weißer hintergrund nach start

Nashoa · 05.09.2012, 18:59

hallo erstmal,
ich habe hier einen desktop pc mit win7 x64 und habe seit gestern das hier im forum schon bekannte problem, dass mein hauptbildschirm nach der windowsanmeldung weiß wird und auch bleibt (bei meinem 2. bildschirm wird ganz normal mein hintergrund angezeigt man kann aber nichts anklicken).

wenn ich meinen pc über strg + alt+ entf neu starten will und dann bei der meldung von windows, dass noch programme geschlossen wrden auf abbrechen drücke kann ich wierder alles machen und der weiße bildschirm ist weg.

ich hab schon ein paar beiträge zu dem thema hier im forum gelesen und schonmal die scans mit Malwarebytes Anti-Malware und OTL gemacht und dessen logdatein angehangen. bei der durchsuchung mit Malwarebytes Anti-Malware wurde zwei objekte gefunden die ich gelöscht haben, danach sollte ich neu starten, was ich getan habe und der bildschirm wurde ab da nicht mehr weiß

danke schonmal im vorraus für eure hilfe

cosinus · 06.09.2012, 16:20

Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.

Bitte ESET ausführen, danach sehen wir weiter!

Hinweis: ESET zeigt durchaus öfter ein paar Fehlalarme. Deswegen soll auch von ESET immer nur erst das Log gepostet und nichts entfernt werden.

ESET Online Scanner
Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.

Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt als Administrator starten.
Dein Anti-Virus-Programm während des Scans deaktivieren.

Button (<< klick) drücken.
- Firefox-User:
  Bitte esetsmartinstaller_enu.exe downloaden.Das Firefox-Addon auf dem Desktop speichern und dann installieren.
- IE-User:
  müssen das Installieren eines ActiveX Elements erlauben.
Setze den einen Hacken bei Yes, i accept the Terms of Use.
Drücke den Button.
Warte bis die Komponenten herunter geladen wurden.
Setze einen Haken bei "Scan archives".
Gehe sicher, dass bei Remove Found Threads kein Haken gesetzt ist.
drücken.
Die Signaturen werden herunter geladen.Der Scan beginnt automatisch.

Wenn der Scan beendet wurde

Klicke .
Klicke und speichere das Logfile als ESET.txt auf dem Desktop.
Klicke Back und Finish

Bitte poste die Logfile hier.

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

Nashoa · 06.09.2012, 17:34

hallo und danke schonmal für deine hilfe

frühere logs von Malwarebytes habe ich leider nicht.

hier der log von ESET:

Code:

ATTFilter

C:\Program Files\RT 7 Lite x64\RTWin7Lite.exe	a variant of MSIL/Packed.CryptoObfuscator.F application
C:\Program Files (x86)\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe	Win32/Toolbar.Widgi application

cosinus · 06.09.2012, 20:24

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Suche.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)

Nashoa · 06.09.2012, 20:54

Code:

ATTFilter

# AdwCleaner v2.000 - Datei am 09/06/2012 um 21:53:09 erstellt
# Aktualisiert am 30/08/2012 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzer : Nashoa - NASHOA-PC
# Normaler Modus : Normal
# Ausgeführt unter : C:\Users\Nashoa\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : C:\Users\Nashoa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\QuickStores.url
Datei Gefunden : C:\Users\Nashoa\AppData\Roaming\Microsoft\Windows\Start Menu\QuickStores.url
Ordner Gefunden : C:\Program Files (x86)\Mozilla Firefox\Extensions\quickstores@quickstores.de
Ordner Gefunden : C:\ProgramData\Tarma Installer
Ordner Gefunden : C:\Users\Nashoa\AppData\Roaming\pdfforge
Ordner Gefunden : C:\Windows\assembly\GAC_MSIL\QuickStoresToolbar

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gefunden : HKLM\SOFTWARE\Tarma Installer
Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v14.0.1 (de)

Profilname : default 
Datei : C:\Users\Nashoa\AppData\Roaming\Mozilla\Firefox\Profiles\s1rgrvyq.default\prefs.js

Gefunden : user_pref("browser.search.defaultenginename", "SweetIM Search");
Gefunden : user_pref("browser.search.selectedEngine", "SweetIM Search");
Gefunden : user_pref("extensions.adapter@babylontc.com.install-event-fired", true);
Gefunden : user_pref("extensions.ocr@babylon.com.install-event-fired", true);
Gefunden : user_pref("extensions.quickstores@quickstores.de.install-event-fired", true);
Gefunden : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Gefunden : user_pref("sweetim.toolbar.previous.browser.search.defaulturl", "");
Gefunden : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");

-\\ Opera v11.64.1403.0

Datei : C:\Users\Nashoa\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [2564 octets] - [06/09/2012 21:53:09]

########## EOF - C:\AdwCleaner[R1].txt - [2624 octets] ##########

cosinus · 07.09.2012, 08:48

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Löschen.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x=fortlaufende Nummer)

Nashoa · 07.09.2012, 15:58

Code:

ATTFilter

# AdwCleaner v2.000 - Datei am 09/07/2012 um 16:55:18 erstellt
# Aktualisiert am 30/08/2012 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzer : Nashoa - NASHOA-PC
# Normaler Modus : Normal
# Ausgeführt unter : C:\Users\Nashoa\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\Nashoa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\QuickStores.url
Datei Gelöscht : C:\Users\Nashoa\AppData\Roaming\Microsoft\Windows\Start Menu\QuickStores.url
Ordner Gelöscht : C:\Program Files (x86)\Mozilla Firefox\Extensions\quickstores@quickstores.de
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\Users\Nashoa\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\Windows\assembly\GAC_MSIL\QuickStoresToolbar

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Tarma Installer
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

Wiederhergestellt : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v14.0.1 (de)

Profilname : default 
Datei : C:\Users\Nashoa\AppData\Roaming\Mozilla\Firefox\Profiles\s1rgrvyq.default\prefs.js

C:\Users\Nashoa\AppData\Roaming\Mozilla\Firefox\Profiles\s1rgrvyq.default\user.js ... Gelöscht !

Gelöscht : user_pref("browser.search.defaultenginename", "SweetIM Search");
Gelöscht : user_pref("browser.search.selectedEngine", "SweetIM Search");
Gelöscht : user_pref("extensions.adapter@babylontc.com.install-event-fired", true);
Gelöscht : user_pref("extensions.ocr@babylon.com.install-event-fired", true);
Gelöscht : user_pref("extensions.quickstores@quickstores.de.install-event-fired", true);
Gelöscht : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Gelöscht : user_pref("sweetim.toolbar.previous.browser.search.defaulturl", "");
Gelöscht : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");

-\\ Opera v11.64.1403.0

Datei : C:\Users\Nashoa\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [2691 octets] - [06/09/2012 21:53:09]
AdwCleaner[S1].txt - [3088 octets] - [07/09/2012 16:55:18]

########## EOF - C:\AdwCleaner[S1].txt - [3148 octets] ##########

cosinus · 10.09.2012, 13:35

Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

Nashoa · 10.09.2012, 15:57

also mein windows funktioniert soweit ich das bisher gesehen habe wieder ganz normal und mir ist auch nicht aufgefallen, dass was fehlt

cosinus · 10.09.2012, 19:51

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Nashoa · 10.09.2012, 22:13

Code:

ATTFilter

OTL logfile created on: 10.09.2012 23:04:51 - Run 2
OTL by OldTimer - Version 3.2.61.3     Folder = C:\Users\Nashoa\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
15,98 Gb Total Physical Memory | 13,72 Gb Available Physical Memory | 85,86% Memory free
16,00 Gb Paging File | 13,73 Gb Available in Paging File | 85,80% Paging File free
Paging file location(s): c:\pagefile.sys 16 8192 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 223,35 Gb Total Space | 29,11 Gb Free Space | 13,03% Space Free | Partition Type: NTFS
Drive D: | 465,76 Gb Total Space | 95,25 Gb Free Space | 20,45% Space Free | Partition Type: NTFS
Drive E: | 465,76 Gb Total Space | 87,14 Gb Free Space | 18,71% Space Free | Partition Type: NTFS
Drive G: | 1,90 Gb Total Space | 1,90 Gb Free Space | 99,94% Space Free | Partition Type: FAT32
 
Computer Name: NASHOA-PC | User Name: Nashoa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Nashoa\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
PRC - C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe ()
PRC - C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\TrafficMonitor\TMPacketServiceInit.exe (Mirko Böer)
PRC - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Program Files (x86)\XSManager\WTGService.exe ()
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Windows\SysWOW64\CtHelper.exe (Creative Technology Ltd)
PRC - C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe (National Instruments Corporation)
PRC - C:\Windows\SysWOW64\lktsrv.exe (National Instruments Corporation)
PRC - C:\Windows\SysWOW64\lkads.exe (National Instruments Corporation)
PRC - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
PRC - C:\Windows\SysWOW64\nisvcloc.exe (National Instruments Corporation)
PRC - C:\Windows\SysWOW64\lkcitdl.exe (National Instruments, Inc.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (otshot) -- C:\program files\otshot\ZalmanUpdateService.exe File not found
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (VMnetDHCP) -- C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
SRV - (VMware NAT Service) -- C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
SRV - (VMwareHostd) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe ()
SRV - (VMAuthdService) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc.)
SRV - (TMPService) -- C:\Program Files (x86)\TrafficMonitor\TMPacketServiceInit.exe (Mirko Böer)
SRV - (TomTomHOMEService) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs)
SRV - (WTGService) -- C:\Program Files (x86)\XSManager\WTGService.exe ()
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (LBTServ) -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (VMUSBArbService) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe (VMware, Inc.)
SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (nlsvc) -- C:\Programme\NetLimiter 3\nlsvc.exe (Locktime Software)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (rpcapd) -- C:\Program Files (x86)\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (NILM License Manager) -- C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe (Macrovision Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (NIDomainService) -- C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe (National Instruments Corporation)
SRV - (lkTimeSync) -- C:\Windows\SysWOW64\lktsrv.exe (National Instruments Corporation)
SRV - (lkClassAds) -- C:\Windows\SysWOW64\lkads.exe (National Instruments Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (ose64) -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (niSvcLoc) -- C:\Windows\SysWOW64\nisvcloc.exe (National Instruments Corporation)
SRV - (LkCitadelServer) -- C:\Windows\SysWOW64\lkcitdl.exe (National Instruments, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys (Oracle Corporation)
DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation)
DRV:64bit: - (cmntnet) -- C:\Windows\SysNative\drivers\cmntnet.sys (Wireless Data Device)
DRV:64bit: - (cmnuusbser) -- C:\Windows\SysNative\drivers\cmnuusbser.sys (Wireless Device)
DRV:64bit: - (vmx86) -- C:\Windows\SysNative\drivers\vmx86.sys (VMware, Inc.)
DRV:64bit: - (vmkbd) -- C:\Windows\SysNative\drivers\VMkbd.sys (VMware, Inc.)
DRV:64bit: - (VMnetuserif) -- C:\Windows\SysNative\drivers\vmnetuserif.sys (VMware, Inc.)
DRV:64bit: - (VMnetBridge) -- C:\Windows\SysNative\drivers\vmnetbridge.sys (VMware, Inc.)
DRV:64bit: - (VMnetAdapter) -- C:\Windows\SysNative\drivers\vmnetadapter.sys (VMware, Inc.)
DRV:64bit: - (avmaudio) -- C:\Windows\SysNative\drivers\avmaudio.sys (AVM Berlin)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (truecrypt) -- C:\Windows\SysNative\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (MonitorFunction) -- C:\Windows\SysNative\drivers\TVMonitor.sys (TeamViewer GmbH)
DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (LMouKE) -- C:\Windows\SysNative\drivers\LMouKE.Sys (Logitech, Inc.)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (L8042mou) -- C:\Windows\SysNative\drivers\L8042mou.Sys (Logitech, Inc.)
DRV:64bit: - (L8042Kbd) -- C:\Windows\SysNative\drivers\L8042Kbd.sys (Logitech, Inc.)
DRV:64bit: - (hcmon) -- C:\Windows\SysNative\drivers\hcmon.sys (VMware, Inc.)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (tapoas) -- C:\Windows\SysNative\drivers\tapoas.sys (The OpenVPN Project)
DRV:64bit: - (vmci) -- C:\Windows\SysNative\drivers\vmci.sys (VMware, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (wod0205) -- C:\Windows\SysNative\drivers\wod0205.sys (WeOnlyDo Software)
DRV:64bit: - (NLNdisPT) -- C:\Windows\SysNative\drivers\nlndis.sys (Locktime Software)
DRV:64bit: - (NLNdisMP) -- C:\Windows\SysNative\drivers\nlndis.sys (Locktime Software)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (EtronXHCI) -- C:\Windows\SysNative\drivers\EtronXHCI.sys (Etron Technology Inc)
DRV:64bit: - (EtronHub3) -- C:\Windows\SysNative\drivers\EtronHub3.sys (Etron Technology Inc)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (RDPDISPM) -- C:\Windows\SysNative\drivers\rdpdispm.sys (Microsoft Corporation)
DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.)
DRV:64bit: - (hap17v2k) -- C:\Windows\SysNative\drivers\haP17v2k.sys (Creative Technology Ltd)
DRV:64bit: - (hap16v2k) -- C:\Windows\SysNative\drivers\haP16v2k.sys (Creative Technology Ltd)
DRV:64bit: - (ha10kx2k) -- C:\Windows\SysNative\drivers\ha10kx2k.sys (Creative Technology Ltd)
DRV:64bit: - (emupia) -- C:\Windows\SysNative\drivers\emupia2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctsfm2k) -- C:\Windows\SysNative\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctprxy2k) -- C:\Windows\SysNative\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV:64bit: - (ossrv) -- C:\Windows\SysNative\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV:64bit: - (ctaud2k) -- C:\Windows\SysNative\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctac32k) -- C:\Windows\SysNative\drivers\ctac32k.sys (Creative Technology Ltd)
DRV:64bit: - (CTERFXFX.SYS) -- C:\Windows\SysNative\drivers\CTERFXFX.sys (Creative Technology Ltd)
DRV:64bit: - (CTERFXFX) -- C:\Windows\SysNative\drivers\CTERFXFX.sys (Creative Technology Ltd)
DRV:64bit: - (CTSBLFX.SYS) -- C:\Windows\SysNative\drivers\CTSBLFX.sys (Creative Technology Ltd)
DRV:64bit: - (CTSBLFX) -- C:\Windows\SysNative\drivers\CTSBLFX.sys (Creative Technology Ltd)
DRV:64bit: - (CTAUDFX.SYS) -- C:\Windows\SysNative\drivers\CTAUDFX.sys (Creative Technology Ltd)
DRV:64bit: - (CTAUDFX) -- C:\Windows\SysNative\drivers\CTAUDFX.sys (Creative Technology Ltd)
DRV:64bit: - (COMMONFX.SYS) -- C:\Windows\SysNative\drivers\COMMONFX.sys (Creative Technology Ltd)
DRV:64bit: - (COMMONFX) -- C:\Windows\SysNative\drivers\COMMONFX.sys (Creative Technology Ltd)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (CH341SER_A64) -- C:\Windows\SysNative\drivers\CH341S64.SYS (www.winchiphead.com)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (ctgame) -- C:\Windows\SysNative\drivers\ctgame.sys (Creative Technology Ltd.)
DRV:64bit: - (s0016mdm) -- C:\Windows\SysNative\drivers\s0016mdm.sys (MCCI Corporation)
DRV:64bit: - (s0016unic) -- C:\Windows\SysNative\drivers\s0016unic.sys (MCCI Corporation)
DRV:64bit: - (s0016mgmt) -- C:\Windows\SysNative\drivers\s0016mgmt.sys (MCCI Corporation)
DRV:64bit: - (s0016obex) -- C:\Windows\SysNative\drivers\s0016obex.sys (MCCI Corporation)
DRV:64bit: - (s0016nd5) -- C:\Windows\SysNative\drivers\s0016nd5.sys (MCCI Corporation)
DRV:64bit: - (s0016mdfl) -- C:\Windows\SysNative\drivers\s0016mdfl.sys (MCCI Corporation)
DRV:64bit: - (s0016bus) -- C:\Windows\SysNative\drivers\s0016bus.sys (MCCI Corporation)
DRV:64bit: - (tap0801) -- C:\Windows\SysNative\drivers\tap0801.sys (The OpenVPN Project)
DRV - (nltdi) -- C:\Programme\NetLimiter 3\nltdi.sys (Locktime Software)
DRV - (UnlockerDriver5) -- C:\Programme\Unlocker\UnlockerDriver5.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (UltraMonUtility) -- C:\Program Files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys (Realtime Soft Ltd)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-21-2620911757-4132591521-1881684151-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://alliances.commandandconquer.com/de/
IE - HKU\S-1-5-21-2620911757-4132591521-1881684151-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2620911757-4132591521-1881684151-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-2620911757-4132591521-1881684151-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 04 A3 FE 13 BF 3A CD 01  [binary data]
IE - HKU\S-1-5-21-2620911757-4132591521-1881684151-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2620911757-4132591521-1881684151-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2620911757-4132591521-1881684151-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2620911757-4132591521-1881684151-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://google.de"
FF - prefs.js..extensions.enabledAddons: adblockpopups@jessehakanen.net:0.4
FF - prefs.js..extensions.enabledAddons: anticontainer@downthemall.net:1.2
FF - prefs.js..extensions.enabledAddons: ich@maltegoetz.de:1.4.2
FF - prefs.js..extensions.enabledAddons: tineye@ideeinc.com:1.1
FF - prefs.js..extensions.enabledAddons: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.2.0
FF - prefs.js..extensions.enabledAddons: {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.7.9
FF - prefs.js..extensions.enabledAddons: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.5.4
FF - prefs.js..extensions.enabledAddons: {b749fc7c-e949-447f-926c-3f4eed6accfe}:0.7.1.1
FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.9
FF - prefs.js..extensions.enabledAddons: {dc572301-7619-498c-a57d-39143191b318}:0.4.0.3
FF - prefs.js..extensions.enabledAddons: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.14
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.6.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.6.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.132.0: C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Nashoa\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Nashoa\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Nashoa\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Nashoa\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Nashoa\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.08 10:16:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.08.18 10:38:06 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.08 10:16:14 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.08.18 10:38:06 | 000,000,000 | ---D | M]
 
