Laptop fährt zu langsam hoch und hängt beim Systemaufbau

marble · 05.09.2012, 18:09

Moinmoin,

mein Laptop fährt seit kurzer Zeit spürbar langsam hoch. Der Desktopbildschirm lädt, jedoch sobald man auf Systemeinstellungen zugreifen möchte, wie Lautstärke oder ENergieeinstellungen, hängt er sich erstmal auf und arbeitet. Es dauert dann etwa 1-2 Minuten, bis er reagiert und bedienbar ist. Ab da an ist allerdings nichts besonderes mehr am PC selbst bemerkbar.

Ich bin mir nicht sicher, ob es überhaupt etwas mit einem Fremdbefall zu tun haben könnte. Ich lasse regelmäßig mal Malwarebytes laufen, habe aber noch nie einen Fund gehabt. Der letzte ist vom 31.08. und ich hab ihn mal angehängt. Ist er zu alt und ich sollte einen aktuellen anhängen?

Gruß

Code:

ATTFilter

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.31.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Tanja :: TANJA-PC [Administrator]

31.08.2012 14:07:40
mbam-log-2012-08-31 (14-07-40).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 399116
Laufzeit: 1 Stunde(n), 6 Minute(n), 39 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

...*schubbs*...

hatte jetzt gerade spontan einen BlueScreen beim Ausführen einiger Internetexplorer, sowie Excel. Er verschwand aber so schnell, dass ich den Fehlercode nicht notieren konnte.

cosinus · 06.09.2012, 16:18

Bitte erstmal routinemäßig einen neuen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

marble · 08.09.2012, 18:55

Entschuldige, es hat zwei Tage gedauert. Das Malwarebytes-File ist zwar zwei Tage alt, aber trotzdem druckfrisch...

INFO: Ich hatte befürchtet, dass es Java Trojaner wären und hatte vor zwei Wochen bereits Java deinstalliert.

Malwarebytes

Code:

ATTFilter

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.09.07.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Tanja :: TANJA-PC [Administrator]

07.09.2012 14:59:28
mbam-log-2012-09-07 (14-59-28).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 395393
Laufzeit: 56 Minute(n), 12 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

ESET:

Code:

ATTFilter

C:\Users\XXX\AppData\Local\Temp\jar_cache2115030174530410498.tmp	Java/Exploit.Blacole.EO trojan
C:\Users\XXX\AppData\Local\Temp\jar_cache4388557868353243239.tmp	a variant of Java/Exploit.CVE-2012-1723.AM trojan
C:\Users\XXX\AppData\Local\Temp\jar_cache6236878318313135437.tmp	a variant of Java/Exploit.CVE-2012-1723.AM trojan
C:\Users\XXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\214f304c-62fdeadf	multiple threats

Gruß und Danke

EDIT: Wir vertrauenswürdig ist Malwarebytes, wenn es nichts findet? Nur so zum Abschätzen...Danke

cosinus · 09.09.2012, 21:02

Zitat:

EDIT: Wir vertrauenswürdig ist Malwarebytes, wenn es nichts findet? Nur so zum Abschätzen...Danke

Merkwürdige Frage!
Statt Malwarebytes kannst du das zu jedem x-beliebigem anderen Virenscanner auch so stellen, vgl. => Vertrauen

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Suche.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)

marble · 09.09.2012, 22:03

ich hatte mich nur gewundert, dass Malwarebytes die nicht erkannte und mich gewundert, da dies ja mit eines der Standardtools in diesem Forum ist...aber du hast sicherlich recht, dass jedes Programm irgendwo seine Lücken hat.

AdwCleaner:

Code:

ATTFilter

# AdwCleaner v2.001 - Datei am 09/09/2012 um 23:00:00 erstellt
# Aktualisiert am 09/09/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : XXX - XXX-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\XXX\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\rkzhd2kw.default\searchplugins\Askcom.xml
Ordner Gefunden : C:\ProgramData\Ask
Ordner Gefunden : C:\Users\XXX\AppData\LocalLow\boost_interprocess

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v15.0 (de)

Profilname : default 
Datei : C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\rkzhd2kw.default\prefs.js

Gefunden : user_pref("browser.search.order.1", "Ask.com");
Gefunden : user_pref("extensions.enabledAddons", "DivXWebPlayer@divx.com:2.0.2.039,wrc@avast.com:7.0.1466,{23fc[...]

*************************

AdwCleaner[R1].txt - [1476 octets] - [09/09/2012 23:00:00]

########## EOF - C:\AdwCleaner[R1].txt - [1536 octets] ##########

Gruß

cosinus · 10.09.2012, 16:12

Ist das so unklar?

Verschiedene Virenscanner nutzen nun mal verschiedene Signaturen und auch verschiedene Techniken! Da gibt es zwangsläufig auch nun mal andere Ergebnisse!
Wäre auch sinnfrei wenn es zig Virenscanner gäbe und jeder arbeitet haargenau wie jeder andere

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Löschen.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x=fortlaufende Nummer)

marble · 10.09.2012, 16:43

nein nein, das war nicht unklar...alles ok

du kannst mir doch übrigens bestimmt sagen, ob man mittlerweile wieder problemlos java installieren kann und die sicherheitslücke geschlossen wurde, oder?

AdwCleaner:

Code:

ATTFilter

# AdwCleaner v2.001 - Datei am 09/10/2012 um 17:29:59 erstellt
# Aktualisiert am 09/09/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : XXX - XXX-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\XXX\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\rkzhd2kw.default\searchplugins\Askcom.xml
Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\Users\XXX\AppData\LocalLow\boost_interprocess

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.7601.17514

Wiederhergestellt : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v15.0 (de)

Profilname : default 
Datei : C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\rkzhd2kw.default\prefs.js

Gelöscht : user_pref("browser.search.order.1", "Ask.com");
Gelöscht : user_pref("extensions.enabledAddons", "DivXWebPlayer@divx.com:2.0.2.039,wrc@avast.com:7.0.1466,{23fc[...]

*************************

AdwCleaner[S1].txt - [1935 octets] - [10/09/2012 17:29:59]

########## EOF - C:\AdwCleaner[S1].txt - [1995 octets] ##########

Gruß

cosinus · 10.09.2012, 20:21

Wir kümmern uns eigentlich später um die Updates aber installier ruhig Java wenn es dir keine Ruhe lässt

Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

marble · 10.09.2012, 20:43

Entschuldige, ich wollte nicht drängeln. Wollte nur wissen, ob die Java Software immernoch so unsicher ist, wie sie vor einigen Wochen propagiert wurde.

Zu 1) Ja, der Systemaufbau erfolgt mittlerweile wieder deutlich schneller.
Zu 2) Ich kann nichts unnormales finden. Es scheint alles in Ordnung zu sein.

Gruß

cosinus · 10.09.2012, 21:59

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

marble · 10.09.2012, 22:45

Bitteschön...

OTL:

Code:

ATTFilter

OTL logfile created on: 9/10/2012 11:23:49 PM - Run 1
OTL by OldTimer - Version 3.2.61.3     Folder = C:\Users\XXX\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.92 Gb Total Physical Memory | 1.72 Gb Available Physical Memory | 58.86% Memory free
5.83 Gb Paging File | 4.53 Gb Available in Paging File | 77.77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 239.00 Gb Total Space | 135.88 Gb Free Space | 56.85% Space Free | Partition Type: NTFS
Drive D: | 38.99 Gb Total Space | 38.85 Gb Free Space | 99.65% Space Free | Partition Type: NTFS
 
Computer Name: XXX-PC | User Name: XXX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012/09/10 23:21:53 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\XXX\Desktop\OTL.exe
PRC - [2012/08/31 10:02:53 | 000,690,888 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_265_ActiveX.exe
PRC - [2012/08/21 11:12:26 | 004,282,728 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/08/21 11:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/07/27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/07/25 10:46:42 | 000,681,056 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\sua.exe
PRC - [2011/03/04 12:45:08 | 001,529,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2010/06/08 09:39:00 | 000,847,360 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2010/05/06 08:44:44 | 001,749,504 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
PRC - [2010/02/10 16:29:52 | 000,719,360 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
PRC - [2010/01/19 04:34:48 | 002,201,192 | ---- | M] (SEC) -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
PRC - [2009/03/05 11:54:50 | 000,311,296 | ---- | M] () -- C:\Windows\SysWOW64\Rezip.exe
PRC - [2008/08/29 15:20:56 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2006/08/12 05:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012/08/21 11:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010/05/05 08:15:12 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/04/29 16:57:24 | 000,944,928 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2012/09/10 20:19:36 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/06 03:25:06 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/25 10:46:44 | 001,326,176 | ---- | M] (Secunia) [On_Demand | Stopped] -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2012/07/25 10:46:42 | 000,681,056 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2011/03/04 12:45:08 | 001,529,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/05 11:54:50 | 000,311,296 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\Rezip.exe -- (Rezip)
SRV - [2008/08/29 15:20:56 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012/08/21 11:13:13 | 000,969,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/08/21 11:13:13 | 000,359,464 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/08/21 11:13:13 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/08/21 11:13:12 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/08/21 11:13:12 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012/08/21 11:13:11 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/24 23:23:32 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2011/11/24 23:23:28 | 000,098,616 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2011/08/02 18:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/07/05 12:55:30 | 004,745,280 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/04 12:51:50 | 000,306,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2010/11/20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/09/01 10:30:58 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI)
DRV:64bit: - [2010/05/05 08:47:10 | 006,789,632 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010/05/05 08:47:10 | 006,789,632 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/05/05 07:23:26 | 000,221,184 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/04/30 04:01:24 | 000,340,520 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2010/04/30 04:00:36 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010/04/30 04:00:34 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010/04/30 04:00:34 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2010/04/30 04:00:32 | 000,102,440 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010/04/28 08:57:50 | 000,061,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/04/27 09:57:04 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/04/01 02:25:14 | 000,136,192 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2010/03/31 02:35:26 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SABI.sys -- (SABI)
DRV:64bit: - [2010/02/27 02:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/08 08:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2010/01/29 09:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/09/28 11:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 22:35:42 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/03/02 14:12:18 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.SYS -- (SSPORT)
DRV:64bit: - [2009/03/02 14:12:14 | 000,053,816 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\DGIVECP.SYS -- (DgiVecp)
DRV:64bit: - [2008/11/16 18:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV - [2010/11/09 22:15:49 | 000,015,144 | ---- | M] (Windows (R) 2003 DDK 3790 provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\rtport.sys -- (rtport)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2004/05/17 15:04:16 | 000,041,984 | ---- | M] (DeviceGuys, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\DGIVECP.SYS -- (DgiVecp)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://samsung.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-21-2949563268-3681810927-3286423182-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung.msn.com
IE - HKU\S-1-5-21-2949563268-3681810927-3286423182-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-2949563268-3681810927-3286423182-1001\..\SearchScopes,DefaultScope = {35A4B224-DFD8-448A-A829-1BECF3CB13DD}
IE - HKU\S-1-5-21-2949563268-3681810927-3286423182-1001\..\SearchScopes\{35A4B224-DFD8-448A-A829-1BECF3CB13DD}: "URL" = hxxp://www.google.com/search?q={searchTerms}&amp;sourceid=ie7&amp;rls=com.microsoft:{language}:{referrer:source}&amp;ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-2949563268-3681810927-3286423182-1001\..\SearchScopes\{82ED5619-C4B5-4119-A765-C5FE2D05CF02}: "URL" = hxxp://de.wikipedia.org/w/index.php?title=Spezial:Suche&search={searchTerms}
IE - HKU\S-1-5-21-2949563268-3681810927-3286423182-1001\..\SearchScopes\{A8106BDD-AC13-4DFD-8B36-8D0D4787DC7A}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=C9153ECE-EE1C-43F3-B842-956CECC02BCA&apn_sauid=EDAF4958-CC92-4A48-8A0C-76BCC09A572C
IE - HKU\S-1-5-21-2949563268-3681810927-3286423182-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2949563268-3681810927-3286423182-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/08/31 10:24:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/01/03 12:41:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/10 20:46:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/09/10 20:35:40 | 000,000,000 | ---D | M]
 
