Live Security Platinum Befall

Pac11 · 27.07.2012, 11:30

Hallo liebe Forengemeinde,

auch bei mir hat sich das hölzerne Pferd "Live Security Platinum" eingeschlichen und mir erstmal einen gehörigen Schreck eingejagt! Die üblichen Probleme und wenig Brauchbares im Netz dazu...lediglich bei Euch fand ich, durch das Lesen der anderen Threads, brauchbare Antworten, so dass ich für einen Blick auf meine Logfiles sehr dankbar wäre!

Logfile von Malwarebytes Anti-Malware:
Quickscan im abgesicherten Modus

Code:

ATTFilter

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.26.13

Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 8.0.7601.17514
Pac :: PAC-PC [Administrator]

26.07.2012 20:24:36
mbam-log-2012-07-26 (20-24-36).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 197295
Laufzeit: 3 Minute(n), 13 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 3
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Golden Palace Casino PT (Trojan.DNSChanger) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce|0C1CFAEF000105FC004F66CCF875EF60 (Trojan.LameShield) -> Daten: C:\ProgramData\0C1CFAEF000105FC004F66CCF875EF60\0C1CFAEF000105FC004F66CCF875EF60.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 1
C:\Users\Pac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum (Rogue.LiveSecurityPlatinum) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 8
C:\ProgramData\0C1CFAEF000105FC004F66CCF875EF60\0C1CFAEF000105FC004F66CCF875EF60.exe (Trojan.LameShield) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Pac\AppData\Local\Temp\msimg32.dll (RootKit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Pac\AppData\Local\Temp\sdhttt.exe (Spyware.Zbot) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Pac\AppData\Local\Temp\~!#BE59.tmp (RootKit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Pac\AppData\Local\Temp\~!#C28F.tmp (Trojan.Delf) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Pac\AppData\Local\Temp\2F88.tmp (Exploit.Drop.GS) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Pac\Desktop\Live Security Platinum.lnk (Rogue.LiveSecurityPlatinum) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Pac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum\Live Security Platinum.lnk (Rogue.LiveSecurityPlatinum) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

danach Full Scan im normalen Modus

Code:

ATTFilter

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.26.13

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Pac :: PAC-PC [Administrator]

26.07.2012 20:35:41
mbam-log-2012-07-26 (20-35-41).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|H:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 983185
Laufzeit: 2 Stunde(n), 48 Minute(n), 35 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Pac\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\111e5378-1d987b09 (Spyware.Zbot) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

dann den ESET Online Scanner laufen lassen, hier das Logfile

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=bb79f862262a654e8835678d837cf20f
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-27 12:27:40
# local_time=2012-07-27 02:27:40 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 10384834 10384834 0 0
# compatibility_mode=5893 16776574 100 94 34557928 94969513 0 0
# compatibility_mode=8192 67108863 100 0 187 187 0 0
# scanned=785643
# found=14
# cleaned=0
# scan_time=9197
C:\Users\Pac\AppData\Local\Temp\casF663.tmp	a variant of Win32/PrimeCasino application (unable to clean)	00000000000000000000000000000000	I
D:\Eigene Dokumente\_Private Ablage\Files\DBox Backup\remote\DBOXremote.exe	probably unknown NewHeur_PE virus (unable to clean)	00000000000000000000000000000000	I
E:\Tools\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe	Win32/Toolbar.Widgi application (unable to clean)	00000000000000000000000000000000	I
F:\Downloads\casinoshare.exe	a variant of Win32/PrimeCasino application (unable to clean)	00000000000000000000000000000000	I
F:\Downloads\PDFCreator-1_2_3_setup.exe	Win32/Toolbar.Widgi application (unable to clean)	00000000000000000000000000000000	I
H:\Backup\So\BD02\LwD\Eigene Dokumente\_Private Ablage\Files\DBox Backup\remote\DBOXremote.exe	probably unknown NewHeur_PE virus (unable to clean)	00000000000000000000000000000000	I
H:\Backup\So\BD02\LwF\Downloads\casinoshare.exe	a variant of Win32/PrimeCasino application (unable to clean)	00000000000000000000000000000000	I
H:\Backup\So\BD02\LwF\Downloads\PDFCreator-1_2_3_setup.exe	Win32/Toolbar.Widgi application (unable to clean)	00000000000000000000000000000000	I
H:\Backup\So\BD03\LwD\Eigene Dokumente\_Private Ablage\Files\DBox Backup\remote\DBOXremote.exe	probably unknown NewHeur_PE virus (unable to clean)	00000000000000000000000000000000	I
H:\Backup\So\BD03\LwF\Downloads\casinoshare.exe	a variant of Win32/PrimeCasino application (unable to clean)	00000000000000000000000000000000	I
H:\Backup\So\BD03\LwF\Downloads\PDFCreator-1_2_3_setup.exe	Win32/Toolbar.Widgi application (unable to clean)	00000000000000000000000000000000	I
H:\Backup\So\LwD\Eigene Dokumente\_Private Ablage\Files\DBox Backup\remote\DBOXremote.exe	probably unknown NewHeur_PE virus (unable to clean)	00000000000000000000000000000000	I
H:\Backup\So\LwF\Downloads\casinoshare.exe	a variant of Win32/PrimeCasino application (unable to clean)	00000000000000000000000000000000	I
H:\Backup\So\LwF\Downloads\PDFCreator-1_2_3_setup.exe	Win32/Toolbar.Widgi application (unable to clean)	00000000000000000000000000000000	I

Zum Schluss OTL mit Standarteinstellungen!?

Code:

ATTFilter

OTL logfile created on: 27.07.2012 12:00:27 - Run 1
OTL by OldTimer - Version 3.2.55.0     Folder = C:\Users\Pac\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6,00 Gb Total Physical Memory | 4,58 Gb Available Physical Memory | 76,33% Memory free
12,00 Gb Paging File | 10,37 Gb Available in Paging File | 86,47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 92,77 Gb Total Space | 40,51 Gb Free Space | 43,66% Space Free | Partition Type: NTFS
Drive D: | 92,77 Gb Total Space | 84,28 Gb Free Space | 90,85% Space Free | Partition Type: NTFS
Drive E: | 117,19 Gb Total Space | 62,23 Gb Free Space | 53,10% Space Free | Partition Type: NTFS
Drive F: | 163,01 Gb Total Space | 92,35 Gb Free Space | 56,65% Space Free | Partition Type: NTFS
Drive H: | 232,88 Gb Total Space | 41,61 Gb Free Space | 17,87% Space Free | Partition Type: NTFS
 
Computer Name: PAC-PC | User Name: Pac | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.27 02:36:50 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Pac\Desktop\OTL.exe
PRC - [2012.07.11 13:49:46 | 004,066,816 | ---- | M] (J. Rathlev, IEAP, Uni-Kiel) -- E:\Tools\Personal Backup 5\Persbackup.exe
PRC - [2012.05.09 00:20:07 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.09 00:20:07 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.09 00:20:07 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010.03.08 17:22:18 | 007,283,328 | ---- | M] (ASUSTeK Computer Inc.) -- E:\Tools\EPU-6 Engine\SixEngine.exe
PRC - [2009.09.03 23:17:14 | 003,342,336 | ---- | M] (Electronic Arts) -- E:\Games\EADM\Core.exe
PRC - [2009.05.01 15:35:54 | 000,181,544 | ---- | M] (Seagate Technology LLC) -- E:\Tools\SeagateManager\Sync\FreeAgentService.exe
PRC - [2009.04.02 12:27:26 | 000,090,112 | ---- | M] () -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2009.09.30 12:33:06 | 000,024,576 | ---- | M] () -- C:\Windows\SysWOW64\AsIO.dll
MOD - [2009.08.27 20:41:46 | 000,565,248 | ---- | M] () -- E:\Tools\EPU-6 Engine\pngio.dll
MOD - [2009.08.27 20:41:46 | 000,053,248 | ---- | M] () -- E:\Tools\EPU-6 Engine\AsSpindownTimeout.dll
MOD - [2009.04.22 21:20:00 | 000,179,712 | ---- | M] () -- E:\Tools\EPU-6 Engine\AsusService.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2012.02.15 05:13:00 | 000,235,520 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.07.18 18:50:44 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.09 00:20:07 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.09 00:20:07 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.02.18 12:13:08 | 000,481,064 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.08.03 20:08:40 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.03.28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.09.22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.05.01 15:35:54 | 000,181,544 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- E:\Tools\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2009.04.02 12:27:26 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe -- (AsSysCtrlService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.05.09 00:20:07 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.09 00:20:07 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.23 14:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012.02.15 05:48:32 | 010,856,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2012.02.15 05:48:32 | 010,856,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.02.15 04:13:12 | 000,327,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.09.16 16:08:07 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.05.13 16:37:54 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 05:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 03:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 03:03:44 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2009.08.23 13:08:10 | 000,056,320 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E)
DRV:64bit: - [2009.07.16 12:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.09 04:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.08 11:08:00 | 000,020,520 | ---- | M] (GARMIN Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\grmnusb.sys -- (grmnusb)
DRV:64bit: - [2005.09.23 23:18:34 | 000,261,120 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MarvinBus64.sys -- (MarvinBus)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-2514236319-2276680423-263640637-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2514236319-2276680423-263640637-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-2514236319-2276680423-263640637-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 02 FE BD 8E 3D 67 CD 01  [binary data]
IE - HKU\S-1-5-21-2514236319-2276680423-263640637-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2514236319-2276680423-263640637-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2514236319-2276680423-263640637-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.spiegel.de|hxxp://www.bild.de|hxxp://www.comdirect.de|hxxp://www.bonusjaeger.de|hxxp://www.fcstpauli.com/index.php"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.18 18:50:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.01.25 15:48:14 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.18 18:50:44 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.01.25 15:48:14 | 000,000,000 | ---D | M]
 
[2011.06.23 00:44:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pac\AppData\Roaming\mozilla\Extensions
[2012.06.16 12:11:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pac\AppData\Roaming\mozilla\Firefox\Profiles\ixdclqlm.default\extensions
[2011.08.18 17:21:09 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Pac\AppData\Roaming\mozilla\Firefox\Profiles\ixdclqlm.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2012.06.16 12:11:57 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\Pac\AppData\Roaming\mozilla\Firefox\Profiles\ixdclqlm.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2011.10.21 11:14:36 | 000,000,000 | ---D | M] (Default Manager) -- C:\Users\Pac\AppData\Roaming\mozilla\Firefox\Profiles\ixdclqlm.default\extensions\DefaultManager@Microsoft
[2012.01.24 09:54:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.02.18 22:30:30 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.07.18 18:50:44 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.02.19 13:10:05 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.19 13:10:05 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.19 13:10:05 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.19 13:10:05 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.19 13:10:05 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.19 13:10:05 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - E:\Tools\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2514236319-2276680423-263640637-1000..\Run: [AdobeBridge]  File not found
O4 - HKU\S-1-5-21-2514236319-2276680423-263640637-1000..\Run: [EA Core] E:\Games\EADM\Core.exe (Electronic Arts)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Pac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Persbackup.lnk = E:\Tools\Personal Backup 5\Persbackup.exe (J. Rathlev, IEAP, Uni-Kiel)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - E:\Tools\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - E:\Tools\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E5F7393B-0DB1-4650-8E63-E93ABE7939A4}: NameServer = 192.168.123.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - E:\Tools\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.27 02:36:49 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\Pac\Desktop\OTL.exe
[2012.07.26 23:51:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.07.26 23:51:10 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Pac\Desktop\esetsmartinstaller_enu.exe
[2012.07.26 23:40:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012.07.26 23:40:08 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012.07.26 23:40:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012.07.26 23:36:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.07.26 23:36:26 | 000,772,592 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012.07.26 23:36:26 | 000,227,824 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012.07.26 23:36:20 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012.07.26 23:36:20 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012.07.26 20:30:06 | 000,000,000 | ---D | C] -- C:\Users\Pac\Desktop\LiveSec
[2012.07.26 20:23:50 | 000,000,000 | ---D | C] -- C:\Users\Pac\AppData\Roaming\Malwarebytes
[2012.07.26 20:23:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.26 20:23:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.26 20:23:40 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.26 20:13:58 | 010,652,120 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Pac\Desktop\mbam-setup-1.62.0.1300.exe
[2012.07.26 01:38:19 | 000,000,000 | ---D | C] -- C:\ProgramData\0C1CFAEF000105FC004F66CCF875EF60
[2012.07.16 21:55:57 | 000,000,000 | ---D | C] -- C:\Users\Pac\AppData\Roaming\dvdcss
[2012.07.12 12:24:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2012.07.11 03:03:48 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browserchoice.exe
[2012.07.10 21:43:10 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2012.07.10 21:43:10 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2012.07.10 21:43:03 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012.07.10 21:42:58 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012.07.10 21:42:58 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012.07.10 21:42:51 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012.07.10 21:42:50 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.27 11:43:39 | 000,019,968 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.27 11:43:39 | 000,019,968 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.27 11:42:59 | 001,641,292 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.27 11:42:59 | 000,707,088 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.27 11:42:59 | 000,660,706 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.27 11:42:59 | 000,152,680 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.27 11:42:59 | 000,124,896 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.27 11:37:31 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.27 11:36:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.27 11:36:02 | 536,121,343 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.27 02:38:27 | 000,000,834 | ---- | M] () -- C:\Users\Pac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Persbackup.lnk
[2012.07.27 02:36:50 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Pac\Desktop\OTL.exe
[2012.07.27 02:07:03 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.26 23:51:13 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Pac\Desktop\esetsmartinstaller_enu.exe
[2012.07.26 23:43:07 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.07.26 23:43:07 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.07.26 23:36:17 | 000,772,592 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012.07.26 23:36:17 | 000,687,600 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2012.07.26 23:36:17 | 000,227,824 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012.07.26 23:36:17 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012.07.26 23:36:17 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012.07.26 20:23:41 | 000,000,727 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.26 20:05:32 | 010,652,120 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Pac\Desktop\mbam-setup-1.62.0.1300.exe
[2012.07.11 08:50:23 | 005,294,608 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
 