[2012.03.18 12:44:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nashoa\AppData\Roaming\mozilla\Extensions
[2012.03.18 12:44:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nashoa\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2012.09.05 17:20:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nashoa\AppData\Roaming\mozilla\Firefox\Profiles\s1rgrvyq.default\extensions
[2012.08.13 19:01:43 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Nashoa\AppData\Roaming\mozilla\Firefox\Profiles\s1rgrvyq.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2012.03.30 13:55:29 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Nashoa\AppData\Roaming\mozilla\Firefox\Profiles\s1rgrvyq.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.07.07 22:14:33 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Nashoa\AppData\Roaming\mozilla\Firefox\Profiles\s1rgrvyq.default\extensions\ich@maltegoetz.de
[2012.06.21 16:37:22 | 000,109,964 | ---- | M] () (No name found) -- C:\Users\Nashoa\AppData\Roaming\mozilla\firefox\profiles\s1rgrvyq.default\extensions\adblockpopups@jessehakanen.net.xpi
[2011.12.27 17:42:20 | 000,079,365 | ---- | M] () (No name found) -- C:\Users\Nashoa\AppData\Roaming\mozilla\firefox\profiles\s1rgrvyq.default\extensions\anticontainer@downthemall.net.xpi
[2012.08.27 22:09:02 | 000,181,330 | ---- | M] () (No name found) -- C:\Users\Nashoa\AppData\Roaming\mozilla\firefox\profiles\s1rgrvyq.default\extensions\CSTBB@NArisT2_Noia4dev.xpi
[2012.07.05 20:48:19 | 000,123,385 | ---- | M] () (No name found) -- C:\Users\Nashoa\AppData\Roaming\mozilla\firefox\profiles\s1rgrvyq.default\extensions\elemhidehelper@adblockplus.org.xpi
[2012.02.26 01:32:31 | 000,008,001 | ---- | M] () (No name found) -- C:\Users\Nashoa\AppData\Roaming\mozilla\firefox\profiles\s1rgrvyq.default\extensions\tineye@ideeinc.com.xpi
[2012.06.01 06:41:29 | 000,505,801 | ---- | M] () (No name found) -- C:\Users\Nashoa\AppData\Roaming\mozilla\firefox\profiles\s1rgrvyq.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi
[2012.09.05 17:20:15 | 000,527,931 | ---- | M] () (No name found) -- C:\Users\Nashoa\AppData\Roaming\mozilla\firefox\profiles\s1rgrvyq.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012.07.04 20:56:52 | 000,061,705 | ---- | M] () (No name found) -- C:\Users\Nashoa\AppData\Roaming\mozilla\firefox\profiles\s1rgrvyq.default\extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}.xpi
[2012.07.29 10:07:49 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Nashoa\AppData\Roaming\mozilla\firefox\profiles\s1rgrvyq.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.07.29 10:03:51 | 000,702,524 | ---- | M] () (No name found) -- C:\Users\Nashoa\AppData\Roaming\mozilla\firefox\profiles\s1rgrvyq.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
[2012.09.02 10:56:16 | 000,699,353 | ---- | M] () (No name found) -- C:\Users\Nashoa\AppData\Roaming\mozilla\firefox\profiles\s1rgrvyq.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2012.09.07 16:55:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.09.08 10:16:14 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2008.12.10 15:49:34 | 000,023,040 | ---- | M] (National Instruments) -- C:\Program Files (x86)\mozilla firefox\plugins\nplv86win32.dll
[2010.05.25 13:43:16 | 000,025,088 | ---- | M] (National Instruments) -- C:\Program Files (x86)\mozilla firefox\plugins\nplv90win32.dll
[2011.10.26 20:49:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012.02.13 17:25:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.08 10:16:14 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.13 17:25:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.13 17:25:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.13 17:25:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.13 17:25:08 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.02.12 16:59:00 | 000,441,122 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 192.168.2.26		server
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 15161 more lines...
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AsioThk32Reg] C:\Windows\SysWow64\ctasio.dll (Creative Technology Ltd)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CTHelper] C:\Windows\SysWow64\CtHelper.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [UnlockerAssistant] "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe" File not found
O4 - HKLM..\Run: [vmware-tray] C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2620911757-4132591521-1881684151-1000..\Run: [ASRockXTU]  File not found
O4 - HKU\S-1-5-21-2620911757-4132591521-1881684151-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-2620911757-4132591521-1881684151-1000..\Run: [Infium] C:\Program Files (x86)\QIP 2012\qip.exe (QIP)
O4 - HKU\S-1-5-21-2620911757-4132591521-1881684151-1000..\Run: [NetLimiter] C:\Program Files\NetLimiter 3\NLClientApp.exe (Locktime Software)
O4 - HKU\S-1-5-21-2620911757-4132591521-1881684151-1000..\Run: [TrafficMonitor] C:\PROGRA~2\TRAFFI~1\TRAFFICMONITOR.EXE (Mirko Böer)
O4 - HKU\S-1-5-21-2620911757-4132591521-1881684151-1000..\Run: [Windows Defender] C:\install\WinDef.exe File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Nashoa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\2x Monitor.lnk = C:\Users\Nashoa\AppData\Roaming\Realtime Soft\UltraMon\3.1.0\Profiles\2x Monitor.umprofile ()
O4 - Startup: C:\Users\Nashoa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Outlook 2010.lnk = C:\Windows\Installer\{90140000-003D-0000-1000-0000000FF1CE}\outicon.exe ()
O4 - Startup: C:\Users\Nashoa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TeamSpeak 3 Client.lnk = C:\Programme\TeamSpeak 3 Client\ts3client_win64.exe (TeamSpeak Systems GmbH)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Web-Suche - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Web-Suche - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1330723242427 (MUCatalogWebControl Class)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab (Creative Software AutoUpdate 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2CEA860B-7AEF-499D-BD5A-DE5837FDFBE0}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{41DC8ECF-B7D2-4FFE-867D-F71811CE2C2E}: NameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{68E1320E-82AD-4B88-96B6-EF57DF76615B}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{989D2529-7371-44A7-BC93-2B1BF2ED44B9}: NameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B05A7DB8-6CDF-4041-86B0-431042B0183F}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{5125faf5-4cf4-11e1-a965-00158315a310}\Shell - "" = AutoRun
O33 - MountPoints2\{5125faf5-4cf4-11e1-a965-00158315a310}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{be817f03-8d6b-11e1-8785-00158315a310}\Shell - "" = AutoRun
O33 - MountPoints2\{be817f03-8d6b-11e1-8785-00158315a310}\Shell\AutoRun\command - "" = G:\Windows/AutoRun.exe
O33 - MountPoints2\{c0c31c40-3098-11e1-929b-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c0c31c40-3098-11e1-929b-806e6f6e6963}\Shell\AutoRun\command - "" = F:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.10 16:48:25 | 000,000,000 | ---D | C] -- C:\Users\Nashoa\AppData\Local\{690620B4-4150-4D87-9B4E-07FD617D7449}
[2012.09.09 23:08:26 | 000,000,000 | ---D | C] -- C:\Users\Nashoa\Desktop\X-Men.Origins.Wolverine.German.DL.1080p.BluRay.x264-DEFUSED
[2012.09.09 23:04:21 | 000,000,000 | ---D | C] -- C:\Users\Nashoa\Desktop\Total.Recall.1990.ULTiMATE.REKALL.EDiTiON.German.DTS.DL.1080p.BluRay.x264-Pate
[2012.09.09 23:01:43 | 000,000,000 | ---D | C] -- C:\Users\Nashoa\Desktop\Project.X.EXTENDED.German.DL.1080p.BluRay.x264.REPACK-SONS
[2012.09.09 22:57:55 | 000,000,000 | ---D | C] -- C:\Users\Nashoa\Desktop\Mission.Impossible.-.Phantom.Protokoll.2011.German.DTS.DL.1080p.BluRay.x264-Pate
[2012.09.09 22:53:31 | 000,000,000 | ---D | C] -- C:\Users\Nashoa\Desktop\Werner.Eiskalt.German.1080p.BluRay.x264-EHLE
[2012.09.09 22:48:44 | 000,000,000 | ---D | C] -- C:\Users\Nashoa\Desktop\Marvels.The.Avengers.German.DL.1080p.BluRay.x264-SONS
[2012.09.09 10:12:18 | 000,000,000 | ---D | C] -- C:\Users\Nashoa\AppData\Local\{75F5FCD0-BBAA-4E6C-A32A-CBF149325CEF}
[2012.09.08 10:11:31 | 000,000,000 | ---D | C] -- C:\Users\Nashoa\AppData\Local\{D5AC7D94-0545-478C-8FD2-16C28D77EA19}
[2012.09.07 17:34:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Apps Sync
[2012.09.07 16:51:15 | 000,000,000 | ---D | C] -- C:\Users\Nashoa\AppData\Local\{5BFDCB1B-6E16-4AD4-8387-0F2A459B8F63}
[2012.09.06 22:18:14 | 000,000,000 | ---D | C] -- C:\Users\Nashoa\Desktop\GPU-Z.0.6.4
[2012.09.06 22:00:54 | 000,000,000 | ---D | C] -- C:\Users\Nashoa\Desktop\cpu-z-1613
[2012.09.06 17:43:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.09.06 17:43:25 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Nashoa\Desktop\esetsmartinstaller_enu.exe
[2012.09.06 17:09:20 | 000,000,000 | ---D | C] -- C:\Users\Nashoa\AppData\Local\{3F784BEE-7169-4CF1-A59A-F3BBA0EF34B4}
[2012.09.06 17:07:22 | 000,000,000 | ---D | C] -- C:\Users\Nashoa\AppData\Local\{42F1D99E-9797-4D05-8F03-AFD446C2348A}
[2012.09.06 17:02:51 | 000,000,000 | ---D | C] -- C:\Users\Nashoa\AppData\Local\{FB0CF929-A924-4E52-BB52-573411CFE524}
[2012.09.06 16:23:29 | 000,000,000 | ---D | C] -- C:\Users\Nashoa\AppData\Local\{0AEE6789-AD5F-4FD6-AF8E-7F985A18A82E}
[2012.09.06 06:59:33 | 000,000,000 | ---D | C] -- C:\Users\Nashoa\AppData\Local\{E7DE9558-3E78-48BF-BD93-0E3089E29EB2}
[2012.09.05 19:22:12 | 000,000,000 | ---D | C] -- C:\Users\Nashoa\AppData\Local\{80A8989D-D9BC-42E7-89C5-1F61785F2AB5}
[2012.09.05 17:59:27 | 000,000,000 | ---D | C] -- C:\Users\Nashoa\AppData\Roaming\Malwarebytes
[2012.09.05 17:59:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.09.05 17:59:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.09.05 17:59:13 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.09.05 17:59:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.09.05 17:53:18 | 010,652,120 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Nashoa\Desktop\mbam-setup-1.62.0.1300.exe
[2012.09.05 17:52:45 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\Nashoa\Desktop\OTL.exe
[2012.09.05 16:34:44 | 000,000,000 | ---D | C] -- C:\Users\Nashoa\AppData\Local\{CC847E5D-3C34-4894-967F-7F3773F2157A}
[2012.09.04 18:33:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenVPN
[2012.09.04 12:17:20 | 000,000,000 | ---D | C] -- C:\Users\Nashoa\AppData\Local\{AAE28F2A-8510-4F37-A789-9B9C36343B74}
[2012.09.03 20:29:05 | 000,000,000 | ---D | C] -- C:\Users\Nashoa\AppData\Local\{580D24E8-3BB3-4E18-82DD-8EFC951BFEB2}
[2012.09.03 17:10:53 | 000,000,000 | ---D | C] -- C:\Users\Nashoa\AppData\Local\{699FA53D-E711-4A6E-8533-3A0A3F87C622}
[2012.09.02 10:55:50 | 000,000,000 | ---D | C] -- C:\Users\Nashoa\AppData\Local\{ED04AB0F-BE08-4D3C-9B6C-37FD8AE6C04E}
[2012.09.01 10:20:23 | 000,000,000 | ---D | C] -- C:\Users\Nashoa\AppData\Local\{FAC7FAFE-125E-4630-8CDC-407918A47DD0}
[2012.08.31 22:44:24 | 000,000,000 | ---D | C] -- C:\Users\Nashoa\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012.08.31 21:57:03 | 000,000,000 | ---D | C] -- C:\Users\Nashoa\Desktop\ATNDs_Buildcraft-Texture-Upgrade_256
[2012.08.31 21:56:55 | 000,000,000 | ---D | C] -- C:\Users\Nashoa\Desktop\Neuer Ordner
[2012.08.31 15:41:54 | 000,000,000 | ---D | C] -- C:\Users\Nashoa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse
[2012.08.31 15:17:33 | 000,000,000 | ---D | C] -- C:\Users\Nashoa\AppData\Local\{48B84F60-DA9E-4DC4-AF4E-F97BF99D1FAE}
[2012.08.30 23:02:06 | 000,000,000 | ---D | C] -- C:\Users\Nashoa\Documents\Guild Wars 2
[2012.08.30 19:30:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
[2012.08.30 15:33:52 | 000,000,000 | ---D | C] -- C:\Users\Nashoa\AppData\Local\{030CBA3A-1A6D-4963-9B18-306E9F17E618}
[2012.08.29 19:11:32 | 000,000,000 | ---D | C] -- C:\Users\Nashoa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\URUSoft
[2012.08.29 19:11:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\URUSoft
[2012.08.29 19:11:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Subtitle Workshop
[2012.08.29 16:33:18 | 000,000,000 | ---D | C] -- C:\Users\Nashoa\AppData\Local\{FCECFD9E-DF40-4A92-98A6-1502E2BAFCC5}
[2012.08.28 18:25:21 | 000,000,000 | ---D | C] -- C:\Users\Nashoa\Desktop\Progs
[2012.08.28 16:51:42 | 000,000,000 | ---D | C] -- C:\Users\Nashoa\AppData\Local\{B2E8E41F-4EE4-4FA3-AD9A-F81F1EEB28E2}
[2012.08.27 23:05:34 | 000,000,000 | ---D | C] -- C:\Users\Nashoa\Desktop\rsg-borat-1080p
[2012.08.27 17:27:23 | 000,000,000 | ---D | C] -- C:\Users\Nashoa\AppData\Local\{85AD4FA8-5ECD-4C2C-B617-4BC372B669BF}
[2012.08.26 22:51:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
[2012.08.26 22:51:14 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012.08.26 12:49:24 | 000,000,000 | ---D | C] -- C:\Users\Nashoa\AppData\Local\{69FCEF1C-501A-4C8C-B0CE-708BEF0AA5E8}
[2012.08.25 11:16:57 | 000,000,000 | ---D | C] -- C:\Users\Nashoa\AppData\Local\{8148D7E9-2628-45FB-B0D1-153F7D1F5E67}
[2012.08.25 00:24:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIMP3
[2012.08.24 15:25:26 | 000,000,000 | ---D | C] -- C:\Users\Nashoa\AppData\Local\{01748A35-07B5-444B-8F43-F648AA0B4B66}
[2012.08.23 14:19:08 | 000,000,000 | ---D | C] -- C:\Users\Nashoa\AppData\Local\{631F9B3C-FDBB-4D73-972E-BE897B4FBC59}
[2012.08.22 12:28:15 | 000,000,000 | ---D | C] -- C:\Users\Nashoa\AppData\Local\{2A939276-B038-4B3F-A5A7-F54F304D2F3E}
[2012.08.21 12:22:03 | 000,000,000 | ---D | C] -- C:\Users\Nashoa\AppData\Local\{977A6765-B749-4A6D-9639-10FF18A5494C}
[2012.08.20 17:11:53 | 000,000,000 | ---D | C] -- C:\Users\Nashoa\AppData\Local\{F9FC680E-74A9-4FB7-BE4B-A07BB67F4E55}
[2012.08.19 13:07:36 | 000,000,000 | ---D | C] -- C:\Users\Nashoa\AppData\Local\{1366CBE1-E73E-411B-8B07-DD6014493C67}
[2012.08.19 13:02:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012.08.19 13:02:47 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2012.08.19 01:07:14 | 000,000,000 | ---D | C] -- C:\Users\Nashoa\AppData\Local\{FC50ADAA-B761-44FE-BF86-8AF25628F81D}
[2012.08.18 13:06:39 | 000,000,000 | ---D | C] -- C:\Users\Nashoa\AppData\Local\{8C6623A8-0830-40CF-93B9-031612423625}
[2012.08.18 13:06:17 | 000,000,000 | ---D | C] -- C:\Users\Nashoa\AppData\Local\{F3D06C3E-F1CC-4B51-9033-AFB2514B6E81}
[2012.08.18 10:38:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.08.18 10:37:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012.08.18 10:36:40 | 000,000,000 | ---D | C] -- C:\Intel
[2012.08.18 01:05:53 | 000,000,000 | ---D | C] -- C:\Users\Nashoa\AppData\Local\{2CA8E5CE-7A16-453C-88B7-C1DF4A954F00}
[2012.08.18 01:05:31 | 000,000,000 | ---D | C] -- C:\Users\Nashoa\AppData\Local\{168FB229-D84E-4667-8131-BFD3771874D6}
[2012.08.17 22:36:25 | 000,000,000 | ---D | C] -- C:\Users\Nashoa\AppData\Roaming\.minecraft1
[2012.08.17 14:11:57 | 000,058,368 | ---- | C] (www.winchiphead.com) -- C:\Windows\SysNative\drivers\CH341S64.SYS
[2012.08.17 13:05:07 | 000,000,000 | ---D | C] -- C:\Users\Nashoa\AppData\Local\{616E2762-30F6-401E-ABBC-BEDB9EA5B0F4}
