|
Log-Analyse und Auswertung: Kann CodecV & Incredibar nicht mehr entfernenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
06.09.2012, 12:10 | #1 |
| Kann CodecV & Incredibar nicht mehr entfernen Hi! Ich benutze Firefox und habe mir irgendwie MyStart IncrediBar (BrowserToolbar) und CodecV eingefangen - scheinbar gleichzeitig, denn es tauchten beide vor ner Woche zu erst auf. Ich habe beide Deinstalliert (Registry bzw das AddOn) und auch Datenreste im Explorer aufgesucht und manuell gelöscht. Aber ich habe immer noch sowohl CodecV gesteuerte Werbe-PopUps (oder zB wird jedes Wort wie "Spiel" zu nem Link mit Werbung), als auch das Problem, dass neue Tabs immer mystart.incredibar.com öffnen. Habe das versucht unter about:config zu ändern aber das reseted sich auch bei Firefox Neuinstallation immer wieder zur incredibar. Habe mit Malwarebytes und OTL gescannt. Logs lauten wie folgt. MBAM-log.txt Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.09.06.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 alx :: ALX [Administrator] Schutz: Aktiviert 06.09.2012 12:22:52 mbam-log-2012-09-06 (12-22-52).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 204798 Laufzeit: 5 Minute(n), 52 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter OTL logfile created on: 06.09.2012 12:34:48 - Run 1 OTL by OldTimer - Version 3.2.61.0 Folder = C:\Users\alx\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,50 Gb Available Physical Memory | 62,63% Memory free 7,99 Gb Paging File | 6,04 Gb Available in Paging File | 75,59% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 284,56 Gb Total Space | 8,28 Gb Free Space | 2,91% Space Free | Partition Type: NTFS Drive D: | 13,23 Gb Total Space | 2,17 Gb Free Space | 16,38% Space Free | Partition Type: NTFS Computer Name: ALX | User Name: alx | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.09.06 12:33:46 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Users\alx\Desktop\OTL.exe PRC - [2012.08.22 14:14:58 | 001,193,176 | ---- | M] () -- C:\Users\alx\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe PRC - [2012.08.12 16:26:37 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.07.03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.06.11 15:43:46 | 002,346,496 | ---- | M] (Totem Entertainment) -- C:\Users\alx\AppData\Local\vghd\bin\vghd.exe PRC - [2012.06.07 10:12:14 | 000,583,168 | ---- | M] (Totem Entertainment) -- C:\Users\alx\AppData\Local\vghd\bin\VirtuaGirl_Downloader.exe PRC - [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\alx\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2012.05.08 10:48:12 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.08 10:48:05 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ========== Modules (No Company Name) ========== MOD - [2012.08.22 14:14:58 | 001,193,176 | ---- | M] () -- C:\Users\alx\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe MOD - [2012.06.11 13:07:48 | 000,083,968 | ---- | M] () -- C:\Users\alx\AppData\Local\vghd\bin\QtVhd.dll MOD - [2011.12.20 11:29:50 | 000,184,832 | ---- | M] () -- C:\Users\alx\AppData\Local\vghd\bin\dxmodules.dll MOD - [2011.12.16 14:57:04 | 000,073,216 | ---- | M] () -- C:\Users\alx\AppData\Local\vghd\bin\System.dll MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe MOD - [2011.06.01 14:28:02 | 000,045,056 | ---- | M] () -- C:\Users\alx\AppData\Local\vghd\bin\Windows.dll ========== Services (SafeList) ========== SRV:64bit: - [2011.05.13 18:58:10 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv) SRV:64bit: - [2010.03.23 14:53:06 | 000,247,808 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\stacsv64.exe -- (STacSV) SRV:64bit: - [2009.07.02 20:16:06 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009.03.02 18:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe -- (AESTFilters) SRV - [2012.09.04 15:41:12 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.07.04 12:43:56 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.05.08 10:48:12 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.08 10:48:05 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.04.11 23:07:38 | 000,204,304 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Programme\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe -- (NitroReaderDriverReadSpool2) SRV - [2012.03.26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2012.03.26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2011.03.28 22:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.03.23 14:53:06 | 000,247,808 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe -- (STacSV) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.29 23:18:20 | 000,357,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.03.02 18:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe -- (AESTFilters) SRV - [2009.02.22 12:00:00 | 000,129,584 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\SysWOW64\ezsvc7.dll -- (ezSharedSvc) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.06.20 09:42:44 | 003,678,720 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2012.05.08 10:48:13 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.05.08 10:48:13 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.03.20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.10.14 04:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2011.09.16 17:08:07 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.05.13 18:58:16 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt) DRV:64bit: - [2011.05.13 18:57:58 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010.11.13 14:10:10 | 000,871,408 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2010.03.23 14:53:06 | 000,505,344 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA) DRV:64bit: - [2009.11.10 13:53:40 | 000,040,976 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt) DRV:64bit: - [2009.11.10 13:53:16 | 000,058,384 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt) DRV:64bit: - [2009.11.10 13:53:00 | 000,056,336 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt) DRV:64bit: - [2009.07.21 05:39:22 | 000,140,712 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.02 20:51:30 | 006,036,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2009.06.29 20:17:00 | 000,070,656 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\enecir.sys -- (enecir) DRV:64bit: - [2009.06.10 23:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92) DRV:64bit: - [2009.06.10 23:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac) DRV:64bit: - [2009.06.10 23:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA) DRV:64bit: - [2009.06.10 23:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem) DRV:64bit: - [2009.06.10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009.06.10 22:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7) DRV:64bit: - [2009.06.10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.05 12:20:26 | 000,114,192 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2009.05.23 08:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009.05.08 16:08:00 | 000,020,520 | ---- | M] (GARMIN Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\grmnusb.sys -- (grmnusb) DRV:64bit: - [2009.05.05 07:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) DRV:64bit: - [2009.04.29 08:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) DRV:64bit: - [2009.03.09 07:49:08 | 000,036,408 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter) DRV:64bit: - [2009.01.13 19:14:58 | 000,057,608 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore) DRV:64bit: - [2009.01.13 19:14:50 | 000,015,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid) DRV:64bit: - [2009.01.13 19:14:30 | 000,034,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter) DRV:64bit: - [2009.01.13 19:14:22 | 000,022,024 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum) DRV:64bit: - [2008.06.27 08:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cnnb IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {2C7072CC-3B6A-4D18-856D-F60EF665414F} IE:64bit: - HKLM\..\SearchScopes\{1366F70F-D4B1-41A2-9C50-344E76EADE50}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 IE:64bit: - HKLM\..\SearchScopes\{2C7072CC-3B6A-4D18-856D-F60EF665414F}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de IE:64bit: - HKLM\..\SearchScopes\{3CA7DAB2-1C99-4C76-88C3-55972FB79B59}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cnnb IE - HKLM\..\SearchScopes,DefaultScope = {2C7072CC-3B6A-4D18-856D-F60EF665414F} IE - HKLM\..\SearchScopes\{1366F70F-D4B1-41A2-9C50-344E76EADE50}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 IE - HKLM\..\SearchScopes\{2C7072CC-3B6A-4D18-856D-F60EF665414F}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de IE - HKLM\..\SearchScopes\{3CA7DAB2-1C99-4C76-88C3-55972FB79B59}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cnnb IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cnnb IE - HKCU\..\SearchScopes,DefaultScope = {2C7072CC-3B6A-4D18-856D-F60EF665414F} IE - HKCU\..\SearchScopes\{1366F70F-D4B1-41A2-9C50-344E76EADE50}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 IE - HKCU\..