========== Files Created - No Company Name ==========
 
[2012.07.26 20:23:41 | 000,000,727 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.26 01:42:13 | 000,001,712 | ---- | C] () -- C:\Users\Pac\AppData\Local\{ce398f6c-eb8f-12ea-509f-3723abf83f77}\U\00000001.@
[2012.07.02 17:53:32 | 000,054,462 | ---- | C] () -- C:\Users\Pac\Desktop\Half Baked - Fuck You, Fuck You, You're Cool....mp3
[2012.05.02 01:07:30 | 000,000,040 | ---- | C] () -- C:\ProgramData\ra3.ini
[2012.04.17 23:42:40 | 000,003,584 | ---- | C] () -- C:\Users\Pac\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.03.02 15:16:44 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2012.03.02 15:16:44 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2012.02.15 18:32:28 | 000,577,536 | ---- | C] () -- C:\Windows\SysWow64\ChilkatCsv.dll
[2012.02.15 04:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.02.15 04:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.01.31 07:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.01.11 12:02:18 | 000,002,048 | -HS- | C] () -- C:\Users\Pac\AppData\Local\{ce398f6c-eb8f-12ea-509f-3723abf83f77}\@
[2011.10.25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.07.13 20:49:38 | 000,220,160 | R--- | C] () -- C:\Windows\Printers.exe
[2011.07.13 20:49:38 | 000,026,244 | ---- | C] () -- C:\Windows\SysWow64\PRTmate.dll
[2011.06.30 03:12:38 | 000,000,091 | ---- | C] () -- C:\Users\Pac\AppData\Local\fusioncache.dat
[2011.06.29 19:24:03 | 001,618,250 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.06.23 01:23:28 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2011.06.23 01:23:28 | 000,013,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2011.06.22 21:12:00 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011.06.22 20:47:41 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 1233 bytes -> C:\Users\Pac\AppData\Local\dHmP5f0GyaW:jNAtcAKClfGOtWOxelMvN6kl

< End of report >

und die Extras.txt

Code:

ATTFilter

OTL Extras logfile created on: 27.07.2012 12:00:27 - Run 1
OTL by OldTimer - Version 3.2.55.0     Folder = C:\Users\Pac\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6,00 Gb Total Physical Memory | 4,58 Gb Available Physical Memory | 76,33% Memory free
12,00 Gb Paging File | 10,37 Gb Available in Paging File | 86,47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 92,77 Gb Total Space | 40,51 Gb Free Space | 43,66% Space Free | Partition Type: NTFS
Drive D: | 92,77 Gb Total Space | 84,28 Gb Free Space | 90,85% Space Free | Partition Type: NTFS
Drive E: | 117,19 Gb Total Space | 62,23 Gb Free Space | 53,10% Space Free | Partition Type: NTFS
Drive F: | 163,01 Gb Total Space | 92,35 Gb Free Space | 56,65% Space Free | Partition Type: NTFS
Drive H: | 232,88 Gb Total Space | 41,61 Gb Free Space | 17,87% Space Free | Partition Type: NTFS
 
Computer Name: PAC-PC | User Name: Pac | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-2514236319-2276680423-263640637-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "E:\Tools\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- E:\Tools\aftereffects\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "E:\Tools\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "E:\Tools\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- E:\Tools\aftereffects\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "E:\Tools\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06527E40-71ED-41C8-8D89-60C01641F98E}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{09362BCE-135B-439B-9901-87998D31AF3D}" = rport=445 | protocol=6 | dir=out | app=system | 
"{19B1B22D-9D03-41E2-B01C-96E2A12FA82B}" = rport=139 | protocol=6 | dir=out | app=system | 
"{21A75DB4-E346-403D-B038-25CE5BE2B6F6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{228965E0-F3A3-4709-92E8-D119D796A61E}" = rport=138 | protocol=17 | dir=out | app=system | 
"{22D60A80-3476-44D5-9FA4-C47F8DB7F96E}" = lport=139 | protocol=6 | dir=in | app=system | 
"{41C34A7A-ADBC-477B-87AB-D9BE4903DB31}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{420793B0-C479-4C7A-8484-D364794EB9FC}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{4593F041-EF4C-4B00-B1EF-8F06F4B02569}" = lport=138 | protocol=17 | dir=in | app=system | 
"{4A5D5259-4254-47D3-8D3E-A95184FFBC42}" = lport=137 | protocol=17 | dir=in | app=system | 
"{563459DD-A0A2-4770-ADB2-853F0A7EDF78}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{66852CF8-06BD-433A-B458-82E1DCA9FFB7}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{6C23F9A0-75BE-4236-BDDF-81E3541CB8A8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{9484A8DE-E64C-49EA-8970-58AA1D4D3F58}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9B9FBBA3-98A3-4A6C-BCCA-59C744E55054}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{A191FAA9-2E49-4265-BE20-7105334FBE1D}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{A4C5AA69-04BB-4F83-AE09-8DCDDD4417D0}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A9B9E5A0-9500-4F50-A8A0-701AB9981D26}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
"{BE68B136-A530-44E0-86FC-6AB9BCC9E7C2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C24F646B-7D44-4ADE-AC71-D0F16C6F76E1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{C6F26E9E-8CA9-4DB8-8BAE-626C58F9F782}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{CF4B7F5B-9A46-469C-BBC2-F60BE116A2CE}" = rport=137 | protocol=17 | dir=out | app=system | 
"{D44B1202-08F0-4B7E-B4B6-D996A5D09551}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D6D10009-339B-42C0-BAE5-3B79BAB6DDF7}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E15DAA17-3866-4E5B-BFF8-6E6F6AF9F8E5}" = lport=445 | protocol=6 | dir=in | app=system | 
"{EC82E55B-954E-496A-97BB-D71E4247C600}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{FF330C6C-8E2F-4661-8058-A69353E38D10}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0109D111-7A02-4FE7-9FD7-95966D68402C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{0AB4BC8F-2C92-49CA-A2C8-705D5A914B51}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{0D23A6F7-E137-4551-9021-D0F89D913A47}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{0D34AAC7-FA83-4E2C-ACBA-BE46FFB6982F}" = protocol=6 | dir=in | name=xampp | 
"{1244E99B-1B5A-40E9-9AFD-2BC08A593515}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{1297CBE9-9CAF-4D77-AACD-9F7185518034}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\hwienbeck@clanland.de\counter-strike source\hl2.exe | 
"{1E486EAA-0878-4B3A-B991-5D9D62D41B7D}" = protocol=17 | dir=in | app=e:\games\colonization\colonization.exe | 
"{1FC5931A-198C-41D0-87C8-26A42A8A2C32}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{2639B830-393F-4130-9D36-515624736F38}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\hwienbeck@clanland.de\counter-strike\hl.exe | 
"{27711DBB-0B9B-4552-B707-182B653AA61A}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{2BBFE37F-59D3-4C62-A65C-F2514CD54A8C}" = protocol=6 | dir=in | app=e:\games\steam\steam.exe | 
"{3A27BD8E-0B55-432A-AE89-325678947CA7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{3C301957-03BC-4C0B-8564-BD9E700FEAC6}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{3FF01D3F-55DC-4348-B16E-E960B6FFC914}" = protocol=17 | dir=in | app=e:\games\steam\steam.exe | 
"{4278B7E5-FC67-402E-94CD-733910182BCD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{427EAF7A-A193-439D-A7BA-94EB99A76CBE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{45CB028C-10DB-41FC-9440-B1F258DB519F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4658FEC5-D949-45C1-BA59-B6F3DFB1EB14}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{57D35947-246D-4CA1-8633-958BB88C4010}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\amd driver updater, vista and 7, 64 bit\setup.exe | 
"{5988E0A3-8266-4AE9-A185-647988139C85}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{5AB3992F-7FA2-458B-B2EF-7BE6487EB7A1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{67413443-DEF3-4092-825F-265F0D8E8C80}" = protocol=17 | dir=in | app=e:\media\pinnacle15\programs\umi.exe | 
"{67EFE81F-C927-405F-9663-A225D4D4DEEE}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{68B849D6-6318-4951-B246-FA6BFF4CEF77}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{724442F5-CCCE-40BC-A6BC-DCC2E7CA1177}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\hwienbeck@clanland.de\counterstrike source beta\hl2.exe | 
"{72CDAD08-0F0B-46A6-A28B-26BEF6835EAD}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\hwienbeck@clanland.de\counter-strike\hl.exe | 
"{77E2C97C-D751-427F-847C-D689367CD75E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{7DC22FE7-AF7D-4AF9-A8B6-93751C87EE7F}" = protocol=6 | dir=in | app=e:\games\colonization\colonization.exe | 
"{81D7A321-EBD2-4AB3-BB72-9AD452D9EBBC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{878AFDE4-E896-46F3-96A3-91E91A73A0F4}" = protocol=6 | dir=out | app=system | 
"{92D072B0-F6D1-475C-8272-38286D79F5FB}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{9B502CBF-1341-4393-B1D1-5F284DEC42C5}" = protocol=6 | dir=in | app=e:\media\pinnacle15\programs\umi.exe | 
"{A428C304-5407-4CBD-AC80-8BB5B9639681}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{AE188F4B-55EA-4EA8-946B-A7FAD65E2A62}" = protocol=17 | dir=in | app=e:\media\pinnacle15\programs\studio.exe | 
"{AF466990-7CE3-414A-BD80-91572E027902}" = protocol=6 | dir=in | app=c:\users\pac\appdata\roaming\dropbox\bin\dropbox.exe | 
"{B54A268A-3E71-44F0-BDAC-1A4F90552251}" = dir=in | app=e:\games\command & conquer 3\retailexe\1.0\cnc3game.dat | 
"{BD63F380-04EA-43C2-829E-014A194BBB17}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{C3C1836E-CF6A-4695-B29D-D70A2A5ED497}" = protocol=6 | dir=in | app=e:\media\pinnacle15\programs\studio.exe | 
"{CB25D87E-32EC-44A2-8C61-5FAD14825359}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{CBA5E694-E970-47F1-B05D-FCE5C4714FAC}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\hwienbeck@clanland.de\counterstrike source beta\hl2.exe | 
"{CE76A938-EEB7-4067-9290-3706FFE87AC9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{DAE9E890-F21B-45D6-AC2F-DCBE0BC89C5B}" = protocol=6 | dir=in | app=e:\media\pinnacle15\programs\rm.exe | 
"{E39EFDE2-C436-4242-81FA-A42237C1413C}" = protocol=17 | dir=in | app=e:\media\pinnacle15\programs\rm.exe | 
"{E4943167-05C7-4599-B081-01E442B0AC0A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{E556CD7E-0BA2-4AF8-8CC3-F7F493025EEB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E57F55E5-9CFB-40E7-BD55-8DF6CC2F32CC}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\hwienbeck@clanland.de\counter-strike source\hl2.exe | 
"{F0E6BCFD-1DE8-4018-B15D-5B2E5AB39DCB}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\amd driver updater, vista and 7, 64 bit\setup.exe | 
"{F46C745D-3598-47DA-8AEE-8F43D1FCCC19}" = protocol=17 | dir=in | app=c:\users\pac\appdata\roaming\dropbox\bin\dropbox.exe | 
"{F46D46B0-95EC-409C-97FB-8B49ED47B7B4}" = dir=in | app=e:\tools\skype\phone\skype.exe | 
"{F7CD70BB-C840-4175-BEAE-3A1FCE6941AD}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"TCP Query User{0D1D5103-C80F-4575-832F-787CD7673714}E:\games\eadm\core.exe" = protocol=6 | dir=in | app=e:\games\eadm\core.exe | 
"TCP Query User{0FA4014E-047C-4723-9134-9235EECF5583}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
"TCP Query User{17739065-4943-47E1-876E-F80BCE6771B1}E:\tools\rsync\rsync\rsync.exe" = protocol=6 | dir=in | app=e:\tools\rsync\rsync\rsync.exe | 
"TCP Query User{2D489AB4-106B-48E0-A108-32F2FE4D50A1}E:\games\alarmstufe rot 3\data\ra3_1.12.game" = protocol=6 | dir=in | app=e:\games\alarmstufe rot 3\data\ra3_1.12.game | 
"TCP Query User{2FA91A5C-A48B-4969-88F5-0962F20E41CA}C:\users\pac\appdata\local\temp\electronicarts_patcher_000.exe" = protocol=6 | dir=in | app=c:\users\pac\appdata\local\temp\electronicarts_patcher_000.exe | 
"TCP Query User{443E65CE-57D3-4D6B-BF49-0138966D76AB}D:\projekte\testumgebung\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=d:\projekte\testumgebung\xampp\mysql\bin\mysqld.exe | 
"TCP Query User{4FCF9B81-5588-48DB-9D4E-C1AB470379F6}F:\gepacktes\aoe2\aoe2\age_of_kings\empires2.exe" = protocol=6 | dir=in | app=f:\gepacktes\aoe2\aoe2\age_of_kings\empires2.exe | 
"TCP Query User{80ED95E6-1268-464B-BA9F-A86F79F193EB}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{8227B431-C0F6-45E6-8053-8C22CDED8A3F}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 
"TCP Query User{CA9B47CB-B5D1-477A-839B-C0AD3913FDFA}E:\games\eadm\core.exe" = protocol=6 | dir=in | app=e:\games\eadm\core.exe | 
"TCP Query User{DED9BB6F-E5D4-4298-BA9D-0012BE44BB5C}D:\projekte\testumgebung\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=d:\projekte\testumgebung\xampp\apache\bin\httpd.exe | 
"UDP Query User{041A0DF5-7A0D-4357-BF8D-1543950AB4ED}C:\users\pac\appdata\local\temp\electronicarts_patcher_000.exe" = protocol=17 | dir=in | app=c:\users\pac\appdata\local\temp\electronicarts_patcher_000.exe | 
"UDP Query User{22E03189-5B5D-4285-B648-9BC68FB57A1B}F:\gepacktes\aoe2\aoe2\age_of_kings\empires2.exe" = protocol=17 | dir=in | app=f:\gepacktes\aoe2\aoe2\age_of_kings\empires2.exe | 
"UDP Query User{25FDE982-36F1-41DD-9577-E5CEFF903E39}D:\projekte\testumgebung\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=d:\projekte\testumgebung\xampp\mysql\bin\mysqld.exe | 
"UDP Query User{535A3148-DC7B-4E23-8367-A1598A47F323}E:\games\eadm\core.exe" = protocol=17 | dir=in | app=e:\games\eadm\core.exe | 
"UDP Query User{7B9F7EED-9843-4E3C-B185-48EBF304DAB3}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
"UDP Query User{87F6D60E-3031-46C0-BBB9-E2D7CBBA6289}E:\games\alarmstufe rot 3\data\ra3_1.12.game" = protocol=17 | dir=in | app=e:\games\alarmstufe rot 3\data\ra3_1.12.game | 
"UDP Query User{991EF628-D7FA-4387-B5BE-9141213C72AD}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 
"UDP Query User{E8BCD15B-39B5-41A5-AAA8-F3D1E692C109}D:\projekte\testumgebung\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=d:\projekte\testumgebung\xampp\apache\bin\httpd.exe | 
"UDP Query User{EF96E7F0-246B-4770-941F-45644E1145A0}E:\games\eadm\core.exe" = protocol=17 | dir=in | app=e:\games\eadm\core.exe | 
"UDP Query User{F052ACDF-8525-4C98-B215-3DDB990CA3DE}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{FD81AEB9-15C7-4678-B52E-2CBEEE11EAED}E:\tools\rsync\rsync\rsync.exe" = protocol=17 | dir=in | app=e:\tools\rsync\rsync\rsync.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0C818871-6337-17AC-CA8C-A3942F15D92A}" = AMD Accelerated Video Transcoding
"{11BA2B00-1495-47B8-BFA8-D08C605AB2CC}" = Windows Live Family Safety
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{47F9B7C3-F172-940F-D0C4-203C7914E5D2}" = AMD Catalyst Install Manager
"{495ADF2E-6DDD-7C45-E02A-F9B4AF6F2175}" = AMD Drag and Drop Transcoding
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{54FFD5AC-7350-52B9-FB8F-1A8A6CF1FB5B}" = AMD Media Foundation Decoders
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CEA21F20-DBF4-464C-8B81-28B8508AFDDD}" = Windows Live Family Safety
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D6DDB606-CD15-98C7-AA65-6B617EE8CDA5}" = ccc-utility64
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0)
"CrypTool 2" = CrypTool 2.0 (Beta 7b - Build 4481.1)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{030C0401-52A9-BE86-D8A7-52C0DA203275}" = CCC Help Swedish
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0497EAED-70DA-4BBE-BEB3-AF77FD8788EA}" = Adobe Premiere Pro CS5.5
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{283153BB-CEE6-EE9C-81E8-4350D73354BA}" = CCC Help Turkish
"{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer™ Alarmstufe Rot 3
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{29F05234-DCBB-4FE0-88DC-5160C9250312}" = Adobe Photoshop CS3
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2ECA81CA-D932-4AD3-AD59-BF5CCF099C83}" = Catalyst Control Center - Branding
"{30D1F3D2-54CF-481D-A005-F94B0E98FEEC}" = Sid Meier's Civilization 4 Complete
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{32E4F0D2-C135-475E-A841-1D59A0D22989}" = Sid Meier's Civilization 4 - Beyond the Sword
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39445575-7D3A-52AA-152B-7F9423D1AE69}" = CCC Help German
"{3C9A3282-9DAE-F492-13F4-6D4D664AC15F}" = CCC Help Spanish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{510D2239-6C2E-457B-9590-485EC552D94D}" = Garmin USB Drivers
"{52210D57-0B1F-4681-90DD-8659DF4BCC40}" = Moorhuhn Remake
"{5236FA8C-4B70-E30E-93EF-F7D3A5E468C7}" = CCC Help Greek
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{56B83336-FBC1-4C46-8613-90A9E3B440D6}" = EPU-6 Engine
"{586F0E27-0BC5-34DE-AA0B-96D14397910E}" = CCC Help Russian
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5AF7EA0B-F009-CC00-E446-C2286AF80471}" = CCC Help Czech
"{5FC116F2-4508-A6FC-15FB-C64F05AB0F26}" = CCC Help Chinese Traditional
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{685ACA56-004C-4F80-2BC0-951BF278C03F}" = CCC Help Chinese Standard
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6C94A234-CA2C-4D3C-81E6-6AAA8069825D}" = Garmin WebUpdater
"{6D1AFFC2-AC60-BC3B-2DC9-0D80A1E9CB16}" = CCC Help Thai
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79CFDE3C-4602-85B2-ACF6-83D897B8B33A}" = CCC Help Korean
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7FC7AD70-1DF3-4B84-9AA2-4FB680F45572}_is1" = Hex-Editor MX
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{88B746D6-1956-4D98-BE82-46E45AAA5BC2}" = Garmin Training Center
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{8972B1C8-B899-0AA0-8596-BFC9AE3311F1}" = CCC Help Finnish
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISER_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISER_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISER_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISER_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92BE4E1B-AEFD-DA72-B805-948290A4BB13}" = CCC Help Hungarian
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0081-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9526B61A-1C35-96D1-531B-C8DB1D36C336}" = CCC Help Danish
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A295F81-04C8-FB18-2D1C-A33AA8A442CA}" = CCC Help French
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{A9DCBD16-308D-454E-A563-191673A51D52}" = MAGIX Speed burnR (MSI)
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AEDB01F3-380C-4BF8-BC8A-AB04AB9EB7D9}" = MAGIX Screenshare
"{AFBAB9A0-DDE8-49AE-8C17-A01B61BEE64B}" = Garmin MapSource
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C8C8EF-77E0-1C0D-1CFA-A39E2E898311}" = CCC Help Italian
"{B5AD9952-F716-9862-7ED7-734E0328CF7C}" = Catalyst Control Center
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{C0E69600-E8D1-784D-829C-788D91D65051}" = CCC Help Polish
"{C28DD992-5B7B-D195-6841-4EC57DF512BD}" = Adobe Story
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C37B1C57-DD9B-D1E0-B933-8EA8D56E2222}" = CCC Help Norwegian
"{C496ED25-F3EC-0CBC-37DB-B31C6E6592C9}" = Application Profiles
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CA3A3F20-566B-ABB1-A541-3D93C0D09EE5}" = CCC Help Japanese
"{CB04D8E1-7B9C-4F35-B2E2-E87CBE520805}" = Adobe After Effects CS5.5
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4C4485B-16EB-31A8-C2DE-D778E8E4628B}" = Catalyst Control Center Localization All
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DCA0A35D-30F1-4ED0-971F-5FFD2F60BB08}" = bcTester 4.8 (de)
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DDEDAF6C-488E-4CDA-8276-1CCF5F3C5C32}" = Command & Conquer 3
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0C6F271-FE15-B2D5-FF42-BCA40700DC51}" = CCC Help English
"{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi
"{E1845F1C-068C-F8F4-D31D-D3540D47C453}" = Adobe Download Assistant
"{E1D0A4DC-97BD-CE37-3E89-87D3337E55CA}" = CCC Help Dutch
"{E3723A04-A894-4036-A78E-282E18F43C0A}_is1" = Tinypic 3.18
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E6F019F1-DFB6-4853-A87D-6E31624755A9}" = Seagate Manager Installer
"{E6FA341F-8840-6B18-5BCE-C7CCEBDFE516}" = Catalyst Control Center Graphics Previews Common
"{E6FCE5FA-B7B7-4B7E-B4FB-A8929BC3FB0F}" = Print Server
"{ED15763E-A6ED-56D2-B0B5-C7D22D4CE248}" = CCC Help Portuguese
"{EF36A836-BF89-4A4F-B079-057B0C68C1E0}" = Sid Meier's Civilization IV Colonization
"{F01F79AD-1F47-4685-AE4E-CCFA4EA9FF7C}" = Adobe Setup
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FB0F05FB-CA0A-4F62-9481-3CCA26A96294}" = Samplitude Music Studio 17
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_5f143314a5d434c8511097393d17397" = Adobe Photoshop CS3
"Avira AntiVir Desktop" = Avira Free Antivirus
"Betfair Poker_is1" = Betfair Poker 1.0.0
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Story
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"EADM" = EA Download Manager
"ElsterFormular 12.4.0.7094p" = ElsterFormular
"ElsterFormular 2007 - 2008 NE 2007-2008" = ElsterFormular 2007 - 2008 NE
"ENTERPRISER" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"FileZilla Client" = FileZilla Client 3.5.1
"Free Studio_is1" = Free Studio version 5.1.5
"FUSSBALL MANAGER 10" = FUSSBALL MANAGER 10
"GSAK_is1" = GSAK 8.1.0.10 (Final)
"InstallShield_{E6F019F1-DFB6-4853-A87D-6E31624755A9}" = Seagate Manager Installer
"MAGIX_MSI_ms17dlx" = Samplitude Music Studio 17
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Personal Backup 5_is1" = Personal Backup 5.3
"PokerStars" = PokerStars
"Steam App 10" = Counter-Strike
"Steam App 220" = Half-Life 2
"Steam App 240" = Counter-Strike: Source
"Steam App 260" = Counter-Strike: Source Beta
"Tunatic" = Tunatic
"VLC media player" = VLC media player 1.1.11
"WinLiveSuite" = Windows Live Essentials
"WMV9_VCM" = Microsoft Windows Media Video 9 VCM
"xampp" = XAMPP 1.7.4
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2514236319-2276680423-263640637-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Betfair Casino" = Betfair Casino
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 17.07.2012 19:25:04 | Computer Name = Pac-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_257.exe,
 Version: 11.3.300.257, Zeitstempel: 0x4fc82063  Name des fehlerhaften Moduls: unknown,
 Version: 0.0.0.0, Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 
0xba1f0e00  ID des fehlerhaften Prozesses: 0x8a8  Startzeit der fehlerhaften Anwendung:
 0x01cd643e79077853  Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe
Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: a2c85409-d066-11e1-b91a-002215f280a8
 