[2012.08.17 13:04:44 | 000,000,000 | ---D | C] -- C:\Users\Nashoa\AppData\Local\{D4A56044-2C4D-40FA-AD8B-A7F58B486572}
[2012.08.17 01:04:21 | 000,000,000 | ---D | C] -- C:\Users\Nashoa\AppData\Local\{FA37C46A-409F-4CA8-B308-FBC64A9BD48E}
[2012.08.16 13:03:47 | 000,000,000 | ---D | C] -- C:\Users\Nashoa\AppData\Local\{7DD3980E-CD60-4634-864D-2486F5C1310D}
[2012.08.16 13:03:25 | 000,000,000 | ---D | C] -- C:\Users\Nashoa\AppData\Local\{D47F823B-F583-4F97-B793-7612EE9F499C}
[2012.08.16 01:03:01 | 000,000,000 | ---D | C] -- C:\Users\Nashoa\AppData\Local\{6DBF7F1A-8397-4D3D-ACD0-6A451DCE3868}
[2012.08.15 13:02:38 | 000,000,000 | ---D | C] -- C:\Users\Nashoa\AppData\Local\{A21B239E-70D2-498D-89D6-7D8F71971D06}
[2012.08.15 13:02:16 | 000,000,000 | ---D | C] -- C:\Users\Nashoa\AppData\Local\{1775AD0B-BAA4-4A1D-83B7-BB485E7858E8}
[2012.08.15 01:01:51 | 000,000,000 | ---D | C] -- C:\Users\Nashoa\AppData\Local\{31D0C21B-B56F-4E76-BD46-963347D7EEB7}
[2012.08.15 01:01:29 | 000,000,000 | ---D | C] -- C:\Users\Nashoa\AppData\Local\{E929BC25-DACB-4D6E-ADE3-07759836B167}
[2012.08.14 13:01:05 | 000,000,000 | ---D | C] -- C:\Users\Nashoa\AppData\Local\{BC897E61-F2C6-4EE3-96AD-6ECC011D00FF}
[2012.08.14 13:00:54 | 000,000,000 | ---D | C] -- C:\Users\Nashoa\AppData\Local\{D430FFAC-823E-41C3-BB85-2A5EA4FEBEDB}
[2012.08.13 18:45:24 | 000,000,000 | ---D | C] -- C:\Users\Nashoa\AppData\Local\{02F4F5F7-2456-429F-A847-0A856BD5EE6B}
[2012.08.13 18:45:12 | 000,000,000 | ---D | C] -- C:\Users\Nashoa\AppData\Local\{906B42A3-A9BB-430A-8793-858E52C57480}
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.10 23:02:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.09.10 22:24:02 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2620911757-4132591521-1881684151-1000UA.job
[2012.09.10 22:20:01 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.09.10 20:26:00 | 000,001,142 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2620911757-4132591521-1881684151-1000UA.job
[2012.09.10 17:33:45 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012.09.10 17:33:45 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.09.10 17:26:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2620911757-4132591521-1881684151-1000Core.job
[2012.09.10 17:20:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.09.10 17:15:58 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012.09.10 16:55:31 | 001,542,396 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.09.10 16:55:31 | 000,673,930 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.09.10 16:55:31 | 000,625,522 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.09.10 16:55:31 | 000,136,830 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.09.10 16:55:31 | 000,112,762 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.09.10 16:54:26 | 000,028,000 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.10 16:54:26 | 000,028,000 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.10 16:47:28 | 000,000,435 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2012.09.10 16:47:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.09 23:23:49 | 000,034,240 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000007-00000000-00000000-00001102-00000004-20021102}.rfx
[2012.09.09 23:23:49 | 000,034,240 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000007-00000000-00000000-00001102-00000004-20021102}.rfx
[2012.09.09 23:23:49 | 000,030,528 | ---- | M] () -- C:\Windows\SysNative\BMXCtrlState-{00000007-00000000-00000000-00001102-00000004-20021102}.rfx
[2012.09.09 23:23:49 | 000,030,528 | ---- | M] () -- C:\Windows\SysNative\BMXBkpCtrlState-{00000007-00000000-00000000-00001102-00000004-20021102}.rfx
[2012.09.09 23:23:49 | 000,011,564 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000007-00000000-00000000-00001102-00000004-20021102}.rfx
[2012.09.09 17:46:27 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Nashoa\Desktop\OTL.exe
[2012.09.09 11:24:00 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2620911757-4132591521-1881684151-1000Core.job
[2012.09.09 10:43:34 | 152,457,942 | ---- | M] () -- C:\Users\Nashoa\Desktop\Flo Rida - Whistle [Official Video]-1.mp4
[2012.09.06 22:18:04 | 001,036,170 | ---- | M] () -- C:\Users\Nashoa\Desktop\GPU-Z.0.6.4.zip
[2012.09.06 21:59:57 | 001,832,806 | ---- | M] () -- C:\Users\Nashoa\Desktop\cpu-z-1613.zip
[2012.09.06 21:52:57 | 000,511,265 | ---- | M] () -- C:\Users\Nashoa\Desktop\adwcleaner.exe
[2012.09.06 20:38:14 | 035,769,381 | ---- | M] () -- C:\Users\Nashoa\Desktop\Elektrische Sicherheit.7z
[2012.09.06 20:17:23 | 032,848,485 | ---- | M] () -- C:\Users\Nashoa\Desktop\Flo Rida - Whistle [Official Video].mp4
[2012.09.06 19:39:38 | 000,207,582 | ---- | M] () -- C:\Users\Nashoa\Desktop\header.jpg
[2012.09.06 19:34:49 | 000,217,681 | ---- | M] () -- C:\Users\Nashoa\Desktop\battlefield_3_armored_kill-wide.jpg
[2012.09.06 19:24:40 | 000,057,009 | ---- | M] () -- C:\Users\Nashoa\Desktop\Battlefield 3 Armored Kill DLC.jpg
[2012.09.06 19:20:03 | 000,075,163 | ---- | M] () -- C:\Users\Nashoa\Desktop\603223_10151051610107672_97515401743_n.jpg
[2012.09.06 19:19:30 | 000,031,320 | ---- | M] () -- C:\Users\Nashoa\Desktop\BF3AK_sotlight.jpg
[2012.09.06 19:15:37 | 000,156,698 | ---- | M] () -- C:\Users\Nashoa\Desktop\603223_10151051610107672_975101743_n.jpg
[2012.09.06 19:05:35 | 000,002,056 | -H-- | M] () -- C:\Users\Nashoa\Documents\Default.rdp
[2012.09.05 20:04:42 | 001,110,476 | ---- | M] () -- C:\Users\Nashoa\Desktop\7z920.exe
[2012.09.05 19:57:04 | 000,043,075 | ---- | M] () -- C:\Users\Nashoa\Desktop\logs.zip
[2012.09.05 19:14:24 | 000,007,626 | ---- | M] () -- C:\Users\Nashoa\AppData\Local\Resmon.ResmonCfg
[2012.09.05 17:59:14 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.05 17:53:14 | 010,652,120 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Nashoa\Desktop\mbam-setup-1.62.0.1300.exe
[2012.09.05 17:35:21 | 000,000,004 | ---- | M] () -- C:\Users\Nashoa\AppData\Roaming\msconfig.ini
[2012.09.04 18:50:08 | 000,004,109 | ---- | M] () -- C:\Users\Nashoa\Desktop\torvpn-nashoa.zip
[2012.09.04 13:19:10 | 003,878,360 | ---- | M] () -- C:\Users\Nashoa\Desktop\battlelog-web-plugins-1.132.0-retail-prod.exe
[2012.08.31 23:29:32 | 000,467,826 | ---- | M] () -- C:\Users\Nashoa\Desktop\block_textures.png
[2012.08.31 23:29:32 | 000,000,132 | ---- | M] () -- C:\Users\Nashoa\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012.08.31 22:59:45 | 001,928,009 | ---- | M] () -- C:\Users\Nashoa\Desktop\block_textures.psd
[2012.08.31 15:41:54 | 000,000,318 | ---- | M] () -- C:\Users\Nashoa\Desktop\Curse Client.appref-ms
[2012.08.31 15:34:34 | 000,001,058 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2012.08.30 23:07:42 | 000,001,096 | ---- | M] () -- C:\Users\Nashoa\Desktop\Guild Wars 2.lnk
[2012.08.26 22:51:16 | 000,001,076 | ---- | M] () -- C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
[2012.08.25 00:24:06 | 000,000,909 | ---- | M] () -- C:\Users\Public\Desktop\AIMP3.lnk
[2012.08.18 10:17:51 | 004,931,577 | ---- | M] () -- C:\Windows\{00000007-00000000-00000000-00001102-00000004-20021102}.CDF
[2012.08.18 10:17:51 | 004,931,577 | ---- | M] () -- C:\Windows\{00000007-00000000-00000000-00001102-00000004-20021102}.BAK
[2012.08.17 15:23:14 | 000,000,159 | RH-- | M] () -- C:\Windows\ctfile.rfc
[2012.08.17 15:13:17 | 000,034,240 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000007-00000000-00000001-00001102-00000004-20021102}.rfx
[2012.08.17 15:13:17 | 000,034,240 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000007-00000000-00000001-00001102-00000004-20021102}.rfx
[2012.08.17 15:13:17 | 000,030,528 | ---- | M] () -- C:\Windows\SysNative\BMXCtrlState-{00000007-00000000-00000001-00001102-00000004-20021102}.rfx
[2012.08.16 22:29:34 | 000,402,280 | ---- | M] () -- C:\Users\Nashoa\Desktop\setup.exe
[2012.08.15 12:25:42 | 004,898,952 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2012.09.09 10:40:48 | 152,457,942 | ---- | C] () -- C:\Users\Nashoa\Desktop\Flo Rida - Whistle [Official Video]-1.mp4
[2012.09.07 17:46:17 | 003,878,360 | ---- | C] () -- C:\Users\Nashoa\Desktop\battlelog-web-plugins-1.132.0-retail-prod.exe
[2012.09.06 22:18:05 | 001,036,170 | ---- | C] () -- C:\Users\Nashoa\Desktop\GPU-Z.0.6.4.zip
[2012.09.06 21:59:57 | 001,832,806 | ---- | C] () -- C:\Users\Nashoa\Desktop\cpu-z-1613.zip
[2012.09.06 21:52:58 | 000,511,265 | ---- | C] () -- C:\Users\Nashoa\Desktop\adwcleaner.exe
[2012.09.06 20:37:02 | 035,769,381 | ---- | C] () -- C:\Users\Nashoa\Desktop\Elektrische Sicherheit.7z
[2012.09.06 20:15:25 | 032,848,485 | ---- | C] () -- C:\Users\Nashoa\Desktop\Flo Rida - Whistle [Official Video].mp4
[2012.09.06 19:39:36 | 000,207,582 | ---- | C] () -- C:\Users\Nashoa\Desktop\header.jpg
[2012.09.06 19:34:49 | 000,217,681 | ---- | C] () -- C:\Users\Nashoa\Desktop\battlefield_3_armored_kill-wide.jpg
[2012.09.06 19:24:40 | 000,057,009 | ---- | C] () -- C:\Users\Nashoa\Desktop\Battlefield 3 Armored Kill DLC.jpg
[2012.09.06 19:20:02 | 000,075,163 | ---- | C] () -- C:\Users\Nashoa\Desktop\603223_10151051610107672_97515401743_n.jpg
[2012.09.06 19:19:29 | 000,031,320 | ---- | C] () -- C:\Users\Nashoa\Desktop\BF3AK_sotlight.jpg
[2012.09.06 19:13:27 | 000,156,698 | ---- | C] () -- C:\Users\Nashoa\Desktop\603223_10151051610107672_975101743_n.jpg
[2012.09.05 20:04:43 | 001,110,476 | ---- | C] () -- C:\Users\Nashoa\Desktop\7z920.exe
[2012.09.05 19:57:04 | 000,043,075 | ---- | C] () -- C:\Users\Nashoa\Desktop\logs.zip
[2012.09.05 17:59:14 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.04 18:50:07 | 000,004,109 | ---- | C] () -- C:\Users\Nashoa\Desktop\torvpn-nashoa.zip
[2012.09.04 18:39:53 | 000,000,004 | ---- | C] () -- C:\Users\Nashoa\AppData\Roaming\msconfig.ini
[2012.08.31 23:39:08 | 000,009,545 | ---- | C] () -- C:\Users\Nashoa\Desktop\template.png
[2012.08.31 23:39:08 | 000,006,669 | ---- | C] () -- C:\Users\Nashoa\Desktop\marker.png
[2012.08.31 22:59:43 | 001,928,009 | ---- | C] () -- C:\Users\Nashoa\Desktop\block_textures.psd
[2012.08.31 22:41:06 | 000,467,826 | ---- | C] () -- C:\Users\Nashoa\Desktop\block_textures.png
[2012.08.31 21:56:36 | 004,270,831 | ---- | C] () -- C:\Users\Nashoa\Desktop\ATNDs_Buildcraft-Texture-Upgrade_256.rar
[2012.08.31 21:49:35 | 001,132,660 | ---- | C] () -- C:\Users\Nashoa\Desktop\ATNDs_Buildcraft-Texture-Upgrade_64.rar
[2012.08.31 15:41:54 | 000,000,318 | ---- | C] () -- C:\Users\Nashoa\Desktop\Curse Client.appref-ms
[2012.08.31 15:38:58 | 000,402,280 | ---- | C] () -- C:\Users\Nashoa\Desktop\setup.exe
[2012.08.30 23:07:42 | 000,001,096 | ---- | C] () -- C:\Users\Nashoa\Desktop\Guild Wars 2.lnk
[2012.08.30 19:30:43 | 000,001,058 | ---- | C] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2012.08.18 10:17:45 | 004,931,577 | ---- | C] () -- C:\Windows\{00000007-00000000-00000000-00001102-00000004-20021102}.BAK
[2012.08.18 10:17:43 | 004,931,577 | ---- | C] () -- C:\Windows\{00000007-00000000-00000000-00001102-00000004-20021102}.CDF
[2012.08.18 02:05:28 | 000,034,240 | ---- | C] () -- C:\Windows\SysNative\BMXStateBkp-{00000007-00000000-00000000-00001102-00000004-20021102}.rfx
[2012.08.18 02:05:28 | 000,034,240 | ---- | C] () -- C:\Windows\SysNative\BMXState-{00000007-00000000-00000000-00001102-00000004-20021102}.rfx
[2012.08.18 02:05:28 | 000,030,528 | ---- | C] () -- C:\Windows\SysNative\BMXCtrlState-{00000007-00000000-00000000-00001102-00000004-20021102}.rfx
[2012.08.18 02:05:28 | 000,030,528 | ---- | C] () -- C:\Windows\SysNative\BMXBkpCtrlState-{00000007-00000000-00000000-00001102-00000004-20021102}.rfx
[2012.08.18 02:05:28 | 000,011,564 | ---- | C] () -- C:\Windows\SysNative\DVCState-{00000007-00000000-00000000-00001102-00000004-20021102}.rfx
[2012.08.17 22:23:52 | 000,000,914 | ---- | C] () -- C:\Users\Nashoa\Desktop\Minecraft.lnk
[2012.07.31 22:54:40 | 000,038,481 | ---- | C] () -- C:\Users\Nashoa\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
[2012.07.08 16:24:57 | 000,007,626 | ---- | C] () -- C:\Users\Nashoa\AppData\Local\Resmon.ResmonCfg
[2012.06.16 23:20:22 | 000,000,062 | ---- | C] () -- C:\Users\Nashoa\.gitconfig
[2012.05.25 17:24:45 | 000,963,884 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012.05.25 17:24:45 | 000,221,264 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012.05.25 17:24:45 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.05.25 17:24:44 | 013,904,384 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2012.05.25 17:24:44 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2012.04.13 23:14:39 | 000,000,600 | ---- | C] () -- C:\Users\Nashoa\AppData\Local\PUTTY.RND
[2012.04.10 21:32:10 | 000,000,731 | ---- | C] () -- C:\Users\Nashoa\AppData\Roaming\MPQEditor.ini
[2012.03.25 12:01:56 | 000,001,240 | ---- | C] () -- C:\Users\Nashoa\programme.sdb
[2012.03.11 15:24:51 | 000,026,584 | ---- | C] () -- C:\Users\Nashoa\router_config.bin
[2012.03.09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.02.24 17:01:04 | 000,000,793 | ---- | C] () -- C:\Users\Nashoa\AppData\Roaming\Nashoav1.23.0.vbs
[2012.02.15 04:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.02.15 04:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.01.26 00:40:21 | 000,000,132 | ---- | C] () -- C:\Users\Nashoa\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2012.01.24 20:48:04 | 001,562,288 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.01.18 19:00:16 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2012.01.18 19:00:16 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2012.01.17 19:27:17 | 000,000,098 | ---- | C] () -- C:\Windows\SPL7019.DAT
[2012.01.09 19:42:05 | 000,000,132 | ---- | C] () -- C:\Users\Nashoa\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011.12.27 22:11:13 | 000,283,304 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.12.27 22:11:10 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2011.12.27 22:11:10 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.12.27 18:34:09 | 000,014,496 | ---- | C] () -- C:\Windows\HL-5250DN.INI
[2011.12.27 18:34:09 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011.12.27 18:34:09 | 000,000,153 | ---- | C] () -- C:\Windows\BRVIDEO.INI
[2011.12.27 18:34:09 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\brlmw03a.ini
[2011.12.27 18:34:09 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD5250DN.DAT
[2011.12.27 18:34:09 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
[2011.12.27 18:33:32 | 000,000,091 | ---- | C] () -- C:\Windows\Brownie.ini
[2011.12.27 17:21:14 | 000,000,077 | ---- | C] () -- C:\Users\Nashoa\Desktop Anzeigen.scf
[2011.12.27 17:21:11 | 006,111,232 | ---- | C] () -- C:\Users\Nashoa\icons.dll
[2011.12.27 17:21:11 | 005,620,224 | ---- | C] () -- C:\Users\Nashoa\icons_original.dll
[2011.12.27 17:21:03 | 001,586,319 | ---- | C] () -- C:\Users\Nashoa\Windows Loader v2.0.6.zip
[2011.12.27 16:35:25 | 000,002,899 | ---- | C] () -- C:\Users\Nashoa\1.m3u
[2011.12.27 15:17:00 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.09.13 01:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
 