\SearchScopes\{2C7072CC-3B6A-4D18-856D-F60EF665414F}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de IE - HKCU\..\SearchScopes\{3CA7DAB2-1C99-4C76-88C3-55972FB79B59}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "google" FF - prefs.js..browser.search.selectedEngine: "IMDb" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "about:home" FF - prefs.js..extensions.enabledAddons: 4f807b3748d91@4f807b3748d92.info:1.0 FF - prefs.js..extensions.enabledAddons: de_DE@dicts.j3e.de:20120628 FF - prefs.js..extensions.enabledAddons: fb_add_on@avm.de:1.6.3 FF - prefs.js..extensions.enabledAddons: ich@maltegoetz.de:1.4.2 FF - prefs.js..extensions.enabledAddons: kosa@kallout.com:2.2.4 FF - prefs.js..extensions.enabledAddons: searchdictcc@roughael:3.2 FF - prefs.js..extensions.enabledAddons: SkipScreen@SkipScreen:0.6.4 FF - prefs.js..extensions.enabledAddons: trackerblock@privacychoice.org:2.2 FF - prefs.js..extensions.enabledAddons: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.2.0 FF - prefs.js..extensions.enabledAddons: {1280606b-2510-4fe0-97ef-9b5a22eafe80}:0.9 FF - prefs.js..extensions.enabledAddons: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.2 FF - prefs.js..extensions.enabledAddons: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:2.0.7 FF - prefs.js..extensions.enabledAddons: {ab91efd4-6975-4081-8552-1b3922ed79e2}:1.0.15.0 FF - prefs.js..extensions.enabledAddons: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.10 FF - prefs.js..extensions.enabledAddons: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:5.9 FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}:6.0.33 FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35 FF - prefs.js..extensions.enabledAddons: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145 FF - prefs.js..extensions.enabledItems: de_DE@dicts.j3e.de:20110321 FF - prefs.js..extensions.enabledItems: kosa@kallout.com:2.0.1.1 FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.12.2.44172 FF - prefs.js..extensions.enabledItems: SkipScreen@SkipScreen:0.5.21amo FF - prefs.js..extensions.enabledItems: twitternotifier@naan.net:1.9.7.3 FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0.2 FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.1 FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5 FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8 FF - prefs.js..extensions.enabledItems: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:5.0.1 FF - prefs.js..extensions.enabledItems: {d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}:2.0 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4 FF - prefs.js..extensions.enabledItems: verify-u@cybits.de:1.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: fb_add_on@avm.de:1.5.5 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1 FF - prefs.js..network.proxy.autoconfig_url: "file:///C:\\Users\\alx\\AppData\\Local\\Temp\\proxtube.pac" FF - prefs.js..network.proxy.http: "199.195.109.23" FF - prefs.js..network.proxy.http_port: 9090 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.0: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.1: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll () FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro PDF Reader 2\npnitromozilla.dll ( ) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.12.16 21:29:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla\Firefox\components [2012.09.04 15:41:13 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla\Firefox\plugins [2012.08.18 23:22:47 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla\Thunderbird\components [2012.06.18 00:40:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla\Thunderbird\plugins [2012.08.18 23:22:47 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla\Firefox\components [2012.09.04 15:41:13 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla\Firefox\plugins [2012.08.18 23:22:47 | 000,000,000 | ---D | M] [2010.03.14 02:49:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\alx\AppData\Roaming\mozilla\Extensions [2010.03.14 02:49:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\alx\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.08.26 13:03:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\alx\AppData\Roaming\mozilla\Firefox\Profiles\ck8le8cj.default\extensions [2012.08.19 14:36:19 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\alx\AppData\Roaming\mozilla\Firefox\Profiles\ck8le8cj.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} [2012.03.18 12:32:02 | 000,000,000 | ---D | M] (HP Detect) -- C:\Users\alx\AppData\Roaming\mozilla\Firefox\Profiles\ck8le8cj.