Error - 18.07.2012 13:37:03 | Computer Name = Pac-PC | Source = SideBySide | ID = 16842827
Description = Fehler beim Generieren des Aktivierungskontextes für "E:\Tools\Skype\Toolbars\Internet
 Explorer\SkypeIEPluginBroker.exe". Fehler in Manifest- oder Richtliniendatei "E:\Tools\Skype\Toolbars\Internet
 Explorer\SkypeIEPluginBroker.exe" in Zeile 2.  Mehrere requestedPrivileges-Elemente
 sind nicht im Manifest zulässig.
 
Error - 19.07.2012 05:48:02 | Computer Name = Pac-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_257.exe,
 Version: 11.3.300.257, Zeitstempel: 0x4fc82063  Name des fehlerhaften Moduls: unknown,
 Version: 0.0.0.0, Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 
0x00000000  ID des fehlerhaften Prozesses: 0x9d8  Startzeit der fehlerhaften Anwendung:
 0x01cd658c6eaa5c57  Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe
Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: d40da06e-d186-11e1-a19f-002215f280a8
 
Error - 19.07.2012 13:38:31 | Computer Name = Pac-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_257.exe,
 Version: 11.3.300.257, Zeitstempel: 0x4fc82063  Name des fehlerhaften Moduls: NPSWF32_11_3_300_257.dll,
 Version: 11.3.300.257, Zeitstempel: 0x4fc821fc  Ausnahmecode: 0xc0000005  Fehleroffset:
 0x000ccb60  ID des fehlerhaften Prozesses: 0xd98  Startzeit der fehlerhaften Anwendung:
 0x01cd65b5095eb482  Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll
Berichtskennung:
 8e28b457-d1c8-11e1-b67b-002215f280a8
 
Error - 20.07.2012 14:28:16 | Computer Name = Pac-PC | Source = SideBySide | ID = 16842827
Description = Fehler beim Generieren des Aktivierungskontextes für "E:\Tools\Skype\Toolbars\Internet
 Explorer\SkypeIEPluginBroker.exe". Fehler in Manifest- oder Richtliniendatei "E:\Tools\Skype\Toolbars\Internet
 Explorer\SkypeIEPluginBroker.exe" in Zeile 2.  Mehrere requestedPrivileges-Elemente
 sind nicht im Manifest zulässig.
 
Error - 22.07.2012 08:10:56 | Computer Name = Pac-PC | Source = SideBySide | ID = 16842827
Description = Fehler beim Generieren des Aktivierungskontextes für "E:\Tools\Skype\Toolbars\Internet
 Explorer\SkypeIEPluginBroker.exe". Fehler in Manifest- oder Richtliniendatei "E:\Tools\Skype\Toolbars\Internet
 Explorer\SkypeIEPluginBroker.exe" in Zeile 2.  Mehrere requestedPrivileges-Elemente
 sind nicht im Manifest zulässig.
 
Error - 23.07.2012 17:45:30 | Computer Name = Pac-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_257.exe,
 Version: 11.3.300.257, Zeitstempel: 0x4fc82063  Name des fehlerhaften Moduls: ole32.dll,
 Version: 6.1.7601.17514, Zeitstempel: 0x4ce7b96f  Ausnahmecode: 0xc0000005  Fehleroffset:
 0x000c8f4d  ID des fehlerhaften Prozesses: 0xad8  Startzeit der fehlerhaften Anwendung:
 0x01cd6913aa653761  Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\syswow64\ole32.dll  Berichtskennung: b8476bb0-d50f-11e1-8547-002215f280a8
 
Error - 25.07.2012 11:28:30 | Computer Name = Pac-PC | Source = SideBySide | ID = 16842827
Description = Fehler beim Generieren des Aktivierungskontextes für "E:\Tools\Skype\Toolbars\Internet
 Explorer\SkypeIEPluginBroker.exe". Fehler in Manifest- oder Richtliniendatei "E:\Tools\Skype\Toolbars\Internet
 Explorer\SkypeIEPluginBroker.exe" in Zeile 2.  Mehrere requestedPrivileges-Elemente
 sind nicht im Manifest zulässig.
 
Error - 26.07.2012 17:51:14 | Computer Name = Pac-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Pac\Desktop\esetsmartinstaller_enu.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 26.07.2012 17:51:16 | Computer Name = Pac-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Pac\Desktop\esetsmartinstaller_enu.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
[ Media Center Events ]
Error - 20.09.2011 14:26:00 | Computer Name = Pac-PC | Source = MCUpdate | ID = 0
Description = 20:26:00 - Fehler beim Herstellen der Internetverbindung.  20:26:00 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 20.09.2011 14:26:34 | Computer Name = Pac-PC | Source = MCUpdate | ID = 0
Description = 20:26:29 - Fehler beim Herstellen der Internetverbindung.  20:26:29 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ OSession Events ]
Error - 09.03.2012 13:29:26 | Computer Name = Pac-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 9
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 26.07.2012 14:24:43 | Computer Name = Pac-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 26.07.2012 14:24:43 | Computer Name = Pac-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 26.07.2012 14:24:43 | Computer Name = Pac-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 26.07.2012 14:29:43 | Computer Name = Pac-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 26.07.2012 14:29:43 | Computer Name = Pac-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 26.07.2012 14:29:43 | Computer Name = Pac-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 26.07.2012 17:31:47 | Computer Name = Pac-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 26.07.2012 17:31:47 | Computer Name = Pac-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Windows Installer erreicht.
 
Error - 26.07.2012 17:31:47 | Computer Name = Pac-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Installer" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%1053
 
Error - 26.07.2012 18:44:18 | Computer Name = Pac-PC | Source = bowser | ID = 8003
Description = 
 
 
< End of report >

Ich hoffe, dass ich aufmerksam mitgelesen habe und dies schonmal die ersten richtigen Schritte sind. Ab hier bin ich dann allerdings auch auf Mithilfe angewiesen und sag im voraus schon mal ein großes

Einen schönen sonnigen Tag und beste Grüße
Pac

cosinus · 30.07.2012, 11:46

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Search.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

Pac11 · 30.07.2012, 18:19

Moin Arne,
erstmal vielen Dank, dass Du mir hier weiterhilfst. Hier das Log vom AdwCleaner:

Code:

ATTFilter

# AdwCleaner v1.703 - Logfile created 07/30/2012 at 19:16:53
# Updated 20/07/2012 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : Pac - PAC-PC
# Running from : F:\Downloads\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Users\Pac\AppData\Roaming\pdfforge

***** [Registry] *****

Key Found : HKCU\Software\StartSearch
Key Found : HKCU\Software\vshare.tv
[x64] Key Found : HKCU\Software\StartSearch
[x64] Key Found : HKCU\Software\vshare.tv

***** [Registre - GUID] *****

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default 
File : C:\Users\Pac\AppData\Roaming\Mozilla\Firefox\Profiles\ixdclqlm.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1850 octets] - [30/07/2012 19:16:53]

########## EOF - C:\AdwCleaner[R1].txt - [1978 octets] ##########

Grüße

cosinus · 30.07.2012, 20:39

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Delete.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

Pac11 · 30.07.2012, 21:10

Hi,

hier das Log nach dem Löschen:

Code:

ATTFilter

# AdwCleaner v1.703 - Logfile created 07/30/2012 at 22:05:06
# Updated 20/07/2012 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : Pac - PAC-PC
# Running from : F:\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\Pac\AppData\Roaming\pdfforge

***** [Registry] *****

Key Deleted : HKCU\Software\StartSearch
Key Deleted : HKCU\Software\vshare.tv

***** [Registre - GUID] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default 
File : C:\Users\Pac\AppData\Roaming\Mozilla\Firefox\Profiles\ixdclqlm.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1969 octets] - [30/07/2012 19:16:53]
AdwCleaner[S1].txt - [1465 octets] - [30/07/2012 22:05:06]

########## EOF - C:\AdwCleaner[S1].txt - [1593 octets] ##########

Grüße

cosinus · 30.07.2012, 21:30

Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

Pac11 · 31.07.2012, 00:21

Nabend,

zu 1: Windows startet normal und läuft stabil.
zu 2: Es ist alles da und es sind keine leeren Ordner vorhanden.

