 1368  ehSched - ok
17:18:10.0811 1368  EIO64 - ok
17:18:10.0850 1368  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
17:18:10.0869 1368  elxstor - ok
17:18:10.0885 1368  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\DRIVERS\errdev.sys
17:18:10.0909 1368  ErrDev - ok
17:18:10.0959 1368  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
17:18:11.0010 1368  EventSystem - ok
17:18:11.0026 1368  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
17:18:11.0061 1368  exfat - ok
17:18:11.0076 1368  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
17:18:11.0127 1368  fastfat - ok
17:18:11.0174 1368  [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax             C:\Windows\system32\fxssvc.exe
17:18:11.0237 1368  Fax - ok
17:18:11.0241 1368  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
17:18:11.0268 1368  fdc - ok
17:18:11.0287 1368  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
17:18:11.0330 1368  fdPHost - ok
17:18:11.0350 1368  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
17:18:11.0381 1368  FDResPub - ok
17:18:11.0401 1368  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
17:18:11.0412 1368  FileInfo - ok
17:18:11.0420 1368  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
17:18:11.0467 1368  Filetrace - ok
17:18:11.0549 1368  [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
17:18:11.0573 1368  FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
17:18:11.0573 1368  FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
17:18:11.0592 1368  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
17:18:11.0612 1368  flpydisk - ok
17:18:11.0639 1368  [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
17:18:11.0655 1368  FltMgr - ok
17:18:11.0694 1368  [ 8AC4CB4EA61E41009FAE9AE7B2B5DA3A ] FontCache       C:\Windows\system32\FntCache.dll
17:18:11.0764 1368  FontCache - ok
17:18:11.0811 1368  [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:18:11.0819 1368  FontCache3.0.0.0 - ok
17:18:11.0830 1368  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
17:18:11.0838 1368  FsDepends - ok
17:18:11.0850 1368  [ E95EF8547DE20CF0603557C0CF7A9462 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
17:18:11.0862 1368  Fs_Rec - ok
17:18:11.0893 1368  [ B8B2A6E1558F8F5DE5CE431C5B2C7B09 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
17:18:11.0909 1368  fvevol - ok
17:18:11.0920 1368  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
17:18:11.0932 1368  gagp30kx - ok
17:18:12.0014 1368  gntxivqqhkm - ok
17:18:12.0049 1368  [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc           C:\Windows\System32\gpsvc.dll
17:18:12.0088 1368  gpsvc - ok
17:18:12.0135 1368  [ 081EC78C25BA9B2A41F2E807736FF659 ] hamachi         C:\Windows\system32\DRIVERS\hamachi.sys
17:18:12.0143 1368  hamachi - ok
17:18:12.0166 1368  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
17:18:12.0201 1368  hcw85cir - ok
17:18:12.0233 1368  [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:18:12.0264 1368  HdAudAddService - ok
17:18:12.0291 1368  [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
17:18:12.0323 1368  HDAudBus - ok
17:18:12.0342 1368  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
17:18:12.0366 1368  HidBatt - ok
17:18:12.0377 1368  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
17:18:12.0405 1368  HidBth - ok
17:18:12.0420 1368  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
17:18:12.0448 1368  HidIr - ok
17:18:12.0475 1368  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
17:18:12.0514 1368  hidserv - ok
17:18:12.0534 1368  [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
17:18:12.0561 1368  HidUsb - ok
17:18:12.0584 1368  [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc          C:\Windows\system32\kmsvc.dll
17:18:12.0635 1368  hkmsvc - ok
17:18:12.0655 1368  [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:18:12.0674 1368  HomeGroupListener - ok
17:18:12.0694 1368  [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:18:12.0725 1368  HomeGroupProvider - ok
17:18:12.0760 1368  [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD          C:\Windows\system32\DRIVERS\HpSAMD.sys
17:18:12.0768 1368  HpSAMD - ok
17:18:12.0799 1368  [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
17:18:12.0862 1368  HTTP - ok
17:18:12.0877 1368  [ F17766A19145F111856378DF337A5D79 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
17:18:12.0885 1368  hwpolicy - ok
17:18:12.0905 1368  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
17:18:12.0916 1368  i8042prt - ok
17:18:12.0932 1368  [ D83EFB6FD45DF9D55E9A1AFC63640D50 ] iaStorV         C:\Windows\system32\DRIVERS\iaStorV.sys
17:18:12.0948 1368  iaStorV - ok
17:18:13.0010 1368  [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
17:18:13.0026 1368  IDriverT ( UnsignedFile.Multi.Generic ) - warning
17:18:13.0026 1368  IDriverT - detected UnsignedFile.Multi.Generic (1)
17:18:13.0069 1368  [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:18:13.0100 1368  idsvc - ok
17:18:13.0108 1368  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
17:18:13.0119 1368  iirsp - ok
17:18:13.0159 1368  [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT          C:\Windows\System32\ikeext.dll
17:18:13.0209 1368  IKEEXT - ok
17:18:13.0217 1368  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\DRIVERS\intelide.sys
17:18:13.0229 1368  intelide - ok
17:18:13.0256 1368  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
17:18:13.0268 1368  intelppm - ok
17:18:13.0280 1368  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
17:18:13.0326 1368  IPBusEnum - ok
17:18:13.0346 1368  [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:18:13.0389 1368  IpFilterDriver - ok
17:18:13.0412 1368  [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
17:18:13.0471 1368  iphlpsvc - ok