========== LOP Check ==========
 
[2012.09.10 22:49:58 | 000,000,000 | ---D | M] -- C:\Users\Nashoa\AppData\Roaming\.minecraft
[2012.08.17 22:37:08 | 000,000,000 | ---D | M] -- C:\Users\Nashoa\AppData\Roaming\.minecraft1
[2012.09.10 22:56:47 | 000,000,000 | ---D | M] -- C:\Users\Nashoa\AppData\Roaming\AIMP3
[2012.04.27 13:20:51 | 000,000,000 | ---D | M] -- C:\Users\Nashoa\AppData\Roaming\Audacity
[2012.01.20 23:38:21 | 000,000,000 | ---D | M] -- C:\Users\Nashoa\AppData\Roaming\bizarre creations
[2012.06.06 22:44:56 | 000,000,000 | ---D | M] -- C:\Users\Nashoa\AppData\Roaming\BrowserCompanion
[2012.06.01 21:16:28 | 000,000,000 | ---D | M] -- C:\Users\Nashoa\AppData\Roaming\CadSoft
[2012.08.31 22:44:24 | 000,000,000 | ---D | M] -- C:\Users\Nashoa\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012.01.26 21:11:32 | 000,000,000 | ---D | M] -- C:\Users\Nashoa\AppData\Roaming\DAEMON Tools Lite
[2012.06.10 01:21:20 | 000,000,000 | ---D | M] -- C:\Users\Nashoa\AppData\Roaming\FileZilla
[2012.08.27 22:24:08 | 000,000,000 | ---D | M] -- C:\Users\Nashoa\AppData\Roaming\IcoFX2X
[2012.06.15 19:32:16 | 000,000,000 | ---D | M] -- C:\Users\Nashoa\AppData\Roaming\IsolatedStorage
[2012.01.31 18:27:38 | 000,000,000 | ---D | M] -- C:\Users\Nashoa\AppData\Roaming\Itsth
[2011.12.28 20:00:58 | 000,000,000 | ---D | M] -- C:\Users\Nashoa\AppData\Roaming\Leadertech
[2012.03.10 15:25:20 | 000,000,000 | ---D | M] -- C:\Users\Nashoa\AppData\Roaming\mkvtoolnix
[2012.02.05 21:35:28 | 000,000,000 | ---D | M] -- C:\Users\Nashoa\AppData\Roaming\MySQL
[2012.01.26 00:38:26 | 000,000,000 | ---D | M] -- C:\Users\Nashoa\AppData\Roaming\National Instruments
[2012.01.01 22:01:02 | 000,000,000 | ---D | M] -- C:\Users\Nashoa\AppData\Roaming\Notepad++
[2012.02.19 23:20:53 | 000,000,000 | ---D | M] -- C:\Users\Nashoa\AppData\Roaming\Opera
[2012.08.26 20:12:47 | 000,000,000 | ---D | M] -- C:\Users\Nashoa\AppData\Roaming\Origin
[2011.12.29 02:54:23 | 000,000,000 | ---D | M] -- C:\Users\Nashoa\AppData\Roaming\QIP
[2011.12.27 17:18:41 | 000,000,000 | ---D | M] -- C:\Users\Nashoa\AppData\Roaming\TeamViewer
[2012.03.18 12:44:13 | 000,000,000 | ---D | M] -- C:\Users\Nashoa\AppData\Roaming\TomTom
[2012.09.10 22:57:46 | 000,000,000 | ---D | M] -- C:\Users\Nashoa\AppData\Roaming\TrafficMonitor
[2011.12.28 02:34:09 | 000,000,000 | ---D | M] -- C:\Users\Nashoa\AppData\Roaming\TrueCrypt
[2012.08.05 04:17:07 | 000,000,000 | ---D | M] -- C:\Users\Nashoa\AppData\Roaming\TS3Client
[2012.04.23 20:38:10 | 000,000,000 | ---D | M] -- C:\Users\Nashoa\AppData\Roaming\ts3overlay
[2012.01.15 17:45:15 | 000,000,000 | ---D | M] -- C:\Users\Nashoa\AppData\Roaming\Ubisoft
[2012.05.22 19:44:10 | 000,000,000 | ---D | M] -- C:\Users\Nashoa\AppData\Roaming\Warsow 0.6
[2011.12.28 14:09:45 | 000,000,000 | ---D | M] -- C:\Users\Nashoa\AppData\Roaming\Windows Authenticator
[2012.06.16 23:54:43 | 000,000,000 | ---D | M] -- C:\Users\Nashoa\AppData\Roaming\WinFF
[2012.01.13 00:17:45 | 000,000,000 | ---D | M] -- C:\Users\Nashoa\AppData\Roaming\Wippien
[2012.08.01 00:53:44 | 000,000,000 | ---D | M] -- C:\Users\Nashoa\AppData\Roaming\XBMC
[2012.02.24 17:01:01 | 000,000,000 | ---D | M] -- C:\Users\Nashoa\AppData\Roaming\Xilisoft
[2012.09.03 17:18:10 | 000,000,000 | ---D | M] -- C:\Users\Nashoa\AppData\Roaming\XSManager
[2012.09.05 18:53:11 | 000,000,000 | ---D | M] -- C:\Users\Nashoa\AppData\Roaming\ZalmanInstaller_otshot
[2012.09.10 17:26:00 | 000,001,120 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2620911757-4132591521-1881684151-1000Core.job
[2012.09.10 20:26:00 | 000,001,142 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2620911757-4132591521-1881684151-1000UA.job
[2012.07.01 11:16:37 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.09.10 22:49:58 | 000,000,000 | ---D | M] -- C:\Users\Nashoa\AppData\Roaming\.minecraft
[2012.08.17 22:37:08 | 000,000,000 | ---D | M] -- C:\Users\Nashoa\AppData\Roaming\.minecraft1
[2012.03.11 16:16:10 | 000,000,000 | ---D | M] -- C:\Users\Nashoa\AppData\Roaming\Adobe
[2012.09.10 22:56:47 | 000,000,000 | ---D | M] -- C:\Users\Nashoa\AppData\Roaming\AIMP3
[2012.07.16 16:44:51 | 000,000,000 | ---D | M] -- C:\Users\Nashoa\AppData\Roaming\Apple Computer
[2011.12.28 21:36:02 | 000,000,000 | ---D | M] -- C:\Users\Nashoa\AppData\Roaming\ATI
[2012.04.27 13:20:51 | 000,000,000 | ---D | M] -- C:\Users\Nashoa\AppData\Roaming\Audacity
[2011.12.27 18:29:52 | 000,000,000 | ---D | M] -- C:\Users\Nashoa\AppData\Roaming\Avira
[2012.01.20 23:38:21 | 000,000,000 | ---D | M] -- C:\Users\Nashoa\AppData\Roaming\bizarre creations
[2012.05.12 20:01:43 | 000,000,000 | R--D | M] -- C:\Users\Nashoa\AppData\Roaming\Brother
[2012.06.06 22:44:56 | 000,000,000 | ---D | M] -- C:\Users\Nashoa\AppData\Roaming\BrowserCompanion
[2012.06.01 21:16:28 | 000,000,000 | ---D | M] -- C:\Users\Nashoa\AppData\Roaming\CadSoft
[2012.08.31 22:44:24 | 000,000,000 | ---D | M] -- C:\Users\Nashoa\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012.04.27 13:37:07 | 000,000,000 | ---D | M] -- C:\Users\Nashoa\AppData\Roaming\Creative
[2012.01.26 21:11:32 | 000,000,000 | ---D | M] -- C:\Users\Nashoa\AppData\Roaming\DAEMON Tools Lite
[2012.03.10 14:13:34 | 000,000,000 | ---D | M] -- C:\Users\Nashoa\AppData\Roaming\dvdcss
[2012.06.10 01:21:20 | 000,000,000 | ---D | M] -- C:\Users\Nashoa\AppData\Roaming\FileZilla
[2012.08.27 22:24:08 | 000,000,000 | ---D | M] -- C:\Users\Nashoa\AppData\Roaming\IcoFX2X
[2011.12.27 15:10:09 | 000,000,000 | ---D | M] -- C:\Users\Nashoa\AppData\Roaming\Identities
[2011.12.31 04:13:23 | 000,000,000 | ---D | M] -- C:\Users\Nashoa\AppData\Roaming\InstallShield
[2012.06.15 19:32:16 | 000,000,000 | ---D | M] -- C:\Users\Nashoa\AppData\Roaming\IsolatedStorage
[2012.01.31 18:27:38 | 000,000,000 | ---D | M] -- C:\Users\Nashoa\AppData\Roaming\Itsth
[2011.12.28 20:00:58 | 000,000,000 | ---D | M] -- C:\Users\Nashoa\AppData\Roaming\Leadertech
[2011.12.28 20:00:32 | 000,000,000 | ---D | M] -- C:\Users\Nashoa\AppData\Roaming\Logishrd
[2011.12.27 17:20:04 | 000,000,000 | ---D | M] -- C:\Users\Nashoa\AppData\Roaming\Logitech
[2011.12.27 17:42:22 | 000,000,000 | ---D | M] -- C:\Users\Nashoa\AppData\Roaming\Macromedia
[2012.09.05 17:59:27 | 000,000,000 | ---D | M] -- C:\Users\Nashoa\AppData\Roaming\Malwarebytes
[2009.07.14 20:18:19 | 000,000,000 | ---D | M] -- C:\Users\Nashoa\AppData\Roaming\Media Center Programs
[2011.12.28 02:39:37 | 000,000,000 | ---D | M] -- C:\Users\Nashoa\AppData\Roaming\Media Player Classic
[2012.08.01 00:27:22 | 000,000,000 | --SD | M] -- C:\Users\Nashoa\AppData\Roaming\Microsoft
[2012.03.10 15:25:20 | 000,000,000 | ---D | M] -- C:\Users\Nashoa\AppData\Roaming\mkvtoolnix
[2012.08.24 21:25:03 | 000,000,000 | ---D | M] -- C:\Users\Nashoa\AppData\Roaming\Mozilla
[2012.02.05 21:35:28 | 000,000,000 | ---D | M] -- C:\Users\Nashoa\AppData\Roaming\MySQL
[2012.01.26 00:38:26 | 000,000,000 | ---D | M] -- C:\Users\Nashoa\AppData\Roaming\National Instruments
[2012.01.01 22:01:02 | 000,000,000 | ---D | M] -- C:\Users\Nashoa\AppData\Roaming\Notepad++
[2012.05.29 15:41:13 | 000,000,000 | ---D | M] -- C:\Users\Nashoa\AppData\Roaming\NVIDIA
[2012.02.19 23:20:53 | 000,000,000 | ---D | M] -- C:\Users\Nashoa\AppData\Roaming\Opera
[2012.08.26 20:12:47 | 000,000,000 | ---D | M] -- C:\Users\Nashoa\AppData\Roaming\Origin
[2011.12.29 02:54:23 | 000,000,000 | ---D | M] -- C:\Users\Nashoa\AppData\Roaming\QIP
[2011.12.27 18:53:31 | 000,000,000 | ---D | M] -- C:\Users\Nashoa\AppData\Roaming\Realtime Soft
[2012.06.17 01:23:17 | 000,000,000 | RH-D | M] -- C:\Users\Nashoa\AppData\Roaming\SecuROM
[2012.09.10 22:57:55 | 000,000,000 | ---D | M] -- C:\Users\Nashoa\AppData\Roaming\Skype
[2011.12.27 17:18:41 | 000,000,000 | ---D | M] -- C:\Users\Nashoa\AppData\Roaming\TeamViewer
[2012.03.18 12:44:13 | 000,000,000 | ---D | M] -- C:\Users\Nashoa\AppData\Roaming\TomTom
[2012.09.10 22:57:46 | 000,000,000 | ---D | M] -- C:\Users\Nashoa\AppData\Roaming\TrafficMonitor
[2011.12.28 02:34:09 | 000,000,000 | ---D | M] -- C:\Users\Nashoa\AppData\Roaming\TrueCrypt
[2012.08.05 04:17:07 | 000,000,000 | ---D | M] -- C:\Users\Nashoa\AppData\Roaming\TS3Client
[2012.04.23 20:38:10 | 000,000,000 | ---D | M] -- C:\Users\Nashoa\AppData\Roaming\ts3overlay
[2012.01.15 17:45:15 | 000,000,000 | ---D | M] -- C:\Users\Nashoa\AppData\Roaming\Ubisoft
[2012.08.13 19:00:01 | 000,000,000 | ---D | M] -- C:\Users\Nashoa\AppData\Roaming\vlc
[2012.08.17 01:25:26 | 000,000,000 | ---D | M] -- C:\Users\Nashoa\AppData\Roaming\VMware
[2012.05.22 19:44:10 | 000,000,000 | ---D | M] -- C:\Users\Nashoa\AppData\Roaming\Warsow 0.6
[2012.04.23 20:38:12 | 000,000,000 | ---D | M] -- C:\Users\Nashoa\AppData\Roaming\Winamp
[2011.12.28 14:09:45 | 000,000,000 | ---D | M] -- C:\Users\Nashoa\AppData\Roaming\Windows Authenticator
[2012.06.16 23:54:43 | 000,000,000 | ---D | M] -- C:\Users\Nashoa\AppData\Roaming\WinFF
[2011.12.27 17:53:59 | 000,000,000 | ---D | M] -- C:\Users\Nashoa\AppData\Roaming\WinRAR
[2012.01.13 00:17:45 | 000,000,000 | ---D | M] -- C:\Users\Nashoa\AppData\Roaming\Wippien
[2012.08.01 00:53:44 | 000,000,000 | ---D | M] -- C:\Users\Nashoa\AppData\Roaming\XBMC
[2012.02.24 17:01:01 | 000,000,000 | ---D | M] -- C:\Users\Nashoa\AppData\Roaming\Xilisoft
[2012.09.03 17:18:10 | 000,000,000 | ---D | M] -- C:\Users\Nashoa\AppData\Roaming\XSManager
[2012.09.05 18:53:11 | 000,000,000 | ---D | M] -- C:\Users\Nashoa\AppData\Roaming\ZalmanInstaller_otshot
 
< %APPDATA%\*.exe /s >
[2011.02.23 16:07:44 | 000,270,142 | ---- | M] () -- C:\Users\Nashoa\AppData\Roaming\.minecraft\Minecraft.exe
[2012.08.25 00:23:59 | 007,070,005 | ---- | M] (AIMP DevTeam) -- C:\Users\Nashoa\AppData\Roaming\AIMP3\UpdateInstaller.exe
[2011.12.28 21:36:57 | 000,088,102 | R--- | M] () -- C:\Users\Nashoa\AppData\Roaming\Microsoft\Installer\{0309F85C-B1CC-DA9F-D184-FE93CCF08E1D}\ARPPRODUCTICON.exe
[2011.12.28 20:00:58 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Users\Nashoa\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
[2012.03.03 18:28:08 | 000,370,070 | R--- | M] () -- C:\Users\Nashoa\AppData\Roaming\Microsoft\Installer\{DDEBB7D6-671C-468D-98EB-EF9F1A1BC524}\RTWin7Lite.exe
[2012.06.30 16:14:17 | 004,997,888 | ---- | M] (Smith Micro                                                  ) -- C:\Users\Nashoa\AppData\Roaming\Microsoft\Windows\Templates\StuffItExpander2010.exe
[2012.04.01 19:01:26 | 006,125,360 | ---- | M] (SweetIM Technologies Ltd.) -- C:\Users\Nashoa\AppData\Roaming\ZalmanInstaller_otshot\otshotcomponent.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 06:33:40 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 06:33:40 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 06:27:24 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 06:27:24 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 05:20:30 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 05:20:30 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 06:33:50 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 06:33:50 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 05:21:06 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 05:21:06 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 06:27:26 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 06:27:26 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 05:08:58 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 05:08:58 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 06:27:28 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 06:27:28 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 05:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 05:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 06:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 06:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 06:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 06:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<           >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 163 bytes -> C:\ProgramData\TEMP:8EFFFE8D

< End of report >

cosinus · 10.09.2012, 22:30

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
FF - user.js - File not found
O4 - HKU\S-1-5-21-2620911757-4132591521-1881684151-1000..\Run: [ASRockXTU]  File not found
O4 - HKU\S-1-5-21-2620911757-4132591521-1881684151-1000..\Run: [Windows Defender] C:\install\WinDef.exe File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{5125faf5-4cf4-11e1-a965-00158315a310}\Shell - "" = AutoRun
O33 - MountPoints2\{5125faf5-4cf4-11e1-a965-00158315a310}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{be817f03-8d6b-11e1-8785-00158315a310}\Shell - "" = AutoRun
O33 - MountPoints2\{be817f03-8d6b-11e1-8785-00158315a310}\Shell\AutoRun\command - "" = G:\Windows/AutoRun.exe
O33 - MountPoints2\{c0c31c40-3098-11e1-929b-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c0c31c40-3098-11e1-929b-806e6f6e6963}\Shell\AutoRun\command - "" = F:\setup.exe
@Alternate Data Stream - 163 bytes -> C:\ProgramData\TEMP:8EFFFE8D
:Files
C:\Users\Nashoa\AppData\Local\{*
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Nashoa · 10.09.2012, 22:48

Code:

ATTFilter

All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-2620911757-4132591521-1881684151-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ASRockXTU deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2620911757-4132591521-1881684151-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Windows Defender deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5125faf5-4cf4-11e1-a965-00158315a310}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5125faf5-4cf4-11e1-a965-00158315a310}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5125faf5-4cf4-11e1-a965-00158315a310}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5125faf5-4cf4-11e1-a965-00158315a310}\ not found.
File I:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{be817f03-8d6b-11e1-8785-00158315a310}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{be817f03-8d6b-11e1-8785-00158315a310}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{be817f03-8d6b-11e1-8785-00158315a310}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{be817f03-8d6b-11e1-8785-00158315a310}\ not found.
File G:\Windows/AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c0c31c40-3098-11e1-929b-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c0c31c40-3098-11e1-929b-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c0c31c40-3098-11e1-929b-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c0c31c40-3098-11e1-929b-806e6f6e6963}\ not found.
File F:\setup.exe not found.
ADS C:\ProgramData\TEMP:8EFFFE8D deleted successfully.
========== FILES ==========
C:\Users\Nashoa\AppData\Local\{00D083E6-3588-4B08-A69B-76E883579151} folder moved successfully.
C:\Users\Nashoa\AppData\Local\{01748A35-07B5-444B-8F43-F648AA0B4B66} folder moved successfully.
C:\Users\Nashoa\AppData\Local\{02F4F5F7-2456-429F-A847-0A856BD5EE6B} folder moved successfully.
C:\Users\Nashoa\AppData\Local\{030CBA3A-1A6D-4963-9B18-306E9F17E618} folder moved successfully.
C:\Users\Nashoa\AppData\Local\{09E5B697-2F3E-4A46-9805-0FBEEDBD2A63} folder moved successfully.
C:\Users\Nashoa\AppData\Local\{0AEE6789-AD5F-4FD6-AF8E-7F985A18A82E} folder moved successfully.
C:\Users\Nashoa\AppData\Local\{1180998A-0556-48C2-82AC-1E4599D3DFF6} folder moved successfully.
C:\Users\Nashoa\AppData\Local\{1366CBE1-E73E-411B-8B07-DD6014493C67} folder moved successfully.
C:\Users\Nashoa\AppData\Local\{168FB229-D84E-4667-8131-BFD3771874D6} folder moved successfully.
C:\Users\Nashoa\AppData\Local\{1775AD0B-BAA4-4A1D-83B7-BB485E7858E8} folder moved successfully.
C:\Users\Nashoa\AppData\Local\{203CD813-3A37-492A-8013-50A27C6097D2} folder moved successfully.
C:\Users\Nashoa\AppData\Local\{2A939276-B038-4B3F-A5A7-F54F304D2F3E} folder moved successfully.
C:\Users\Nashoa\AppData\Local\{2CA8E5CE-7A16-453C-88B7-C1DF4A954F00} folder moved successfully.
C:\Users\Nashoa\AppData\Local\{31D0C21B-B56F-4E76-BD46-963347D7EEB7} folder moved successfully.
C:\Users\Nashoa\AppData\Local\{3376C839-CDF0-45C1-AF1C-E68B75917CB6} folder moved successfully.
C:\Users\Nashoa\AppData\Local\{361C3BBA-26A3-494E-B88F-18ECEAE98B7A} folder moved successfully.
C:\Users\Nashoa\AppData\Local\{3F784BEE-7169-4CF1-A59A-F3BBA0EF34B4} folder moved successfully.
C:\Users\Nashoa\AppData\Local\{42F1D99E-9797-4D05-8F03-AFD446C2348A} folder moved successfully.
C:\Users\Nashoa\AppData\Local\{48B84F60-DA9E-4DC4-AF4E-F97BF99D1FAE} folder moved successfully.
C:\Users\Nashoa\AppData\Local\{57356A4E-5FB1-444D-B7B2-989592F00B50} folder moved successfully.
C:\Users\Nashoa\AppData\Local\{580D24E8-3BB3-4E18-82DD-8EFC951BFEB2} folder moved successfully.
C:\Users\Nashoa\AppData\Local\{5BFDCB1B-6E16-4AD4-8387-0F2A459B8F63} folder moved successfully.
C:\Users\Nashoa\AppData\Local\{616E2762-30F6-401E-ABBC-BEDB9EA5B0F4} folder moved successfully.
C:\Users\Nashoa\AppData\Local\{631F9B3C-FDBB-4D73-972E-BE897B4FBC59} folder moved successfully.
C:\Users\Nashoa\AppData\Local\{690620B4-4150-4D87-9B4E-07FD617D7449} folder moved successfully.
C:\Users\Nashoa\AppData\Local\{699FA53D-E711-4A6E-8533-3A0A3F87C622} folder moved successfully.
C:\Users\Nashoa\AppData\Local\{69FCEF1C-501A-4C8C-B0CE-708BEF0AA5E8} folder moved successfully.
C:\Users\Nashoa\AppData\Local\{6DBF7F1A-8397-4D3D-ACD0-6A451DCE3868} folder moved successfully.
C:\Users\Nashoa\AppData\Local\{737C21C2-24C3-4932-87EB-872CD2961EC8} folder moved successfully.
C:\Users\Nashoa\AppData\Local\{75C10315-B04C-4132-A8C0-288B91D0844B} folder moved successfully.
C:\Users\Nashoa\AppData\Local\{75E446A8-33AD-4E49-BE4A-C0FCA7809200} folder moved successfully.
C:\Users\Nashoa\AppData\Local\{75F5FCD0-BBAA-4E6C-A32A-CBF149325CEF} folder moved successfully.
C:\Users\Nashoa\AppData\Local\{7DD3980E-CD60-4634-864D-2486F5C1310D} folder moved successfully.
C:\Users\Nashoa\AppData\Local\{7FC91AB2-253A-44FC-9D46-AE9F6DEC51FC} folder moved successfully.
C:\Users\Nashoa\AppData\Local\{80A8989D-D9BC-42E7-89C5-1F61785F2AB5} folder moved successfully.
C:\Users\Nashoa\AppData\Local\{8148D7E9-2628-45FB-B0D1-153F7D1F5E67} folder moved successfully.
C:\Users\Nashoa\AppData\Local\{85AD4FA8-5ECD-4C2C-B617-4BC372B669BF} folder moved successfully.
C:\Users\Nashoa\AppData\Local\{86EF7B80-CD66-49CA-AD8A-C0E328972AF8} folder moved successfully.
C:\Users\Nashoa\AppData\Local\{8793B1F9-5F60-4DAB-B71A-84DF04812938} folder moved successfully.
C:\Users\Nashoa\AppData\Local\{882ADEE8-06D3-4EEC-89D8-04AD53A11724} folder moved successfully.
C:\Users\Nashoa\AppData\Local\{8C6623A8-0830-40CF-93B9-031612423625} folder moved successfully.
C:\Users\Nashoa\AppData\Local\{906B42A3-A9BB-430A-8793-858E52C57480} folder moved successfully.
C:\Users\Nashoa\AppData\Local\{91A1DEB2-566B-4004-ACA3-3BBE4152830A} folder moved successfully.
C:\Users\Nashoa\AppData\Local\{93237FB7-E63B-4C06-BC84-FEED92AC03F9} folder moved successfully.
C:\Users\Nashoa\AppData\Local\{977A6765-B749-4A6D-9639-10FF18A5494C} folder moved successfully.
C:\Users\Nashoa\AppData\Local\{A21B239E-70D2-498D-89D6-7D8F71971D06} folder moved successfully.
C:\Users\Nashoa\AppData\Local\{A41127B6-A3EF-44B9-9350-7C23CFDA0CD2} folder moved successfully.
C:\Users\Nashoa\AppData\Local\{AAE28F2A-8510-4F37-A789-9B9C36343B74} folder moved successfully.
C:\Users\Nashoa\AppData\Local\{B2E8E41F-4EE4-4FA3-AD9A-F81F1EEB28E2} folder moved successfully.
C:\Users\Nashoa\AppData\Local\{BC897E61-F2C6-4EE3-96AD-6ECC011D00FF} folder moved successfully.
C:\Users\Nashoa\AppData\Local\{BC8E4553-C3EF-4098-8C44-90FFE40BAAD3} folder moved successfully.
C:\Users\Nashoa\AppData\Local\{C32A968C-872D-462C-9340-562FFE88C12A} folder moved successfully.
C:\Users\Nashoa\AppData\Local\{CC847E5D-3C34-4894-967F-7F3773F2157A} folder moved successfully.
C:\Users\Nashoa\AppData\Local\{CCC1998B-B135-44D6-A130-75BDC0C77AA9} folder moved successfully.
C:\Users\Nashoa\AppData\Local\{D430FFAC-823E-41C3-BB85-2A5EA4FEBEDB} folder moved successfully.
C:\Users\Nashoa\AppData\Local\{D47F823B-F583-4F97-B793-7612EE9F499C} folder moved successfully.
C:\Users\Nashoa\AppData\Local\{D4A56044-2C4D-40FA-AD8B-A7F58B486572} folder moved successfully.
C:\Users\Nashoa\AppData\Local\{D5AC7D94-0545-478C-8FD2-16C28D77EA19} folder moved successfully.
C:\Users\Nashoa\AppData\Local\{E73718E0-99BF-40DB-A3AA-4200FE9A44A3} folder moved successfully.
C:\Users\Nashoa\AppData\Local\{E7DE9558-3E78-48BF-BD93-0E3089E29EB2} folder moved successfully.
C:\Users\Nashoa\AppData\Local\{E8648034-B4A0-42F3-AB06-6C639BD1DA2C} folder moved successfully.
C:\Users\Nashoa\AppData\Local\{E929BC25-DACB-4D6E-ADE3-07759836B167} folder moved successfully.
C:\Users\Nashoa\AppData\Local\{ED04AB0F-BE08-4D3C-9B6C-37FD8AE6C04E} folder moved successfully.
C:\Users\Nashoa\AppData\Local\{F3D06C3E-F1CC-4B51-9033-AFB2514B6E81} folder moved successfully.
C:\Users\Nashoa\AppData\Local\{F9FC680E-74A9-4FB7-BE4B-A07BB67F4E55} folder moved successfully.
C:\Users\Nashoa\AppData\Local\{FA37C46A-409F-4CA8-B308-FBC64A9BD48E} folder moved successfully.
C:\Users\Nashoa\AppData\Local\{FAC7FAFE-125E-4630-8CDC-407918A47DD0} folder moved successfully.
C:\Users\Nashoa\AppData\Local\{FB0CF929-A924-4E52-BB52-573411CFE524} folder moved successfully.
C:\Users\Nashoa\AppData\Local\{FC50ADAA-B761-44FE-BF86-8AF25628F81D} folder moved successfully.
C:\Users\Nashoa\AppData\Local\{FCECFD9E-DF40-4A92-98A6-1502E2BAFCC5} folder moved successfully.
C:\Users\Nashoa\AppData\Local\{FFDAF80C-22CD-43D4-A6A6-87F092A84D73} folder moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Nashoa\Desktop\cmd.bat deleted successfully.
C:\Users\Nashoa\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56502 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Nashoa
->Temp folder emptied: 95740012 bytes
->Temporary Internet Files folder emptied: 242883834 bytes
->Java cache emptied: 1816200 bytes
->FireFox cache emptied: 201884349 bytes
->Opera cache emptied: 12541686 bytes
->Flash cache emptied: 24146 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 127411 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 529,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.61.3 log created on 09102012_234215

Files\Folders moved on Reboot...
C:\Users\Nashoa\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\vmware-SYSTEM\vmauthd.log scheduled to be moved on reboot.
C:\Windows\temp\vmware-SYSTEM\vmware-usbarb-SYSTEM-2968.log moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

cosinus · 11.09.2012, 13:41

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

Nashoa · 11.09.2012, 18:36

Code:

ATTFilter

19:30:42.0432 9260  TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
19:30:42.0432 9260  UEFI system
19:30:44.0433 9260  ============================================================
19:30:44.0433 9260  Current date / time: 2012/09/11 19:30:44.0433
19:30:44.0433 9260  SystemInfo:
19:30:44.0433 9260  
19:30:44.0433 9260  OS Version: 6.1.7601 ServicePack: 1.0
19:30:44.0433 9260  Product type: Workstation
19:30:44.0433 9260  ComputerName: NASHOA-PC
19:30:44.0434 9260  UserName: Nashoa
19:30:44.0434 9260  Windows directory: C:\Windows
19:30:44.0434 9260  System windows directory: C:\Windows
19:30:44.0434 9260  Running under WOW64
19:30:44.0434 9260  Processor architecture: Intel x64
19:30:44.0434 9260  Number of processors: 4
19:30:44.0434 9260  Page size: 0x1000
19:30:44.0434 9260  Boot type: Normal boot
19:30:44.0434 9260  ============================================================
19:30:44.0636 9260  Drive \Device\Harddisk1\DR1 - Size: 0x37E4896000 (223.57 Gb), SectorSize: 0x200, Cylinders: 0x7201, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:30:44.0636 9260  Drive \Device\Harddisk2\DR2 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:30:44.0655 9260  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:30:44.0659 9260  Drive \Device\Harddisk3\DR4 - Size: 0x79B00000 (1.90 Gb), SectorSize: 0x200, Cylinders: 0xF8, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:30:44.0661 9260  ============================================================
19:30:44.0661 9260  \Device\Harddisk1\DR1:
19:30:44.0661 9260  GPT partitions:
19:30:44.0662 9260  \Device\Harddisk1\DR1\Partition1: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {1BB67579-C9FA-454A-997D-063F11DF06BC}, Name: EFI system partition, StartLBA 0x800, BlocksNum 0x32000
19:30:44.0662 9260  \Device\Harddisk1\DR1\Partition2: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {C82280AB-930D-461B-A8A7-BDA526D34A64}, Name: Microsoft reserved partition, StartLBA 0x32800, BlocksNum 0x40000
19:30:44.0662 9260  \Device\Harddisk1\DR1\Partition3: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {4CAD7A77-A43A-49BE-95FC-2C9344C23CF8}, Name: Basic data partition, StartLBA 0x72800, BlocksNum 0x1BEB1000
19:30:44.0662 9260  MBR partitions:
19:30:44.0662 9260  \Device\Harddisk2\DR2:
19:30:44.0662 9260  MBR partitions:
19:30:44.0662 9260  \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A384800
19:30:44.0662 9260  \Device\Harddisk0\DR0:
19:30:44.0662 9260  MBR partitions:
19:30:44.0662 9260  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A384800
19:30:44.0662 9260  \Device\Harddisk3\DR4:
19:30:44.0663 9260  MBR partitions:
19:30:44.0663 9260  \Device\Harddisk3\DR4\Partition1: MBR, Type 0xB, StartLBA 0xF7, BlocksNum 0x3CD709
19:30:44.0663 9260  ============================================================
19:30:44.0665 9260  C: <-> \Device\Harddisk1\DR1\Partition3
19:30:44.0703 9260  D: <-> \Device\Harddisk0\DR0\Partition1
19:30:44.0725 9260  E: <-> \Device\Harddisk2\DR2\Partition1
19:30:44.0725 9260  ============================================================
19:30:44.0725 9260  Initialize success
19:30:44.0725 9260  ============================================================
19:31:57.0463 9176  ============================================================
19:31:57.0463 9176  Scan started
19:31:57.0463 9176  Mode: Manual; SigCheck; TDLFS; 
19:31:57.0463 9176  ============================================================
19:31:57.0783 9176  ================ Scan system memory ========================
19:31:57.0783 9176  System memory - ok
19:31:57.0783 9176  ================ Scan services =============================
19:31:57.0833 9176  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
19:31:57.0873 9176  1394ohci - ok
19:31:57.0883 9176  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
19:31:57.0893 9176  ACPI - ok
19:31:57.0893 9176  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
19:31:57.0913 9176  AcpiPmi - ok
19:31:57.0913 9176  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:31:57.0923 9176  AdobeARMservice - ok
19:31:57.0943 9176  [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:31:57.0963 9176  AdobeFlashPlayerUpdateSvc - ok
19:31:57.0973 9176  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
19:31:57.0993 9176  adp94xx - ok
19:31:57.0993 9176  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
19:31:58.0003 9176  adpahci - ok
19:31:58.0003 9176  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
19:31:58.0013 9176  adpu320 - ok
19:31:58.0023 9176  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
19:31:58.0033 9176  AeLookupSvc - ok
19:31:58.0043 9176  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
19:31:58.0053 9176  AFD - ok
19:31:58.0063 9176  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
19:31:58.0073 9176  agp440 - ok
19:31:58.0073 9176  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
19:31:58.0083 9176  ALG - ok
19:31:58.0083 9176  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
19:31:58.0093 9176  aliide - ok
19:31:58.0093 9176  [ 20C8A3E435A47F0408A1EA674AFA6194 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
19:31:58.0113 9176  AMD External Events Utility - ok
19:31:58.0123 9176  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
19:31:58.0123 9176  amdide - ok
19:31:58.0123 9176  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
19:31:58.0133 9176  AmdK8 - ok
19:31:58.0243 9176  [ 0B45C18B0F3EE996D25BAA4E74884B83 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
19:31:58.0383 9176  amdkmdag - ok
19:31:58.0383 9176  [ 0E57258E5CC4CC7A9A9A877AFDF0CEC6 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
19:31:58.0403 9176  amdkmdap - ok
19:31:58.0403 9176  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
19:31:58.0403 9176  AmdPPM - ok
19:31:58.0413 9176  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
19:31:58.0413 9176  amdsata - ok
19:31:58.0423 9176  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
19:31:58.0423 9176  amdsbs - ok
19:31:58.0433 9176  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
19:31:58.0433 9176  amdxata - ok
19:31:58.0443 9176  [ A122D68EA2541453F787F341877CB40B ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
19:31:58.0453 9176  AntiVirSchedulerService - ok
19:31:58.0453 9176  [ 2FE359EDEB34EFCF42574752F8AEBD3F ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
19:31:58.0463 9176  AntiVirService - ok
19:31:58.0473 9176  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
19:31:58.0513 9176  AppID - ok
19:31:58.0513 9176  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
19:31:58.0533 9176  AppIDSvc - ok
19:31:58.0543 9176  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
19:31:58.0563 9176  Appinfo - ok
19:31:58.0563 9176  [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:31:58.0563 9176  Apple Mobile Device - ok
19:31:58.0573 9176  [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt         C:\Windows\System32\appmgmts.dll
19:31:58.0583 9176  AppMgmt - ok
19:31:58.0583 9176  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
19:31:58.0593 9176  arc - ok
19:31:58.0593 9176  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
19:31:58.0593 9176  arcsas - ok
19:31:58.0603 9176  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
19:31:58.0623 9176  AsyncMac - ok
19:31:58.0623 9176  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
19:31:58.0623 9176  atapi - ok
19:31:58.0633 9176  [ 24464B908E143D2561E9E452FEE97309 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
19:31:58.0643 9176  AtiHDAudioService - ok
19:31:58.0643 9176  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:31:58.0673 9176  AudioEndpointBuilder - ok
19:31:58.0673 9176  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
19:31:58.0703 9176  AudioSrv - ok
19:31:58.0703 9176  [ AA8F79A1BDFC03B3BC70C44AB00589B4 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
19:31:58.0713 9176  avgntflt - ok
19:31:58.0713 9176  [ 852E3C0A60D368C487949E55AD52A47F ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
19:31:58.0733 9176  avipbb - ok
19:31:58.0733 9176  [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
19:31:58.0743 9176  avkmgr - ok
19:31:58.0743 9176  [ BD39D7CFD9D6A73396B618113A8E8D57 ] avmaudio        C:\Windows\system32\DRIVERS\avmaudio.sys
19:31:58.0753 9176  avmaudio - ok
19:31:58.0753 9176  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
19:31:58.0773 9176  AxInstSV - ok
19:31:58.0773 9176  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
19:31:58.0793 9176  b06bdrv - ok
19:31:58.0793 9176  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
19:31:58.0803 9176  b57nd60a - ok
19:31:58.0803 9176  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
19:31:58.0813 9176  BDESVC - ok
19:31:58.0813 9176  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
19:31:58.0833 9176  Beep - ok
19:31:58.0843 9176  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
19:31:58.0873 9176  BFE - ok
19:31:58.0883 9176  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
19:31:58.0903 9176  BITS - ok
19:31:58.0913 9176  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
19:31:58.0913 9176  blbdrive - ok
19:31:58.0923 9176  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
19:31:58.0933 9176  Bonjour Service - ok
19:31:58.0933 9176  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
19:31:58.0943 9176  bowser - ok
19:31:58.0943 9176  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:31:58.0953 9176  BrFiltLo - ok
19:31:58.0963 9176  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:31:58.0963 9176  BrFiltUp - ok
19:31:58.0973 9176  [ 5C2F352A4E961D72518261257AAE204B ] Bridge          C:\Windows\system32\DRIVERS\bridge.sys
19:31:58.0993 9176  Bridge - ok
19:31:58.0993 9176  [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
19:31:59.0013 9176  BridgeMP - ok
19:31:59.0013 9176  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
19:31:59.0023 9176  Browser - ok
19:31:59.0023 9176  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
19:31:59.0033 9176  Brserid - ok
19:31:59.0033 9176  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
19:31:59.0043 9176  BrSerWdm - ok
19:31:59.0043 9176  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
19:31:59.0053 9176  BrUsbMdm - ok
19:31:59.0053 9176  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
19:31:59.0063 9176  BrUsbSer - ok
19:31:59.0063 9176  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
19:31:59.0083 9176  BthEnum - ok
19:31:59.0093 9176  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
19:31:59.0093 9176  BTHMODEM - ok
19:31:59.0103 9176  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
19:31:59.0103 9176  BthPan - ok
19:31:59.0113 9176  [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
19:31:59.0123 9176  BTHPORT - ok
19:31:59.0133 9176  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
19:31:59.0153 9176  bthserv - ok
19:31:59.0153 9176  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
19:31:59.0163 9176  BTHUSB - ok
19:31:59.0163 9176  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
19:31:59.0183 9176  cdfs - ok
19:31:59.0183 9176  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
19:31:59.0193 9176  cdrom - ok
19:31:59.0193 9176  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
19:31:59.0213 9176  CertPropSvc - ok
19:31:59.0213 9176  [ 37C29F723A1174B21E7CC6E66D7C2C37 ] CH341SER_A64    C:\Windows\system32\Drivers\CH341S64.SYS
19:31:59.0223 9176  CH341SER_A64 - ok
19:31:59.0223 9176  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
19:31:59.0233 9176  circlass - ok
19:31:59.0243 9176  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
19:31:59.0253 9176  CLFS - ok
19:31:59.0253 9176  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:31:59.0263 9176  clr_optimization_v2.0.50727_32 - ok
19:31:59.0263 9176  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:31:59.0273 9176  clr_optimization_v2.0.50727_64 - ok
19:31:59.0273 9176  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:31:59.0293 9176  clr_optimization_v4.0.30319_32 - ok
19:31:59.0303 9176  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:31:59.0313 9176  clr_optimization_v4.0.30319_64 - ok
19:31:59.0313 9176  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
19:31:59.0323 9176  CmBatt - ok
19:31:59.0323 9176  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
19:31:59.0323 9176  cmdide - ok
19:31:59.0333 9176  [ 784CE219B4A02C20BCBC7A9A16F3E141 ] cmntnet         C:\Windows\system32\DRIVERS\cmntnet.sys
19:31:59.0343 9176  cmntnet - ok
19:31:59.0343 9176  [ C0B41B0A669F1E06E85050A86320E0AF ] cmnuusbser      C:\Windows\system32\DRIVERS\cmnuusbser.sys
19:31:59.0353 9176  cmnuusbser - ok
19:31:59.0353 9176  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
19:31:59.0363 9176  CNG - ok
19:31:59.0373 9176  [ F38ACFF40E9EDC2B3476EDD724CEA4A0 ] COMMONFX        C:\Windows\system32\drivers\COMMONFX.SYS
19:31:59.0383 9176  COMMONFX - ok
19:31:59.0383 9176  [ F38ACFF40E9EDC2B3476EDD724CEA4A0 ] COMMONFX.SYS    C:\Windows\System32\drivers\COMMONFX.SYS
19:31:59.0383 9176  COMMONFX.SYS - ok
19:31:59.0393 9176  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
19:31:59.0393 9176  Compbatt - ok
19:31:59.0393 9176  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
19:31:59.0403 9176  CompositeBus - ok
19:31:59.0403 9176  COMSysApp - ok
19:31:59.0413 9176  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
19:31:59.0413 9176  crcdisk - ok
19:31:59.0413 9176  [ C8BD651E13895B93ED9EC5B4F1DF42BC ] Creative ALchemy AL6 Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
19:31:59.0423 9176  Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - warning
19:31:59.0423 9176  Creative ALchemy AL6 Licensing Service - detected UnsignedFile.Multi.Generic (1)
19:31:59.0423 9176  [ C0EAD9F8AB83D41FF07303C75589C2B8 ] Creative Audio Engine Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
19:31:59.0423 9176  Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - warning
19:31:59.0423 9176  Creative Audio Engine Licensing Service - detected UnsignedFile.Multi.Generic (1)
19:31:59.0433 9176  [ 4F5414602E2544A4554D95517948B705 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
19:31:59.0443 9176  CryptSvc - ok
19:31:59.0453 9176  [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC             C:\Windows\system32\drivers\csc.sys
19:31:59.0473 9176  CSC - ok
19:31:59.0483 9176  [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService      C:\Windows\System32\cscsvc.dll
19:31:59.0493 9176  CscService - ok
19:31:59.0503 9176  [ 095C566746217CD1482EDE40A70D87D2 ] ctac32k         C:\Windows\system32\drivers\ctac32k.sys
19:31:59.0513 9176  ctac32k - ok
19:31:59.0523 9176  [ 157E2196FCCD002A2EDF3B06DF7B0C9A ] ctaud2k         C:\Windows\system32\drivers\ctaud2k.sys
19:31:59.0553 9176  ctaud2k - ok
19:31:59.0563 9176  [ 17979EE857E930CBFDF24A12E89D77A1 ] CTAUDFX         C:\Windows\system32\drivers\CTAUDFX.SYS
19:31:59.0593 9176  CTAUDFX - ok
19:31:59.0603 9176  [ 17979EE857E930CBFDF24A12E89D77A1 ] CTAUDFX.SYS     C:\Windows\System32\drivers\CTAUDFX.SYS
19:31:59.0623 9176  CTAUDFX.SYS - ok
19:31:59.0623 9176  [ 5CE3D0E1D1B3832EE052CFC442EEE0FA ] CTAudSvcService C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
19:31:59.0633 9176  CTAudSvcService ( UnsignedFile.Multi.Generic ) - warning
19:31:59.0633 9176  CTAudSvcService - detected UnsignedFile.Multi.Generic (1)
19:31:59.0643 9176  [ FE3EAE37536C02D087E5C5D339663779 ] CTERFXFX        C:\Windows\system32\drivers\CTERFXFX.SYS
19:31:59.0653 9176  CTERFXFX - ok
19:31:59.0653 9176  [ FE3EAE37536C02D087E5C5D339663779 ] CTERFXFX.SYS    C:\Windows\System32\drivers\CTERFXFX.SYS
19:31:59.0663 9176  CTERFXFX.SYS - ok
19:31:59.0663 9176  [ 59E6714EA7099D2AFA6AED859B6551EA ] ctgame          C:\Windows\system32\DRIVERS\ctgame.sys
19:31:59.0673 9176  ctgame - ok
19:31:59.0673 9176  [ 4E4FDAB4A7CF5AF56E3FA1FE35E8AD3C ] ctprxy2k        C:\Windows\system32\drivers\ctprxy2k.sys
19:31:59.0683 9176  ctprxy2k - ok
19:31:59.0683 9176  [ 4A7DE2E30B2B9253933A157401EC76D5 ] CTSBLFX         C:\Windows\system32\drivers\CTSBLFX.SYS
19:31:59.0703 9176  CTSBLFX - ok
19:31:59.0703 9176  [ 4A7DE2E30B2B9253933A157401EC76D5 ] CTSBLFX.SYS     C:\Windows\System32\drivers\CTSBLFX.SYS
19:31:59.0713 9176  CTSBLFX.SYS - ok
19:31:59.0723 9176  [ 065ADE032A044D518AB1407D3586B7D5 ] ctsfm2k         C:\Windows\system32\drivers\ctsfm2k.sys
19:31:59.0733 9176  ctsfm2k - ok
19:31:59.0733 9176  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
19:31:59.0763 9176  DcomLaunch - ok
19:31:59.0763 9176  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
19:31:59.0783 9176  defragsvc - ok
19:31:59.0783 9176  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
19:31:59.0803 9176  DfsC - ok
19:31:59.0813 9176  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
19:31:59.0833 9176  Dhcp - ok
19:31:59.0833 9176  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
19:31:59.0853 9176  discache - ok
19:31:59.0853 9176  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
19:31:59.0863 9176  Disk - ok
19:31:59.0863 9176  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
19:31:59.0873 9176  Dnscache - ok
19:31:59.0883 9176  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
19:31:59.0903 9176  dot3svc - ok
19:31:59.0903 9176  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
19:31:59.0923 9176  DPS - ok
19:31:59.0923 9176  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
19:31:59.0933 9176  drmkaud - ok
19:31:59.0943 9176  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
19:31:59.0963 9176  DXGKrnl - ok
19:31:59.0963 9176  [ EDC6E9C057C9D7F83EEA22B4CEF5DCAD ] E1G60           C:\Windows\system32\DRIVERS\E1G6032E.sys
19:31:59.0973 9176  E1G60 - ok
19:31:59.0973 9176  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
19:31:59.0993 9176  EapHost - ok
19:32:00.0013 9176  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
19:32:00.0053 9176  ebdrv - ok
19:32:00.0053 9176  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
19:32:00.0063 9176  EFS - ok
19:32:00.0073 9176  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
19:32:00.0083 9176  ehRecvr - ok
19:32:00.0093 9176  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
19:32:00.0093 9176  ehSched - ok
19:32:00.0103 9176  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
19:32:00.0113 9176  elxstor - ok
19:32:00.0123 9176  [ F380FF5D6D80CECC6DBBC15569757613 ] emupia          C:\Windows\system32\drivers\emupia2k.sys
19:32:00.0123 9176  emupia - ok
19:32:00.0123 9176  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
19:32:00.0133 9176  ErrDev - ok
19:32:00.0133 9176  [ DF2F6C1E55F6E81CFC7F688380D85816 ] EtronHub3       C:\Windows\system32\Drivers\EtronHub3.sys
19:32:00.0143 9176  EtronHub3 - ok
19:32:00.0143 9176  [ E093ABFB67A4B9D94F80611A7D0A8BB9 ] EtronXHCI       C:\Windows\system32\Drivers\EtronXHCI.sys
19:32:00.0153 9176  EtronXHCI - ok
19:32:00.0153 9176  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
19:32:00.0173 9176  EventSystem - ok
19:32:00.0183 9176  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
19:32:00.0203 9176  exfat - ok
19:32:00.0203 9176  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
19:32:00.0223 9176  fastfat - ok
19:32:00.0233 9176  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
19:32:00.0243 9176  Fax - ok
19:32:00.0243 9176  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
19:32:00.0253 9176  fdc - ok
19:32:00.0253 9176  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
19:32:00.0273 9176  fdPHost - ok
19:32:00.0273 9176  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
19:32:00.0293 9176  FDResPub - ok
19:32:00.0293 9176  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
19:32:00.0303 9176  FileInfo - ok
19:32:00.0303 9176  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
19:32:00.0323 9176  Filetrace - ok
19:32:00.0323 9176  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
19:32:00.0333 9176  flpydisk - ok
19:32:00.0333 9176  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
19:32:00.0343 9176  FltMgr - ok
19:32:00.0353 9176  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
19:32:00.0373 9176  FontCache - ok
19:32:00.0373 9176  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:32:00.0383 9176  FontCache3.0.0.0 - ok
19:32:00.0383 9176  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
19:32:00.0383 9176  FsDepends - ok
19:32:00.0393 9176  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
19:32:00.0393 9176  Fs_Rec - ok
19:32:00.0403 9176  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
19:32:00.0413 9176  fvevol - ok
19:32:00.0413 9176  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
19:32:00.0413 9176  gagp30kx - ok
19:32:00.0423 9176  [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:32:00.0423 9176  GEARAspiWDM - ok
19:32:00.0433 9176  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
19:32:00.0453 9176  gpsvc - ok
19:32:00.0463 9176  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:32:00.0463 9176  gupdate - ok
19:32:00.0463 9176  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:32:00.0473 9176  gupdatem - ok
19:32:00.0483 9176  [ 82B68F585110AE8500A6D23623AE1F74 ] ha10kx2k        C:\Windows\system32\drivers\ha10kx2k.sys
19:32:00.0503 9176  ha10kx2k - ok
19:32:00.0513 9176  [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi         C:\Windows\system32\DRIVERS\hamachi.sys
19:32:00.0513 9176  hamachi - ok
19:32:00.0533 9176  [ CE77BC37BDD36C9DC50C3591EBAC3FA3 ] Hamachi2Svc     C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
19:32:00.0583 9176  Hamachi2Svc - ok
19:32:00.0593 9176  [ 83F647F9ACE9192556F758E528024F68 ] hap16v2k        C:\Windows\system32\drivers\hap16v2k.sys
19:32:00.0603 9176  hap16v2k - ok
19:32:00.0603 9176  [ E815D29361DE89D24C8DBE3E5A7006C9 ] hap17v2k        C:\Windows\system32\drivers\hap17v2k.sys
19:32:00.0613 9176  hap17v2k - ok
19:32:00.0613 9176  [ ADB4348DA1345877B04E22203AFC8993 ] hcmon           C:\Windows\system32\drivers\hcmon.sys
19:32:00.0623 9176  hcmon - ok
19:32:00.0623 9176  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
19:32:00.0633 9176  hcw85cir - ok
19:32:00.0633 9176  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:32:00.0643 9176  HdAudAddService - ok
19:32:00.0653 9176  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
19:32:00.0653 9176  HDAudBus - ok
19:32:00.0663 9176  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
19:32:00.0673 9176  HidBatt - ok
19:32:00.0683 9176  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
19:32:00.0703 9176  HidBth - ok
19:32:00.0703 9176  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
19:32:00.0723 9176  HidIr - ok
19:32:00.0723 9176  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
19:32:00.0763 9176  hidserv - ok
19:32:00.0763 9176  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
19:32:00.0773 9176  HidUsb - ok
19:32:00.0773 9176  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
19:32:00.0793 9176  hkmsvc - ok
19:32:00.0793 9176  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:32:00.0803 9176  HomeGroupListener - ok