Grüße

cosinus · 31.07.2012, 10:55

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Pac11 · 31.07.2012, 17:08

Hi,

habe den Scan wie beschrieben ausgeführt, hier das neue OTL-Log:

Code:

ATTFilter

OTL logfile created on: 31.07.2012 17:48:13 - Run 2
OTL by OldTimer - Version 3.2.55.0     Folder = C:\Users\Pac\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6,00 Gb Total Physical Memory | 4,63 Gb Available Physical Memory | 77,21% Memory free
12,00 Gb Paging File | 10,43 Gb Available in Paging File | 86,96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 92,77 Gb Total Space | 39,10 Gb Free Space | 42,14% Space Free | Partition Type: NTFS
Drive D: | 92,77 Gb Total Space | 84,28 Gb Free Space | 90,85% Space Free | Partition Type: NTFS
Drive E: | 117,19 Gb Total Space | 62,23 Gb Free Space | 53,10% Space Free | Partition Type: NTFS
Drive F: | 163,01 Gb Total Space | 92,35 Gb Free Space | 56,65% Space Free | Partition Type: NTFS
Drive H: | 232,88 Gb Total Space | 41,61 Gb Free Space | 17,87% Space Free | Partition Type: NTFS
 
Computer Name: PAC-PC | User Name: Pac | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.31 17:45:26 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Pac\Desktop\OTL.exe
PRC - [2012.05.09 00:20:07 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.09 00:20:07 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.09 00:20:07 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2009.05.01 15:35:54 | 000,181,544 | ---- | M] (Seagate Technology LLC) -- E:\Tools\SeagateManager\Sync\FreeAgentService.exe
PRC - [2009.04.02 12:27:26 | 000,090,112 | ---- | M] () -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2012.02.15 05:13:00 | 000,235,520 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.07.18 18:50:44 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.09 00:20:07 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.09 00:20:07 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.02.18 12:13:08 | 000,481,064 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.08.03 20:08:40 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.03.28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.09.22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.05.01 15:35:54 | 000,181,544 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- E:\Tools\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2009.04.02 12:27:26 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe -- (AsSysCtrlService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.05.09 00:20:07 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.09 00:20:07 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.23 14:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012.02.15 05:48:32 | 010,856,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2012.02.15 05:48:32 | 010,856,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.02.15 04:13:12 | 000,327,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.09.16 16:08:07 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.05.13 16:37:54 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 05:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 03:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 03:03:44 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2009.08.23 13:08:10 | 000,056,320 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E)
DRV:64bit: - [2009.07.16 12:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.09 04:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.08 11:08:00 | 000,020,520 | ---- | M] (GARMIN Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\grmnusb.sys -- (grmnusb)
DRV:64bit: - [2005.09.23 23:18:34 | 000,261,120 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MarvinBus64.sys -- (MarvinBus)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-2514236319-2276680423-263640637-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2514236319-2276680423-263640637-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-2514236319-2276680423-263640637-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A4 55 3D B5 A8 6E CD 01  [binary data]
IE - HKU\S-1-5-21-2514236319-2276680423-263640637-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2514236319-2276680423-263640637-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2514236319-2276680423-263640637-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.spiegel.de|hxxp://www.bild.de|hxxp://www.comdirect.de|hxxp://www.bonusjaeger.de|hxxp://www.fcstpauli.com/index.php"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.18 18:50:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.01.25 15:48:14 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.18 18:50:44 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.01.25 15:48:14 | 000,000,000 | ---D | M]
 
[2011.06.23 00:44:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pac\AppData\Roaming\mozilla\Extensions
[2012.06.16 12:11:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pac\AppData\Roaming\mozilla\Firefox\Profiles\ixdclqlm.default\extensions
[2011.08.18 17:21:09 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Pac\AppData\Roaming\mozilla\Firefox\Profiles\ixdclqlm.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2012.06.16 12:11:57 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\Pac\AppData\Roaming\mozilla\Firefox\Profiles\ixdclqlm.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2011.10.21 11:14:36 | 000,000,000 | ---D | M] (Default Manager) -- C:\Users\Pac\AppData\Roaming\mozilla\Firefox\Profiles\ixdclqlm.default\extensions\DefaultManager@Microsoft
[2012.01.24 09:54:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.02.18 22:30:30 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.07.18 18:50:44 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.02.19 13:10:05 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.19 13:10:05 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.19 13:10:05 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.19 13:10:05 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.19 13:10:05 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.19 13:10:05 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - E:\Tools\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2514236319-2276680423-263640637-1000..\Run: [AdobeBridge]  File not found
O4 - HKU\S-1-5-21-2514236319-2276680423-263640637-1000..\Run: [EA Core] E:\Games\EADM\Core.exe (Electronic Arts)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Pac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Persbackup.lnk = E:\Tools\Personal Backup 5\Persbackup.exe (J. Rathlev, IEAP, Uni-Kiel)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - E:\Tools\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - E:\Tools\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E5F7393B-0DB1-4650-8E63-E93ABE7939A4}: NameServer = 192.168.123.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - E:\Tools\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: AdobeAAMUpdater-1.0 - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: AdobeCS5.5ServiceManager - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: gStart - hkey= - key= - C:\Program Files (x86)\Garmin\gStart.exe (GARMIN Corp.)
MsConfig:64bit - StartUpReg: MaxMenuMgr - hkey= - key= - E:\Tools\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
MsConfig:64bit - StartUpReg: Questler Bonusfinder - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - E:\Tools\Quicktime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: Steam - hkey= - key= - E:\Games\Steam\steam.exe (Valve Corporation)
MsConfig:64bit - StartUpReg: SwitchBoard - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.WMV3 - C:\Windows\SysWow64\wmv9vcm.dll (Microsoft Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.27 02:36:49 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\Pac\Desktop\OTL.exe
[2012.07.26 23:51:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.07.26 23:51:10 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Pac\Desktop\esetsmartinstaller_enu.exe
[2012.07.26 23:40:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012.07.26 23:40:08 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012.07.26 23:40:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012.07.26 23:36:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.07.26 20:30:06 | 000,000,000 | ---D | C] -- C:\Users\Pac\Desktop\LiveSec
[2012.07.26 20:23:50 | 000,000,000 | ---D | C] -- C:\Users\Pac\AppData\Roaming\Malwarebytes
[2012.07.26 20:23:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.26 20:23:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.26 20:23:40 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.26 20:13:58 | 010,652,120 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Pac\Desktop\mbam-setup-1.62.0.1300.exe
[2012.07.26 01:38:19 | 000,000,000 | ---D | C] -- C:\ProgramData\0C1CFAEF000105FC004F66CCF875EF60
[2012.07.16 21:55:57 | 000,000,000 | ---D | C] -- C:\Users\Pac\AppData\Roaming\dvdcss
[2012.07.12 12:24:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.31 17:45:26 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Pac\Desktop\OTL.exe
[2012.07.31 17:39:10 | 000,019,968 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.31 17:39:10 | 000,019,968 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.31 17:31:54 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.31 17:31:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.31 17:31:12 | 536,121,343 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.31 01:23:19 | 000,000,834 | ---- | M] () -- C:\Users\Pac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Persbackup.lnk
[2012.07.31 01:07:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.30 19:16:08 | 000,632,049 | ---- | M] () -- C:\Users\Pac\Desktop\adwcleaner.exe
[2012.07.27 16:32:58 | 001,641,292 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.27 16:32:58 | 000,707,088 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.27 16:32:58 | 000,660,706 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.27 16:32:58 | 000,152,680 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.27 16:32:58 | 000,124,896 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.26 23:51:13 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Pac\Desktop\esetsmartinstaller_enu.exe
[2012.07.26 20:23:41 | 000,000,727 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.26 20:05:32 | 010,652,120 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Pac\Desktop\mbam-setup-1.62.0.1300.exe
[2012.07.11 08:50:23 | 005,294,608 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
 
========== Files Created - No Company Name ==========
 
[2012.07.31 17:44:19 | 000,632,049 | ---- | C] () -- C:\Users\Pac\Desktop\adwcleaner.exe
[2012.07.26 20:23:41 | 000,000,727 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.26 01:42:13 | 000,001,712 | ---- | C] () -- C:\Users\Pac\AppData\Local\{ce398f6c-eb8f-12ea-509f-3723abf83f77}\U\00000001.@
[2012.07.02 17:53:32 | 000,054,462 | ---- | C] () -- C:\Users\Pac\Desktop\Half Baked - Fuck You, Fuck You, You're Cool....mp3
[2012.05.02 01:07:30 | 000,000,040 | ---- | C] () -- C:\ProgramData\ra3.ini
[2012.04.17 23:42:40 | 000,003,584 | ---- | C] () -- C:\Users\Pac\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.03.02 15:16:44 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2012.03.02 15:16:44 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2012.02.15 18:32:28 | 000,577,536 | ---- | C] () -- C:\Windows\SysWow64\ChilkatCsv.dll
[2012.02.15 04:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.02.15 04:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.01.31 07:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.01.11 12:02:18 | 000,002,048 | -HS- | C] () -- C:\Users\Pac\AppData\Local\{ce398f6c-eb8f-12ea-509f-3723abf83f77}\@
[2011.10.25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.07.13 20:49:38 | 000,220,160 | R--- | C] () -- C:\Windows\Printers.exe
[2011.07.13 20:49:38 | 000,026,244 | ---- | C] () -- C:\Windows\SysWow64\PRTmate.dll
[2011.06.30 03:12:38 | 000,000,091 | ---- | C] () -- C:\Users\Pac\AppData\Local\fusioncache.dat
[2011.06.29 19:24:03 | 001,618,250 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.06.23 01:23:28 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2011.06.23 01:23:28 | 000,013,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2011.06.22 21:12:00 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011.06.22 20:47:41 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
 
========== LOP Check ==========
 
[2011.12.18 01:29:58 | 000,000,000 | ---D | M] -- C:\Users\Pac\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012.03.11 01:31:16 | 000,000,000 | ---D | M] -- C:\Users\Pac\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2012.02.19 11:52:42 | 000,000,000 | ---D | M] -- C:\Users\Pac\AppData\Roaming\Dropbox
[2011.12.18 00:17:42 | 000,000,000 | ---D | M] -- C:\Users\Pac\AppData\Roaming\DVDVideoSoft
[2011.08.05 11:33:23 | 000,000,000 | ---D | M] -- C:\Users\Pac\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.10.12 12:59:46 | 000,000,000 | ---D | M] -- C:\Users\Pac\AppData\Roaming\elsterformular
[2012.04.05 16:22:03 | 000,000,000 | ---D | M] -- C:\Users\Pac\AppData\Roaming\EurekaLog
[2011.09.03 12:43:22 | 000,000,000 | ---D | M] -- C:\Users\Pac\AppData\Roaming\FileZilla
[2011.08.01 22:48:48 | 000,000,000 | ---D | M] -- C:\Users\Pac\AppData\Roaming\Garmin
[2012.02.18 23:15:41 | 000,000,000 | ---D | M] -- C:\Users\Pac\AppData\Roaming\GeoGet
[2011.08.05 14:17:30 | 000,000,000 | ---D | M] -- C:\Users\Pac\AppData\Roaming\GetRightToGo
[2012.07.27 13:27:13 | 000,000,000 | ---D | M] -- C:\Users\Pac\AppData\Roaming\GSAK
[2011.09.14 20:30:36 | 000,000,000 | ---D | M] -- C:\Users\Pac\AppData\Roaming\hdbADS
[2011.07.11 23:59:33 | 000,000,000 | ---D | M] -- C:\Users\Pac\AppData\Roaming\MAGIX
[2011.09.14 20:30:46 | 000,000,000 | ---D | M] -- C:\Users\Pac\AppData\Roaming\MrJobs
[2011.12.18 15:03:16 | 000,000,000 | ---D | M] -- C:\Users\Pac\AppData\Roaming\PACE Anti-Piracy
[2012.03.27 19:10:07 | 000,000,000 | ---D | M] -- C:\Users\Pac\AppData\Roaming\PersBackup5
[2012.05.05 12:25:51 | 000,000,000 | ---D | M] -- C:\Users\Pac\AppData\Roaming\Red Alert 3
[2011.12.18 15:05:27 | 000,000,000 | ---D | M] -- C:\Users\Pac\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011.08.17 19:04:59 | 000,000,000 | ---D | M] -- C:\Users\Pac\AppData\Roaming\Swiss Academic Software
[2012.05.07 09:28:18 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.03.16 02:18:20 | 000,000,000 | ---D | M] -- C:\Users\Pac\AppData\Roaming\Adobe
[2011.12.18 18:57:42 | 000,000,000 | ---D | M] -- C:\Users\Pac\AppData\Roaming\Apple Computer
[2011.10.01 00:09:56 | 000,000,000 | ---D | M] -- C:\Users\Pac\AppData\Roaming\ATI
[2012.03.28 19:19:23 | 000,000,000 | ---D | M] -- C:\Users\Pac\AppData\Roaming\Avira
[2011.12.18 01:29:58 | 000,000,000 | ---D | M] -- C:\Users\Pac\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012.03.11 01:31:16 | 000,000,000 | ---D | M] -- C:\Users\Pac\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2012.02.19 11:52:42 | 000,000,000 | ---D | M] -- C:\Users\Pac\AppData\Roaming\Dropbox
[2012.07.16 21:55:57 | 000,000,000 | ---D | M] -- C:\Users\Pac\AppData\Roaming\dvdcss
[2011.12.18 00:17:42 | 000,000,000 | ---D | M] -- C:\Users\Pac\AppData\Roaming\DVDVideoSoft
[2011.08.05 11:33:23 | 000,000,000 | ---D | M] -- C:\Users\Pac\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.10.12 12:59:46 | 000,000,000 | ---D | M] -- C:\Users\Pac\AppData\Roaming\elsterformular
[2012.04.05 16:22:03 | 000,000,000 | ---D | M] -- C:\Users\Pac\AppData\Roaming\EurekaLog
[2011.09.03 12:43:22 | 000,000,000 | ---D | M] -- C:\Users\Pac\AppData\Roaming\FileZilla
[2011.08.01 22:48:48 | 000,000,000 | ---D | M] -- C:\Users\Pac\AppData\Roaming\Garmin
[2012.02.18 23:15:41 | 000,000,000 | ---D | M] -- C:\Users\Pac\AppData\Roaming\GeoGet
[2011.08.05 14:17:30 | 000,000,000 | ---D | M] -- C:\Users\Pac\AppData\Roaming\GetRightToGo
[2012.07.27 13:27:13 | 000,000,000 | ---D | M] -- C:\Users\Pac\AppData\Roaming\GSAK
[2011.09.14 20:30:36 | 000,000,000 | ---D | M] -- C:\Users\Pac\AppData\Roaming\hdbADS
[2011.06.22 20:59:15 | 000,000,000 | ---D | M] -- C:\Users\Pac\AppData\Roaming\Identities
[2011.06.22 23:57:44 | 000,000,000 | ---D | M] -- C:\Users\Pac\AppData\Roaming\InstallShield
[2011.06.23 02:03:47 | 000,000,000 | ---D | M] -- C:\Users\Pac\AppData\Roaming\Macromedia
[2011.07.11 23:59:33 | 000,000,000 | ---D | M] -- C:\Users\Pac\AppData\Roaming\MAGIX
[2012.07.26 20:23:50 | 000,000,000 | ---D | M] -- C:\Users\Pac\AppData\Roaming\Malwarebytes
[2009.07.14 09:45:14 | 000,000,000 | ---D | M] -- C:\Users\Pac\AppData\Roaming\Media Center Programs
[2012.03.03 23:54:52 | 000,000,000 | --SD | M] -- C:\Users\Pac\AppData\Roaming\Microsoft
[2011.06.23 00:44:20 | 000,000,000 | ---D | M] -- C:\Users\Pac\AppData\Roaming\Mozilla
[2011.09.14 20:30:46 | 000,000,000 | ---D | M] -- C:\Users\Pac\AppData\Roaming\MrJobs
[2011.12.18 15:03:16 | 000,000,000 | ---D | M] -- C:\Users\Pac\AppData\Roaming\PACE Anti-Piracy
[2012.03.27 19:10:07 | 000,000,000 | ---D | M] -- C:\Users\Pac\AppData\Roaming\PersBackup5
[2012.05.05 12:25:51 | 000,000,000 | ---D | M] -- C:\Users\Pac\AppData\Roaming\Red Alert 3
[2012.03.11 01:30:57 | 000,000,000 | RH-D | M] -- C:\Users\Pac\AppData\Roaming\SecuROM
[2012.03.25 23:44:48 | 000,000,000 | ---D | M] -- C:\Users\Pac\AppData\Roaming\Skype
[2011.12.18 15:05:27 | 000,000,000 | ---D | M] -- C:\Users\Pac\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011.08.17 19:04:59 | 000,000,000 | ---D | M] -- C:\Users\Pac\AppData\Roaming\Swiss Academic Software
[2011.10.21 11:08:19 | 000,000,000 | ---D | M] -- C:\Users\Pac\AppData\Roaming\vlc
 