17:18:13.0483 1368  [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV         C:\Windows\system32\DRIVERS\IPMIDrv.sys
17:18:13.0506 1368  IPMIDRV - ok
17:18:13.0522 1368  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
17:18:13.0561 1368  IPNAT - ok
17:18:13.0588 1368  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
17:18:13.0604 1368  IRENUM - ok
17:18:13.0619 1368  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\DRIVERS\isapnp.sys
17:18:13.0631 1368  isapnp - ok
17:18:13.0662 1368  [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
17:18:13.0674 1368  iScsiPrt - ok
17:18:13.0698 1368  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
17:18:13.0709 1368  kbdclass - ok
17:18:13.0729 1368  [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
17:18:13.0744 1368  kbdhid - ok
17:18:13.0760 1368  [ 0793F40B9B8A1BDD266296409DBD91EA ] KeyIso          C:\Windows\system32\lsass.exe
17:18:13.0776 1368  KeyIso - ok
17:18:13.0784 1368  [ E8B6FCC9C83535C67F835D407620BD27 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
17:18:13.0795 1368  KSecDD - ok
17:18:13.0826 1368  [ A8C63880EF6F4D3FEC7B616B9C060215 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
17:18:13.0838 1368  KSecPkg - ok
17:18:13.0850 1368  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
17:18:13.0897 1368  ksthunk - ok
17:18:13.0928 1368  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
17:18:13.0975 1368  KtmRm - ok
17:18:14.0030 1368  [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer    C:\Windows\system32\srvsvc.dll
17:18:14.0076 1368  LanmanServer - ok
17:18:14.0104 1368  [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:18:14.0151 1368  LanmanWorkstation - ok
17:18:14.0233 1368  [ 7772DFAB22611050B79504E671B06E6E ] LBTServ         C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
17:18:14.0248 1368  LBTServ - ok
17:18:14.0287 1368  [ ED7EC050CD6C20E1A93A4DAFB7EFD14D ] LEqdUsb         C:\Windows\system32\DRIVERS\LEqdUsb.Sys
17:18:14.0295 1368  LEqdUsb - ok
17:18:14.0334 1368  [ 3267BC698E29474A8381E68904EB0390 ] LHidEqd         C:\Windows\system32\DRIVERS\LHidEqd.Sys
17:18:14.0338 1368  LHidEqd - ok
17:18:14.0366 1368  [ 241F2648ADF090E2A10095BD6D6F5DCB ] LHidFilt        C:\Windows\system32\DRIVERS\LHidFilt.Sys
17:18:14.0373 1368  LHidFilt - ok
17:18:14.0393 1368  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
17:18:14.0436 1368  lltdio - ok
17:18:14.0471 1368  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
17:18:14.0514 1368  lltdsvc - ok
17:18:14.0530 1368  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
17:18:14.0561 1368  lmhosts - ok
17:18:14.0573 1368  [ 342ED5A4B3326014438F36D22D803737 ] LMouFilt        C:\Windows\system32\DRIVERS\LMouFilt.Sys
17:18:14.0580 1368  LMouFilt - ok
17:18:14.0619 1368  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
17:18:14.0627 1368  LSI_FC - ok
17:18:14.0643 1368  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
17:18:14.0655 1368  LSI_SAS - ok
17:18:14.0670 1368  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:18:14.0682 1368  LSI_SAS2 - ok
17:18:14.0686 1368  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:18:14.0698 1368  LSI_SCSI - ok
17:18:14.0721 1368  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
17:18:14.0764 1368  luafv - ok
17:18:14.0811 1368  [ 701223C663019B62029FAB1A2385EE81 ] LUMDriver       C:\Windows\system32\drivers\LUMDriver.sys
17:18:14.0819 1368  LUMDriver - ok
17:18:14.0838 1368  [ 29C733E1DE824670DC9315CFC9BDBCD3 ] LUsbFilt        C:\Windows\system32\Drivers\LUsbFilt.Sys
17:18:14.0846 1368  LUsbFilt - ok
17:18:14.0912 1368  [ B9FC4CCE5758B816F27DD4D1EED11841 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
17:18:14.0924 1368  MBAMProtector - ok
17:18:15.0006 1368  [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
17:18:15.0022 1368  MBAMScheduler - ok
17:18:15.0073 1368  [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
17:18:15.0084 1368  MBAMService - ok
17:18:15.0104 1368  [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
17:18:15.0131 1368  Mcx2Svc - ok
17:18:15.0147 1368  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
17:18:15.0159 1368  megasas - ok
17:18:15.0186 1368  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
17:18:15.0201 1368  MegaSR - ok
17:18:15.0268 1368  Microsoft SharePoint Workspace Audit Service - ok
17:18:15.0284 1368  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
17:18:15.0326 1368  MMCSS - ok
17:18:15.0342 1368  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
17:18:15.0389 1368  Modem - ok
17:18:15.0424 1368  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
17:18:15.0451 1368  monitor - ok
17:18:15.0463 1368  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
17:18:15.0475 1368  mouclass - ok
17:18:15.0498 1368  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
17:18:15.0510 1368  mouhid - ok
17:18:15.0518 1368  [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
17:18:15.0530 1368  mountmgr - ok
17:18:15.0580 1368  [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
17:18:15.0592 1368  MozillaMaintenance - ok
17:18:15.0608 1368  [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio            C:\Windows\system32\DRIVERS\mpio.sys
17:18:15.0619 1368  mpio - ok
17:18:15.0635 1368  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
17:18:15.0662 1368  mpsdrv - ok
17:18:15.0701 1368  [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc          C:\Windows\system32\mpssvc.dll
17:18:15.0764 1368  MpsSvc - ok
17:18:15.0784 1368  [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
17:18:15.0815 1368  MRxDAV - ok
17:18:15.0850 1368  [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
17:18:15.0877 1368  mrxsmb - ok
17:18:15.0912 1368  [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:18:15.0944 1368  mrxsmb10 - ok
17:18:15.0963 1368  [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:18:15.0994 1368  mrxsmb20 - ok