[2012/09/10 21:47:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\Extensions
[2012/09/10 20:46:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012/09/06 03:26:03 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/09/06 04:07:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/09/06 04:07:37 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/09/06 04:07:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012/09/06 04:07:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/09/06 04:07:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/09/06 04:07:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg64.dll (Google Inc.)
O2:64bit: - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-2949563268-3681810927-3286423182-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab (CeWe Color AG & Co. OHG Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3F0A0EE2-169B-499B-8E48-FE34D7B9DA4C}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\dssrequest - No CLSID value found
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\dssrequest - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{35a91080-4924-11e1-84a6-001bb1d08b3f}\Shell - "" = AutoRun
O33 - MountPoints2\{35a91080-4924-11e1-84a6-001bb1d08b3f}\Shell\AutoRun\command - "" = "G:\Adobe CS5\Set-up.exe"
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
 
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk - C:\PROGRA~1\WIDCOMM\BLUETO~1\BTTray.exe - (Broadcom Corporation.)
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: AdobeAAMUpdater-1.0 - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: AdobeCS5ServiceManager - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: DAEMON Tools Lite - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: PDFPrint - hkey= - key= - C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: RssReader - hkey= - key= - C:\Users\XXX\AppData\Roaming\Qlikworld\RSSReader\RSSReader.exe (QlikWorld BV)
MsConfig:64bit - StartUpReg: Samsung Common SM - hkey= - key= - C:\Windows\Samsung\ComSMMgr\ssmmgr.exe (Samsung Electronics.)
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= -  File not found
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: mcmscsvc - Service
SafeBootMin:64bit: MCODS - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: mcmscsvc - Service
SafeBootMin: MCODS - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: mcmscsvc - Service
SafeBootNet:64bit: MCODS - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: MpfService - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: mcmscsvc - Service
SafeBootNet: MCODS - Service
SafeBootNet: Messenger - Service
SafeBootNet: MpfService - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/09/10 23:21:49 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\XXX\Desktop\OTL.exe
[2012/09/10 21:47:09 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\Mozilla
[2012/09/10 20:46:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/09/10 20:34:45 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/09/10 20:28:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/09/10 20:28:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2012/09/10 20:26:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/09/10 20:26:08 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/09/10 20:26:07 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/09/10 20:26:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/09/10 20:14:11 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Local\Secunia PSI
[2012/09/10 20:13:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secunia
[2012/09/09 14:19:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/09/09 13:10:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/09/09 13:10:45 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/09/07 16:01:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/08/31 10:24:44 | 000,054,072 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
 
========== Files - Modified Within 30 Days ==========
 
[2012/09/10 23:27:43 | 000,013,936 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/10 23:27:43 | 000,013,936 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/10 23:21:53 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\XXX\Desktop\OTL.exe
[2012/09/10 23:20:24 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/10 23:19:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/10 23:19:51 | 3131,219,968 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/10 21:41:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/10 20:46:30 | 000,001,134 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/09/10 20:42:07 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/09/10 20:26:59 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/09/06 13:22:15 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/09/02 10:49:54 | 000,000,330 | ---- | M] () -- C:\Users\XXX\Desktop\Zattoo.url
[2012/08/31 10:00:19 | 004,976,072 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/08/28 20:08:29 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/28 20:08:29 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012/08/28 20:08:29 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/28 20:08:29 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012/08/28 20:08:29 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/21 11:13:13 | 000,969,200 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/08/21 11:13:13 | 000,359,464 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/08/21 11:13:13 | 000,059,728 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/08/21 11:13:12 | 000,071,600 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/08/21 11:13:12 | 000,054,072 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012/08/21 11:13:11 | 000,025,232 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/08/21 11:12:33 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/08/21 11:12:23 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/08/21 11:12:02 | 000,285,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
 
========== Files Created - No Company Name ==========
 
[2012/09/10 20:46:30 | 000,001,134 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/09/10 20:35:40 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/09/10 20:26:59 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/09/10 20:13:59 | 000,001,073 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
[2012/09/02 10:49:54 | 000,000,330 | ---- | C] () -- C:\Users\XXX\Desktop\Zattoo.url
[2012/02/05 18:47:54 | 000,000,600 | ---- | C] () -- C:\Users\XXX\AppData\Roaming\winscp.rnd
[2012/01/22 13:13:50 | 000,017,408 | ---- | C] () -- C:\Users\XXX\AppData\Local\WebpageIcons.db
[2011/05/28 18:51:23 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
 
========== LOP Check ==========
 
[2012/02/15 22:53:36 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/09/09 13:12:17 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\DAEMON Tools Lite
[2012/09/06 15:21:40 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\ICQ
[2011/09/07 11:36:38 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\klickTel
[2011/12/31 14:03:54 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Mp3tag
[2011/05/28 22:41:01 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Qlikworld
[2012/01/27 23:36:37 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012/08/05 17:32:43 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012/09/09 13:05:26 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Adobe
[2012/01/27 23:36:37 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Adobe Mini Bridge CS5
[2012/01/29 22:41:19 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Apple Computer
[2011/05/28 19:07:04 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\ATI
[2012/02/15 22:53:36 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/09/09 13:12:17 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\DAEMON Tools Lite
[2012/01/09 10:57:56 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\DivX
[2011/05/29 11:55:04 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Google
[2012/09/06 15:21:40 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\ICQ
[2011/05/28 19:06:20 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Identities
[2011/09/07 11:36:38 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\klickTel
[2011/05/28 19:15:36 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Macromedia
[2012/01/27 20:59:01 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Malwarebytes
[2010/08/12 22:41:26 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Media Center Programs
[2012/08/02 13:28:58 | 000,000,000 | --SD | M] -- C:\Users\XXX\AppData\Roaming\Microsoft
[2012/09/10 21:47:13 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Mozilla
[2011/12/31 14:03:54 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Mp3tag
[2011/05/29 12:31:46 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Nero
[2011/05/28 22:41:01 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Qlikworld
[2012/01/27 23:36:37 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012/09/09 13:12:17 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Winamp
[2011/07/13 12:23:06 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2012/01/27 22:57:12 | 000,038,784 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2011/06/06 14:16:30 | 000,043,646 | R--- | M] () -- C:\Users\XXX\AppData\Roaming\Microsoft\Installer\{071F3745-E389-4345-86DF-E80B55446FCE}\ARPPRODUCTICON.exe
[2008/10/24 14:54:24 | 003,067,904 | ---- | M] (QlikWorld BV) -- C:\Users\XXX\AppData\Roaming\Qlikworld\RSSReader\RSSReader.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2010/04/27 09:57:04 | 000,540,696 | ---- | M] (Intel Corporation) MD5=A5F72BB0D024E7E463344105BE613AE4 -- C:\Windows\SysNative\drivers\iaStor.sys
[2010/04/27 09:57:04 | 000,540,696 | ---- | M] (Intel Corporation) MD5=A5F72BB0D024E7E463344105BE613AE4 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_c62e28b241ae90ea\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010/11/20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011/03/11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011/03/11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011/03/11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011/03/11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011/03/11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009/07/14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009/07/14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010/11/20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010/11/20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009/07/14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011/03/11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011/03/11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011/03/11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011/03/11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011/03/11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010/11/20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010/11/20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010/11/20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010/11/20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009/07/14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009/07/14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010/11/20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010/11/20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009/07/14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009/07/14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010/11/20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/10/28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009/07/14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009/07/14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >

< End of report >

Extras:

Code:

ATTFilter

OTL Extras logfile created on: 9/10/2012 11:23:49 PM - Run 1
OTL by OldTimer - Version 3.2.61.3     Folder = C:\Users\XXX\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.92 Gb Total Physical Memory | 1.72 Gb Available Physical Memory | 58.86% Memory free
5.83 Gb Paging File | 4.53 Gb Available in Paging File | 77.77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 239.00 Gb Total Space | 135.88 Gb Free Space | 56.85% Space Free | Partition Type: NTFS
Drive D: | 38.99 Gb Total Space | 38.85 Gb Free Space | 99.65% Space Free | Partition Type: NTFS
 