19:32:00.0813 9176  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:32:00.0813 9176  HomeGroupProvider - ok
19:32:00.0823 9176  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
19:32:00.0823 9176  HpSAMD - ok
19:32:00.0833 9176  HSPADataCardusbmdm - ok
19:32:00.0833 9176  HSPADataCardusbnmea - ok
19:32:00.0833 9176  HSPADataCardusbser - ok
19:32:00.0843 9176  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
19:32:00.0863 9176  HTTP - ok
19:32:00.0863 9176  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
19:32:00.0873 9176  hwpolicy - ok
19:32:00.0873 9176  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
19:32:00.0883 9176  i8042prt - ok
19:32:00.0883 9176  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
19:32:00.0903 9176  iaStorV - ok
19:32:00.0903 9176  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:32:00.0923 9176  idsvc - ok
19:32:01.0013 9176  [ F4F91789C7C7A159CE8215C1F69F2A85 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
19:32:01.0163 9176  igfx ( UnsignedFile.Multi.Generic ) - warning
19:32:01.0163 9176  igfx - detected UnsignedFile.Multi.Generic (1)
19:32:01.0163 9176  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
19:32:01.0173 9176  iirsp - ok
19:32:01.0173 9176  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
19:32:01.0213 9176  IKEEXT - ok
19:32:01.0243 9176  [ 65F70696BE5ABC11634FCF96AF7D7896 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
19:32:01.0303 9176  IntcAzAudAddService - ok
19:32:01.0313 9176  [ AE594CC17C33AC146739494615E14851 ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
19:32:01.0323 9176  IntcDAud ( UnsignedFile.Multi.Generic ) - warning
19:32:01.0323 9176  IntcDAud - detected UnsignedFile.Multi.Generic (1)
19:32:01.0323 9176  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
19:32:01.0333 9176  intelide - ok
19:32:01.0333 9176  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
19:32:01.0343 9176  intelppm - ok
19:32:01.0343 9176  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
19:32:01.0363 9176  IPBusEnum - ok
19:32:01.0363 9176  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:32:01.0383 9176  IpFilterDriver - ok
19:32:01.0393 9176  [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
19:32:01.0413 9176  iphlpsvc - ok
19:32:01.0413 9176  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
19:32:01.0423 9176  IPMIDRV - ok
19:32:01.0423 9176  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
19:32:01.0443 9176  IPNAT - ok
19:32:01.0453 9176  [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
19:32:01.0473 9176  iPod Service - ok
19:32:01.0473 9176  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
19:32:01.0483 9176  IRENUM - ok
19:32:01.0483 9176  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
19:32:01.0493 9176  isapnp - ok
19:32:01.0493 9176  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
19:32:01.0503 9176  iScsiPrt - ok
19:32:01.0513 9176  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
19:32:01.0513 9176  kbdclass - ok
19:32:01.0513 9176  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
19:32:01.0523 9176  kbdhid - ok
19:32:01.0523 9176  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
19:32:01.0533 9176  KeyIso - ok
19:32:01.0533 9176  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
19:32:01.0543 9176  KSecDD - ok
19:32:01.0543 9176  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
19:32:01.0553 9176  KSecPkg - ok
19:32:01.0553 9176  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
19:32:01.0573 9176  ksthunk - ok
19:32:01.0573 9176  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
19:32:01.0593 9176  KtmRm - ok
19:32:01.0603 9176  [ 7D80A55B6D0C2A54728158E846F4696D ] L8042Kbd        C:\Windows\system32\DRIVERS\L8042Kbd.sys
19:32:01.0603 9176  L8042Kbd - ok
19:32:01.0613 9176  [ 40985C70AC469208EC010A72C2F72ED9 ] L8042mou        C:\Windows\system32\DRIVERS\L8042mou.Sys
19:32:01.0613 9176  L8042mou - ok
19:32:01.0613 9176  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
19:32:01.0643 9176  LanmanServer - ok
19:32:01.0643 9176  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:32:01.0683 9176  LanmanWorkstation - ok
19:32:01.0683 9176  [ 7772DFAB22611050B79504E671B06E6E ] LBTServ         C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
19:32:01.0703 9176  LBTServ - ok
19:32:01.0713 9176  [ 241F2648ADF090E2A10095BD6D6F5DCB ] LHidFilt        C:\Windows\system32\DRIVERS\LHidFilt.Sys
19:32:01.0713 9176  LHidFilt - ok
19:32:01.0743 9176  [ 20CDB07017497C94A0BAD253C4BAFCBC ] LkCitadelServer C:\Windows\SysWOW64\lkcitdl.exe
19:32:01.0753 9176  LkCitadelServer - ok
19:32:01.0763 9176  [ 99121FD465F7A65AC15EEC3B4034C1E4 ] lkClassAds      C:\Windows\SysWOW64\lkads.exe
19:32:01.0763 9176  lkClassAds - ok
19:32:01.0763 9176  [ 19C8D1B03A5229CBBE1037425701F55F ] lkTimeSync      C:\Windows\SysWOW64\lktsrv.exe
19:32:01.0773 9176  lkTimeSync - ok
19:32:01.0773 9176  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
19:32:01.0793 9176  lltdio - ok
19:32:01.0793 9176  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
19:32:01.0823 9176  lltdsvc - ok
19:32:01.0823 9176  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
19:32:01.0843 9176  lmhosts - ok
19:32:01.0843 9176  [ 342ED5A4B3326014438F36D22D803737 ] LMouFilt        C:\Windows\system32\DRIVERS\LMouFilt.Sys
19:32:01.0843 9176  LMouFilt - ok
19:32:01.0853 9176  [ 2AB80E1D548CACC409F8F4D5D945D219 ] LMouKE          C:\Windows\system32\DRIVERS\LMouKE.Sys
19:32:01.0853 9176  LMouKE - ok
19:32:01.0863 9176  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
19:32:01.0863 9176  LSI_FC - ok
19:32:01.0873 9176  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
19:32:01.0873 9176  LSI_SAS - ok
19:32:01.0883 9176  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:32:01.0883 9176  LSI_SAS2 - ok
19:32:01.0883 9176  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:32:01.0893 9176  LSI_SCSI - ok
19:32:01.0893 9176  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
19:32:01.0913 9176  luafv - ok
19:32:01.0913 9176  massfilter - ok
19:32:01.0923 9176  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
19:32:01.0933 9176  Mcx2Svc - ok
19:32:01.0943 9176  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
19:32:01.0953 9176  megasas - ok
19:32:01.0963 9176  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
19:32:01.0973 9176  MegaSR - ok
19:32:01.0973 9176  [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
19:32:01.0983 9176  MEIx64 - ok
19:32:01.0983 9176  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
19:32:02.0003 9176  MMCSS - ok
19:32:02.0013 9176  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
19:32:02.0023 9176  Modem - ok
19:32:02.0033 9176  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
19:32:02.0033 9176  monitor - ok
19:32:02.0043 9176  [ 95314C3A08589471983C2C8173F23CDA ] MonitorFunction C:\Windows\system32\DRIVERS\TVMonitor.sys
19:32:02.0043 9176  MonitorFunction - ok
19:32:02.0043 9176  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
19:32:02.0053 9176  mouclass - ok
19:32:02.0053 9176  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
19:32:02.0063 9176  mouhid - ok
19:32:02.0063 9176  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
19:32:02.0073 9176  mountmgr - ok
19:32:02.0073 9176  [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:32:02.0083 9176  MozillaMaintenance - ok
19:32:02.0083 9176  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
19:32:02.0093 9176  mpio - ok
19:32:02.0093 9176  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
19:32:02.0113 9176  mpsdrv - ok
19:32:02.0123 9176  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
19:32:02.0143 9176  MpsSvc - ok
19:32:02.0153 9176  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
19:32:02.0163 9176  MRxDAV - ok
19:32:02.0163 9176  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
19:32:02.0173 9176  mrxsmb - ok
19:32:02.0173 9176  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:32:02.0183 9176  mrxsmb10 - ok
19:32:02.0183 9176  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:32:02.0193 9176  mrxsmb20 - ok
19:32:02.0193 9176  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
19:32:02.0203 9176  msahci - ok
19:32:02.0203 9176  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
19:32:02.0213 9176  msdsm - ok
19:32:02.0213 9176  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
19:32:02.0223 9176  MSDTC - ok
19:32:02.0223 9176  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
19:32:02.0243 9176  Msfs - ok
19:32:02.0243 9176  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
19:32:02.0263 9176  mshidkmdf - ok
19:32:02.0263 9176  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
19:32:02.0273 9176  msisadrv - ok
19:32:02.0273 9176  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
19:32:02.0293 9176  MSiSCSI - ok
19:32:02.0293 9176  msiserver - ok
19:32:02.0303 9176  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
19:32:02.0313 9176  MSKSSRV - ok
19:32:02.0323 9176  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
19:32:02.0333 9176  MSPCLOCK - ok
19:32:02.0343 9176  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
19:32:02.0363 9176  MSPQM - ok
19:32:02.0363 9176  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
19:32:02.0373 9176  MsRPC - ok
19:32:02.0373 9176  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
19:32:02.0383 9176  mssmbios - ok
19:32:02.0383 9176  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
19:32:02.0403 9176  MSTEE - ok
19:32:02.0403 9176  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
19:32:02.0413 9176  MTConfig - ok
19:32:02.0413 9176  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
19:32:02.0423 9176  Mup - ok
19:32:02.0423 9176  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
19:32:02.0443 9176  napagent - ok
19:32:02.0453 9176  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
19:32:02.0463 9176  NativeWifiP - ok
19:32:02.0473 9176  [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS            C:\Windows\system32\drivers\ndis.sys
19:32:02.0513 9176  NDIS - ok
19:32:02.0513 9176  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
19:32:02.0543 9176  NdisCap - ok
19:32:02.0553 9176  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
19:32:02.0563 9176  NdisTapi - ok
19:32:02.0573 9176  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
19:32:02.0593 9176  Ndisuio - ok
19:32:02.0593 9176  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
19:32:02.0613 9176  NdisWan - ok
19:32:02.0613 9176  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
19:32:02.0633 9176  NDProxy - ok
19:32:02.0633 9176  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
19:32:02.0653 9176  NetBIOS - ok
19:32:02.0663 9176  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
19:32:02.0693 9176  NetBT - ok
19:32:02.0703 9176  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
19:32:02.0703 9176  Netlogon - ok
19:32:02.0713 9176  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
19:32:02.0743 9176  Netman - ok
19:32:02.0753 9176  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
19:32:02.0793 9176  netprofm - ok
19:32:02.0793 9176  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:32:02.0803 9176  NetTcpPortSharing - ok
19:32:02.0803 9176  NETwNs64 - ok
19:32:02.0803 9176  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
19:32:02.0813 9176  nfrd960 - ok
19:32:02.0813 9176  [ CEEFDE8FACE887D6DDA664940404EA58 ] NIDomainService C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
19:32:02.0823 9176  NIDomainService - ok
19:32:02.0833 9176  [ B17093B9A2C5F874975C732C1A8BA771 ] NILM License Manager C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe
19:32:02.0853 9176  NILM License Manager ( UnsignedFile.Multi.Generic ) - warning
19:32:02.0853 9176  NILM License Manager - detected UnsignedFile.Multi.Generic (1)
19:32:02.0853 9176  niSvcLoc - ok
19:32:02.0853 9176  [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc          C:\Windows\System32\nlasvc.dll
19:32:02.0873 9176  NlaSvc - ok
19:32:02.0883 9176  [ AD42FB061166AF0643806800304BD76F ] NLNdisMP        C:\Windows\system32\DRIVERS\nlndis.sys
19:32:02.0883 9176  NLNdisMP - ok
19:32:02.0883 9176  [ AD42FB061166AF0643806800304BD76F ] NLNdisPT        C:\Windows\system32\DRIVERS\nlndis.sys
19:32:02.0893 9176  NLNdisPT - ok
19:32:02.0903 9176  [ 6988373E38223438B09F0C27D7E67393 ] nlsvc           C:\Program Files\NetLimiter 3\nlsvc.exe
19:32:02.0933 9176  nlsvc ( UnsignedFile.Multi.Generic ) - warning
19:32:02.0933 9176  nlsvc - detected UnsignedFile.Multi.Generic (1)
19:32:02.0933 9176  [ 75E6581DE9A0B155EDAB6807E668BE06 ] nltdi           C:\Program Files\NetLimiter 3\nltdi.sys
19:32:02.0943 9176  nltdi - ok
19:32:02.0943 9176  [ 351533ACC2A069B94E80BBFC177E8FDF ] NPF             C:\Windows\system32\drivers\npf.sys
19:32:02.0953 9176  NPF - ok
19:32:02.0953 9176  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
19:32:02.0973 9176  Npfs - ok
19:32:02.0973 9176  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
19:32:02.0993 9176  nsi - ok
19:32:02.0993 9176  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
19:32:03.0013 9176  nsiproxy - ok
19:32:03.0023 9176  [ A2F74975097F52A00745F9637451FDD8 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
19:32:03.0053 9176  Ntfs - ok
19:32:03.0053 9176  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
19:32:03.0073 9176  Null - ok
19:32:03.0213 9176  [ BA0B4889C40380A01ECDF84C227A89C9 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:32:03.0523 9176  nvlddmkm - ok
19:32:03.0533 9176  [ 715D45ED30003FC70CFA0D9C6DD0B538 ] nvpciflt        C:\Windows\system32\DRIVERS\nvpciflt.sys
19:32:03.0543 9176  nvpciflt - ok
19:32:03.0543 9176  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
19:32:03.0563 9176  nvraid - ok
19:32:03.0563 9176  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
19:32:03.0573 9176  nvstor - ok
19:32:03.0593 9176  [ 06633CF95BEA62164C3BFCA24BCE6B11 ] nvsvc           C:\Windows\system32\nvvsvc.exe
19:32:03.0613 9176  nvsvc - ok
19:32:03.0633 9176  [ 53B629CE436B110C5689C2F6439E567B ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
19:32:03.0643 9176  nvUpdatusService - ok
19:32:03.0653 9176  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
19:32:03.0653 9176  nv_agp - ok
19:32:03.0663 9176  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
19:32:03.0663 9176  ohci1394 - ok
19:32:03.0673 9176  [ 4965B005492CBA7719E82B71E3245495 ] ose64           C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:32:03.0673 9176  ose64 - ok
19:32:03.0733 9176  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:32:03.0813 9176  osppsvc - ok
19:32:03.0823 9176  [ 85EA378116E2C4385993BA5124536FFC ] ossrv           C:\Windows\system32\drivers\ctoss2k.sys
19:32:03.0833 9176  ossrv - ok
19:32:03.0833 9176  otshot - ok
19:32:03.0833 9176  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
19:32:03.0843 9176  p2pimsvc - ok
19:32:03.0853 9176  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
19:32:03.0863 9176  p2psvc - ok
19:32:03.0863 9176  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
19:32:03.0873 9176  Parport - ok
19:32:03.0873 9176  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
19:32:03.0883 9176  partmgr - ok
19:32:03.0883 9176  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
19:32:03.0893 9176  PcaSvc - ok
19:32:03.0893 9176  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
19:32:03.0903 9176  pci - ok
19:32:03.0903 9176  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
19:32:03.0913 9176  pciide - ok
19:32:03.0913 9176  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
19:32:03.0923 9176  pcmcia - ok
19:32:03.0923 9176  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
19:32:03.0933 9176  pcw - ok
19:32:03.0933 9176  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
19:32:03.0963 9176  PEAUTH - ok
19:32:03.0973 9176  [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
19:32:04.0003 9176  PeerDistSvc - ok
19:32:04.0003 9176  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
19:32:04.0023 9176  PerfHost - ok
19:32:04.0043 9176  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
19:32:04.0083 9176  pla - ok
19:32:04.0093 9176  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
19:32:04.0103 9176  PlugPlay - ok
19:32:04.0103 9176  PnkBstrA - ok
19:32:04.0103 9176  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
19:32:04.0113 9176  PNRPAutoReg - ok
19:32:04.0113 9176  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
19:32:04.0123 9176  PNRPsvc - ok
19:32:04.0133 9176  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
19:32:04.0153 9176  PolicyAgent - ok
19:32:04.0153 9176  PORTMON - ok
19:32:04.0163 9176  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
19:32:04.0203 9176  Power - ok
19:32:04.0203 9176  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
19:32:04.0223 9176  PptpMiniport - ok
19:32:04.0223 9176  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
19:32:04.0233 9176  Processor - ok
19:32:04.0233 9176  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
19:32:04.0243 9176  ProfSvc - ok
19:32:04.0243 9176  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:32:04.0253 9176  ProtectedStorage - ok
19:32:04.0253 9176  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
19:32:04.0273 9176  Psched - ok
19:32:04.0293 9176  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
19:32:04.0313 9176  ql2300 - ok
19:32:04.0313 9176  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
19:32:04.0323 9176  ql40xx - ok
19:32:04.0323 9176  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
19:32:04.0333 9176  QWAVE - ok
19:32:04.0343 9176  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
19:32:04.0343 9176  QWAVEdrv - ok
19:32:04.0353 9176  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
19:32:04.0363 9176  RasAcd - ok
19:32:04.0373 9176  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
19:32:04.0393 9176  RasAgileVpn - ok
19:32:04.0393 9176  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
19:32:04.0413 9176  RasAuto - ok
19:32:04.0413 9176  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
19:32:04.0433 9176  Rasl2tp - ok
19:32:04.0433 9176  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
19:32:04.0463 9176  RasMan - ok
19:32:04.0463 9176  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
19:32:04.0503 9176  RasPppoe - ok
19:32:04.0503 9176  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
19:32:04.0523 9176  RasSstp - ok
19:32:04.0523 9176  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
19:32:04.0543 9176  rdbss - ok
19:32:04.0553 9176  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
19:32:04.0553 9176  rdpbus - ok
19:32:04.0563 9176  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
19:32:04.0573 9176  RDPCDD - ok
19:32:04.0583 9176  [ BDF2DB2F19945AFAF102A2C03062EFB1 ] RDPDISPM        C:\Windows\system32\DRIVERS\rdpdispm.sys
19:32:04.0583 9176  RDPDISPM - ok
19:32:04.0593 9176  [ 1B6163C503398B23FF8B939C67747683 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
19:32:04.0593 9176  RDPDR - ok
19:32:04.0603 9176  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
19:32:04.0623 9176  RDPENCDD - ok
19:32:04.0623 9176  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
19:32:04.0643 9176  RDPREFMP - ok
19:32:04.0643 9176  [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
19:32:04.0653 9176  RdpVideoMiniport - ok
19:32:04.0653 9176  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
19:32:04.0663 9176  RDPWD - ok
19:32:04.0673 9176  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
19:32:04.0673 9176  rdyboost - ok
19:32:04.0683 9176  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
19:32:04.0703 9176  RemoteAccess - ok
19:32:04.0703 9176  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
19:32:04.0723 9176  RemoteRegistry - ok
19:32:04.0723 9176  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
19:32:04.0733 9176  RFCOMM - ok
19:32:04.0743 9176  [ B60F58F175DE20A6739194E85B035178 ] rpcapd          C:\Program Files (x86)\WinPcap\rpcapd.exe
19:32:04.0743 9176  rpcapd - ok
19:32:04.0753 9176  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
19:32:04.0773 9176  RpcEptMapper - ok
19:32:04.0773 9176  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
19:32:04.0783 9176  RpcLocator - ok
19:32:04.0783 9176  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
19:32:04.0803 9176  RpcSs - ok
19:32:04.0813 9176  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
19:32:04.0823 9176  rspndr - ok
19:32:04.0833 9176  [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
19:32:04.0843 9176  RTL8167 - ok
19:32:04.0843 9176  [ EA268BCE30691C2DD24F02E617FD2EB5 ] s0016bus        C:\Windows\system32\DRIVERS\s0016bus.sys
19:32:04.0853 9176  s0016bus - ok
19:32:04.0853 9176  [ F5F9DEB89996D333EF976624D37E24E3 ] s0016mdfl       C:\Windows\system32\DRIVERS\s0016mdfl.sys
19:32:04.0863 9176  s0016mdfl - ok
19:32:04.0863 9176  [ C17CE2AEE67480FEBCC36ECCB54C0BE8 ] s0016mdm        C:\Windows\system32\DRIVERS\s0016mdm.sys
19:32:04.0873 9176  s0016mdm - ok
19:32:04.0873 9176  [ CC267F04C54C5EC5B7BD658D7628469F ] s0016mgmt       C:\Windows\system32\DRIVERS\s0016mgmt.sys
19:32:04.0883 9176  s0016mgmt - ok
19:32:04.0883 9176  [ 30A35BBCE09D9FE67482FD62C61911FC ] s0016nd5        C:\Windows\system32\DRIVERS\s0016nd5.sys
19:32:04.0883 9176  s0016nd5 - ok
19:32:04.0893 9176  [ CA394DCC38579C7AD82E83EE64D798A0 ] s0016obex       C:\Windows\system32\DRIVERS\s0016obex.sys
19:32:04.0893 9176  s0016obex - ok
19:32:04.0893 9176  [ EB267CCEA84E6E8598D92F73332AC67B ] s0016unic       C:\Windows\system32\DRIVERS\s0016unic.sys
19:32:04.0903 9176  s0016unic - ok
19:32:04.0903 9176  [ E60C0A09F997826C7627B244195AB581 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
19:32:04.0913 9176  s3cap - ok
19:32:04.0913 9176  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
19:32:04.0923 9176  SamSs - ok
19:32:04.0923 9176  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
19:32:04.0933 9176  sbp2port - ok
19:32:04.0943 9176  [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService  C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
19:32:04.0963 9176  SBSDWSCService - ok
19:32:04.0963 9176  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
19:32:04.0983 9176  SCardSvr - ok
19:32:04.0983 9176  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
19:32:05.0003 9176  scfilter - ok
19:32:05.0013 9176  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
19:32:05.0043 9176  Schedule - ok
19:32:05.0043 9176  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
19:32:05.0063 9176  SCPolicySvc - ok
19:32:05.0063 9176  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
19:32:05.0073 9176  SDRSVC - ok
19:32:05.0073 9176  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
19:32:05.0093 9176  secdrv - ok
19:32:05.0093 9176  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
19:32:05.0113 9176  seclogon - ok
19:32:05.0123 9176  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
19:32:05.0143 9176  SENS - ok