17:18:16.0018 1368  [ 5C37497276E3B3A5488B23A326A754B7 ] msahci          C:\Windows\system32\DRIVERS\msahci.sys
17:18:16.0030 1368  msahci - ok
17:18:16.0053 1368  [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm           C:\Windows\system32\DRIVERS\msdsm.sys
17:18:16.0069 1368  msdsm - ok
17:18:16.0116 1368  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
17:18:16.0127 1368  MSDTC - ok
17:18:16.0159 1368  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
17:18:16.0190 1368  Msfs - ok
17:18:16.0198 1368  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
17:18:16.0241 1368  mshidkmdf - ok
17:18:16.0256 1368  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\DRIVERS\msisadrv.sys
17:18:16.0268 1368  msisadrv - ok
17:18:16.0295 1368  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
17:18:16.0334 1368  MSiSCSI - ok
17:18:16.0338 1368  msiserver - ok
17:18:16.0366 1368  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
17:18:16.0397 1368  MSKSSRV - ok
17:18:16.0416 1368  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
17:18:16.0463 1368  MSPCLOCK - ok
17:18:16.0487 1368  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
17:18:16.0530 1368  MSPQM - ok
17:18:16.0553 1368  [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
17:18:16.0569 1368  MsRPC - ok
17:18:16.0580 1368  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
17:18:16.0592 1368  mssmbios - ok
17:18:16.0604 1368  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
17:18:16.0651 1368  MSTEE - ok
17:18:16.0662 1368  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
17:18:16.0686 1368  MTConfig - ok
17:18:16.0701 1368  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
17:18:16.0709 1368  Mup - ok
17:18:16.0741 1368  [ 4987E079A4530FA737A128BE54B63B12 ] napagent        C:\Windows\system32\qagentRT.dll
17:18:16.0803 1368  napagent - ok
17:18:16.0850 1368  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
17:18:16.0881 1368  NativeWifiP - ok
17:18:16.0916 1368  [ CAD515DBD07D082BB317D9928CE8962C ] NDIS            C:\Windows\system32\drivers\ndis.sys
17:18:16.0948 1368  NDIS - ok
17:18:16.0963 1368  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
17:18:16.0994 1368  NdisCap - ok
17:18:17.0022 1368  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
17:18:17.0065 1368  NdisTapi - ok
17:18:17.0080 1368  [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
17:18:17.0112 1368  Ndisuio - ok
17:18:17.0131 1368  [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
17:18:17.0162 1368  NdisWan - ok
17:18:17.0178 1368  [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
17:18:17.0221 1368  NDProxy - ok
17:18:17.0248 1368  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
17:18:17.0287 1368  NetBIOS - ok
17:18:17.0307 1368  [ 9162B273A44AB9DCE5B44362731D062A ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
17:18:17.0338 1368  NetBT - ok
17:18:17.0350 1368  [ 0793F40B9B8A1BDD266296409DBD91EA ] Netlogon        C:\Windows\system32\lsass.exe
17:18:17.0366 1368  Netlogon - ok
17:18:17.0405 1368  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
17:18:17.0455 1368  Netman - ok
17:18:17.0498 1368  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:18:17.0506 1368  NetMsmqActivator - ok
17:18:17.0514 1368  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:18:17.0522 1368  NetPipeActivator - ok
17:18:17.0549 1368  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
17:18:17.0612 1368  netprofm - ok
17:18:17.0623 1368  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:18:17.0631 1368  NetTcpActivator - ok
17:18:17.0639 1368  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:18:17.0647 1368  NetTcpPortSharing - ok
17:18:17.0682 1368  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
17:18:17.0694 1368  nfrd960 - ok
17:18:17.0717 1368  [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc          C:\Windows\System32\nlasvc.dll
17:18:17.0764 1368  NlaSvc - ok
17:18:17.0811 1368  [ 5FE6F8C05F0769BBB74AFAC11453B182 ] nmwcd           C:\Windows\system32\drivers\ccdcmbx64.sys
17:18:17.0862 1368  nmwcd - ok
17:18:17.0889 1368  [ 73C929945C0850B8D1FE2FEA05FDF05D ] nmwcdc          C:\Windows\system32\drivers\ccdcmbox64.sys
17:18:17.0909 1368  nmwcdc - ok
17:18:17.0920 1368  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
17:18:17.0951 1368  Npfs - ok
17:18:17.0975 1368  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
17:18:18.0022 1368  nsi - ok
17:18:18.0041 1368  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
17:18:18.0084 1368  nsiproxy - ok
17:18:18.0155 1368  [ 356698A13C4630D5B31C37378D469196 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
17:18:18.0209 1368  Ntfs - ok
17:18:18.0221 1368  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
17:18:18.0268 1368  Null - ok
17:18:18.0291 1368  nvlddmkm - ok
17:18:18.0315 1368  [ 3E38712941E9BB4DDBEE00AFFE3FED3D ] nvraid          C:\Windows\system32\DRIVERS\nvraid.sys
17:18:18.0326 1368  nvraid - ok
17:18:18.0338 1368  [ 477DC4D6DEB99BE37084C9AC6D013DA1 ] nvstor          C:\Windows\system32\DRIVERS\nvstor.sys
17:18:18.0350 1368  nvstor - ok
17:18:18.0358 1368  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\DRIVERS\nv_agp.sys
17:18:18.0369 1368  nv_agp - ok
17:18:18.0385 1368  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
17:18:18.0409 1368  ohci1394 - ok
17:18:18.0444 1368  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:18:18.0455 1368  ose - ok
17:18:18.0588 1368  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
17:18:18.0721 1368  osppsvc - ok
17:18:18.0744 1368  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
17:18:18.0787 1368  p2pimsvc - ok
17:18:18.0815 1368  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
17:18:18.0834 1368  p2psvc - ok
17:18:18.0858 1368  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