Computer Name: XXX-PC | User Name: XXX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02952D7A-436D-4884-AC9E-891A022195E9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{19262199-7D1B-4E05-8CBA-06E6901D8ABA}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{1D43C71C-3914-45C7-A6F7-6D63957BB5D0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{28ECA04F-D2F3-4E3C-8D93-AFC517890EE1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{305E79B0-C0BD-490D-9DEB-02302ECC23D9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{36169228-B2E4-40AA-BB70-F0DB0C79EDA8}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{40AAF8E7-DC4B-4A79-BEF1-67349C6A5F5C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4102061F-1109-4606-8278-EDE353A9FE98}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{43EEDD84-3F81-4982-8077-978FDF487F32}" = lport=138 | protocol=17 | dir=in | app=system | 
"{468725CD-125A-4C48-9354-3F3537253A99}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4D37C66F-4980-466F-9AFA-E4141A88D485}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4F10D64A-362A-483D-BBD9-6CC994675F12}" = lport=445 | protocol=6 | dir=in | app=system | 
"{680AEC5C-B1EB-421C-9ED0-F5124F88A170}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{8C881F73-446A-4300-ABC1-99CBD59CA1A4}" = lport=139 | protocol=6 | dir=in | app=system | 
"{9088DCF9-17E9-45DA-8220-A1B89169B9E2}" = rport=445 | protocol=6 | dir=out | app=system | 
"{9522DEE4-2A93-40C3-8072-E3C8B31B8CA5}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{97B0BAAB-D419-4E7B-BBC5-513267364553}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A14D65C3-3404-4E36-B1C1-3DABA3DBEBE9}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{A4F71C90-A0A1-4247-8D47-3832AC8452AE}" = rport=137 | protocol=17 | dir=out | app=system | 
"{AF9C1A2D-D935-4B69-BC5A-FD18E4066F83}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
"{BE02D507-5A01-4BDA-BB1D-A32D42AB87E1}" = rport=138 | protocol=17 | dir=out | app=system | 
"{D9E1247D-60B5-45E1-8007-4C01D988DB56}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E155EDE9-776F-44AC-9ADA-54499D82191B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E7636CC4-FF0A-4FC1-A627-70569F5F2CFB}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{EAFB19D7-B8D9-4A61-BCFA-1B2DE31ACD51}" = lport=137 | protocol=17 | dir=in | app=system | 
"{FC482FB4-67C5-44D1-AA86-BAA32E9263F8}" = rport=139 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1576762C-E97A-4C3B-81E0-D022F86744B4}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"{17E622DC-34D5-400E-BA76-FDF1CC00ADD6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{1A883AB7-E21C-42C1-BBA6-052C038511A9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{1E798FB5-C538-4189-836F-0BA8A26E12B9}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{28EE450B-52D0-40DA-9972-F7545CD4614C}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"{2EB4B6AE-E9D8-415C-ACFF-0F7227B5006F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{5385519A-4EAA-48A2-9D5D-B9A18DCBA2D3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{63D8172E-C87E-45F7-A92A-DC3C9F254935}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6732CF41-6DB8-4BEE-9DC7-1B2B914A5872}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{73A4E7A9-2DBE-4EEA-AA17-DA6ED7FEBBD6}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{798F8495-0E97-4318-8420-6D0ACE6F5D10}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{7D6573C2-B6B7-4796-A529-BB3685F6A980}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7E3C5D28-5ED5-403A-8CFF-2989222184AF}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{852554F1-D12B-4550-A18B-E856DB20640C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8D4368A9-EE48-4C70-A4B3-1A0120AB29C9}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{8DD25F88-3F1F-48D6-B915-371676DF18A5}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{8E06D079-BD62-4EA5-B35C-543896733B8F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{8FA87DD1-013B-4EB2-9986-8FF4B172D289}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | 
"{90F01D0D-4F8F-4729-96D0-B2B1DA340DFF}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{9174FBF7-8C64-436F-9AB0-BC13438DE1FC}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{9197C549-4530-49D0-AB3A-805B5343402C}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{9DAB19AA-2074-4306-B31B-A7E9D3905D2A}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"{A707831D-824E-47EB-BFC4-AEE257EEFB78}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"{AF9FE5BA-184D-403D-A3D5-136C37A070AC}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{B9237FBC-0FDA-4DB2-961C-1E007859B05A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{B9571C6D-2E83-4BA5-8985-DAFE9CE31AD0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{C1097537-CB0D-47AE-A5A5-8154E095755E}" = protocol=6 | dir=out | app=system | 
"{C57B7E4E-B8CE-451D-9F11-F509CA43304F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{C956A1CD-69B2-4B18-8B12-B8D841C3A31E}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{C9735109-294D-492E-8556-59FF1BB02866}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{CA526859-B833-4161-A03E-AE25DEC56CC1}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{E4AA7772-4726-4933-8944-5D7FC51D58AB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E84E240F-2B41-48BE-88A4-AFB2D2AE410C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{EAFF4FED-39C0-4591-8C74-D84DCEA93DE1}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{F686B18A-0909-44E1-BFE7-772FC47BA8E1}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F785A631-8D8B-4F3C-957B-A2336A2E0535}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"TCP Query User{2F254734-EDBD-4304-852F-A5AE101E38BC}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"TCP Query User{2F62D84D-2166-410B-B31B-0520EC4A8E81}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"UDP Query User{0B5E5FDA-A086-4DB1-A30A-FE55CE0F3BD8}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"UDP Query User{14426EF6-5722-4358-A66D-92509DD3492C}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{17B77355-3934-4D0E-8FAC-C420482C8E7D}" = Windows Live Family Safety
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}" = Cisco Systems VPN Client 5.0.07.0440
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F82D3110-2996-B896-9ADC-394C18071095}" = ccc-utility64
"{F8FEEFC0-D7D6-9A40-28E9-1E7A6716E803}" = ATI Catalyst Install Manager
"Broadcom 802.11 Network Adapter" = Broadcom 802.11 Network Adapter
"CCleaner" = CCleaner
"Elantech" = ETDWare PS/2-x64 7.0.7.0_WHQL
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{058E7BC0-15C3-D5F6-FD8D-34E4B44E4F82}" = CCC Help Thai
"{0711500B-9912-4D60-9A49-C577B4503D42}" = Nero Recode Help
"{071F3745-E389-4345-86DF-E80B55446FCE}" = FC Bayern München - NewsBox
"{07FF7593-9DEA-40B5-9F87-F557E65BBF60}" = Nero Recode
"{085C9E07-E122-DECF-350D-5CB3594EC54D}" = Catalyst Control Center Graphics Previews Common
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F796312-289C-40CA-856C-9FBCF5E83342}" = REALTEK Wireless LAN Software
"{11A5DA06-82B8-B47C-B6A9-6BFA8008108C}" = CCC Help Dutch
"{11A84FCA-C3C7-4AFD-A797-111DB8569DBC}" = Nero BurningROM
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{12345674-DE9A-677A-CCEE-666356D89777}" = Nero BurnRights
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1B040683-C390-4711-ABC7-DA8D85E470E7}" = NeroBurningROM
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{283EFC5E-041A-4AC7-8824-2F33695EBC11}" = CCC Help Korean
"{2860cb46-199b-4226-a807-bd5c29652185}" = Nero 9
"{2D3455A8-3B15-41A8-99F8-0D4215746463}" = Nero StartSmart
"{2D4E3A20-01D9-713F-2CD5-15FBD9312F28}" = CCC Help Chinese Traditional
"{2DDC70C1-C77A-4D08-89D2-9AB648504533}" = Easy Content Share
"{3097B151-1F61-4211-A4CC-D70127B226AE}" = SoundTrax
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{31CABF76-F113-30F6-1BF1-19CA660C72B4}" = CCC Help Finnish
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F30CC51-0788-487B-AA83-7214A239C0C0}" = Nero Disc Copy Gadget Help
"{41DFDA2C-13E2-48C4-AB2F-F97A7A88A46F}" = Evangeliar Ottos III.
"{43609114-F9B7-48AA-BAAC-F320BB5E88DD}" = CCC Help Spanish
"{4A331D24-A9E8-484F-835E-1BA7B139689C}" = EasyBatteryManager
"{4A87034C-621A-DAC1-D7C3-FB9102A453D4}" = CCC Help Japanese
"{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}" = Nero ControlCenter
"{4FBB6BFD-774C-E86B-84E6-23C08FD76C0C}" = Catalyst Control Center Graphics Light
"{56BE5CC9-95E6-4128-ABEA-968414CA9C80}" = DolbyFiles
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5A1084A3-79B7-480C-9275-D8AA0CCEFA52}" = RUBICon
"{5A62A775-A29A-4CE1-BBC2-4A9CD0B211EF}" = Nero Live Help
"{5AE12194-3EAA-40DF-B2BF-FE1D6B78BBF4}" = Nero Vision
"{5C2E8A0F-80E2-4C68-8CC0-D8D16E7196BF}" = Nero RescueAgent Help
"{5C9BB0B3-E830-4814-BBA4-D93535E1C7B9}" = Nero Live
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6BCE77FA-82A3-E502-0956-AA9AE0E169D0}" = CCC Help English
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74A579FB-EB06-497D-B194-01590D6FE51A}" = BatteryLifeExtender
"{75321954-2589-11DC-DDCC-E98356D81493}" = Nero DriveSpeed
"{753973C4-B961-43BF-B2D4-3C8C92F7216E}" = Nero DriveSpeed
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{78523651-D8B1-11DC-CCEE-741589645873}" = Nero DiscSpeed
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78FDD286-2C51-17B5-22BC-DA769D237E1A}" = CCC Help Swedish
"{79B0F7B2-31BD-D377-CCA2-F647601283C0}" = CCC Help Polish
"{80059A57-F141-5556-7FA2-CD97EB8A05F9}" = CCC Help Danish
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 3.6.0
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110109903}" = Flip Words
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110160733}" = Slingo
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110245793}" = Insaniquarium Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110521483}" = Gem Shop
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111768557}" = Bonbon Quest
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{943CC0C0-2253-4FE0-9493-DD386F7857FD}" = Nero Express
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{961D53EA-40DC-4156-AD74-25684CE05F81}" = Nero Installer
"{983D01A7-FD14-5F70-9A46-3DBE1C0A3FFF}" = Catalyst Control Center InstallProxy
"{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C51C947-7E8D-3EEB-6087-276446E4914C}" = CCC Help Hungarian
"{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center
"{A73BEC3C-40A0-480E-87EF-EFCD33629088}" = NeroExpress
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AABBCC54-D8B1-11DC-92EF-E98356D81493}" = Nero DiscSpeed
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B1FA9E3F-86F3-136A-84DA-809A40458243}" = CCC Help Russian
"{B2C12C8D-65DC-40BD-B309-5ADB0C6C8D8F}" = Nero WaveEditor
"{B6D8DC8C-F077-4631-A221-4D5E1D8E87E7}" = Catalyst Control Center - Branding
"{B7FB9C80-A61F-6BFE-7F93-C493AC3F9E91}" = CCC Help Turkish
"{B91B9BD2-C3D1-2632-26C9-170EB39CADAC}" = CCC Help Greek
"{B96C2601-52F5-4D5D-816A-63469EA311EF}" = "Nero SoundTrax Help
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{BCD82AB5-670D-4242-90FA-1F97103C16CD}" = Movie Templates - Starter Kit
"{BD8D4FE1-8E1D-2D41-ED33-3E2B64ED3AF3}" = CCC Help Chinese Standard
"{C28CE716-3F07-528A-6CC8-FDF2865BCAAF}" = ccc-core-static
"{C4582EED-A3FB-4358-8F3F-8C994460DF28}" = EasyFileShare
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C99C89A3-119A-45E6-B26E-DD5643CAA0C5}" = Menu Templates - Starter Kit
"{C9F9C082-A19F-9672-4F78-CC93F363A07D}" = CCC Help Norwegian
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CD1826A5-CFCC-4C6E-9F9D-E181876162EA}" = Nero Rescue Agent
"{CEF185AA-392D-82EF-339B-F36547C0D9F8}" = Catalyst Control Center Core Implementation
"{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program
"{D1886477-86CD-8365-CE96-42AD6F950ED0}" = CCC Help Italian
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D1F6FBBB-B204-459A-9BF8-D06FFAB96CCC}_is1" = Game Pack
"{D1FAD629-67C3-B9D5-FD06-73A4EF76528A}" = CCC Help Portuguese
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{D53D7F78-94AC-CE27-199E-5F509437C7E6}" = Catalyst Control Center Graphics Previews Vista
"{D55BE2BD-14D6-E8AA-A1C0-519C50E28EB2}" = Catalyst Control Center Graphics Full Existing
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{D7C206B6-1A63-4389-A8B1-8F607D0BFF1F}" = Nero StartSmart Help
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E4A8DD87-A746-4443-BF25-CAF99CED6767}" = Nero Disc Copy Gadget
"{E86156E5-9859-440D-8876-26CED1349802}" = Nero WaveEditor Help
"{E91CD838-0ED0-0BCD-ECAF-1A089F1A27E5}" = CCC Help Czech
"{EA9FFE54-D8B1-11DC-92EF-E98356D81493}" = Nero BurnRights
"{EF1E3D76-6F52-3F63-6848-346ACD86096D}" = CCC Help German
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F0B13553-B3CA-76A9-182A-9E352F4EB749}" = Catalyst Control Center Graphics Full New
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F53F6769-AC46-49E3-ABE3-2C8AFD39D0DD}" = Nero Vision
"{F6340C10-589F-7D1E-1819-2F8CF6247505}" = CCC Help French
"{F687E657-F636-44DF-8125-9FEEA2C362F5}" = Samsung Support Center
"{F9557866-B4C8-4CE5-8508-0E386BDC20B2}" = Easy Network Manager
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FFE45CD9-4070-78E3-5794-8575B389336E}" = Catalyst Control Center Localization All
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Free Antivirus
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DivX Setup" = DivX-Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{41DFDA2C-13E2-48C4-AB2F-F97A7A88A46F}" = Evangeliar Ottos III.
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Marvell Miniport Driver" = Marvell Miniport Driver
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3tag" = Mp3tag v2.49a
"Samsung ML-1610 Series" = Samsung ML-1610 Series
"Secunia PSI" = Secunia PSI (3.0.0.3001)
"SecureW2 EAP Suite" = SecureW2 EAP Suite 2.0.4 for Windows
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 8/18/2012 5:50:37 AM | Computer Name = XXX-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 8/18/2012 5:51:19 AM | Computer Name = XXX-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 8/18/2012 5:52:13 AM | Computer Name = XXX-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
 (x86)\Nero\Nero 9\Nero Recode\Recode.exe.Manifest". Fehler in  Manifest- oder Richtliniendatei
 "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
 mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt stehende Komponenten:.
Komponente
 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 8/19/2012 8:34:26 AM | Computer Name = XXX-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 8/19/2012 8:35:03 AM | Computer Name = XXX-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 8/19/2012 8:35:57 AM | Computer Name = XXX-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
 (x86)\Nero\Nero 9\Nero Recode\Recode.exe.Manifest". Fehler in  Manifest- oder Richtliniendatei
 "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
 mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt stehende Komponenten:.
Komponente
 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 8/20/2012 11:38:35 AM | Computer Name = XXX-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7601.17514,
 Zeitstempel: 0x4ce79912  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000  ID des fehlerhaften
 Prozesses: 0x1b04  Startzeit der fehlerhaften Anwendung: 0x01cd7ee66ec26395  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe  Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: 1a5a9c3f-eadd-11e1-9ecc-001bb1d08b3f
 