< %APPDATA%\*.exe /s >
[2011.12.18 01:28:38 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Pac\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2011.12.18 14:58:59 | 000,010,134 | R--- | M] () -- C:\Users\Pac\AppData\Roaming\Microsoft\Installer\{024521CF-C07E-4F8E-8481-0D75695E03AF}\ARPPRODUCTICON.exe
[2011.09.14 17:50:30 | 000,010,134 | R--- | M] () -- C:\Users\Pac\AppData\Roaming\Microsoft\Installer\{20B1B020-DEAE-48D1-9960-D4C3185D758B}\Foren.exe
[2011.09.14 17:50:30 | 000,000,766 | R--- | M] () -- C:\Users\Pac\AppData\Roaming\Microsoft\Installer\{20B1B020-DEAE-48D1-9960-D4C3185D758B}\htmledit.exe
[2011.11.30 20:30:52 | 000,088,102 | R--- | M] () -- C:\Users\Pac\AppData\Roaming\Microsoft\Installer\{C496ED25-F3EC-0CBC-37DB-B31C6E6592C9}\ARPPRODUCTICON.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 05:33:40 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 05:33:40 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 05:27:24 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 05:27:24 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 04:20:30 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 04:20:30 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 05:33:50 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 05:33:50 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 04:21:06 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 04:21:06 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 05:27:26 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 05:27:26 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 04:08:58 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 04:08:58 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 05:27:28 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 05:27:28 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 04:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 04:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 05:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 05:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 05:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 05:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<           >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 1233 bytes -> C:\Users\Pac\AppData\Local\dHmP5f0GyaW:jNAtcAKClfGOtWOxelMvN6kl

< End of report >

Achso, das Einzige was ungewöhnlich ist, ist das alle versteckten Dateien nun sichtbar sind.

Beste Grüße
Pac

cosinus · 01.08.2012, 16:00

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
FF - user.js - File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
@Alternate Data Stream - 1233 bytes -> C:\Users\Pac\AppData\Local\dHmP5f0GyaW:jNAtcAKClfGOtWOxelMvN6kl
:Files
C:\ProgramData\0C1CFAEF000105FC004F66CCF875EF60
C:\Users\Pac\AppData\Local\dHmP5f0GyaW
F:\Downloads\casinoshare.exe
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Pac11 · 01.08.2012, 17:00

Das ging ja Fix

Code:

ATTFilter

All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
ADS C:\Users\Pac\AppData\Local\dHmP5f0GyaW:jNAtcAKClfGOtWOxelMvN6kl deleted successfully.
========== FILES ==========
C:\ProgramData\0C1CFAEF000105FC004F66CCF875EF60 folder moved successfully.
C:\Users\Pac\AppData\Local\dHmP5f0GyaW folder moved successfully.
F:\Downloads\casinoshare.exe moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Pac
->Temp folder emptied: 6231883212 bytes
->Temporary Internet Files folder emptied: 149994259 bytes
->Java cache emptied: 765485 bytes
->FireFox cache emptied: 507089305 bytes
->Flash cache emptied: 59089 bytes
 
User: Public
 
emoved: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 246365647 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 98773105 bytes
 
Total Files Cleaned = 6.900,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Pac
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.55.0 log created on 08012012_171422

Files\Folders moved on Reboot...
C:\Users\Pac\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...
File C:\Users\Pac\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...

Grüße

cosinus · 02.08.2012, 14:17

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C

nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

Pac11 · 02.08.2012, 14:40

Hi Arne,

auch der Scan mit dem TDSS-Killer ist durch, hier das Logfile:

Code:

ATTFilter

15:33:40.0315 2196	TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
15:33:40.0424 2196	============================================================
15:33:40.0424 2196	Current date / time: 2012/08/02 15:33:40.0424
15:33:40.0424 2196	SystemInfo:
15:33:40.0424 2196	
15:33:40.0424 2196	OS Version: 6.1.7601 ServicePack: 1.0
15:33:40.0424 2196	Product type: Workstation
15:33:40.0424 2196	ComputerName: PAC-PC
15:33:40.0424 2196	UserName: Pac
15:33:40.0424 2196	Windows directory: C:\Windows
15:33:40.0424 2196	System windows directory: C:\Windows
15:33:40.0424 2196	Running under WOW64
15:33:40.0424 2196	Processor architecture: Intel x64
15:33:40.0424 2196	Number of processors: 2
15:33:40.0424 2196	Page size: 0x1000
15:33:40.0424 2196	Boot type: Normal boot
15:33:40.0424 2196	============================================================
15:33:41.0329 2196	Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:33:41.0345 2196	Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:33:41.0345 2196	============================================================
15:33:41.0345 2196	\Device\Harddisk0\DR0:
15:33:41.0345 2196	MBR partitions:
15:33:41.0345 2196	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C428D
15:33:41.0345 2196	\Device\Harddisk1\DR1:
15:33:41.0345 2196	MBR partitions:
15:33:41.0345 2196	\Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xB98CC50
15:33:41.0345 2196	\Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0xB98CCCE, BlocksNum 0xB98CC50
15:33:41.0360 2196	\Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x1731995D, BlocksNum 0xEA60903
15:33:41.0392 2196	\Device\Harddisk1\DR1\Partition3: MBR, Type 0x7, StartLBA 0x25D7A800, BlocksNum 0x14606000
15:33:41.0392 2196	============================================================
15:33:41.0423 2196	C: <-> \Device\Harddisk1\DR1\Partition0
15:33:41.0423 2196	H: <-> \Device\Harddisk0\DR0\Partition0
15:33:41.0454 2196	D: <-> \Device\Harddisk1\DR1\Partition1
15:33:41.0485 2196	E: <-> \Device\Harddisk1\DR1\Partition2
15:33:41.0532 2196	F: <-> \Device\Harddisk1\DR1\Partition3
15:33:41.0532 2196	============================================================
15:33:41.0532 2196	Initialize success
15:33:41.0532 2196	============================================================
15:33:50.0050 2596	============================================================
15:33:50.0050 2596	Scan started
15:33:50.0050 2596	Mode: Manual; SigCheck; TDLFS; 
15:33:50.0050 2596	============================================================
15:33:51.0188 2596	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
15:33:51.0298 2596	1394ohci - ok
15:33:51.0329 2596	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
15:33:51.0360 2596	ACPI - ok
15:33:51.0391 2596	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
15:33:51.0469 2596	AcpiPmi - ok
15:33:51.0625 2596	AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:33:51.0641 2596	AdobeARMservice - ok
15:33:51.0703 2596	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
15:33:51.0734 2596	adp94xx - ok
15:33:51.0766 2596	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
15:33:51.0781 2596	adpahci - ok
15:33:51.0797 2596	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
15:33:51.0797 2596	adpu320 - ok
15:33:51.0844 2596	AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
15:33:51.0890 2596	AeLookupSvc - ok
15:33:51.0937 2596	AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
15:33:52.0000 2596	AFD - ok
15:33:52.0046 2596	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
15:33:52.0062 2596	agp440 - ok
15:33:52.0078 2596	ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
15:33:52.0140 2596	ALG - ok
15:33:52.0156 2596	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
15:33:52.0171 2596	aliide - ok
15:33:52.0202 2596	AMD External Events Utility (962227630779043b5c1d4cd157abb912) C:\Windows\system32\atiesrxx.exe
15:33:52.0249 2596	AMD External Events Utility - ok
15:33:52.0265 2596	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
15:33:52.0280 2596	amdide - ok
15:33:52.0312 2596	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
15:33:52.0374 2596	AmdK8 - ok
15:33:52.0873 2596	amdkmdag        (56d6631761ec37745f0df16bcdc4caf4) C:\Windows\system32\DRIVERS\atikmdag.sys
15:33:53.0092 2596	amdkmdag - ok
15:33:53.0279 2596	amdkmdap        (2d9005ea0bfd25c740e53c8dd3c069e0) C:\Windows\system32\DRIVERS\atikmpag.sys
15:33:53.0326 2596	amdkmdap - ok
15:33:53.0341 2596	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
15:33:53.0372 2596	AmdPPM - ok
15:33:53.0419 2596	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
15:33:53.0435 2596	amdsata - ok
15:33:53.0450 2596	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
15:33:53.0466 2596	amdsbs - ok
15:33:53.0482 2596	amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
15:33:53.0482 2596	amdxata - ok
15:33:53.0591 2596	AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
15:33:53.0606 2596	AntiVirSchedulerService - ok
15:33:53.0669 2596	AntiVirService  (a489be6bb0aa1ff406b488b60542314b) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
15:33:53.0684 2596	AntiVirService - ok
15:33:53.0731 2596	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
15:33:54.0028 2596	AppID - ok
15:33:54.0059 2596	AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
15:33:54.0121 2596	AppIDSvc - ok
15:33:54.0137 2596	Appinfo         (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
15:33:54.0184 2596	Appinfo - ok
15:33:54.0230 2596	AppMgmt         (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
15:33:54.0262 2596	AppMgmt - ok
15:33:54.0293 2596	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
15:33:54.0308 2596	arc - ok
15:33:54.0324 2596	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
15:33:54.0340 2596	arcsas - ok
15:33:54.0464 2596	AsIO            (a82c01606dc27d05d9d3bfb6bb807e32) C:\Windows\syswow64\drivers\AsIO.sys
15:33:54.0480 2596	AsIO - ok
15:33:54.0620 2596	aspnet_state    (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
15:33:54.0636 2596	aspnet_state - ok
15:33:54.0683 2596	AsSysCtrlService (e781164c7d47950e3d218c84b2901cb2) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
15:33:54.0730 2596	AsSysCtrlService ( UnsignedFile.Multi.Generic ) - warning
15:33:54.0730 2596	AsSysCtrlService - detected UnsignedFile.Multi.Generic (1)
15:33:54.0776 2596	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
15:33:54.0839 2596	AsyncMac - ok
15:33:54.0870 2596	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
15:33:54.0886 2596	atapi - ok
15:33:54.0932 2596	AtiHDAudioService (24464b908e143d2561e9e452fee97309) C:\Windows\system32\drivers\AtihdW76.sys
15:33:54.0948 2596	AtiHDAudioService - ok
15:33:55.0416 2596	atikmdag        (56d6631761ec37745f0df16bcdc4caf4) C:\Windows\system32\drivers\atikmdag.sys
15:33:55.0525 2596	atikmdag - ok
15:33:55.0697 2596	AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:33:55.0775 2596	AudioEndpointBuilder - ok
15:33:55.0775 2596	AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:33:55.0806 2596	AudioSrv - ok
15:33:55.0884 2596	avgntflt        (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys
15:33:55.0900 2596	avgntflt - ok
15:33:55.0931 2596	avipbb          (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys
15:33:55.0946 2596	avipbb - ok
15:33:55.0962 2596	avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
15:33:55.0978 2596	avkmgr - ok
15:33:56.0009 2596	AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
15:33:56.0087 2596	AxInstSV - ok
15:33:56.0149 2596	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
15:33:56.0180 2596	b06bdrv - ok
15:33:56.0227 2596	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
15:33:56.0274 2596	b57nd60a - ok
15:33:56.0321 2596	BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
15:33:56.0368 2596	BDESVC - ok
15:33:56.0368 2596	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
15:33:56.0446 2596	Beep - ok
15:33:56.0524 2596	BFE             (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
15:33:56.0555 2596	BFE - ok
15:33:56.0617 2596	BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
15:33:56.0695 2596	BITS - ok
15:33:56.0773 2596	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
15:33:56.0804 2596	blbdrive - ok
15:33:56.0898 2596	Bonjour Service (73686fe0b2e0469f89fd2075be724704) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
15:33:56.0914 2596	Bonjour Service ( UnsignedFile.Multi.Generic ) - warning
15:33:56.0914 2596	Bonjour Service - detected UnsignedFile.Multi.Generic (1)
15:33:56.0929 2596	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
15:33:56.0992 2596	bowser - ok
15:33:57.0007 2596	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:33:57.0070 2596	BrFiltLo - ok
15:33:57.0070 2596	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:33:57.0085 2596	BrFiltUp - ok
15:33:57.0132 2596	Browser         (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
15:33:57.0210 2596	Browser - ok
15:33:57.0226 2596	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
15:33:57.0257 2596	Brserid - ok
15:33:57.0257 2596	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
15:33:57.0288 2596	BrSerWdm - ok
15:33:57.0288 2596	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:33:57.0335 2596	BrUsbMdm - ok
15:33:57.0335 2596	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
15:33:57.0366 2596	BrUsbSer - ok
15:33:57.0366 2596	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
15:33:57.0382 2596	BTHMODEM - ok
15:33:57.0413 2596	bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
15:33:57.0460 2596	bthserv - ok
15:33:57.0491 2596	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
15:33:57.0538 2596	cdfs - ok
15:33:57.0584 2596	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
15:33:57.0616 2596	cdrom - ok
15:33:57.0678 2596	CertPropSvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:33:57.0756 2596	CertPropSvc - ok
15:33:57.0772 2596	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
15:33:57.0803 2596	circlass - ok
15:33:57.0834 2596	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
15:33:57.0850 2596	CLFS - ok
15:33:57.0943 2596	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:33:57.0959 2596	clr_optimization_v2.0.50727_32 - ok
15:33:58.0021 2596	clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:33:58.0037 2596	clr_optimization_v2.0.50727_64 - ok
15:33:58.0115 2596	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:33:58.0146 2596	clr_optimization_v4.0.30319_32 - ok
15:33:58.0193 2596	clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:33:58.0208 2596	clr_optimization_v4.0.30319_64 - ok
15:33:58.0240 2596	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
15:33:58.0255 2596	CmBatt - ok
15:33:58.0286 2596	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
15:33:58.0286 2596	cmdide - ok
15:33:58.0333 2596	CNG             (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
15:33:58.0364 2596	CNG - ok
15:33:58.0380 2596	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
15:33:58.0396 2596	Compbatt - ok
15:33:58.0411 2596	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
15:33:58.0458 2596	CompositeBus - ok
15:33:58.0458 2596	COMSysApp - ok
15:33:58.0489 2596	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
15:33:58.0489 2596	crcdisk - ok
15:33:58.0536 2596	CryptSvc        (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
15:33:58.0583 2596	CryptSvc - ok
15:33:58.0645 2596	CSC             (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
15:33:58.0676 2596	CSC - ok
15:33:58.0739 2596	CscService      (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
15:33:58.0786 2596	CscService - ok
15:33:58.0848 2596	DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:33:58.0910 2596	DcomLaunch - ok
15:33:58.0957 2596	defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
15:33:59.0004 2596	defragsvc - ok
15:33:59.0082 2596	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
15:33:59.0144 2596	DfsC - ok
15:33:59.0191 2596	Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
15:33:59.0254 2596	Dhcp - ok
15:33:59.0285 2596	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
15:33:59.0332 2596	discache - ok
15:33:59.0394 2596	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
15:33:59.0394 2596	Disk - ok
15:33:59.0441 2596	Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
15:33:59.0488 2596	Dnscache - ok
15:33:59.0534 2596	dot3svc         (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
15:33:59.0597 2596	dot3svc - ok
15:33:59.0644 2596	DPS             (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
15:33:59.0690 2596	DPS - ok
15:33:59.0737 2596	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
15:33:59.0768 2596	drmkaud - ok
15:33:59.0831 2596	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
15:33:59.0862 2596	DXGKrnl - ok
15:33:59.0893 2596	EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
15:33:59.0940 2596	EapHost - ok
15:34:00.0096 2596	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
15:34:00.0174 2596	ebdrv - ok
15:34:00.0283 2596	EFS             (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
15:34:00.0330 2596	EFS - ok
15:34:00.0424 2596	ehRecvr         (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
15:34:00.0486 2596	ehRecvr - ok
15:34:00.0517 2596	ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
15:34:00.0548 2596	ehSched - ok
15:34:00.0642 2596	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
15:34:00.0658 2596	elxstor - ok
15:34:00.0673 2596	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
15:34:00.0704 2596	ErrDev - ok
15:34:00.0751 2596	EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
15:34:00.0814 2596	EventSystem - ok
15:34:00.0829 2596	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
15:34:00.0860 2596	exfat - ok
15:34:00.0892 2596	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
15:34:00.0938 2596	fastfat - ok
15:34:00.0985 2596	Fax             (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
15:34:01.0063 2596	Fax - ok
15:34:01.0079 2596	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
15:34:01.0094 2596	fdc - ok
15:34:01.0126 2596	fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
15:34:01.0188 2596	fdPHost - ok
15:34:01.0204 2596	FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
15:34:01.0266 2596	FDResPub - ok
15:34:01.0282 2596	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
15:34:01.0297 2596	FileInfo - ok
15:34:01.0297 2596	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
15:34:01.0344 2596	Filetrace - ok
15:34:01.0438 2596	FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
15:34:01.0469 2596	FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
15:34:01.0469 2596	FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
15:34:01.0484 2596	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
15:34:01.0500 2596	flpydisk - ok
15:34:01.0547 2596	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
15:34:01.0562 2596	FltMgr - ok
15:34:01.0640 2596	FontCache       (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
15:34:01.0687 2596	FontCache - ok
15:34:01.0812 2596	FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:34:01.0812 2596	FontCache3.0.0.0 - ok
15:34:01.0921 2596	FreeAgentGoNext Service (07af7870abf051ebbae8a8a92ff34abe) E:\Tools\SeagateManager\Sync\FreeAgentService.exe
15:34:01.0937 2596	FreeAgentGoNext Service - ok
15:34:02.0015 2596	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
15:34:02.0030 2596	FsDepends - ok
15:34:02.0077 2596	fssfltr         (dc0dce4ec2c5d2cf6472f9fd6aa9a7dc) C:\Windows\system32\DRIVERS\fssfltr.sys
15:34:02.0077 2596	fssfltr - ok
15:34:02.0280 2596	fsssvc          (40cdfad174b3d5e80f95dda003c0b97f) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
15:34:02.0311 2596	fsssvc - ok
15:34:02.0405 2596	Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
15:34:02.0405 2596	Fs_Rec - ok
15:34:02.0467 2596	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
15:34:02.0483 2596	fvevol - ok
15:34:02.0530 2596	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
15:34:02.0545 2596	gagp30kx - ok
15:34:02.0608 2596	gpsvc           (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
15:34:02.0686 2596	gpsvc - ok
15:34:02.0732 2596	grmnusb         (2ed7ff3e1ada4092632393781518b3a7) C:\Windows\system32\drivers\grmnusb.sys
15:34:02.0748 2596	grmnusb - ok
15:34:02.0857 2596	gupdate         (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:34:02.0857 2596	gupdate - ok
15:34:02.0873 2596	gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:34:02.0888 2596	gupdatem - ok
15:34:02.0904 2596	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
15:34:02.0951 2596	hcw85cir - ok
15:34:03.0013 2596	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
15:34:03.0060 2596	HdAudAddService - ok
15:34:03.0122 2596	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
15:34:03.0169 2596	HDAudBus - ok
15:34:03.0169 2596	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
15:34:03.0200 2596	HidBatt - ok
15:34:03.0216 2596	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
15:34:03.0247 2596	HidBth - ok
15:34:03.0247 2596	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
15:34:03.0263 2596	HidIr - ok
15:34:03.0294 2596	hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
15:34:03.0372 2596	hidserv - ok
15:34:03.0388 2596	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
15:34:03.0403 2596	HidUsb - ok
15:34:03.0450 2596	hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
15:34:03.0481 2596	hkmsvc - ok
15:34:03.0544 2596	HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
15:34:03.0575 2596	HomeGroupListener - ok
15:34:03.0622 2596	HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
15:34:03.0653 2596	HomeGroupProvider - ok
15:34:03.0684 2596	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
15:34:03.0700 2596	HpSAMD - ok
15:34:03.0762 2596	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
15:34:03.0840 2596	HTTP - ok
15:34:03.0856 2596	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
15:34:03.0871 2596	hwpolicy - ok
15:34:03.0918 2596	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
15:34:03.0918 2596	i8042prt - ok
15:34:03.0965 2596	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
15:34:03.0996 2596	iaStorV - ok
15:34:04.0355 2596	IDriverT        (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
15:34:04.0386 2596	IDriverT ( UnsignedFile.Multi.Generic ) - warning
15:34:04.0386 2596	IDriverT - detected UnsignedFile.Multi.Generic (1)
15:34:04.0480 2596	idsvc           (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:34:04.0511 2596	idsvc - ok
15:34:04.0604 2596	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
15:34:04.0620 2596	iirsp - ok
15:34:04.0698 2596	IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
15:34:04.0760 2596	IKEEXT - ok
15:34:04.0885 2596	IntcAzAudAddService (d42d651676883181400e22957a7e0b1e) C:\Windows\system32\drivers\RTKVHD64.sys
15:34:04.0916 2596	IntcAzAudAddService - ok
15:34:05.0072 2596	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
15:34:05.0088 2596	intelide - ok
15:34:05.0119 2596	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
15:34:05.0150 2596	intelppm - ok
15:34:05.0197 2596	IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
15:34:05.0244 2596	IPBusEnum - ok
15:34:05.0291 2596	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:34:05.0322 2596	IpFilterDriver - ok
15:34:05.0400 2596	iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
15:34:05.0447 2596	iphlpsvc - ok
15:34:05.0478 2596	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
15:34:05.0525 2596	IPMIDRV - ok
15:34:05.0540 2596	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
15:34:05.0587 2596	IPNAT - ok
15:34:05.0603 2596	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
15:34:05.0665 2596	IRENUM - ok
15:34:05.0696 2596	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
15:34:05.0712 2596	isapnp - ok
15:34:05.0743 2596	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
15:34:05.0759 2596	iScsiPrt - ok
15:34:05.0806 2596	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
15:34:05.0806 2596	kbdclass - ok
15:34:05.0837 2596	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
15:34:05.0852 2596	kbdhid - ok
15:34:05.0868 2596	KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:34:05.0884 2596	KeyIso - ok
15:34:05.0915 2596	KSecDD          (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
15:34:05.0930 2596	KSecDD - ok
15:34:05.0962 2596	KSecPkg         (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
15:34:05.0977 2596	KSecPkg - ok
15:34:06.0008 2596	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
15:34:06.0055 2596	ksthunk - ok
15:34:06.0102 2596	KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
15:34:06.0133 2596	KtmRm - ok
15:34:06.0164 2596	L1E             (b8e670d7ef61615fa03104552854fac9) C:\Windows\system32\DRIVERS\L1E62x64.sys
15:34:06.0196 2596	L1E - ok
15:34:06.0242 2596	LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
15:34:06.0305 2596	LanmanServer - ok
15:34:06.0352 2596	LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
15:34:06.0398 2596	LanmanWorkstation - ok
15:34:06.0430 2596	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
15:34:06.0476 2596	lltdio - ok
15:34:06.0508 2596	lltdsvc         (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
15:34:06.0539 2596	lltdsvc - ok
15:34:06.0570 2596	lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
15:34:06.0586 2596	lmhosts - ok
15:34:06.0632 2596	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
15:34:06.0648 2596	LSI_FC - ok
15:34:06.0664 2596	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
15:34:06.0679 2596	LSI_SAS - ok
15:34:06.0695 2596	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:34:06.0695 2596	LSI_SAS2 - ok
15:34:06.0726 2596	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:34:06.0742 2596	LSI_SCSI - ok
15:34:06.0773 2596	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
15:34:06.0804 2596	luafv - ok
15:34:06.0882 2596	MarvinBus       (024da28053d57e9e32bee52600576bbb) C:\Windows\system32\DRIVERS\MarvinBus64.sys
15:34:06.0913 2596	MarvinBus ( UnsignedFile.Multi.Generic ) - warning
15:34:06.0913 2596	MarvinBus - detected UnsignedFile.Multi.Generic (1)
15:34:06.0944 2596	Mcx2Svc         (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
15:34:06.0960 2596	Mcx2Svc - ok
15:34:06.0976 2596	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
15:34:06.0991 2596	megasas - ok
15:34:07.0007 2596	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
15:34:07.0038 2596	MegaSR - ok
15:34:07.0210 2596	Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
15:34:07.0225 2596	Microsoft Office Groove Audit Service - ok
15:34:07.0256 2596	MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:34:07.0319 2596	MMCSS - ok
15:34:07.0319 2596	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
15:34:07.0350 2596	Modem - ok
15:34:07.0381 2596	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
15:34:07.0412 2596	monitor - ok
15:34:07.0444 2596	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
15:34:07.0459 2596	mouclass - ok
15:34:07.0475 2596	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
15:34:07.0506 2596	mouhid - ok
15:34:07.0537 2596	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
15:34:07.0553 2596	mountmgr - ok
15:34:07.0615 2596	MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:34:07.0631 2596	MozillaMaintenance - ok
15:34:07.0678 2596	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
15:34:07.0693 2596	mpio - ok
15:34:07.0693 2596	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
15:34:07.0724 2596	mpsdrv - ok
15:34:07.0787 2596	MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
15:34:07.0865 2596	MpsSvc - ok
15:34:07.0880 2596	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
15:34:07.0912 2596	MRxDAV - ok
15:34:07.0958 2596	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:34:08.0005 2596	mrxsmb - ok
15:34:08.0052 2596	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:34:08.0083 2596	mrxsmb10 - ok
15:34:08.0114 2596	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:34:08.0130 2596	mrxsmb20 - ok
15:34:08.0161 2596	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
15:34:08.0177 2596	msahci - ok
15:34:08.0192 2596	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
15:34:08.0208 2596	msdsm - ok
15:34:08.0255 2596	MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
15:34:08.0270 2596	MSDTC - ok
15:34:08.0317 2596	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
15:34:08.0364 2596	Msfs - ok
15:34:08.0364 2596	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
15:34:08.0395 2596	mshidkmdf - ok
15:34:08.0426 2596	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
15:34:08.0442 2596	msisadrv - ok
15:34:08.0504 2596	MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
15:34:08.0536 2596	MSiSCSI - ok
15:34:08.0536 2596	msiserver - ok
15:34:08.0551 2596	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
15:34:08.0582 2596	MSKSSRV - ok
15:34:08.0614 2596	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
15:34:08.0676 2596	MSPCLOCK - ok
15:34:08.0692 2596	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
15:34:08.0723 2596	MSPQM - ok
15:34:08.0770 2596	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
15:34:08.0785 2596	MsRPC - ok
15:34:08.0801 2596	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
15:34:08.0816 2596	mssmbios - ok
15:34:08.0816 2596	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
15:34:08.0848 2596	MSTEE - ok
15:34:08.0863 2596	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