17:18:18.0869 1368  Parport - ok
17:18:18.0881 1368  [ 7DAA117143316C4A1537E074A5A9EAF0 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
17:18:18.0893 1368  partmgr - ok
17:18:18.0909 1368  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
17:18:18.0936 1368  PcaSvc - ok
17:18:18.0983 1368  [ BC0018C2D29F655188A0ED3FA94FDB24 ] pccsmcfd        C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
17:18:19.0018 1368  pccsmcfd - ok
17:18:19.0034 1368  [ F36F6504009F2FB0DFD1B17A116AD74B ] pci             C:\Windows\system32\DRIVERS\pci.sys
17:18:19.0049 1368  pci - ok
17:18:19.0061 1368  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\DRIVERS\pciide.sys
17:18:19.0069 1368  pciide - ok
17:18:19.0088 1368  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
17:18:19.0100 1368  pcmcia - ok
17:18:19.0119 1368  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
17:18:19.0127 1368  pcw - ok
17:18:19.0151 1368  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
17:18:19.0209 1368  PEAUTH - ok
17:18:19.0264 1368  [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
17:18:19.0346 1368  PeerDistSvc - ok
17:18:19.0405 1368  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
17:18:19.0428 1368  PerfHost - ok
17:18:19.0475 1368  [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla             C:\Windows\system32\pla.dll
17:18:19.0553 1368  pla - ok
17:18:19.0604 1368  [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
17:18:19.0662 1368  PlugPlay - ok
17:18:19.0698 1368  PnkBstrA - ok
17:18:19.0709 1368  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
17:18:19.0721 1368  PNRPAutoReg - ok
17:18:19.0737 1368  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
17:18:19.0752 1368  PNRPsvc - ok
17:18:19.0784 1368  [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
17:18:19.0823 1368  PolicyAgent - ok
17:18:19.0850 1368  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
17:18:19.0897 1368  Power - ok
17:18:19.0936 1368  [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
17:18:19.0979 1368  PptpMiniport - ok
17:18:19.0998 1368  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
17:18:20.0022 1368  Processor - ok
17:18:20.0061 1368  [ F381975E1F4346DE875CB07339CE8D3A ] ProfSvc         C:\Windows\system32\profsvc.dll
17:18:20.0108 1368  ProfSvc - ok
17:18:20.0123 1368  [ 0793F40B9B8A1BDD266296409DBD91EA ] ProtectedStorage C:\Windows\system32\lsass.exe
17:18:20.0139 1368  ProtectedStorage - ok
17:18:20.0162 1368  [ EE992183BD8EAEFD9973F352E587A299 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
17:18:20.0205 1368  Psched - ok
17:18:20.0264 1368  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
17:18:20.0307 1368  ql2300 - ok
17:18:20.0319 1368  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
17:18:20.0330 1368  ql40xx - ok
17:18:20.0362 1368  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
17:18:20.0393 1368  QWAVE - ok
17:18:20.0409 1368  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
17:18:20.0432 1368  QWAVEdrv - ok
17:18:20.0448 1368  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
17:18:20.0487 1368  RasAcd - ok
17:18:20.0522 1368  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
17:18:20.0565 1368  RasAgileVpn - ok
17:18:20.0580 1368  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
17:18:20.0619 1368  RasAuto - ok
17:18:20.0643 1368  [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
17:18:20.0674 1368  Rasl2tp - ok
17:18:20.0698 1368  [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan          C:\Windows\System32\rasmans.dll
17:18:20.0744 1368  RasMan - ok
17:18:20.0764 1368  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
17:18:20.0795 1368  RasPppoe - ok
17:18:20.0830 1368  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
17:18:20.0877 1368  RasSstp - ok
17:18:20.0901 1368  [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
17:18:20.0951 1368  rdbss - ok
17:18:20.0967 1368  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
17:18:20.0983 1368  rdpbus - ok
17:18:21.0002 1368  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
17:18:21.0030 1368  RDPCDD - ok
17:18:21.0045 1368  [ 9706B84DBABFC4B4CA46C5A82B14DFA3 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
17:18:21.0084 1368  RDPDR - ok
17:18:21.0100 1368  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
17:18:21.0143 1368  RDPENCDD - ok
17:18:21.0170 1368  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
17:18:21.0201 1368  RDPREFMP - ok
17:18:21.0217 1368  [ 8A3E6BEA1C53EA6177FE2B6EBA2C80D7 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
17:18:21.0272 1368  RDPWD - ok
17:18:21.0299 1368  [ 634B9A2181D98F15941236886164EC8B ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
17:18:21.0315 1368  rdyboost - ok
17:18:21.0330 1368  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
17:18:21.0366 1368  RemoteAccess - ok
17:18:21.0385 1368  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
17:18:21.0432 1368  RemoteRegistry - ok
17:18:21.0455 1368  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
17:18:21.0498 1368  RpcEptMapper - ok
17:18:21.0522 1368  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
17:18:21.0541 1368  RpcLocator - ok
17:18:21.0561 1368  [ 7266972E86890E2B30C0C322E906B027 ] RpcSs           C:\Windows\system32\rpcss.dll
17:18:21.0596 1368  RpcSs - ok
17:18:21.0631 1368  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
17:18:21.0662 1368  rspndr - ok
17:18:21.0701 1368  [ BAEFEE35D27A5440D35092CE10267BEC ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
17:18:21.0717 1368  RTL8167 - ok
17:18:21.0737 1368  [ 88AF6E02AB19DF7FD07ECDF9C91E9AF6 ] s3cap           C:\Windows\system32\DRIVERS\vms3cap.sys
17:18:21.0772 1368  s3cap - ok
17:18:21.0784 1368  [ 0793F40B9B8A1BDD266296409DBD91EA ] SamSs           C:\Windows\system32\lsass.exe