Error - 8/27/2012 6:23:42 AM | Computer Name = XXX-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 8/27/2012 6:24:32 AM | Computer Name = XXX-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 8/27/2012 6:25:47 AM | Computer Name = XXX-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
 (x86)\Nero\Nero 9\Nero Recode\Recode.exe.Manifest". Fehler in  Manifest- oder Richtliniendatei
 "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
 mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt stehende Komponenten:.
Komponente
 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
[ System Events ]
Error - 9/6/2012 6:53:55 AM | Computer Name = XXX-PC | Source = BugCheck | ID = 1001
Description = 
 
Error - 9/6/2012 6:54:29 AM | Computer Name = XXX-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Apple Mobile Device erreicht.
 
Error - 9/6/2012 6:54:29 AM | Computer Name = XXX-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Apple Mobile Device" wurde aufgrund folgenden Fehlers 
nicht gestartet:   %%1053
 
Error - 9/6/2012 6:54:54 AM | Computer Name = XXX-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%2
 
Error - 9/7/2012 8:51:48 AM | Computer Name = XXX-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%2
 
Error - 9/8/2012 11:50:17 AM | Computer Name = XXX-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%2
 
Error - 9/9/2012 5:21:11 AM | Computer Name = XXX-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%2
 
Error - 9/9/2012 4:54:13 PM | Computer Name = XXX-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%-1073473535.
 
Error - 9/9/2012 4:54:13 PM | Computer Name = XXX-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
 Neustart des Diensts.
 
Error - 9/10/2012 2:24:01 PM | Computer Name = XXX-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Apple Mobile Device" wurde unerwartet beendet. Dies ist
 bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
 durchgeführt: Neustart des Diensts.
 
 
< End of report >

cosinus · 11.09.2012, 13:31

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
FF - user.js - File not found
IE - HKU\S-1-5-21-2949563268-3681810927-3286423182-1001\..\SearchScopes\{A8106BDD-AC13-4DFD-8B36-8D0D4787DC7A}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=C9153ECE-EE1C-43F3-B842-956CECC02BCA&apn_sauid=EDAF4958-CC92-4A48-8A0C-76BCC09A572C
O2:64bit: - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{35a91080-4924-11e1-84a6-001bb1d08b3f}\Shell - "" = AutoRun
O33 - MountPoints2\{35a91080-4924-11e1-84a6-001bb1d08b3f}\Shell\AutoRun\command - "" = "G:\Adobe CS5\Set-up.exe"
:Files
C:\ProgramData\FullRemove.exe
C:\Users\XXX\AppData\LocalLow\Sun\Java\Deployment\cache
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

marble · 11.09.2012, 13:56

Alles getan.

OTL:

Code:

ATTFilter

All processes killed
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-2949563268-3681810927-3286423182-1001\Software\Microsoft\Internet Explorer\SearchScopes\{A8106BDD-AC13-4DFD-8B36-8D0D4787DC7A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A8106BDD-AC13-4DFD-8B36-8D0D4787DC7A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{35a91080-4924-11e1-84a6-001bb1d08b3f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{35a91080-4924-11e1-84a6-001bb1d08b3f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{35a91080-4924-11e1-84a6-001bb1d08b3f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{35a91080-4924-11e1-84a6-001bb1d08b3f}\ not found.
File "G:\Adobe CS5\Set-up.exe" not found.
========== FILES ==========
C:\ProgramData\FullRemove.exe moved successfully.
File\Folder C:\Users\XXX\AppData\LocalLow\Sun\Java\Deployment\cache not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\XXX\Desktop\cmd.bat deleted successfully.
C:\Users\XXX\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56468 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: XXX
->Temp folder emptied: 138990373 bytes
->Temporary Internet Files folder emptied: 53691868 bytes
->Java cache emptied: 43210242 bytes
->FireFox cache emptied: 6032985 bytes
->Flash cache emptied: 42919 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 37194 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67832 bytes
RecycleBin emptied: 473411005 bytes
 
Total Files Cleaned = 682.00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.61.3 log created on 09112012_145020

Files\Folders moved on Reboot...
C:\Users\XXX\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\XXX\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QPMVN3LV\123558-laptop-faehrt-langsam-hoch-haengt-beim-systemaufbau-2[1].html not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Gruß

cosinus · 11.09.2012, 20:22

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

marble · 11.09.2012, 20:37

done...

Code:

ATTFilter

21:32:19.0130 2088  TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
21:32:19.0300 2088  ============================================================
21:32:19.0300 2088  Current date / time: 2012/09/11 21:32:19.0300
21:32:19.0300 2088  SystemInfo:
21:32:19.0300 2088  
21:32:19.0300 2088  OS Version: 6.1.7601 ServicePack: 1.0
21:32:19.0300 2088  Product type: Workstation
21:32:19.0300 2088  ComputerName: XXX-PC
21:32:19.0300 2088  UserName: XXX
21:32:19.0300 2088  Windows directory: C:\Windows
21:32:19.0300 2088  System windows directory: C:\Windows
21:32:19.0300 2088  Running under WOW64
21:32:19.0300 2088  Processor architecture: Intel x64
21:32:19.0300 2088  Number of processors: 4
21:32:19.0300 2088  Page size: 0x1000
21:32:19.0300 2088  Boot type: Normal boot
21:32:19.0300 2088  ============================================================
21:32:20.0020 2088  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:32:20.0030 2088  ============================================================
21:32:20.0030 2088  \Device\Harddisk0\DR0:
21:32:20.0030 2088  MBR partitions:
21:32:20.0030 2088  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2800800, BlocksNum 0x32000
21:32:20.0030 2088  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2832800, BlocksNum 0x1DE00000
21:32:20.0060 2088  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x20633000, BlocksNum 0x4DFB000
21:32:20.0060 2088  ============================================================
21:32:20.0110 2088  C: <-> \Device\Harddisk0\DR0\Partition2
21:32:20.0160 2088  D: <-> \Device\Harddisk0\DR0\Partition3
21:32:20.0160 2088  ============================================================
21:32:20.0160 2088  Initialize success
21:32:20.0160 2088  ============================================================
21:33:48.0147 5952  ============================================================
21:33:48.0147 5952  Scan started
21:33:48.0147 5952  Mode: Manual; SigCheck; TDLFS; 
21:33:48.0147 5952  ============================================================
21:33:49.0021 5952  ================ Scan system memory ========================
21:33:49.0021 5952  System memory - ok
21:33:49.0022 5952  ================ Scan services =============================
21:33:49.0211 5952  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
21:33:49.0363 5952  1394ohci - ok
21:33:49.0411 5952  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
21:33:49.0455 5952  ACPI - ok
21:33:49.0508 5952  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
21:33:49.0580 5952  AcpiPmi - ok
21:33:49.0723 5952  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:33:49.0749 5952  AdobeARMservice - ok
21:33:49.0876 5952  [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:33:49.0907 5952  AdobeFlashPlayerUpdateSvc - ok
21:33:49.0961 5952  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
21:33:50.0012 5952  adp94xx - ok
21:33:50.0038 5952  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
21:33:50.0082 5952  adpahci - ok
21:33:50.0104 5952  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
21:33:50.0140 5952  adpu320 - ok
21:33:50.0178 5952  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
21:33:50.0403 5952  AeLookupSvc - ok
21:33:50.0492 5952  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
21:33:50.0631 5952  AFD - ok
21:33:50.0685 5952  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
21:33:50.0713 5952  agp440 - ok
21:33:50.0745 5952  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
21:33:50.0803 5952  ALG - ok
21:33:50.0843 5952  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
21:33:50.0870 5952  aliide - ok
21:33:50.0937 5952  [ 0642A7B1C4B119AE2AAF1AA61CF69668 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
21:33:51.0021 5952  AMD External Events Utility - ok
21:33:51.0059 5952  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
21:33:51.0087 5952  amdide - ok
21:33:51.0131 5952  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
21:33:51.0198 5952  AmdK8 - ok
21:33:51.0390 5952  [ C6C0F73A038FF38EBBD9C16F79F8D3E3 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
21:33:51.0713 5952  amdkmdag - ok
21:33:51.0744 5952  [ 4647D713CFF04FAE4F862B3144725BC1 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
21:33:51.0781 5952  amdkmdap - ok
21:33:51.0809 5952  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
21:33:51.0854 5952  AmdPPM - ok
21:33:51.0891 5952  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
21:33:51.0922 5952  amdsata - ok
21:33:51.0952 5952  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
21:33:51.0986 5952  amdsbs - ok
21:33:52.0004 5952  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
21:33:52.0031 5952  amdxata - ok
21:33:52.0092 5952  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
21:33:52.0210 5952  AppID - ok
21:33:52.0246 5952  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
21:33:52.0350 5952  AppIDSvc - ok
21:33:52.0392 5952  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
21:33:52.0494 5952  Appinfo - ok
21:33:52.0585 5952  [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:33:52.0606 5952  Apple Mobile Device - ok
21:33:52.0639 5952  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
21:33:52.0669 5952  arc - ok
21:33:52.0681 5952  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
21:33:52.0712 5952  arcsas - ok
21:33:52.0743 5952  [ 55142B4F7A7E4C9C151C6000A6BF7809 ] aswFsBlk        C:\Windows\system32\drivers\aswFsBlk.sys
21:33:52.0833 5952  aswFsBlk - ok
21:33:52.0869 5952  [ AA9FDE3D630160B47DAB21BF8250111C ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
21:33:52.0894 5952  aswMonFlt - ok
21:33:52.0960 5952  [ 2A6675C24DF5159A9506CD13ECE5ABE9 ] aswRdr          C:\Windows\System32\Drivers\aswrdr2.sys
21:33:52.0984 5952  aswRdr - ok
21:33:53.0020 5952  [ 4E38475BDB51A867CCBA7D5DF7FDFC0C ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
21:33:53.0090 5952  aswSnx - ok
21:33:53.0172 5952  [ 9A49D80D65451AF22913AEF772CC3DA9 ] aswSP           C:\Windows\system32\drivers\aswSP.sys
21:33:53.0213 5952  aswSP - ok
21:33:53.0245 5952  [ C3EC420451AC5300A22190AE38418FBA ] aswTdi          C:\Windows\system32\drivers\aswTdi.sys
21:33:53.0270 5952  aswTdi - ok
21:33:53.0310 5952  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
21:33:53.0432 5952  AsyncMac - ok
21:33:53.0521 5952  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
21:33:53.0548 5952  atapi - ok
21:33:53.0637 5952  [ 77C149E6D702737B2E372DEE166FAEF8 ] AtiHdmiService  C:\Windows\system32\drivers\AtiHdmi.sys
21:33:53.0691 5952  AtiHdmiService - ok
21:33:53.0864 5952  [ C6C0F73A038FF38EBBD9C16F79F8D3E3 ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
21:33:54.0075 5952  atikmdag - ok
21:33:54.0133 5952  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:33:54.0260 5952  AudioEndpointBuilder - ok
21:33:54.0276 5952  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
21:33:54.0374 5952  AudioSrv - ok
21:33:54.0480 5952  [ 04AC21E821F259845BD7367CEE057290 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
21:33:54.0503 5952  avast! Antivirus - ok
21:33:54.0556 5952  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
21:33:54.0659 5952  AxInstSV - ok
21:33:54.0711 5952  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
21:33:54.0766 5952  b06bdrv - ok
21:33:54.0806 5952  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
21:33:54.0868 5952  b57nd60a - ok
21:33:55.0047 5952  [ 43AD3D3E7674833FCA9A7C4E7180AD54 ] BCM43XX         C:\Windows\system32\DRIVERS\bcmwl664.sys
21:33:55.0312 5952  BCM43XX - ok
21:33:55.0336 5952  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
21:33:55.0388 5952  BDESVC - ok
21:33:55.0460 5952  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
21:33:55.0577 5952  Beep - ok
21:33:55.0644 5952  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
21:33:55.0779 5952  BFE - ok
21:33:55.0831 5952  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
21:33:55.0982 5952  BITS - ok
21:33:56.0020 5952  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
21:33:56.0067 5952  blbdrive - ok
21:33:56.0126 5952  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
21:33:56.0166 5952  Bonjour Service - ok
21:33:56.0212 5952  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
21:33:56.0260 5952  bowser - ok
21:33:56.0282 5952  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:33:56.0338 5952  BrFiltLo - ok
21:33:56.0351 5952  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:33:56.0423 5952  BrFiltUp - ok
21:33:56.0455 5952  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
21:33:56.0532 5952  Browser - ok
21:33:56.0559 5952  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
21:33:56.0601 5952  Brserid - ok
21:33:56.0610 5952  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
21:33:56.0651 5952  BrSerWdm - ok
21:33:56.0662 5952  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
21:33:56.0736 5952  BrUsbMdm - ok
21:33:56.0743 5952  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
21:33:56.0783 5952  BrUsbSer - ok
21:33:56.0813 5952  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
21:33:56.0917 5952  BthEnum - ok
21:33:56.0938 5952  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
21:33:56.0982 5952  BTHMODEM - ok
21:33:57.0035 5952  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
21:33:57.0079 5952  BthPan - ok
21:33:57.0120 5952  [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
21:33:57.0212 5952  BTHPORT - ok
21:33:57.0262 5952  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
21:33:57.0373 5952  bthserv - ok
21:33:57.0402 5952  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
21:33:57.0474 5952  BTHUSB - ok
21:33:57.0513 5952  [ EE215AC3C16F00667D0FC391D018C8FD ] btwampfl        C:\Windows\system32\drivers\btwampfl.sys
21:33:57.0548 5952  btwampfl - ok
21:33:57.0605 5952  [ EBC9E33C13CDD6C51C1134EAE46466A1 ] btwaudio        C:\Windows\system32\drivers\btwaudio.sys
21:33:57.0627 5952  btwaudio - ok
21:33:57.0648 5952  [ 43FB7FA896D87AA5A9F3E743D7E2303F ] btwavdt         C:\Windows\system32\DRIVERS\btwavdt.sys
21:33:57.0674 5952  btwavdt - ok
21:33:57.0748 5952  [ 0D86D2C7659588DB97BDB1AE74D95875 ] btwdins         C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
21:33:57.0810 5952  btwdins - ok
21:33:57.0844 5952  [ 07096D2BC22CCB6CEA5A532DF0BE8A75 ] btwl2cap        C:\Windows\system32\DRIVERS\btwl2cap.sys
21:33:57.0864 5952  btwl2cap - ok
21:33:57.0878 5952  [ 1AED551A8CB2F2343EDA09109EEF4807 ] btwrchid        C:\Windows\system32\DRIVERS\btwrchid.sys
21:33:57.0898 5952  btwrchid - ok
21:33:57.0934 5952  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
21:33:58.0042 5952  cdfs - ok
21:33:58.0091 5952  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
21:33:58.0145 5952  cdrom - ok
21:33:58.0183 5952  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
21:33:58.0307 5952  CertPropSvc - ok
21:33:58.0329 5952  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
21:33:58.0379 5952  circlass - ok
21:33:58.0413 5952  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
21:33:58.0458 5952  CLFS - ok
21:33:58.0591 5952  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:33:58.0613 5952  clr_optimization_v2.0.50727_32 - ok
21:33:58.0672 5952  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:33:58.0699 5952  clr_optimization_v2.0.50727_64 - ok
21:33:58.0770 5952  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:33:58.0829 5952  clr_optimization_v4.0.30319_32 - ok
21:33:58.0876 5952  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:33:58.0902 5952  clr_optimization_v4.0.30319_64 - ok
21:33:58.0931 5952  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
21:33:58.0970 5952  CmBatt - ok
21:33:59.0011 5952  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
21:33:59.0039 5952  cmdide - ok
21:33:59.0099 5952  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
21:33:59.0176 5952  CNG - ok
21:33:59.0211 5952  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
21:33:59.0239 5952  Compbatt - ok
21:33:59.0281 5952  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
21:33:59.0338 5952  CompositeBus - ok
21:33:59.0358 5952  COMSysApp - ok
21:33:59.0388 5952  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
21:33:59.0416 5952  crcdisk - ok
21:33:59.0481 5952  [ 4F5414602E2544A4554D95517948B705 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
21:33:59.0541 5952  CryptSvc - ok
21:33:59.0610 5952  [ 44BDDEB03C84A1C993C992FFB5700357 ] CVirtA          C:\Windows\system32\DRIVERS\CVirtA64.sys
21:33:59.0629 5952  CVirtA - ok
21:33:59.0717 5952  [ 98C413E1A2FB6E5A4C101C25B3D0B275 ] CVPND           C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
21:33:59.0809 5952  CVPND - ok
21:33:59.0840 5952  [ 79AF0E203D089AF442A3F70ED00A37FB ] CVPNDRVA        C:\Windows\system32\Drivers\CVPNDRVA.sys
21:33:59.0876 5952  CVPNDRVA - ok
21:33:59.0967 5952  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
21:34:00.0088 5952  DcomLaunch - ok
21:34:00.0120 5952  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