19:32:05.0143 9176  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
19:32:05.0143 9176  SensrSvc - ok
19:32:05.0153 9176  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
19:32:05.0153 9176  Serenum - ok
19:32:05.0153 9176  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
19:32:05.0163 9176  Serial - ok
19:32:05.0163 9176  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
19:32:05.0173 9176  sermouse - ok
19:32:05.0173 9176  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
19:32:05.0193 9176  SessionEnv - ok
19:32:05.0203 9176  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
19:32:05.0203 9176  sffdisk - ok
19:32:05.0213 9176  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
19:32:05.0213 9176  sffp_mmc - ok
19:32:05.0213 9176  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
19:32:05.0223 9176  sffp_sd - ok
19:32:05.0223 9176  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
19:32:05.0233 9176  sfloppy - ok
19:32:05.0243 9176  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
19:32:05.0263 9176  SharedAccess - ok
19:32:05.0263 9176  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:32:05.0283 9176  ShellHWDetection - ok
19:32:05.0293 9176  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:32:05.0293 9176  SiSRaid2 - ok
19:32:05.0293 9176  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
19:32:05.0303 9176  SiSRaid4 - ok
19:32:05.0313 9176  [ DDAA5F4A6B958FC313EBD02DD925752F ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
19:32:05.0313 9176  SkypeUpdate - ok
19:32:05.0313 9176  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
19:32:05.0333 9176  Smb - ok
19:32:05.0343 9176  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
19:32:05.0363 9176  SNMPTRAP - ok
19:32:05.0363 9176  [ 12583AF6CBE0050651EAF2723B3AD7B3 ] speedfan        C:\Windows\syswow64\speedfan.sys
19:32:05.0383 9176  speedfan - ok
19:32:05.0383 9176  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
19:32:05.0393 9176  spldr - ok
19:32:05.0403 9176  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
19:32:05.0423 9176  Spooler - ok
19:32:05.0463 9176  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
19:32:05.0533 9176  sppsvc - ok
19:32:05.0533 9176  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
19:32:05.0553 9176  sppuinotify - ok
19:32:05.0563 9176  [ D519AD2DE7968CD2B47FEA807C5B29B2 ] sptd            C:\Windows\System32\Drivers\sptd.sys
19:32:05.0563 9176  Suspicious file (NoAccess): C:\Windows\System32\Drivers\sptd.sys. md5: D519AD2DE7968CD2B47FEA807C5B29B2
19:32:05.0563 9176  sptd ( LockedFile.Multi.Generic ) - warning
19:32:05.0563 9176  sptd - detected LockedFile.Multi.Generic (1)
19:32:05.0563 9176  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
19:32:05.0583 9176  srv - ok
19:32:05.0583 9176  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
19:32:05.0593 9176  srv2 - ok
19:32:05.0593 9176  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
19:32:05.0603 9176  srvnet - ok
19:32:05.0603 9176  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
19:32:05.0633 9176  SSDPSRV - ok
19:32:05.0633 9176  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
19:32:05.0653 9176  SstpSvc - ok
19:32:05.0653 9176  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
19:32:05.0663 9176  stexstor - ok
19:32:05.0663 9176  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
19:32:05.0683 9176  stisvc - ok
19:32:05.0683 9176  [ 7785DC213270D2FC066538DAF94087E7 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
19:32:05.0693 9176  storflt - ok
19:32:05.0693 9176  [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
19:32:05.0693 9176  storvsc - ok
19:32:05.0703 9176  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
19:32:05.0703 9176  swenum - ok
19:32:05.0713 9176  [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard     C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
19:32:05.0723 9176  SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
19:32:05.0723 9176  SwitchBoard - detected UnsignedFile.Multi.Generic (1)
19:32:05.0723 9176  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
19:32:05.0773 9176  swprv - ok
19:32:05.0773 9176  Synth3dVsc - ok
19:32:05.0793 9176  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
19:32:05.0843 9176  SysMain - ok
19:32:05.0843 9176  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:32:05.0863 9176  TabletInputService - ok
19:32:05.0863 9176  [ 8502BFC9C990567E4049358EC063D621 ] tap0801         C:\Windows\system32\DRIVERS\tap0801.sys
19:32:05.0863 9176  tap0801 ( UnsignedFile.Multi.Generic ) - warning
19:32:05.0863 9176  tap0801 - detected UnsignedFile.Multi.Generic (1)
19:32:05.0873 9176  [ F9BE29D5E097F03F81D3CD12B794CB66 ] tap0901         C:\Windows\system32\DRIVERS\tap0901.sys
19:32:05.0883 9176  tap0901 - ok
19:32:05.0883 9176  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
19:32:05.0913 9176  TapiSrv - ok
19:32:05.0913 9176  [ 927D0CDB3F96EFC1E98FB1A2C9FB67AD ] tapoas          C:\Windows\system32\DRIVERS\tapoas.sys
19:32:05.0923 9176  tapoas - ok
19:32:05.0923 9176  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
19:32:05.0943 9176  TBS - ok
19:32:05.0963 9176  [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
19:32:05.0993 9176  Tcpip - ok
19:32:06.0013 9176  [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
19:32:06.0033 9176  TCPIP6 - ok
19:32:06.0033 9176  [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
19:32:06.0053 9176  tcpipreg - ok
19:32:06.0053 9176  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
19:32:06.0063 9176  TDPIPE - ok
19:32:06.0063 9176  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
19:32:06.0073 9176  TDTCP - ok
19:32:06.0073 9176  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
19:32:06.0093 9176  tdx - ok
19:32:06.0113 9176  [ 2BBB318EA9F34FDC508CEA4AAB98D770 ] TeamViewer7     C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
19:32:06.0183 9176  TeamViewer7 - ok
19:32:06.0193 9176  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
19:32:06.0213 9176  TermDD - ok
19:32:06.0213 9176  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
19:32:06.0243 9176  TermService - ok
19:32:06.0243 9176  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
19:32:06.0253 9176  Themes - ok
19:32:06.0253 9176  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
19:32:06.0273 9176  THREADORDER - ok
19:32:06.0283 9176  [ C1D654B513557998F64897B7B38C3BA8 ] TMPService      C:\Program Files (x86)\TrafficMonitor\TMPacketServiceInit.exe
19:32:06.0293 9176  TMPService - ok
19:32:06.0303 9176  [ 3199A477F0F06EEDE41BD55179F8EB05 ] TomTomHOMEService C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
19:32:06.0303 9176  TomTomHOMEService - ok
19:32:06.0303 9176  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
19:32:06.0323 9176  TrkWks - ok
19:32:06.0333 9176  [ 8DE922CD4FEA6F83B10805DF965B9A08 ] truecrypt       C:\Windows\system32\drivers\truecrypt.sys
19:32:06.0343 9176  truecrypt - ok
19:32:06.0343 9176  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:32:06.0363 9176  TrustedInstaller - ok
19:32:06.0363 9176  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
19:32:06.0383 9176  tssecsrv - ok
19:32:06.0383 9176  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
19:32:06.0393 9176  TsUsbFlt - ok
19:32:06.0393 9176  tsusbhub - ok
19:32:06.0393 9176  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
19:32:06.0413 9176  tunnel - ok
19:32:06.0423 9176  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
19:32:06.0423 9176  uagp35 - ok
19:32:06.0433 9176  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
19:32:06.0453 9176  udfs - ok
19:32:06.0453 9176  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
19:32:06.0463 9176  UI0Detect - ok
19:32:06.0463 9176  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
19:32:06.0473 9176  uliagpkx - ok
19:32:06.0473 9176  [ 694BCF23662F97D987CF4C6739C35F8B ] UltraMonUtility C:\Program Files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys
19:32:06.0483 9176  UltraMonUtility - ok
19:32:06.0483 9176  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
19:32:06.0483 9176  umbus - ok
19:32:06.0493 9176  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
19:32:06.0493 9176  UmPass - ok
19:32:06.0503 9176  [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService    C:\Windows\System32\umrdp.dll
19:32:06.0503 9176  UmRdpService - ok
19:32:06.0513 9176  [ 9DC07E73A4ABB9ACF692113B36A5009F ] UnlockerDriver5 C:\Program Files\Unlocker\UnlockerDriver5.sys
19:32:06.0513 9176  UnlockerDriver5 - ok
19:32:06.0523 9176  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
19:32:06.0543 9176  upnphost - ok
19:32:06.0543 9176  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
19:32:06.0553 9176  usbaudio - ok
19:32:06.0563 9176  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
19:32:06.0563 9176  usbccgp - ok
19:32:06.0573 9176  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
19:32:06.0573 9176  usbcir - ok
19:32:06.0583 9176  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
19:32:06.0583 9176  usbehci - ok
19:32:06.0593 9176  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
19:32:06.0603 9176  usbhub - ok
19:32:06.0603 9176  [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
19:32:06.0603 9176  usbohci - ok
19:32:06.0613 9176  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
19:32:06.0613 9176  usbprint - ok
19:32:06.0623 9176  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:32:06.0633 9176  USBSTOR - ok
19:32:06.0633 9176  [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
19:32:06.0633 9176  usbuhci - ok
19:32:06.0643 9176  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
19:32:06.0653 9176  usbvideo - ok
19:32:06.0653 9176  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
19:32:06.0673 9176  UxSms - ok
19:32:06.0673 9176  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
19:32:06.0683 9176  VaultSvc - ok
19:32:06.0683 9176  [ CF619CAFDABFF0A46E17509D5A24D8A6 ] VBoxDrv         C:\Windows\system32\DRIVERS\VBoxDrv.sys
19:32:06.0693 9176  VBoxDrv - ok
19:32:06.0693 9176  [ A20B65C4C40AA8E5C351DBEA4CE45636 ] VBoxNetAdp      C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
19:32:06.0703 9176  VBoxNetAdp - ok
19:32:06.0703 9176  [ 08202237262B9D9654B609FFBD8BD725 ] VBoxNetFlt      C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
19:32:06.0713 9176  VBoxNetFlt - ok
19:32:06.0713 9176  [ D24505CF9AF80ACEC8CD1FEDB230A356 ] VBoxUSB         C:\Windows\system32\Drivers\VBoxUSB.sys
19:32:06.0723 9176  VBoxUSB - ok
19:32:06.0723 9176  [ 14EB14D8FC182C0D1CF82220025486B5 ] VBoxUSBMon      C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
19:32:06.0733 9176  VBoxUSBMon - ok
19:32:06.0733 9176  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
19:32:06.0743 9176  vdrvroot - ok
19:32:06.0743 9176  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
19:32:06.0773 9176  vds - ok
19:32:06.0773 9176  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
19:32:06.0783 9176  vga - ok
19:32:06.0783 9176  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
19:32:06.0803 9176  VgaSave - ok
19:32:06.0803 9176  VGPU - ok
19:32:06.0803 9176  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
19:32:06.0813 9176  vhdmp - ok
19:32:06.0813 9176  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
19:32:06.0823 9176  viaide - ok
19:32:06.0823 9176  [ 94CF2D157C8FD9089AFA5DA78AA64C65 ] VMAuthdService  C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
19:32:06.0823 9176  VMAuthdService ( UnsignedFile.Multi.Generic ) - warning
19:32:06.0823 9176  VMAuthdService - detected UnsignedFile.Multi.Generic (1)
19:32:06.0833 9176  [ 86EA3E79AE350FEA5331A1303054005F ] vmbus           C:\Windows\system32\drivers\vmbus.sys
19:32:06.0843 9176  vmbus - ok
19:32:06.0843 9176  [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
19:32:06.0843 9176  VMBusHID - ok
19:32:06.0853 9176  [ 87FC1DD880E8CAC4FAEBB84AF61A87C4 ] vmci            C:\Windows\system32\DRIVERS\vmci.sys
19:32:06.0853 9176  vmci - ok
19:32:06.0863 9176  [ 0B13268268B3D2C99BA5021593D0F767 ] vmkbd           C:\Windows\system32\drivers\VMkbd.sys
19:32:06.0863 9176  vmkbd - ok
19:32:06.0863 9176  [ B259C31378BC855AFD1B53F59311C251 ] VMnetAdapter    C:\Windows\system32\DRIVERS\vmnetadapter.sys
19:32:06.0873 9176  VMnetAdapter - ok
19:32:06.0873 9176  [ DEC4CE720FFEDA939CF1BA315CFBD993 ] VMnetBridge     C:\Windows\system32\DRIVERS\vmnetbridge.sys
19:32:06.0883 9176  VMnetBridge - ok
19:32:06.0883 9176  VMnetDHCP - ok
19:32:06.0883 9176  [ A17EE27ACB84B230AC65936A3484495F ] VMnetuserif     C:\Windows\system32\drivers\vmnetuserif.sys
19:32:06.0893 9176  VMnetuserif - ok
19:32:06.0903 9176  [ 18903CA7936912C337C9D28858880CF2 ] VMUSBArbService C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
19:32:06.0913 9176  VMUSBArbService - ok
19:32:06.0913 9176  VMware NAT Service - ok
19:32:07.0013 9176  [ 8C01AE115E9E6806A25A9B5136FD6FC0 ] VMwareHostd     C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
19:32:07.0243 9176  VMwareHostd ( UnsignedFile.Multi.Generic ) - warning
19:32:07.0243 9176  VMwareHostd - detected UnsignedFile.Multi.Generic (1)
19:32:07.0243 9176  [ 9843A0D68EA81817F9B713FC37372CBB ] vmx86           C:\Windows\system32\drivers\vmx86.sys
19:32:07.0253 9176  vmx86 - ok
19:32:07.0253 9176  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
19:32:07.0263 9176  volmgr - ok
19:32:07.0263 9176  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
19:32:07.0273 9176  volmgrx - ok
19:32:07.0283 9176  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
19:32:07.0283 9176  volsnap - ok
19:32:07.0293 9176  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
19:32:07.0293 9176  vsmraid - ok
19:32:07.0313 9176  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
19:32:07.0343 9176  VSS - ok
19:32:07.0363 9176  [ 6107E33A30C0B923F31C872E1980D2D1 ] vstor2-mntapi10-shared C:\Windows\syswow64\drivers\vstor2-mntapi10-shared.sys
19:32:07.0373 9176  vstor2-mntapi10-shared - ok
19:32:07.0373 9176  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
19:32:07.0383 9176  vwifibus - ok
19:32:07.0383 9176  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
19:32:07.0403 9176  vwififlt - ok
19:32:07.0413 9176  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
19:32:07.0433 9176  W32Time - ok
19:32:07.0433 9176  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
19:32:07.0453 9176  WacomPen - ok
19:32:07.0453 9176  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
19:32:07.0503 9176  WANARP - ok
19:32:07.0503 9176  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
19:32:07.0523 9176  Wanarpv6 - ok
19:32:07.0533 9176  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
19:32:07.0553 9176  wbengine - ok
19:32:07.0553 9176  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
19:32:07.0563 9176  WbioSrvc - ok
19:32:07.0573 9176  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
19:32:07.0583 9176  wcncsvc - ok
19:32:07.0583 9176  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:32:07.0593 9176  WcsPlugInService - ok
19:32:07.0593 9176  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
19:32:07.0603 9176  Wd - ok
19:32:07.0613 9176  [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
19:32:07.0623 9176  Wdf01000 - ok
19:32:07.0623 9176  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
19:32:07.0643 9176  WdiServiceHost - ok
19:32:07.0643 9176  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
19:32:07.0653 9176  WdiSystemHost - ok
19:32:07.0663 9176  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
19:32:07.0673 9176  WebClient - ok
19:32:07.0673 9176  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
19:32:07.0713 9176  Wecsvc - ok
19:32:07.0723 9176  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
19:32:07.0743 9176  wercplsupport - ok
19:32:07.0753 9176  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
19:32:07.0783 9176  WerSvc - ok
19:32:07.0783 9176  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
19:32:07.0803 9176  WfpLwf - ok
19:32:07.0803 9176  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
19:32:07.0803 9176  WIMMount - ok
19:32:07.0813 9176  WinDefend - ok
19:32:07.0813 9176  WinHttpAutoProxySvc - ok
19:32:07.0823 9176  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
19:32:07.0843 9176  Winmgmt - ok
19:32:07.0853 9176  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
19:32:07.0893 9176  WinRM - ok
19:32:07.0893 9176  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
19:32:07.0903 9176  WinUsb - ok
19:32:07.0913 9176  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
19:32:07.0933 9176  Wlansvc - ok
19:32:07.0933 9176  [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
19:32:07.0943 9176  wlcrasvc - ok
19:32:07.0963 9176  [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:32:07.0993 9176  wlidsvc - ok
19:32:07.0993 9176  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
19:32:08.0003 9176  WmiAcpi - ok
19:32:08.0003 9176  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
19:32:08.0013 9176  wmiApSrv - ok
19:32:08.0013 9176  WMPNetworkSvc - ok
19:32:08.0013 9176  [ 92C6184E6F62D542B8DCDC93BD73CB7E ] wod0205         C:\Windows\system32\DRIVERS\wod0205.sys
19:32:08.0023 9176  wod0205 - ok
19:32:08.0023 9176  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
19:32:08.0033 9176  WPCSvc - ok
19:32:08.0033 9176  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
19:32:08.0043 9176  WPDBusEnum - ok
19:32:08.0043 9176  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
19:32:08.0063 9176  ws2ifsl - ok
19:32:08.0063 9176  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
19:32:08.0073 9176  wscsvc - ok
19:32:08.0073 9176  WSearch - ok
19:32:08.0083 9176  [ 08B4C9640B24A1E060A55488CCD3EFD4 ] WTGService      C:\Program Files (x86)\XSManager\WTGService.exe
19:32:08.0093 9176  WTGService - ok
19:32:08.0113 9176  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
19:32:08.0143 9176  wuauserv - ok
19:32:08.0143 9176  [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
19:32:08.0163 9176  WudfPf - ok
19:32:08.0173 9176  [ CF8D590BE3373029D57AF80914190682 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
19:32:08.0193 9176  WUDFRd - ok
19:32:08.0193 9176  [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
19:32:08.0213 9176  wudfsvc - ok
19:32:08.0213 9176  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
19:32:08.0223 9176  WwanSvc - ok
19:32:08.0243 9176  ================ Scan global ===============================
19:32:08.0243 9176  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
19:32:08.0253 9176  [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
19:32:08.0253 9176  [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
19:32:08.0253 9176  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
19:32:08.0263 9176  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
19:32:08.0263 9176  [Global] - ok
19:32:08.0263 9176  ================ Scan MBR ==================================
19:32:08.0263 9176  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
19:32:08.0283 9176  \Device\Harddisk1\DR1 - ok
19:32:08.0293 9176  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk2\DR2
19:32:08.0373 9176  \Device\Harddisk2\DR2 - ok
19:32:08.0393 9176  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:32:08.0673 9176  \Device\Harddisk0\DR0 - ok
19:32:08.0673 9176  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk3\DR4
19:32:08.0923 9176  \Device\Harddisk3\DR4 - ok
19:32:08.0923 9176  ================ Scan VBR ==================================
19:32:08.0923 9176  [ 979D410227FB706C3A55429530CCF20A ] \Device\Harddisk1\DR1\Partition1
19:32:08.0923 9176  \Device\Harddisk1\DR1\Partition1 - ok
19:32:08.0933 9176  [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk1\DR1\Partition2
19:32:08.0933 9176  \Device\Harddisk1\DR1\Partition2 - ok
19:32:08.0933 9176  [ 3E50FDC865E9F477B9E837F818407438 ] \Device\Harddisk1\DR1\Partition3
19:32:08.0933 9176  \Device\Harddisk1\DR1\Partition3 - ok
19:32:08.0933 9176  [ DBCF066F6381608F46BE461ED3BF5ED7 ] \Device\Harddisk2\DR2\Partition1
19:32:08.0943 9176  \Device\Harddisk2\DR2\Partition1 - ok
19:32:08.0943 9176  [ 8DCA0B111D3B9261ABD7573715EF5B5A ] \Device\Harddisk0\DR0\Partition1
19:32:08.0943 9176  \Device\Harddisk0\DR0\Partition1 - ok
19:32:08.0943 9176  [ 7C782A4C88C7FA311B39E8DCA60AEBED ] \Device\Harddisk3\DR4\Partition1
19:32:08.0943 9176  \Device\Harddisk3\DR4\Partition1 - ok
19:32:08.0943 9176  ============================================================
19:32:08.0943 9176  Scan finished
19:32:08.0943 9176  ============================================================
19:32:08.0953 8376  Detected object count: 12
19:32:08.0953 8376  Actual detected object count: 12
19:32:45.0767 8376  Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
19:32:45.0767 8376  Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:32:45.0767 8376  Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
19:32:45.0767 8376  Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:32:45.0767 8376  CTAudSvcService ( UnsignedFile.Multi.Generic ) - skipped by user
19:32:45.0767 8376  CTAudSvcService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:32:45.0767 8376  igfx ( UnsignedFile.Multi.Generic ) - skipped by user
19:32:45.0767 8376  igfx ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:32:45.0767 8376  IntcDAud ( UnsignedFile.Multi.Generic ) - skipped by user
19:32:45.0767 8376  IntcDAud ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:32:45.0777 8376  NILM License Manager ( UnsignedFile.Multi.Generic ) - skipped by user
19:32:45.0777 8376  NILM License Manager ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:32:45.0777 8376  nlsvc ( UnsignedFile.Multi.Generic ) - skipped by user
19:32:45.0777 8376  nlsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:32:45.0777 8376  sptd ( LockedFile.Multi.Generic ) - skipped by user
19:32:45.0777 8376  sptd ( LockedFile.Multi.Generic ) - User select action: Skip 
19:32:45.0777 8376  SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
19:32:45.0777 8376  SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:32:45.0777 8376  tap0801 ( UnsignedFile.Multi.Generic ) - skipped by user
19:32:45.0777 8376  tap0801 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:32:45.0777 8376  VMAuthdService ( UnsignedFile.Multi.Generic ) - skipped by user
19:32:45.0777 8376  VMAuthdService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:32:45.0777 8376  VMwareHostd ( UnsignedFile.Multi.Generic ) - skipped by user
19:32:45.0777 8376  VMwareHostd ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:33:05.0509 1144  Deinitialize success

10.09.2012, 13:35	#8
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	weißer hintergrund nach start Hätte da mal zwei Fragen bevor es weiter geht 1.) Geht der normale Modus von Windows (wieder) uneingeschränkt? 2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden? __________________ Logfiles bitte immer in CODE-Tags posten

weißer hintergrund nach start

Plagegeister aller Art und deren Bekämpfung: weißer hintergrund nach start