17:18:21.0795 1368  SamSs - ok
17:18:21.0815 1368  [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port        C:\Windows\system32\DRIVERS\sbp2port.sys
17:18:21.0826 1368  sbp2port - ok
17:18:21.0854 1368  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
17:18:21.0905 1368  SCardSvr - ok
17:18:21.0932 1368  [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
17:18:21.0963 1368  scfilter - ok
17:18:22.0030 1368  [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule        C:\Windows\system32\schedsvc.dll
17:18:22.0092 1368  Schedule - ok
17:18:22.0112 1368  [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc     C:\Windows\System32\certprop.dll
17:18:22.0143 1368  SCPolicySvc - ok
17:18:22.0170 1368  [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
17:18:22.0209 1368  SDRSVC - ok
17:18:22.0237 1368  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
17:18:22.0280 1368  secdrv - ok
17:18:22.0295 1368  [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon        C:\Windows\system32\seclogon.dll
17:18:22.0342 1368  seclogon - ok
17:18:22.0358 1368  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
17:18:22.0405 1368  SENS - ok
17:18:22.0424 1368  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
17:18:22.0463 1368  SensrSvc - ok
17:18:22.0475 1368  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
17:18:22.0487 1368  Serenum - ok
17:18:22.0502 1368  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
17:18:22.0526 1368  Serial - ok
17:18:22.0553 1368  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
17:18:22.0576 1368  sermouse - ok
17:18:22.0639 1368  [ F31E9531AF225CA25350D5E87E999B31 ] ServiceLayer    C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
17:18:22.0670 1368  ServiceLayer - ok
17:18:22.0694 1368  [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv      C:\Windows\system32\sessenv.dll
17:18:22.0741 1368  SessionEnv - ok
17:18:22.0764 1368  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\DRIVERS\sffdisk.sys
17:18:22.0791 1368  sffdisk - ok
17:18:22.0807 1368  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\DRIVERS\sffp_mmc.sys
17:18:22.0830 1368  sffp_mmc - ok
17:18:22.0850 1368  [ 5588B8C6193EB1522490C122EB94DFFA ] sffp_sd         C:\Windows\system32\DRIVERS\sffp_sd.sys
17:18:22.0862 1368  sffp_sd - ok
17:18:22.0881 1368  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
17:18:22.0893 1368  sfloppy - ok
17:18:22.0920 1368  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
17:18:22.0955 1368  SharedAccess - ok
17:18:22.0987 1368  [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:18:23.0022 1368  ShellHWDetection - ok
17:18:23.0045 1368  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:18:23.0057 1368  SiSRaid2 - ok
17:18:23.0065 1368  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
17:18:23.0076 1368  SiSRaid4 - ok
17:18:23.0162 1368  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
17:18:23.0174 1368  SkypeUpdate - ok
17:18:23.0194 1368  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
17:18:23.0237 1368  Smb - ok
17:18:23.0284 1368  [ 10450F432811D7FDA60A97FCC674D7B2 ] snapman         C:\Windows\system32\DRIVERS\snapman.sys
17:18:23.0295 1368  snapman - ok
17:18:23.0326 1368  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
17:18:23.0354 1368  SNMPTRAP - ok
17:18:23.0401 1368  [ 12583AF6CBE0050651EAF2723B3AD7B3 ] speedfan        C:\Windows\syswow64\speedfan.sys
17:18:23.0412 1368  speedfan - ok
17:18:23.0420 1368  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
17:18:23.0432 1368  spldr - ok
17:18:23.0475 1368  [ F8E1FA03CB70D54A9892AC88B91D1E7B ] Spooler         C:\Windows\System32\spoolsv.exe
17:18:23.0514 1368  Spooler - ok
17:18:23.0616 1368  [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc          C:\Windows\system32\sppsvc.exe
17:18:23.0756 1368  sppsvc - ok
17:18:23.0776 1368  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
17:18:23.0819 1368  sppuinotify - ok
17:18:23.0842 1368  sptd - ok
17:18:23.0881 1368  [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv             C:\Windows\system32\DRIVERS\srv.sys
17:18:23.0932 1368  srv - ok
17:18:23.0971 1368  [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
17:18:23.0998 1368  srv2 - ok
17:18:24.0022 1368  [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
17:18:24.0037 1368  srvnet - ok
17:18:24.0080 1368  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
17:18:24.0131 1368  SSDPSRV - ok
17:18:24.0151 1368  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
17:18:24.0190 1368  SstpSvc - ok
17:18:24.0225 1368  Steam Client Service - ok
17:18:24.0252 1368  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
17:18:24.0264 1368  stexstor - ok
17:18:24.0299 1368  [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc          C:\Windows\System32\wiaservc.dll
17:18:24.0342 1368  stisvc - ok
17:18:24.0362 1368  [ FFD7A6F15B14234B5B0E5D49E7961895 ] storflt         C:\Windows\system32\DRIVERS\vmstorfl.sys
17:18:24.0373 1368  storflt - ok
17:18:24.0397 1368  [ 8FCCBEFC5C440B3C23454656E551B09A ] storvsc         C:\Windows\system32\DRIVERS\storvsc.sys
17:18:24.0405 1368  storvsc - ok
17:18:24.0420 1368  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
17:18:24.0428 1368  swenum - ok
17:18:24.0459 1368  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
17:18:24.0510 1368  swprv - ok
17:18:24.0576 1368  [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain         C:\Windows\system32\sysmain.dll
17:18:24.0670 1368  SysMain - ok
17:18:24.0694 1368  [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:18:24.0709 1368  TabletInputService - ok
17:18:24.0729 1368  [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv         C:\Windows\System32\tapisrv.dll
17:18:24.0784 1368  TapiSrv - ok
17:18:24.0799 1368  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