21:34:00.0247 5952  defragsvc - ok
21:34:00.0288 5952  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
21:34:00.0397 5952  DfsC - ok
21:34:00.0494 5952  [ 2D589A2C024B2FB238535DB9F7B3597D ] DgiVecp         C:\Windows\system32\Drivers\DgiVecp.sys
21:34:00.0516 5952  DgiVecp - ok
21:34:00.0548 5952  [ 388039F99CE8769024EE0438352ACA99 ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
21:34:00.0575 5952  dg_ssudbus - ok
21:34:00.0655 5952  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
21:34:00.0769 5952  Dhcp - ok
21:34:00.0807 5952  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
21:34:00.0926 5952  discache - ok
21:34:00.0949 5952  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
21:34:00.0979 5952  Disk - ok
21:34:01.0052 5952  [ 05CB5910B3CA6019FC3CCA815EE06FFB ] DNE             C:\Windows\system32\DRIVERS\dne64x.sys
21:34:01.0085 5952  DNE - ok
21:34:01.0137 5952  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
21:34:01.0209 5952  Dnscache - ok
21:34:01.0277 5952  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
21:34:01.0392 5952  dot3svc - ok
21:34:01.0436 5952  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
21:34:01.0587 5952  DPS - ok
21:34:01.0614 5952  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
21:34:01.0655 5952  drmkaud - ok
21:34:01.0712 5952  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
21:34:01.0783 5952  DXGKrnl - ok
21:34:01.0825 5952  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
21:34:01.0935 5952  EapHost - ok
21:34:02.0037 5952  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
21:34:02.0179 5952  ebdrv - ok
21:34:02.0208 5952  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
21:34:02.0257 5952  EFS - ok
21:34:02.0329 5952  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
21:34:02.0385 5952  ehRecvr - ok
21:34:02.0412 5952  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
21:34:02.0453 5952  ehSched - ok
21:34:02.0524 5952  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
21:34:02.0576 5952  elxstor - ok
21:34:02.0610 5952  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
21:34:02.0646 5952  ErrDev - ok
21:34:02.0701 5952  [ 438021C3F32F30E227D0F5DFD118B7B1 ] ETD             C:\Windows\system32\DRIVERS\ETD.sys
21:34:02.0763 5952  ETD - ok
21:34:02.0808 5952  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
21:34:02.0926 5952  EventSystem - ok
21:34:02.0959 5952  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
21:34:03.0082 5952  exfat - ok
21:34:03.0113 5952  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
21:34:03.0216 5952  fastfat - ok
21:34:03.0281 5952  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
21:34:03.0362 5952  Fax - ok
21:34:03.0384 5952  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
21:34:03.0422 5952  fdc - ok
21:34:03.0451 5952  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
21:34:03.0641 5952  fdPHost - ok
21:34:03.0654 5952  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
21:34:03.0765 5952  FDResPub - ok
21:34:03.0798 5952  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
21:34:03.0827 5952  FileInfo - ok
21:34:03.0836 5952  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
21:34:03.0950 5952  Filetrace - ok
21:34:03.0974 5952  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
21:34:04.0009 5952  flpydisk - ok
21:34:04.0047 5952  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
21:34:04.0083 5952  FltMgr - ok
21:34:04.0144 5952  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
21:34:04.0237 5952  FontCache - ok
21:34:04.0288 5952  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:34:04.0311 5952  FontCache3.0.0.0 - ok
21:34:04.0337 5952  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
21:34:04.0366 5952  FsDepends - ok
21:34:04.0410 5952  [ 2BF3B36B96D015AF666B6AA63AE2E38F ] fssfltr         C:\Windows\system32\DRIVERS\fssfltr.sys
21:34:04.0434 5952  fssfltr - ok
21:34:04.0491 5952  [ 45B52394F9624237F33A8A3D73C0B221 ] fsssvc          C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
21:34:04.0545 5952  fsssvc - ok
21:34:04.0587 5952  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
21:34:04.0615 5952  Fs_Rec - ok
21:34:04.0675 5952  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
21:34:04.0717 5952  fvevol - ok
21:34:04.0747 5952  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
21:34:04.0783 5952  gagp30kx - ok
21:34:04.0829 5952  [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:34:04.0849 5952  GEARAspiWDM - ok
21:34:04.0905 5952  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
21:34:05.0035 5952  gpsvc - ok
21:34:05.0194 5952  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:34:05.0224 5952  gupdate - ok
21:34:05.0253 5952  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:34:05.0279 5952  gupdatem - ok
21:34:05.0336 5952  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
21:34:05.0362 5952  gusvc - ok
21:34:05.0397 5952  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
21:34:05.0456 5952  hcw85cir - ok
21:34:05.0507 5952  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:34:05.0561 5952  HdAudAddService - ok
21:34:05.0621 5952  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
21:34:05.0671 5952  HDAudBus - ok
21:34:05.0685 5952  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
21:34:05.0724 5952  HidBatt - ok
21:34:05.0738 5952  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
21:34:05.0781 5952  HidBth - ok
21:34:05.0802 5952  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
21:34:05.0848 5952  HidIr - ok
21:34:05.0872 5952  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
21:34:05.0977 5952  hidserv - ok
21:34:06.0040 5952  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
21:34:06.0064 5952  HidUsb - ok
21:34:06.0114 5952  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
21:34:06.0218 5952  hkmsvc - ok
21:34:06.0293 5952  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:34:06.0353 5952  HomeGroupListener - ok
21:34:06.0398 5952  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:34:06.0446 5952  HomeGroupProvider - ok
21:34:06.0500 5952  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
21:34:06.0523 5952  HpSAMD - ok
21:34:06.0573 5952  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
21:34:06.0667 5952  HTTP - ok
21:34:06.0712 5952  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
21:34:06.0738 5952  hwpolicy - ok
21:34:06.0797 5952  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
21:34:06.0829 5952  i8042prt - ok
21:34:06.0862 5952  [ A5F72BB0D024E7E463344105BE613AE4 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
21:34:06.0905 5952  iaStor - ok
21:34:06.0949 5952  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
21:34:06.0993 5952  iaStorV - ok
21:34:07.0070 5952  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:34:07.0132 5952  idsvc - ok
21:34:07.0305 5952  [ A87261EF1546325B559374F5689CF5BC ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
21:34:07.0586 5952  igfx - ok
21:34:07.0607 5952  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
21:34:07.0633 5952  iirsp - ok
21:34:07.0695 5952  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
21:34:07.0814 5952  IKEEXT - ok
21:34:07.0861 5952  [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd           C:\Windows\system32\DRIVERS\Impcd.sys
21:34:07.0902 5952  Impcd - ok
21:34:07.0998 5952  [ 0ADF714079AE174A39D69036143E4C50 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
21:34:08.0122 5952  IntcAzAudAddService - ok
21:34:08.0174 5952  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
21:34:08.0200 5952  intelide - ok
21:34:08.0245 5952  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
21:34:08.0282 5952  intelppm - ok
21:34:08.0316 5952  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
21:34:08.0418 5952  IPBusEnum - ok
21:34:08.0461 5952  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:34:08.0568 5952  IpFilterDriver - ok
21:34:08.0631 5952  [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
21:34:08.0750 5952  iphlpsvc - ok
21:34:08.0791 5952  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
21:34:08.0832 5952  IPMIDRV - ok
21:34:08.0867 5952  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
21:34:08.0978 5952  IPNAT - ok
21:34:09.0039 5952  [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
21:34:09.0102 5952  iPod Service - ok
21:34:09.0134 5952  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
21:34:09.0181 5952  IRENUM - ok
21:34:09.0222 5952  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
21:34:09.0249 5952  isapnp - ok
21:34:09.0303 5952  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
21:34:09.0345 5952  iScsiPrt - ok
21:34:09.0384 5952  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
21:34:09.0412 5952  kbdclass - ok
21:34:09.0466 5952  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
21:34:09.0509 5952  kbdhid - ok
21:34:09.0529 5952  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
21:34:09.0560 5952  KeyIso - ok
21:34:09.0608 5952  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
21:34:09.0639 5952  KSecDD - ok
21:34:09.0685 5952  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
21:34:09.0717 5952  KSecPkg - ok
21:34:09.0737 5952  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
21:34:09.0851 5952  ksthunk - ok
21:34:09.0885 5952  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
21:34:09.0996 5952  KtmRm - ok
21:34:10.0051 5952  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
21:34:10.0170 5952  LanmanServer - ok
21:34:10.0226 5952  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:34:10.0341 5952  LanmanWorkstation - ok
21:34:10.0378 5952  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
21:34:10.0492 5952  lltdio - ok
21:34:10.0516 5952  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
21:34:10.0639 5952  lltdsvc - ok
21:34:10.0661 5952  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
21:34:10.0751 5952  lmhosts - ok
21:34:10.0782 5952  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
21:34:10.0810 5952  LSI_FC - ok
21:34:10.0830 5952  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
21:34:10.0858 5952  LSI_SAS - ok
21:34:10.0876 5952  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:34:10.0904 5952  LSI_SAS2 - ok
21:34:10.0924 5952  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:34:10.0953 5952  LSI_SCSI - ok
21:34:10.0971 5952  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
21:34:11.0070 5952  luafv - ok
21:34:11.0114 5952  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
21:34:11.0153 5952  Mcx2Svc - ok
21:34:11.0168 5952  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
21:34:11.0193 5952  megasas - ok
21:34:11.0226 5952  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
21:34:11.0263 5952  MegaSR - ok
21:34:11.0364 5952  [ 7C4C76B39D5525C4A465E0BE32528E19 ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
21:34:11.0389 5952  Microsoft Office Groove Audit Service - ok
21:34:11.0421 5952  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
21:34:11.0534 5952  MMCSS - ok
21:34:11.0553 5952  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
21:34:11.0661 5952  Modem - ok
21:34:11.0700 5952  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
21:34:11.0751 5952  monitor - ok
21:34:11.0794 5952  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
21:34:11.0821 5952  mouclass - ok
21:34:11.0849 5952  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
21:34:11.0891 5952  mouhid - ok
21:34:11.0938 5952  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
21:34:11.0968 5952  mountmgr - ok
21:34:12.0044 5952  [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
21:34:12.0072 5952  MozillaMaintenance - ok
21:34:12.0118 5952  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
21:34:12.0152 5952  mpio - ok
21:34:12.0168 5952  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
21:34:12.0267 5952  mpsdrv - ok
21:34:12.0323 5952  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
21:34:12.0438 5952  MpsSvc - ok
21:34:12.0483 5952  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
21:34:12.0548 5952  MRxDAV - ok
21:34:12.0582 5952  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
21:34:12.0639 5952  mrxsmb - ok
21:34:12.0682 5952  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:34:12.0728 5952  mrxsmb10 - ok
21:34:12.0754 5952  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:34:12.0811 5952  mrxsmb20 - ok
21:34:12.0849 5952  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
21:34:12.0876 5952  msahci - ok
21:34:12.0916 5952  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
21:34:12.0951 5952  msdsm - ok
21:34:12.0974 5952  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
21:34:13.0034 5952  MSDTC - ok
21:34:13.0074 5952  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
21:34:13.0176 5952  Msfs - ok
21:34:13.0194 5952  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
21:34:13.0303 5952  mshidkmdf - ok