15:34:08.0863 2596	MTConfig - ok
15:34:08.0910 2596	MTsensor        (19b006b181e3875fd254f7b67acf1e7c) C:\Windows\system32\DRIVERS\ASACPI.sys
15:34:08.0910 2596	MTsensor - ok
15:34:08.0941 2596	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
15:34:08.0957 2596	Mup - ok
15:34:09.0004 2596	napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
15:34:09.0066 2596	napagent - ok
15:34:09.0097 2596	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
15:34:09.0128 2596	NativeWifiP - ok
15:34:09.0191 2596	NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
15:34:09.0222 2596	NDIS - ok
15:34:09.0238 2596	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
15:34:09.0269 2596	NdisCap - ok
15:34:09.0300 2596	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
15:34:09.0316 2596	NdisTapi - ok
15:34:09.0331 2596	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
15:34:09.0362 2596	Ndisuio - ok
15:34:09.0596 2596	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
15:34:09.0643 2596	NdisWan - ok
15:34:09.0659 2596	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
15:34:09.0706 2596	NDProxy - ok
15:34:09.0737 2596	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
15:34:09.0784 2596	NetBIOS - ok
15:34:09.0830 2596	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
15:34:09.0862 2596	NetBT - ok
15:34:09.0893 2596	Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:34:09.0908 2596	Netlogon - ok
15:34:09.0955 2596	Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
15:34:09.0986 2596	Netman - ok
15:34:10.0158 2596	NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:34:10.0174 2596	NetMsmqActivator - ok
15:34:10.0189 2596	NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:34:10.0205 2596	NetPipeActivator - ok
15:34:10.0236 2596	netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
15:34:10.0298 2596	netprofm - ok
15:34:10.0298 2596	NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:34:10.0298 2596	NetTcpActivator - ok
15:34:10.0314 2596	NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:34:10.0314 2596	NetTcpPortSharing - ok
15:34:10.0408 2596	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
15:34:10.0423 2596	nfrd960 - ok
15:34:10.0454 2596	NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
15:34:10.0501 2596	NlaSvc - ok
15:34:10.0517 2596	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
15:34:10.0548 2596	Npfs - ok
15:34:10.0595 2596	nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
15:34:10.0642 2596	nsi - ok
15:34:10.0657 2596	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
15:34:10.0704 2596	nsiproxy - ok
15:34:10.0798 2596	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
15:34:10.0829 2596	Ntfs - ok
15:34:10.0907 2596	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
15:34:10.0954 2596	Null - ok
15:34:11.0000 2596	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
15:34:11.0000 2596	nvraid - ok
15:34:11.0032 2596	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
15:34:11.0032 2596	nvstor - ok
15:34:11.0078 2596	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
15:34:11.0094 2596	nv_agp - ok
15:34:11.0188 2596	odserv          (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:34:11.0203 2596	odserv - ok
15:34:11.0234 2596	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
15:34:11.0250 2596	ohci1394 - ok
15:34:11.0297 2596	ose             (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:34:11.0312 2596	ose - ok
15:34:11.0375 2596	p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:34:11.0406 2596	p2pimsvc - ok
15:34:11.0453 2596	p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
15:34:11.0468 2596	p2psvc - ok
15:34:11.0500 2596	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
15:34:11.0515 2596	Parport - ok
15:34:11.0546 2596	partmgr         (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
15:34:11.0562 2596	partmgr - ok
15:34:11.0578 2596	PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
15:34:11.0609 2596	PcaSvc - ok
15:34:11.0656 2596	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
15:34:11.0671 2596	pci - ok
15:34:11.0702 2596	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
15:34:11.0718 2596	pciide - ok
15:34:11.0734 2596	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
15:34:11.0749 2596	pcmcia - ok
15:34:11.0780 2596	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
15:34:11.0780 2596	pcw - ok
15:34:11.0827 2596	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
15:34:11.0874 2596	PEAUTH - ok
15:34:11.0952 2596	PeerDistSvc     (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
15:34:12.0014 2596	PeerDistSvc - ok
15:34:12.0077 2596	PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
15:34:12.0108 2596	PerfHost - ok
15:34:12.0248 2596	pla             (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
15:34:12.0326 2596	pla - ok
15:34:12.0373 2596	PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
15:34:12.0404 2596	PlugPlay - ok
15:34:12.0436 2596	PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
15:34:12.0467 2596	PNRPAutoReg - ok
15:34:12.0498 2596	PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:34:12.0514 2596	PNRPsvc - ok
15:34:12.0576 2596	PolicyAgent     (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
15:34:12.0638 2596	PolicyAgent - ok
15:34:12.0670 2596	Power           (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
15:34:12.0716 2596	Power - ok
15:34:12.0810 2596	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
15:34:12.0857 2596	PptpMiniport - ok
15:34:12.0872 2596	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
15:34:12.0888 2596	Processor - ok
15:34:12.0935 2596	ProfSvc         (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
15:34:12.0982 2596	ProfSvc - ok
15:34:13.0013 2596	ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:34:13.0013 2596	ProtectedStorage - ok
15:34:13.0060 2596	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
15:34:13.0106 2596	Psched - ok
15:34:13.0153 2596	PxHlpa64        (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
15:34:13.0169 2596	PxHlpa64 - ok
15:34:13.0231 2596	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
15:34:13.0262 2596	ql2300 - ok
15:34:13.0434 2596	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
15:34:13.0434 2596	ql40xx - ok
15:34:13.0481 2596	QWAVE           (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
15:34:13.0496 2596	QWAVE - ok
15:34:13.0528 2596	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
15:34:13.0559 2596	QWAVEdrv - ok
15:34:13.0590 2596	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
15:34:13.0637 2596	RasAcd - ok
15:34:13.0684 2596	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:34:13.0715 2596	RasAgileVpn - ok
15:34:13.0730 2596	RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
15:34:13.0762 2596	RasAuto - ok
15:34:13.0793 2596	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:34:13.0840 2596	Rasl2tp - ok
15:34:13.0871 2596	RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
15:34:13.0902 2596	RasMan - ok
15:34:13.0918 2596	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
15:34:13.0980 2596	RasPppoe - ok
15:34:13.0996 2596	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
15:34:14.0027 2596	RasSstp - ok
15:34:14.0058 2596	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
15:34:14.0105 2596	rdbss - ok
15:34:14.0120 2596	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
15:34:14.0152 2596	rdpbus - ok
15:34:14.0152 2596	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:34:14.0198 2596	RDPCDD - ok
15:34:14.0230 2596	RDPDR           (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
15:34:14.0261 2596	RDPDR - ok
15:34:14.0292 2596	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
15:34:14.0339 2596	RDPENCDD - ok
15:34:14.0339 2596	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
15:34:14.0354 2596	RDPREFMP - ok
15:34:14.0417 2596	RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
15:34:14.0495 2596	RdpVideoMiniport - ok
15:34:14.0542 2596	RDPWD           (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
15:34:14.0573 2596	RDPWD - ok
15:34:14.0666 2596	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
15:34:14.0682 2596	rdyboost - ok
15:34:14.0713 2596	RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
15:34:14.0776 2596	RemoteAccess - ok
15:34:14.0807 2596	RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
15:34:14.0869 2596	RemoteRegistry - ok
15:34:14.0900 2596	RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
15:34:14.0947 2596	RpcEptMapper - ok
15:34:14.0963 2596	RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
15:34:14.0994 2596	RpcLocator - ok
15:34:15.0025 2596	RpcSs           (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:34:15.0056 2596	RpcSs - ok
15:34:15.0088 2596	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
15:34:15.0103 2596	rspndr - ok
15:34:15.0134 2596	s3cap           (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
15:34:15.0166 2596	s3cap - ok
15:34:15.0197 2596	SamSs           (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:34:15.0212 2596	SamSs - ok
15:34:15.0259 2596	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\DRIVERS\sbp2port.sys
15:34:15.0275 2596	sbp2port - ok
15:34:15.0306 2596	SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
15:34:15.0337 2596	SCardSvr - ok
15:34:15.0368 2596	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
15:34:15.0415 2596	scfilter - ok
15:34:15.0493 2596	Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
15:34:15.0540 2596	Schedule - ok
15:34:15.0587 2596	SCPolicySvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:34:15.0618 2596	SCPolicySvc - ok
15:34:15.0665 2596	SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
15:34:15.0696 2596	SDRSVC - ok
15:34:15.0758 2596	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:34:15.0821 2596	secdrv - ok
15:34:15.0836 2596	seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
15:34:15.0868 2596	seclogon - ok
15:34:15.0899 2596	SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
15:34:15.0930 2596	SENS - ok
15:34:15.0930 2596	SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
15:34:15.0977 2596	SensrSvc - ok
15:34:15.0992 2596	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
15:34:16.0008 2596	Serenum - ok
15:34:16.0024 2596	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
15:34:16.0039 2596	Serial - ok
15:34:16.0070 2596	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
15:34:16.0086 2596	sermouse - ok
15:34:16.0148 2596	SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
15:34:16.0180 2596	SessionEnv - ok
15:34:16.0211 2596	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
15:34:16.0242 2596	sffdisk - ok
15:34:16.0258 2596	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
15:34:16.0273 2596	sffp_mmc - ok
15:34:16.0289 2596	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
15:34:16.0320 2596	sffp_sd - ok
15:34:16.0320 2596	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
15:34:16.0351 2596	sfloppy - ok
15:34:16.0382 2596	SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
15:34:16.0414 2596	SharedAccess - ok
15:34:16.0460 2596	ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
15:34:16.0492 2596	ShellHWDetection - ok
15:34:16.0507 2596	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:34:16.0523 2596	SiSRaid2 - ok
15:34:16.0538 2596	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
15:34:16.0554 2596	SiSRaid4 - ok
15:34:16.0570 2596	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
15:34:16.0601 2596	Smb - ok
15:34:16.0632 2596	SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
15:34:16.0663 2596	SNMPTRAP - ok
15:34:16.0679 2596	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
15:34:16.0694 2596	spldr - ok
15:34:16.0726 2596	Spooler         (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
15:34:16.0772 2596	Spooler - ok
15:34:16.0928 2596	sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
15:34:17.0006 2596	sppsvc - ok
15:34:17.0131 2596	sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
15:34:17.0162 2596	sppuinotify - ok
15:34:17.0240 2596	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
15:34:17.0287 2596	srv - ok
15:34:17.0318 2596	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
15:34:17.0350 2596	srv2 - ok
15:34:17.0381 2596	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
15:34:17.0396 2596	srvnet - ok
15:34:17.0443 2596	SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
15:34:17.0490 2596	SSDPSRV - ok
15:34:17.0490 2596	SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
15:34:17.0521 2596	SstpSvc - ok
15:34:17.0599 2596	Steam Client Service - ok
15:34:17.0630 2596	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
15:34:17.0646 2596	stexstor - ok
15:34:17.0708 2596	stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
15:34:17.0755 2596	stisvc - ok
15:34:17.0802 2596	storflt         (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
15:34:17.0818 2596	storflt - ok
15:34:17.0849 2596	storvsc         (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
15:34:17.0849 2596	storvsc - ok
15:34:17.0880 2596	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
15:34:17.0896 2596	swenum - ok
15:34:18.0005 2596	SwitchBoard     (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
15:34:18.0020 2596	SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
15:34:18.0020 2596	SwitchBoard - detected UnsignedFile.Multi.Generic (1)
15:34:18.0067 2596	swprv           (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
15:34:18.0130 2596	swprv - ok
15:34:18.0145 2596	Synth3dVsc - ok
15:34:18.0254 2596	SysMain         (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
15:34:18.0286 2596	SysMain - ok
15:34:18.0426 2596	TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
15:34:18.0457 2596	TabletInputService - ok
15:34:18.0504 2596	TapiSrv         (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
15:34:18.0566 2596	TapiSrv - ok
15:34:18.0582 2596	TBS             (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
15:34:18.0613 2596	TBS - ok
15:34:18.0738 2596	Tcpip           (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
15:34:18.0785 2596	Tcpip - ok
15:34:18.0878 2596	TCPIP6          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
15:34:18.0910 2596	TCPIP6 - ok
15:34:18.0972 2596	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
15:34:19.0003 2596	tcpipreg - ok
15:34:19.0034 2596	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
15:34:19.0081 2596	TDPIPE - ok
15:34:19.0112 2596	TDTCP           (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
15:34:19.0144 2596	TDTCP - ok
15:34:19.0190 2596	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
15:34:19.0237 2596	tdx - ok
15:34:19.0300 2596	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
15:34:19.0315 2596	TermDD - ok
15:34:19.0362 2596	TermService     (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
15:34:19.0409 2596	TermService - ok
15:34:19.0440 2596	Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
15:34:19.0487 2596	Themes - ok
15:34:19.0518 2596	THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:34:19.0565 2596	THREADORDER - ok
15:34:19.0580 2596	TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
15:34:19.0627 2596	TrkWks - ok
15:34:19.0908 2596	TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
15:34:19.0955 2596	TrustedInstaller - ok
15:34:19.0970 2596	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:34:20.0017 2596	tssecsrv - ok
15:34:20.0033 2596	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
15:34:20.0080 2596	TsUsbFlt - ok
15:34:20.0080 2596	tsusbhub - ok
15:34:20.0126 2596	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
15:34:20.0173 2596	tunnel - ok
15:34:20.0220 2596	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
15:34:20.0236 2596	uagp35 - ok
15:34:20.0267 2596	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
15:34:20.0329 2596	udfs - ok
15:34:20.0360 2596	UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
15:34:20.0360 2596	UI0Detect - ok
15:34:20.0392 2596	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
15:34:20.0407 2596	uliagpkx - ok
15:34:20.0423 2596	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
15:34:20.0454 2596	umbus - ok
15:34:20.0485 2596	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
15:34:20.0532 2596	UmPass - ok
15:34:20.0563 2596	UmRdpService    (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
15:34:20.0594 2596	UmRdpService - ok
15:34:20.0626 2596	upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
15:34:20.0657 2596	upnphost - ok
15:34:20.0704 2596	usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
15:34:20.0735 2596	usbccgp - ok
15:34:20.0797 2596	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
15:34:20.0813 2596	usbcir - ok
15:34:20.0860 2596	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
15:34:20.0922 2596	usbehci - ok
15:34:20.0969 2596	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
15:34:20.0984 2596	usbhub - ok
15:34:21.0016 2596	usbohci         (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
15:34:21.0031 2596	usbohci - ok
15:34:21.0031 2596	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
15:34:21.0078 2596	usbprint - ok
15:34:21.0109 2596	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:34:21.0156 2596	USBSTOR - ok
15:34:21.0203 2596	usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
15:34:21.0218 2596	usbuhci - ok
15:34:21.0250 2596	UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
15:34:21.0296 2596	UxSms - ok
15:34:21.0343 2596	VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:34:21.0343 2596	VaultSvc - ok
15:34:21.0374 2596	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
15:34:21.0390 2596	vdrvroot - ok
15:34:21.0437 2596	vds             (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
15:34:21.0499 2596	vds - ok
15:34:21.0562 2596	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
15:34:21.0577 2596	vga - ok
15:34:21.0593 2596	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
15:34:21.0655 2596	VgaSave - ok
15:34:21.0655 2596	VGPU - ok
15:34:21.0702 2596	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
15:34:21.0702 2596	vhdmp - ok
15:34:21.0749 2596	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
15:34:21.0764 2596	viaide - ok
15:34:21.0796 2596	vmbus           (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
15:34:21.0811 2596	vmbus - ok
15:34:21.0827 2596	VMBusHID        (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
15:34:21.0842 2596	VMBusHID - ok
15:34:21.0889 2596	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
15:34:21.0905 2596	volmgr - ok
15:34:21.0936 2596	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
15:34:21.0967 2596	volmgrx - ok
15:34:21.0983 2596	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
15:34:21.0998 2596	volsnap - ok
15:34:22.0030 2596	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
15:34:22.0045 2596	vsmraid - ok
15:34:22.0123 2596	VSS             (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
15:34:22.0186 2596	VSS - ok
15:34:22.0295 2596	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
15:34:22.0326 2596	vwifibus - ok
15:34:22.0373 2596	W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
15:34:22.0420 2596	W32Time - ok
15:34:22.0435 2596	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
15:34:22.0466 2596	WacomPen - ok
15:34:22.0544 2596	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:34:22.0591 2596	WANARP - ok
15:34:22.0607 2596	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:34:22.0638 2596	Wanarpv6 - ok
15:34:22.0732 2596	WatAdminSvc     (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
15:34:22.0763 2596	WatAdminSvc - ok
15:34:22.0856 2596	wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
15:34:22.0903 2596	wbengine - ok
15:34:23.0044 2596	WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
15:34:23.0059 2596	WbioSrvc - ok
15:34:23.0122 2596	wcncsvc         (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
15:34:23.0137 2596	wcncsvc - ok
15:34:23.0168 2596	WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
15:34:23.0200 2596	WcsPlugInService - ok
15:34:23.0262 2596	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
15:34:23.0278 2596	Wd - ok
15:34:23.0309 2596	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
15:34:23.0324 2596	Wdf01000 - ok
15:34:23.0340 2596	WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:34:23.0418 2596	WdiServiceHost - ok
15:34:23.0418 2596	WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:34:23.0434 2596	WdiSystemHost - ok
15:34:23.0480 2596	WebClient       (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
15:34:23.0527 2596	WebClient - ok
15:34:23.0543 2596	Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
15:34:23.0621 2596	Wecsvc - ok
15:34:23.0636 2596	wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
15:34:23.0699 2596	wercplsupport - ok
15:34:23.0730 2596	WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
15:34:23.0746 2596	WerSvc - ok
15:34:23.0839 2596	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
15:34:23.0870 2596	WfpLwf - ok
15:34:23.0886 2596	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
15:34:23.0902 2596	WIMMount - ok
15:34:23.0933 2596	WinDefend - ok
15:34:23.0948 2596	WinHttpAutoProxySvc - ok
15:34:24.0058 2596	Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
15:34:24.0089 2596	Winmgmt - ok
15:34:24.0198 2596	WinRM           (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
15:34:24.0276 2596	WinRM - ok
15:34:24.0448 2596	WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
15:34:24.0479 2596	WinUsb - ok
15:34:24.0541 2596	Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
15:34:24.0572 2596	Wlansvc - ok
15:34:24.0650 2596	wlcrasvc        (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
15:34:24.0666 2596	wlcrasvc - ok
15:34:24.0838 2596	wlidsvc         (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:34:24.0884 2596	wlidsvc - ok
15:34:25.0087 2596	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
15:34:25.0118 2596	WmiAcpi - ok
15:34:25.0212 2596	wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
15:34:25.0228 2596	wmiApSrv - ok
15:34:25.0259 2596	WMPNetworkSvc - ok
15:34:25.0306 2596	WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
15:34:25.0337 2596	WPCSvc - ok
15:34:25.0368 2596	WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
15:34:25.0384 2596	WPDBusEnum - ok
15:34:25.0415 2596	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
15:34:25.0477 2596	ws2ifsl - ok
15:34:25.0493 2596	wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
15:34:25.0540 2596	wscsvc - ok
15:34:25.0540 2596	WSearch - ok
15:34:25.0649 2596	wuauserv        (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
15:34:25.0696 2596	wuauserv - ok
15:34:25.0805 2596	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
15:34:25.0852 2596	WudfPf - ok
15:34:25.0883 2596	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:34:25.0945 2596	WUDFRd - ok
15:34:25.0961 2596	wudfsvc         (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
15:34:25.0992 2596	wudfsvc - ok
15:34:26.0023 2596	WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
15:34:26.0054 2596	WwanSvc - ok
15:34:26.0070 2596	MBR (0x1B8)     (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
15:34:26.0117 2596	\Device\Harddisk0\DR0 - ok
15:34:26.0132 2596	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
15:34:26.0382 2596	\Device\Harddisk1\DR1 - ok
15:34:26.0382 2596	Boot (0x1200)   (dcb5b116b3c1a961543d93d5d4e6a4da) \Device\Harddisk0\DR0\Partition0
15:34:26.0382 2596	\Device\Harddisk0\DR0\Partition0 - ok
15:34:26.0398 2596	Boot (0x1200)   (e0351fa93109f2b3d9c84362649bfd67) \Device\Harddisk1\DR1\Partition0
15:34:26.0398 2596	\Device\Harddisk1\DR1\Partition0 - ok
15:34:26.0413 2596	Boot (0x1200)   (5b7352a106ffa3369a2d123e180b7c2f) \Device\Harddisk1\DR1\Partition1
15:34:26.0413 2596	\Device\Harddisk1\DR1\Partition1 - ok
15:34:26.0429 2596	Boot (0x1200)   (260384792c5e0499b635dd269c2c44f5) \Device\Harddisk1\DR1\Partition2
15:34:26.0429 2596	\Device\Harddisk1\DR1\Partition2 - ok
15:34:26.0444 2596	Boot (0x1200)   (7c63510a78e2f9945801d9188859e9f8) \Device\Harddisk1\DR1\Partition3
15:34:26.0444 2596	\Device\Harddisk1\DR1\Partition3 - ok
15:34:26.0444 2596	============================================================
15:34:26.0444 2596	Scan finished
15:34:26.0444 2596	============================================================
15:34:26.0460 3132	Detected object count: 6
15:34:26.0460 3132	Actual detected object count: 6
15:34:44.0962 3132	AsSysCtrlService ( UnsignedFile.Multi.Generic ) - skipped by user
15:34:44.0962 3132	AsSysCtrlService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:34:44.0962 3132	Bonjour Service ( UnsignedFile.Multi.Generic ) - skipped by user
15:34:44.0962 3132	Bonjour Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:34:44.0962 3132	FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
15:34:44.0962 3132	FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:34:44.0962 3132	IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
15:34:44.0962 3132	IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:34:44.0962 3132	MarvinBus ( UnsignedFile.Multi.Generic ) - skipped by user
15:34:44.0962 3132	MarvinBus ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:34:44.0962 3132	SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
15:34:44.0962 3132	SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip

Grüße

cosinus · 03.08.2012, 13:09

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Pac11 · 03.08.2012, 13:54

Hi Arne,

auch der Scan mit Combo-Fix ist durch und lief ohne Probleme:

Code:

ATTFilter

ComboFix 12-07-31.05 - Pac 03.08.2012  14:29:12.1.2 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1031.18.6143.4738 [GMT 2:00]
ausgeführt von:: c:\users\Pac\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Pac\AppData\Local\assembly\tmp
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-07-03 bis 2012-08-03  ))))))))))))))))))))))))))))))
.
.
2012-08-01 15:14 . 2012-08-01 15:14	--------	d-----w-	C:\_OTL
2012-07-26 21:51 . 2012-07-26 21:51	--------	d-----w-	c:\program files (x86)\ESET
2012-07-26 21:40 . 2012-07-26 21:40	--------	d-----w-	c:\program files\Microsoft Silverlight
2012-07-26 21:40 . 2012-07-26 21:40	--------	d-----w-	c:\program files (x86)\Microsoft Silverlight
2012-07-26 21:36 . 2012-07-26 21:36	--------	d-----w-	c:\program files (x86)\Common Files\Java
2012-07-26 21:36 . 2012-07-26 21:36	772592	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2012-07-26 18:23 . 2012-07-26 18:23	--------	d-----w-	c:\users\Pac\AppData\Roaming\Malwarebytes
2012-07-26 18:23 . 2012-07-26 18:23	--------	d-----w-	c:\programdata\Malwarebytes
2012-07-26 18:23 . 2012-07-03 11:46	24904	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-07-16 19:55 . 2012-07-16 19:55	--------	d-----w-	c:\users\Pac\AppData\Roaming\dvdcss
2012-07-12 10:24 . 2012-07-12 10:24	--------	d-----w-	c:\program files (x86)\AMD APP
2012-07-11 01:06 . 2012-06-12 03:08	3148800	----a-w-	c:\windows\system32\win32k.sys
2012-07-11 01:03 . 2010-02-23 08:16	294912	----a-w-	c:\windows\system32\browserchoice.exe
2012-07-10 19:42 . 2012-04-24 05:37	184320	----a-w-	c:\windows\system32\cryptsvc.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-26 21:43 . 2012-04-03 17:12	426184	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-26 21:43 . 2011-06-23 00:03	70344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-26 21:36 . 2011-08-31 11:38	687600	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-07-11 01:01 . 2011-06-22 22:29	59701280	----a-w-	c:\windows\system32\MRT.exe
2012-06-11 11:50 . 2012-06-11 11:50	187392	----a-w-	c:\windows\system32\clinfo.exe
2012-06-11 11:50 . 2012-06-11 11:50	75264	----a-w-	c:\windows\system32\OpenVideo64.dll
2012-06-11 11:50 . 2012-06-11 11:50	65024	----a-w-	c:\windows\SysWow64\OpenVideo.dll
2012-06-11 11:50 . 2012-06-11 11:50	63488	----a-w-	c:\windows\system32\OVDecode64.dll
2012-06-11 11:50 . 2012-06-11 11:50	56320	----a-w-	c:\windows\SysWow64\OVDecode.dll
2012-06-11 11:50 . 2012-06-11 11:50	16457728	----a-w-	c:\windows\system32\amdocl64.dll
2012-06-11 11:49 . 2012-06-11 11:49	13008896	----a-w-	c:\windows\SysWow64\amdocl.dll
2012-06-02 22:19 . 2012-06-21 10:35	38424	----a-w-	c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 10:36	2428952	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 10:36	57880	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 10:36	44056	----a-w-	c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 10:35	701976	----a-w-	c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 10:36	2622464	----a-w-	c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 10:35	99840	----a-w-	c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-21 10:35	186752	----a-w-	c:\windows\system32\wuwebv.dll
2012-06-02 13:15 . 2012-06-21 10:35	36864	----a-w-	c:\windows\system32\wuapp.exe
2012-05-15 04:01 . 2012-06-14 10:54	1188864	----a-w-	c:\windows\system32\wininet.dll
2012-05-15 03:59 . 2012-06-14 10:54	64512	----a-w-	c:\windows\system32\jsproxy.dll
2012-05-15 03:03 . 2012-06-14 10:54	981504	----a-w-	c:\windows\SysWow64\wininet.dll
2012-05-08 22:20 . 2012-03-28 17:13	98848	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-05-08 22:20 . 2012-03-28 17:13	132832	----a-w-	c:\windows\system32\drivers\avipbb.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"EA Core"="e:\games\EADM\Core.exe" [2009-09-03 3342336]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-02-14 636032]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-08 348624]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
c:\users\Pac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Persbackup.lnk - e:\tools\Personal Backup 5\Persbackup.exe [2012-3-4 4066816]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AML Device Install.lnk - c:\program files (x86)\AMD AVT\bin\kdbsync.exe [2012-1-31 10752]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-17 136176]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-17 136176]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-18 113120]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-09 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-09-16 27760]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-02-15 235520]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-08 86224]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-04-02 90112]
S2 FreeAgentGoNext Service;Seagate Service;e:\tools\SeagateManager\Sync\FreeAgentService.exe [2009-05-01 181544]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-02-15 10856960]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-02-15 327680]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-08-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-17 20:37]
.
2012-08-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-17 20:37]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-05-22 7833120]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-05-22 1833504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: Interfaces\{E5F7393B-0DB1-4650-8E63-E93ABE7939A4}: NameServer = 192.168.123.1
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
FF - ProfilePath - c:\users\Pac\AppData\Roaming\Mozilla\Firefox\Profiles\ixdclqlm.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.spiegel.de|hxxp://www.bild.de|hxxp://www.comdirect.de|hxxp://www.bonusjaeger.de|hxxp://www.fcstpauli.com/index.php
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d9,5e,54,07,e2,1f,b1,4a,b0,e8,fb,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d9,5e,54,07,e2,1f,b1,4a,b0,e8,fb,\
.
[HKEY_USERS\S-1-5-21-2514236319-2276680423-263640637-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:c2,97,de,5a,f7,ee,16,14,63,9c,8a,5b,e8,25,77,05,8b,d2,d1,d3,51,66,88,
   e0,a0,bd,65,37,a7,33,04,fb,fb,c0,20,5a,d9,ef,4a,62,92,78,d9,c5,b3,1b,32,96,\
"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d
.
[HKEY_USERS\S-1-5-21-2514236319-2276680423-263640637-1000\Software\SecuROM\License information*]
"datasecu"=hex:70,ed,cf,e1,ea,b3,ea,5c,d4,c3,a2,36,40,70,62,c1,19,25,fa,af,bf,
   17,38,c1,67,34,37,7d,06,b2,76,93,79,5b,7f,03,f7,a2,92,de,83,aa,b9,56,ab,d8,\
"rkeysecu"=hex:1b,31,2b,b8,14,ad,c9,ec,8e,37,7c,1e,59,f5,26,b8
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
e:\tools\EPU-6 Engine\SixEngine.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-08-03  14:41:06 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-08-03 12:41
.
Vor Suchlauf: 11 Verzeichnis(se), 52.406.542.336 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 52.234.502.144 Bytes frei
.
- - End Of File - - D5AD36799E09189709A54C3689D3E524

Danke und Grüße
Pac

30.07.2012, 21:30	#6
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Live Security Platinum Befall Hätte da mal zwei Fragen bevor es weiter geht 1.) Geht der normale Modus von Windows (wieder) uneingeschränkt? 2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden? __________________ --> Live Security Platinum Befall

Live Security Platinum Befall

Plagegeister aller Art und deren Bekämpfung: Live Security Platinum Befall