17:18:24.0830 1368  TBS - ok
17:18:24.0916 1368  [ F18F56EFC0BFB9C87BA01C37B27F4DA5 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
17:18:24.0994 1368  Tcpip - ok
17:18:25.0061 1368  [ F18F56EFC0BFB9C87BA01C37B27F4DA5 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
17:18:25.0092 1368  TCPIP6 - ok
17:18:25.0116 1368  [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
17:18:25.0159 1368  tcpipreg - ok
17:18:25.0178 1368  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
17:18:25.0217 1368  TDPIPE - ok
17:18:25.0276 1368  [ 99527D49EE0A96FC25537C61B270A372 ] tdrpman273      C:\Windows\system32\DRIVERS\tdrpm273.sys
17:18:25.0315 1368  tdrpman273 - ok
17:18:25.0330 1368  [ E4245BDA3190A582D55ED09E137401A9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
17:18:25.0362 1368  TDTCP - ok
17:18:25.0389 1368  [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
17:18:25.0432 1368  tdx - ok
17:18:25.0565 1368  [ 8A9828975A857E477EFEF5A61BA45AC0 ] TeamViewer6     C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
17:18:25.0647 1368  TeamViewer6 - ok
17:18:25.0662 1368  [ C448651339196C0E869A355171875522 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
17:18:25.0670 1368  TermDD - ok
17:18:25.0705 1368  [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService     C:\Windows\System32\termsrv.dll
17:18:25.0768 1368  TermService - ok
17:18:25.0784 1368  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
17:18:25.0815 1368  Themes - ok
17:18:25.0842 1368  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
17:18:25.0877 1368  THREADORDER - ok
17:18:25.0905 1368  [ EBBAEA02F0095A798000C7E06B16D41B ] timounter       C:\Windows\system32\DRIVERS\timntr.sys
17:18:25.0936 1368  timounter - ok
17:18:25.0955 1368  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
17:18:25.0991 1368  TrkWks - ok
17:18:26.0049 1368  [ 370A6907DDF79532A39319492B1FA38A ] truecrypt       C:\Windows\system32\drivers\truecrypt.sys
17:18:26.0061 1368  truecrypt - ok
17:18:26.0104 1368  [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:18:26.0135 1368  TrustedInstaller - ok
17:18:26.0155 1368  [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
17:18:26.0201 1368  tssecsrv - ok
17:18:26.0225 1368  [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
17:18:26.0276 1368  tunnel - ok
17:18:26.0291 1368  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
17:18:26.0299 1368  uagp35 - ok
17:18:26.0326 1368  [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
17:18:26.0377 1368  udfs - ok
17:18:26.0397 1368  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
17:18:26.0420 1368  UI0Detect - ok
17:18:26.0444 1368  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\DRIVERS\uliagpkx.sys
17:18:26.0455 1368  uliagpkx - ok
17:18:26.0498 1368  [ 694BCF23662F97D987CF4C6739C35F8B ] UltraMonUtility C:\Program Files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys
17:18:26.0506 1368  UltraMonUtility - ok
17:18:26.0526 1368  [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
17:18:26.0545 1368  umbus - ok
17:18:26.0557 1368  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
17:18:26.0576 1368  UmPass - ok
17:18:26.0596 1368  [ AF0AC98EE5077EB844413EB54287FDE3 ] UmRdpService    C:\Windows\System32\umrdp.dll
17:18:26.0612 1368  UmRdpService - ok
17:18:26.0631 1368  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
17:18:26.0666 1368  upnphost - ok
17:18:26.0701 1368  [ 34AFB83C7BBA370E404E52CC2290350C ] upperdev        C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys
17:18:26.0741 1368  upperdev - ok
17:18:26.0787 1368  [ 77B01BC848298223A95D4EC23E1785A1 ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
17:18:26.0815 1368  usbaudio - ok
17:18:26.0834 1368  [ B26AFB54A534D634523C4FB66765B026 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
17:18:26.0858 1368  usbccgp - ok
17:18:26.0885 1368  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\DRIVERS\usbcir.sys
17:18:26.0897 1368  usbcir - ok
17:18:26.0909 1368  [ 2EA4AFF7BE7EB4632E3AA8595B0803B5 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
17:18:26.0932 1368  usbehci - ok
17:18:26.0963 1368  [ 4C9042B8DF86C1E8E6240C218B99B39B ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
17:18:26.0983 1368  usbhub - ok
17:18:27.0002 1368  [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
17:18:27.0014 1368  usbohci - ok
17:18:27.0034 1368  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
17:18:27.0057 1368  usbprint - ok
17:18:27.0100 1368  [ 0F0C72A657C622286013788B886968AD ] usbser          C:\Windows\system32\drivers\usbser.sys
17:18:27.0116 1368  usbser - ok
17:18:27.0123 1368  [ AA75E1EFBEE7186B4CBAAACF1F15E6CA ] UsbserFilt      C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys
17:18:27.0159 1368  UsbserFilt - ok
17:18:27.0174 1368  [ 080D3820DA6C046BE82FC8B45A893E83 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:18:27.0201 1368  USBSTOR - ok
17:18:27.0221 1368  [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
17:18:27.0233 1368  usbuhci - ok
17:18:27.0272 1368  [ D501E12614B00A3252073101D6A1A74B ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
17:18:27.0303 1368  usbvideo - ok
17:18:27.0326 1368  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
17:18:27.0358 1368  UxSms - ok
17:18:27.0362 1368  [ 0793F40B9B8A1BDD266296409DBD91EA ] VaultSvc        C:\Windows\system32\lsass.exe
17:18:27.0377 1368  VaultSvc - ok
17:18:27.0409 1368  [ F003AD6B7AB541189B4978E5CCFA7A3D ] VBoxDrv         C:\Windows\system32\DRIVERS\VBoxDrv.sys
17:18:27.0420 1368  VBoxDrv - ok
17:18:27.0448 1368  [ 57DFB714EBED93FEC3E84C5E8CDA4690 ] VBoxNetAdp      C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
17:18:27.0455 1368  VBoxNetAdp - ok
17:18:27.0479 1368  [ 4D1629639520BA45E0B9540C0513D8D2 ] VBoxNetFlt      C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