21:34:13.0332 5952  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
21:34:13.0359 5952  msisadrv - ok
21:34:13.0389 5952  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
21:34:13.0490 5952  MSiSCSI - ok
21:34:13.0496 5952  msiserver - ok
21:34:13.0523 5952  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
21:34:13.0609 5952  MSKSSRV - ok
21:34:13.0627 5952  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
21:34:13.0725 5952  MSPCLOCK - ok
21:34:13.0731 5952  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
21:34:13.0827 5952  MSPQM - ok
21:34:13.0873 5952  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
21:34:13.0911 5952  MsRPC - ok
21:34:13.0947 5952  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
21:34:13.0970 5952  mssmbios - ok
21:34:13.0987 5952  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
21:34:14.0081 5952  MSTEE - ok
21:34:14.0089 5952  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
21:34:14.0148 5952  MTConfig - ok
21:34:14.0167 5952  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
21:34:14.0196 5952  Mup - ok
21:34:14.0255 5952  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
21:34:14.0370 5952  napagent - ok
21:34:14.0410 5952  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
21:34:14.0477 5952  NativeWifiP - ok
21:34:14.0516 5952  [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS            C:\Windows\system32\drivers\ndis.sys
21:34:14.0586 5952  NDIS - ok
21:34:14.0611 5952  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
21:34:14.0722 5952  NdisCap - ok
21:34:14.0756 5952  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
21:34:14.0870 5952  NdisTapi - ok
21:34:14.0901 5952  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
21:34:14.0990 5952  Ndisuio - ok
21:34:15.0034 5952  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
21:34:15.0140 5952  NdisWan - ok
21:34:15.0182 5952  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
21:34:15.0279 5952  NDProxy - ok
21:34:15.0421 5952  [ 27FE4B70C12A2C67A58D799B9A4E8D81 ] Nero BackItUp Scheduler 4.0 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
21:34:15.0483 5952  Nero BackItUp Scheduler 4.0 - ok
21:34:15.0522 5952  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
21:34:15.0634 5952  NetBIOS - ok
21:34:15.0673 5952  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
21:34:15.0792 5952  NetBT - ok
21:34:15.0818 5952  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
21:34:15.0847 5952  Netlogon - ok
21:34:15.0906 5952  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
21:34:16.0026 5952  Netman - ok
21:34:16.0055 5952  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
21:34:16.0181 5952  netprofm - ok
21:34:16.0214 5952  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:34:16.0240 5952  NetTcpPortSharing - ok
21:34:16.0268 5952  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
21:34:16.0297 5952  nfrd960 - ok
21:34:16.0341 5952  [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc          C:\Windows\System32\nlasvc.dll
21:34:16.0464 5952  NlaSvc - ok
21:34:16.0478 5952  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
21:34:16.0577 5952  Npfs - ok
21:34:16.0619 5952  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
21:34:16.0730 5952  nsi - ok
21:34:16.0750 5952  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
21:34:16.0858 5952  nsiproxy - ok
21:34:16.0930 5952  [ A2F74975097F52A00745F9637451FDD8 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
21:34:17.0021 5952  Ntfs - ok
21:34:17.0052 5952  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
21:34:17.0154 5952  Null - ok
21:34:17.0181 5952  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
21:34:17.0215 5952  nvraid - ok
21:34:17.0234 5952  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
21:34:17.0269 5952  nvstor - ok
21:34:17.0317 5952  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
21:34:17.0350 5952  nv_agp - ok
21:34:17.0453 5952  [ 1F0E05DFF4F5A833168E49BE1256F002 ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:34:17.0494 5952  odserv - ok
21:34:17.0536 5952  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
21:34:17.0581 5952  ohci1394 - ok
21:34:17.0635 5952  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:34:17.0664 5952  ose - ok
21:34:17.0709 5952  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
21:34:17.0768 5952  p2pimsvc - ok
21:34:17.0799 5952  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
21:34:17.0861 5952  p2psvc - ok
21:34:17.0913 5952  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
21:34:17.0964 5952  Parport - ok
21:34:18.0010 5952  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
21:34:18.0041 5952  partmgr - ok
21:34:18.0059 5952  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
21:34:18.0116 5952  PcaSvc - ok
21:34:18.0155 5952  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
21:34:18.0189 5952  pci - ok
21:34:18.0219 5952  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
21:34:18.0246 5952  pciide - ok
21:34:18.0271 5952  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
21:34:18.0304 5952  pcmcia - ok
21:34:18.0321 5952  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
21:34:18.0347 5952  pcw - ok
21:34:18.0388 5952  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
21:34:18.0521 5952  PEAUTH - ok
21:34:18.0604 5952  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
21:34:18.0648 5952  PerfHost - ok
21:34:18.0738 5952  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
21:34:18.0888 5952  pla - ok
21:34:18.0934 5952  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
21:34:19.0002 5952  PlugPlay - ok
21:34:19.0033 5952  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
21:34:19.0081 5952  PNRPAutoReg - ok
21:34:19.0106 5952  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
21:34:19.0148 5952  PNRPsvc - ok
21:34:19.0189 5952  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
21:34:19.0317 5952  PolicyAgent - ok
21:34:19.0350 5952  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
21:34:19.0472 5952  Power - ok
21:34:19.0513 5952  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
21:34:19.0602 5952  PptpMiniport - ok
21:34:19.0626 5952  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
21:34:19.0666 5952  Processor - ok
21:34:19.0705 5952  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
21:34:19.0767 5952  ProfSvc - ok
21:34:19.0779 5952  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:34:19.0810 5952  ProtectedStorage - ok
21:34:19.0865 5952  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
21:34:19.0962 5952  Psched - ok
21:34:20.0021 5952  [ FB46E9A827A8799EBD7BFA9128C91F37 ] PSI             C:\Windows\system32\DRIVERS\psi_mf.sys
21:34:20.0045 5952  PSI - ok
21:34:20.0104 5952  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
21:34:20.0201 5952  ql2300 - ok
21:34:20.0251 5952  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
21:34:20.0283 5952  ql40xx - ok
21:34:20.0309 5952  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
21:34:20.0364 5952  QWAVE - ok
21:34:20.0383 5952  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
21:34:20.0438 5952  QWAVEdrv - ok
21:34:20.0445 5952  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
21:34:20.0534 5952  RasAcd - ok
21:34:20.0577 5952  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
21:34:20.0666 5952  RasAgileVpn - ok
21:34:20.0685 5952  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
21:34:20.0803 5952  RasAuto - ok
21:34:20.0846 5952  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
21:34:20.0956 5952  Rasl2tp - ok
21:34:21.0003 5952  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
21:34:21.0113 5952  RasMan - ok
21:34:21.0148 5952  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
21:34:21.0254 5952  RasPppoe - ok
21:34:21.0281 5952  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
21:34:21.0388 5952  RasSstp - ok
21:34:21.0434 5952  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
21:34:21.0537 5952  rdbss - ok
21:34:21.0552 5952  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
21:34:21.0606 5952  rdpbus - ok
21:34:21.0640 5952  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
21:34:21.0738 5952  RDPCDD - ok
21:34:21.0770 5952  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
21:34:21.0877 5952  RDPENCDD - ok
21:34:21.0888 5952  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
21:34:21.0986 5952  RDPREFMP - ok
21:34:22.0035 5952  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
21:34:22.0097 5952  RDPWD - ok
21:34:22.0140 5952  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
21:34:22.0176 5952  rdyboost - ok
21:34:22.0213 5952  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
21:34:22.0329 5952  RemoteAccess - ok
21:34:22.0366 5952  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
21:34:22.0484 5952  RemoteRegistry - ok
21:34:22.0525 5952  [ F85AE59A52885F4B09AADAFB23001A3B ] Rezip           C:\Windows\SysWOW64\Rezip.exe
21:34:22.0548 5952  Rezip ( UnsignedFile.Multi.Generic ) - warning
21:34:22.0548 5952  Rezip - detected UnsignedFile.Multi.Generic (1)
21:34:22.0576 5952  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
21:34:22.0631 5952  RFCOMM - ok
21:34:22.0653 5952  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
21:34:22.0754 5952  RpcEptMapper - ok
21:34:22.0779 5952  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
21:34:22.0816 5952  RpcLocator - ok
21:34:22.0862 5952  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
21:34:22.0976 5952  RpcSs - ok
21:34:23.0013 5952  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
21:34:23.0114 5952  rspndr - ok
21:34:23.0142 5952  [ BAEFEE35D27A5440D35092CE10267BEC ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
21:34:23.0178 5952  RTL8167 - ok
21:34:23.0249 5952  [ 4CA0DBA9E224473D664C25E411F5A3BD ] rtport          C:\Windows\SysWOW64\drivers\rtport.sys
21:34:23.0271 5952  rtport - ok
21:34:23.0302 5952  [ 62DB6CC4B0818F1B5F3441241B098F12 ] SABI            C:\Windows\system32\Drivers\SABI.sys
21:34:23.0327 5952  SABI - ok
21:34:23.0339 5952  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
21:34:23.0370 5952  SamSs - ok
21:34:23.0413 5952  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
21:34:23.0444 5952  sbp2port - ok
21:34:23.0480 5952  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
21:34:23.0600 5952  SCardSvr - ok
21:34:23.0638 5952  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
21:34:23.0739 5952  scfilter - ok
21:34:23.0797 5952  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
21:34:23.0952 5952  Schedule - ok
21:34:23.0996 5952  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
21:34:24.0094 5952  SCPolicySvc - ok
21:34:24.0136 5952  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
21:34:24.0188 5952  SDRSVC - ok
21:34:24.0215 5952  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
21:34:24.0325 5952  secdrv - ok
21:34:24.0361 5952  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
21:34:24.0474 5952  seclogon - ok
21:34:24.0616 5952  [ 9044795E9D1A912D5F1B8DF6211850FD ] Secunia PSI Agent C:\Program Files (x86)\Secunia\PSI\PSIA.exe
21:34:24.0697 5952  Secunia PSI Agent - ok
21:34:24.0757 5952  [ 8B1A72E4FB63A9C068B08E1F9B70482A ] Secunia Update Agent C:\Program Files (x86)\Secunia\PSI\sua.exe
21:34:24.0806 5952  Secunia Update Agent - ok
21:34:24.0841 5952  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
21:34:24.0949 5952  SENS - ok
21:34:24.0969 5952  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
21:34:25.0020 5952  SensrSvc - ok
21:34:25.0068 5952  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
21:34:25.0103 5952  Serenum - ok
21:34:25.0130 5952  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
21:34:25.0172 5952  Serial - ok
21:34:25.0207 5952  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
21:34:25.0244 5952  sermouse - ok
21:34:25.0296 5952  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
21:34:25.0411 5952  SessionEnv - ok
21:34:25.0455 5952  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
21:34:25.0512 5952  sffdisk - ok
21:34:25.0543 5952  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
21:34:25.0576 5952  sffp_mmc - ok
21:34:25.0596 5952  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
21:34:25.0648 5952  sffp_sd - ok
21:34:25.0681 5952  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
21:34:25.0726 5952  sfloppy - ok
21:34:25.0762 5952  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
21:34:25.0886 5952  SharedAccess - ok
21:34:25.0935 5952  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:34:26.0068 5952  ShellHWDetection - ok
21:34:26.0084 5952  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:34:26.0117 5952  SiSRaid2 - ok
21:34:26.0134 5952  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
21:34:26.0171 5952  SiSRaid4 - ok
21:34:26.0200 5952  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
21:34:26.0335 5952  Smb - ok
21:34:26.0396 5952  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