17:18:27.0491 1368  VBoxNetFlt - ok
17:18:27.0502 1368  [ 8C0791CA9A9327988FC4C771ACE76B85 ] VBoxUSBMon      C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
17:18:27.0514 1368  VBoxUSBMon - ok
17:18:27.0549 1368  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\DRIVERS\vdrvroot.sys
17:18:27.0557 1368  vdrvroot - ok
17:18:27.0580 1368  [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds             C:\Windows\System32\vds.exe
17:18:27.0619 1368  vds - ok
17:18:27.0635 1368  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
17:18:27.0651 1368  vga - ok
17:18:27.0662 1368  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
17:18:27.0705 1368  VgaSave - ok
17:18:27.0729 1368  [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp           C:\Windows\system32\DRIVERS\vhdmp.sys
17:18:27.0741 1368  vhdmp - ok
17:18:27.0756 1368  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\DRIVERS\viaide.sys
17:18:27.0764 1368  viaide - ok
17:18:27.0784 1368  [ 1501699D7EDA984ABC4155A7DA5738D1 ] vmbus           C:\Windows\system32\DRIVERS\vmbus.sys
17:18:27.0795 1368  vmbus - ok
17:18:27.0807 1368  [ AE10C35761889E65A6F7176937C5592C ] VMBusHID        C:\Windows\system32\DRIVERS\VMBusHID.sys
17:18:27.0826 1368  VMBusHID - ok
17:18:27.0846 1368  [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr          C:\Windows\system32\DRIVERS\volmgr.sys
17:18:27.0858 1368  volmgr - ok
17:18:27.0885 1368  [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
17:18:27.0936 1368  volmgrx - ok
17:18:28.0030 1368  [ 58F82EED8CA24B461441F9C3E4F0BF5C ] volsnap         C:\Windows\system32\DRIVERS\volsnap.sys
17:18:28.0069 1368  volsnap - ok
17:18:28.0131 1368  [ 18507BDC6C15BD464DE9AB18B6AF1C23 ] vpnagent        C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
17:18:28.0151 1368  vpnagent - ok
17:18:28.0182 1368  [ BE7FE15AC90B9F02CBE011AE2426DD0F ] vpnva           C:\Windows\system32\DRIVERS\vpnva64.sys
17:18:28.0190 1368  vpnva - ok
17:18:28.0205 1368  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
17:18:28.0217 1368  vsmraid - ok
17:18:28.0272 1368  [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS             C:\Windows\system32\vssvc.exe
17:18:28.0330 1368  VSS - ok
17:18:28.0428 1368  [ CBA3F6EF1E70167DB376B4013F71A62B ] vToolbarUpdater12.2.6 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
17:18:28.0444 1368  vToolbarUpdater12.2.6 - ok
17:18:28.0459 1368  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
17:18:28.0483 1368  vwifibus - ok
17:18:28.0518 1368  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
17:18:28.0553 1368  W32Time - ok
17:18:28.0576 1368  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
17:18:28.0592 1368  WacomPen - ok
17:18:28.0612 1368  [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
17:18:28.0655 1368  WANARP - ok
17:18:28.0655 1368  [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
17:18:28.0686 1368  Wanarpv6 - ok
17:18:28.0737 1368  [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine        C:\Windows\system32\wbengine.exe
17:18:28.0823 1368  wbengine - ok
17:18:28.0838 1368  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
17:18:28.0858 1368  WbioSrvc - ok
17:18:28.0873 1368  [ 8321C2CA3B62B61B293CDA3451984468 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
17:18:28.0897 1368  wcncsvc - ok
17:18:28.0912 1368  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:18:28.0951 1368  WcsPlugInService - ok
17:18:28.0971 1368  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
17:18:28.0979 1368  Wd - ok
17:18:29.0002 1368  [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
17:18:29.0034 1368  Wdf01000 - ok
17:18:29.0045 1368  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
17:18:29.0073 1368  WdiServiceHost - ok
17:18:29.0092 1368  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
17:18:29.0112 1368  WdiSystemHost - ok
17:18:29.0127 1368  [ 8A438CBB8C032A0C798B0C642FFBE572 ] WebClient       C:\Windows\System32\webclnt.dll
17:18:29.0159 1368  WebClient - ok
17:18:29.0178 1368  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
17:18:29.0225 1368  Wecsvc - ok
17:18:29.0241 1368  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
17:18:29.0291 1368  wercplsupport - ok
17:18:29.0319 1368  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
17:18:29.0350 1368  WerSvc - ok
17:18:29.0377 1368  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
17:18:29.0405 1368  WfpLwf - ok
17:18:29.0420 1368  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
17:18:29.0432 1368  WIMMount - ok
17:18:29.0451 1368  WinDefend - ok
17:18:29.0455 1368  WinHttpAutoProxySvc - ok
17:18:29.0494 1368  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
17:18:29.0530 1368  Winmgmt - ok
17:18:29.0573 1368  [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM           C:\Windows\system32\WsmSvc.dll
17:18:29.0655 1368  WinRM - ok
17:18:29.0721 1368  [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
17:18:29.0733 1368  WinUsb - ok
17:18:29.0776 1368  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
17:18:29.0811 1368  Wlansvc - ok
17:18:29.0928 1368  [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:18:30.0002 1368  wlidsvc - ok
17:18:30.0037 1368  [ 680A7846370000D20D7E74917D5B7936 ] WmBEnum         C:\Windows\system32\drivers\WmBEnum.sys
17:18:30.0045 1368  WmBEnum - ok
17:18:30.0069 1368  [ 14C35BA8189C6F65D839163AA285E954 ] WmFilter        C:\Windows\system32\drivers\WmFilter.sys
17:18:30.0076 1368  WmFilter - ok
17:18:30.0096 1368  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
17:18:30.0127 1368  WmiAcpi - ok
17:18:30.0159 1368  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
17:18:30.0190 1368  wmiApSrv - ok
17:18:30.0221 1368  WMPNetworkSvc - ok
17:18:30.0233 1368  [ 8488DD91A3EE54A8E29F02AD7BB8201E ] WmVirHid        C:\Windows\system32\drivers\WmVirHid.sys