21:34:26.0451 5952  SNMPTRAP - ok
21:34:26.0477 5952  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
21:34:26.0507 5952  spldr - ok
21:34:26.0567 5952  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
21:34:26.0646 5952  Spooler - ok
21:34:26.0767 5952  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
21:34:27.0007 5952  sppsvc - ok
21:34:27.0040 5952  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
21:34:27.0169 5952  sppuinotify - ok
21:34:27.0202 5952  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
21:34:27.0255 5952  srv - ok
21:34:27.0281 5952  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
21:34:27.0326 5952  srv2 - ok
21:34:27.0347 5952  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
21:34:27.0390 5952  srvnet - ok
21:34:27.0429 5952  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
21:34:27.0553 5952  SSDPSRV - ok
21:34:27.0604 5952  [ 0211AB46B73A2623B86C1CFCB30579AB ] SSPORT          C:\Windows\system32\Drivers\SSPORT.sys
21:34:27.0625 5952  SSPORT - ok
21:34:27.0650 5952  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
21:34:27.0758 5952  SstpSvc - ok
21:34:27.0804 5952  [ AD42CA614E086BCADBD53FFFC404AC24 ] ssudmdm         C:\Windows\system32\DRIVERS\ssudmdm.sys
21:34:27.0834 5952  ssudmdm - ok
21:34:27.0852 5952  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
21:34:27.0882 5952  stexstor - ok
21:34:27.0947 5952  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
21:34:28.0019 5952  stisvc - ok
21:34:28.0064 5952  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
21:34:28.0093 5952  swenum - ok
21:34:28.0130 5952  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
21:34:28.0270 5952  swprv - ok
21:34:28.0349 5952  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
21:34:28.0453 5952  SysMain - ok
21:34:28.0496 5952  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:34:28.0544 5952  TabletInputService - ok
21:34:28.0597 5952  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
21:34:28.0698 5952  TapiSrv - ok
21:34:28.0731 5952  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
21:34:28.0837 5952  TBS - ok
21:34:28.0911 5952  [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
21:34:29.0009 5952  Tcpip - ok
21:34:29.0048 5952  [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
21:34:29.0134 5952  TCPIP6 - ok
21:34:29.0167 5952  [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
21:34:29.0260 5952  tcpipreg - ok
21:34:29.0281 5952  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
21:34:29.0329 5952  TDPIPE - ok
21:34:29.0364 5952  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
21:34:29.0406 5952  TDTCP - ok
21:34:29.0450 5952  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
21:34:29.0566 5952  tdx - ok
21:34:29.0614 5952  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
21:34:29.0646 5952  TermDD - ok
21:34:29.0699 5952  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
21:34:29.0836 5952  TermService - ok
21:34:29.0864 5952  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
21:34:29.0920 5952  Themes - ok
21:34:29.0945 5952  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
21:34:30.0052 5952  THREADORDER - ok
21:34:30.0076 5952  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
21:34:30.0186 5952  TrkWks - ok
21:34:30.0243 5952  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:34:30.0356 5952  TrustedInstaller - ok
21:34:30.0409 5952  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
21:34:30.0528 5952  tssecsrv - ok
21:34:30.0569 5952  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
21:34:30.0618 5952  TsUsbFlt - ok
21:34:30.0677 5952  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
21:34:30.0790 5952  tunnel - ok
21:34:30.0820 5952  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
21:34:30.0853 5952  uagp35 - ok
21:34:30.0904 5952  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
21:34:31.0017 5952  udfs - ok
21:34:31.0055 5952  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
21:34:31.0091 5952  UI0Detect - ok
21:34:31.0138 5952  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
21:34:31.0165 5952  uliagpkx - ok
21:34:31.0225 5952  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\drivers\umbus.sys
21:34:31.0264 5952  umbus - ok
21:34:31.0306 5952  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
21:34:31.0345 5952  UmPass - ok
21:34:31.0374 5952  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
21:34:31.0500 5952  upnphost - ok
21:34:31.0541 5952  [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
21:34:31.0588 5952  USBAAPL64 - ok
21:34:31.0630 5952  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
21:34:31.0685 5952  usbccgp - ok
21:34:31.0724 5952  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
21:34:31.0776 5952  usbcir - ok
21:34:31.0794 5952  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
21:34:31.0835 5952  usbehci - ok
21:34:31.0863 5952  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
21:34:31.0922 5952  usbhub - ok
21:34:31.0962 5952  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
21:34:31.0999 5952  usbohci - ok
21:34:32.0047 5952  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
21:34:32.0083 5952  usbprint - ok
21:34:32.0123 5952  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
21:34:32.0162 5952  usbscan - ok
21:34:32.0179 5952  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:34:32.0232 5952  USBSTOR - ok
21:34:32.0253 5952  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
21:34:32.0295 5952  usbuhci - ok
21:34:32.0358 5952  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
21:34:32.0416 5952  usbvideo - ok
21:34:32.0444 5952  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
21:34:32.0555 5952  UxSms - ok
21:34:32.0567 5952  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
21:34:32.0599 5952  VaultSvc - ok
21:34:32.0643 5952  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
21:34:32.0671 5952  vdrvroot - ok
21:34:32.0721 5952  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
21:34:32.0848 5952  vds - ok
21:34:32.0875 5952  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
21:34:32.0910 5952  vga - ok
21:34:32.0923 5952  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
21:34:33.0025 5952  VgaSave - ok
21:34:33.0073 5952  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
21:34:33.0108 5952  vhdmp - ok
21:34:33.0153 5952  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
21:34:33.0179 5952  viaide - ok
21:34:33.0210 5952  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
21:34:33.0238 5952  volmgr - ok
21:34:33.0283 5952  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
21:34:33.0327 5952  volmgrx - ok
21:34:33.0376 5952  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
21:34:33.0417 5952  volsnap - ok
21:34:33.0453 5952  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
21:34:33.0496 5952  vsmraid - ok
21:34:33.0607 5952  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
21:34:33.0779 5952  VSS - ok
21:34:33.0801 5952  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
21:34:33.0851 5952  vwifibus - ok
21:34:33.0880 5952  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
21:34:33.0926 5952  vwififlt - ok
21:34:33.0969 5952  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
21:34:34.0072 5952  W32Time - ok
21:34:34.0090 5952  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
21:34:34.0131 5952  WacomPen - ok
21:34:34.0193 5952  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
21:34:34.0292 5952  WANARP - ok
21:34:34.0299 5952  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
21:34:34.0398 5952  Wanarpv6 - ok
21:34:34.0473 5952  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
21:34:34.0558 5952  wbengine - ok
21:34:34.0595 5952  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
21:34:34.0655 5952  WbioSrvc - ok
21:34:34.0700 5952  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
21:34:34.0773 5952  wcncsvc - ok
21:34:34.0797 5952  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:34:34.0844 5952  WcsPlugInService - ok
21:34:34.0870 5952  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
21:34:34.0895 5952  Wd - ok
21:34:34.0926 5952  [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
21:34:34.0977 5952  Wdf01000 - ok
21:34:34.0999 5952  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
21:34:35.0103 5952  WdiServiceHost - ok
21:34:35.0110 5952  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
21:34:35.0165 5952  WdiSystemHost - ok
21:34:35.0206 5952  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
21:34:35.0275 5952  WebClient - ok
21:34:35.0305 5952  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
21:34:35.0417 5952  Wecsvc - ok
21:34:35.0433 5952  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
21:34:35.0556 5952  wercplsupport - ok
21:34:35.0589 5952  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
21:34:35.0707 5952  WerSvc - ok
21:34:35.0744 5952  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
21:34:35.0831 5952  WfpLwf - ok
21:34:35.0844 5952  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
21:34:35.0869 5952  WIMMount - ok
21:34:35.0894 5952  WinDefend - ok
21:34:35.0903 5952  WinHttpAutoProxySvc - ok
21:34:35.0965 5952  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
21:34:36.0069 5952  Winmgmt - ok
21:34:36.0147 5952  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
21:34:36.0318 5952  WinRM - ok
21:34:36.0373 5952  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUSB.sys
21:34:36.0418 5952  WinUsb - ok
21:34:36.0466 5952  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
21:34:36.0557 5952  Wlansvc - ok
21:34:36.0697 5952  [ 98F138897EF4246381D197CB81846D62 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:34:36.0827 5952  wlidsvc - ok
21:34:36.0864 5952  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
21:34:36.0902 5952  WmiAcpi - ok
21:34:36.0941 5952  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
21:34:36.0980 5952  wmiApSrv - ok
21:34:37.0014 5952  WMPNetworkSvc - ok
21:34:37.0040 5952  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
21:34:37.0078 5952  WPCSvc - ok
21:34:37.0118 5952  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
21:34:37.0157 5952  WPDBusEnum - ok
21:34:37.0187 5952  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
21:34:37.0295 5952  ws2ifsl - ok
21:34:37.0313 5952  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
21:34:37.0359 5952  wscsvc - ok
21:34:37.0375 5952  WSearch - ok
21:34:37.0481 5952  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
21:34:37.0614 5952  wuauserv - ok
21:34:37.0653 5952  [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
21:34:37.0753 5952  WudfPf - ok
21:34:37.0789 5952  [ CF8D590BE3373029D57AF80914190682 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
21:34:37.0881 5952  WUDFRd - ok
21:34:37.0906 5952  [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
21:34:37.0996 5952  wudfsvc - ok
21:34:38.0038 5952  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
21:34:38.0097 5952  WwanSvc - ok
21:34:38.0135 5952  [ 64F88AF327AA74E03658AE32B48CCB8B ] yukonw7         C:\Windows\system32\DRIVERS\yk62x64.sys
21:34:38.0200 5952  yukonw7 - ok
21:34:38.0220 5952  ================ Scan global ===============================
21:34:38.0240 5952  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
21:34:38.0270 5952  [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
21:34:38.0289 5952  [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
21:34:38.0329 5952  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
21:34:38.0357 5952  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
21:34:38.0370 5952  [Global] - ok
21:34:38.0370 5952  ================ Scan MBR ==================================
21:34:38.0391 5952  [ 2E5DEBB2116B3417023E0D6562D7ED07 ] \Device\Harddisk0\DR0
21:34:38.0849 5952  \Device\Harddisk0\DR0 - ok
21:34:38.0851 5952  ================ Scan VBR ==================================
21:34:38.0855 5952  [ 50D44495A30E4369FB2F4F76B3CFC507 ] \Device\Harddisk0\DR0\Partition1
21:34:38.0857 5952  \Device\Harddisk0\DR0\Partition1 - ok
21:34:38.0887 5952  [ 00F82A785E07410F4811ED0512DD0225 ] \Device\Harddisk0\DR0\Partition2
21:34:38.0889 5952  \Device\Harddisk0\DR0\Partition2 - ok
21:34:38.0913 5952  [ B0C97E6C61063691564119B6F6B724DF ] \Device\Harddisk0\DR0\Partition3
21:34:38.0915 5952  \Device\Harddisk0\DR0\Partition3 - ok
21:34:38.0916 5952  ============================================================
21:34:38.0916 5952  Scan finished
21:34:38.0916 5952  ============================================================
21:34:38.0938 6416  Detected object count: 1
21:34:38.0938 6416  Actual detected object count: 1
21:35:21.0480 6416  Rezip ( UnsignedFile.Multi.Generic ) - skipped by user
21:35:21.0480 6416  Rezip ( UnsignedFile.Multi.Generic ) - User select action: Skip

Laptop fährt zu langsam hoch und hängt beim Systemaufbau

Plagegeister aller Art und deren Bekämpfung: Laptop fährt zu langsam hoch und hängt beim Systemaufbau