17:18:30.0241 1368  WmVirHid - ok
17:18:30.0252 1368  [ 14802B3A30AA849C97CB968CCC813BF3 ] WmXlCore        C:\Windows\system32\drivers\WmXlCore.sys
17:18:30.0260 1368  WmXlCore - ok
17:18:30.0280 1368  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
17:18:30.0299 1368  WPCSvc - ok
17:18:30.0315 1368  [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
17:18:30.0330 1368  WPDBusEnum - ok
17:18:30.0354 1368  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
17:18:30.0401 1368  ws2ifsl - ok
17:18:30.0416 1368  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
17:18:30.0451 1368  wscsvc - ok
17:18:30.0455 1368  WSearch - ok
17:18:30.0530 1368  [ 38340204A2D0228F1E87740FC5E554A7 ] wuauserv        C:\Windows\system32\wuaueng.dll
17:18:30.0619 1368  wuauserv - ok
17:18:30.0631 1368  [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
17:18:30.0678 1368  WudfPf - ok
17:18:30.0717 1368  [ 3B197AF0FFF08AA66B6B2241CA538D64 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
17:18:30.0748 1368  WUDFRd - ok
17:18:30.0764 1368  [ B551D6637AA0E132C18AC6E504F7B79B ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
17:18:30.0803 1368  wudfsvc - ok
17:18:30.0826 1368  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
17:18:30.0854 1368  WwanSvc - ok
17:18:30.0877 1368  ================ Scan global ===============================
17:18:30.0897 1368  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
17:18:30.0932 1368  [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll
17:18:30.0940 1368  [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll
17:18:30.0955 1368  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
17:18:30.0971 1368  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
17:18:30.0979 1368  [Global] - ok
17:18:30.0979 1368  ================ Scan MBR ==================================
17:18:30.0983 1368  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
17:18:33.0217 1368  \Device\Harddisk0\DR0 - ok
17:18:33.0221 1368  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
17:18:33.0631 1368  \Device\Harddisk1\DR1 - ok
17:18:41.0498 1368  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk2\DR2
17:18:41.0592 1368  \Device\Harddisk2\DR2 - ok
17:18:41.0592 1368  ================ Scan VBR ==================================
17:18:41.0596 1368  [ 216B7448B1804E37F8B8941FFCF58574 ] \Device\Harddisk0\DR0\Partition1
17:18:41.0600 1368  \Device\Harddisk0\DR0\Partition1 - ok
17:18:41.0619 1368  [ 17405DE464E5C9E52E595B9B4D502E52 ] \Device\Harddisk0\DR0\Partition2
17:18:41.0619 1368  \Device\Harddisk0\DR0\Partition2 - ok
17:18:41.0647 1368  [ BED174190B64F40EEA62AC0A9662C3B4 ] \Device\Harddisk1\DR1\Partition1
17:18:41.0647 1368  \Device\Harddisk1\DR1\Partition1 - ok
17:18:41.0651 1368  [ 142581BEC72D9BA06A92FA01CC47D2A6 ] \Device\Harddisk1\DR1\Partition2
17:18:41.0651 1368  \Device\Harddisk1\DR1\Partition2 - ok
17:18:41.0655 1368  [ 54588D19E29B52420567B65F9C73DB2D ] \Device\Harddisk2\DR2\Partition1
17:18:41.0655 1368  \Device\Harddisk2\DR2\Partition1 - ok
17:18:41.0655 1368  ============================================================
17:18:41.0655 1368  Scan finished
17:18:41.0655 1368  ============================================================
17:18:41.0662 2612  Detected object count: 5
17:18:41.0662 2612  Actual detected object count: 5
17:19:04.0268 2612  BBDemon ( UnsignedFile.Multi.Generic ) - skipped by user
17:19:04.0268 2612  BBDemon ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:19:04.0268 2612  Bonjour Service ( UnsignedFile.Multi.Generic ) - skipped by user
17:19:04.0268 2612  Bonjour Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:19:04.0268 2612  BubbleUPnP Server ( UnsignedFile.Multi.Generic ) - skipped by user
17:19:04.0268 2612  BubbleUPnP Server ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:19:04.0268 2612  FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
17:19:04.0268 2612  FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:19:04.0268 2612  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
17:19:04.0268 2612  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus · 28.10.2012, 17:39

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Scans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

samhe · 01.11.2012, 22:06

ich bin gerade noch am scannen mit super anti spyware. Es wurden sogenannte adware tracking cookies gefunden, und zwar von "doubleclick.net" u.s.w.
Nachdem ich im Internet ein bisschen recherchiert habe, wurde eben diese Webside als Grund für das Vertauschen von Links genannt. (edit: bin mir nicht mehr so sicher ob das stimmt)

der Scan von Malwarebytes lieferte keine Funde.

cosinus · 03.11.2012, 14:45

Bitte die Logs von beiden Tools posten, egal ob Fund oder kein Fund!

samhe · 03.11.2012, 18:19

SuperAntiSpyware scannt schon seit über 15 stunden. Kann das normal sein?

18.10.2012, 20:50	#19
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Falsche Weiterleitung von Links und Werbe-Popup unten Rechts Und wieso machst du keinen CustomScan? Es wurde doch deutlichst beschrieben __________________ Logfiles bitte immer in CODE-Tags posten

28.10.2012, 17:39	#27
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Falsche Weiterleitung von Links und Werbe-Popup unten Rechts Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Scans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! __________________ Logfiles bitte immer in CODE-Tags posten

03.11.2012, 14:45	#29
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Falsche Weiterleitung von Links und Werbe-Popup unten Rechts Bitte die Logs von beiden Tools posten, egal ob Fund oder kein Fund! __________________ Logfiles bitte immer in CODE-Tags posten

Falsche Weiterleitung von Links und Werbe-Popup unten Rechts

Plagegeister aller Art und deren Bekämpfung: Falsche Weiterleitung von Links und Werbe-Popup unten Rechts