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2} [2012.04.09 11:29:28 | 000,000,000 | ---D | M] (Codecv) -- C:\Users\alx\AppData\Roaming\mozilla\Firefox\Profiles\ck8le8cj.default\extensions\4f807b3748d91@4f807b3748d92.info [2012.06.29 16:54:49 | 000,000,000 | ---D | M] (Wörterbuch Deutsch (de-DE), Hunspell-unterstützt) -- C:\Users\alx\AppData\Roaming\mozilla\Firefox\Profiles\ck8le8cj.default\extensions\de_DE@dicts.j3e.de [2012.05.15 14:18:54 | 000,000,000 | ---D | M] ("FRITZ!Box AddOn") -- C:\Users\alx\AppData\Roaming\mozilla\Firefox\Profiles\ck8le8cj.default\extensions\fb_add_on@avm.de [2012.05.18 15:30:57 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\alx\AppData\Roaming\mozilla\Firefox\Profiles\ck8le8cj.default\extensions\ich@maltegoetz.de [2012.08.07 17:18:11 | 000,221,273 | ---- | M] () (No name found) -- C:\Users\alx\AppData\Roaming\mozilla\firefox\profiles\ck8le8cj.default\extensions\kosa@kallout.com.xpi [2012.01.12 13:30:42 | 000,037,502 | ---- | M] () (No name found) -- C:\Users\alx\AppData\Roaming\mozilla\firefox\profiles\ck8le8cj.default\extensions\searchdictcc@roughael.xpi [2012.02.22 14:07:20 | 000,072,222 | ---- | M] () (No name found) -- C:\Users\alx\AppData\Roaming\mozilla\firefox\profiles\ck8le8cj.default\extensions\SkipScreen@SkipScreen.xpi [2012.02.18 22:21:52 | 000,049,540 | ---- | M] () (No name found) -- C:\Users\alx\AppData\Roaming\mozilla\firefox\profiles\ck8le8cj.default\extensions\trackerblock@privacychoice.org.xpi [2011.12.22 10:12:41 | 000,108,965 | ---- | M] () (No name found) -- C:\Users\alx\AppData\Roaming\mozilla\firefox\profiles\ck8le8cj.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe80}.xpi [2011.07.21 22:52:17 | 000,164,858 | ---- | M] () (No name found) -- C:\Users\alx\AppData\Roaming\mozilla\firefox\profiles\ck8le8cj.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}.xpi [2012.08.22 20:46:08 | 000,341,143 | ---- | M] () (No name found) -- C:\Users\alx\AppData\Roaming\mozilla\firefox\profiles\ck8le8cj.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi [2012.07.25 10:14:55 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\alx\AppData\Roaming\mozilla\firefox\profiles\ck8le8cj.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011.10.30 01:10:24 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\alx\AppData\Roaming\mozilla\firefox\profiles\ck8le8cj.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi [2012.08.26 13:03:42 | 000,270,021 | ---- | M] () (No name found) -- C:\Users\alx\AppData\Roaming\mozilla\firefox\profiles\ck8le8cj.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2012.08.12 17:27:06 | 000,045,226 | ---- | M] () (No name found) -- C:\Users\alx\AppData\Roaming\mozilla\firefox\profiles\ck8le8cj.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}.xpi [2012.03.14 09:20:13 | 000,002,321 | ---- | M] () -- C:\Users\alx\AppData\Roaming\mozilla\firefox\profiles\ck8le8cj.default\searchplugins\dictcc.xml [2012.02.01 21:06:57 | 000,012,703 | ---- | M] () -- C:\Users\alx\AppData\Roaming\mozilla\firefox\profiles\ck8le8cj.default\searchplugins\imdb.xml [2012.02.13 17:42:19 | 000,001,330 | ---- | M] () -- C:\Users\alx\AppData\Roaming\mozilla\firefox\profiles\ck8le8cj.default\searchplugins\wikipedia-en.xml [2012.05.29 16:07:30 | 000,002,446 | ---- | M] () -- C:\Users\alx\AppData\Roaming\mozilla\firefox\profiles\ck8le8cj.default\searchplugins\wiktionary-de.xml [2012.05.29 16:07:13 | 000,001,336 | ---- | M] () -- C:\Users\alx\AppData\Roaming\mozilla\firefox\profiles\ck8le8cj.default\searchplugins\wiktionary-en.xml [2011.12.15 16:58:05 | 000,002,057 | ---- | M] () -- C:\Users\alx\AppData\Roaming\mozilla\firefox\profiles\ck8le8cj.default\searchplugins\youtube-videosuche.xml [2011.12.16 21:29:57 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5 [2012.06.20 08:38:27 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES (X86)\MOZILLA\FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012.09.01 19:04:59 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES (X86)\MOZILLA\FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [SNM] C:\Program Files (x86)\SpyNoMore\SNM.exe (Illysoft LLC) O4 - HKCU..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner64.exe" /AUTO File not found O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\alx\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe () O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Users\alx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopVideoPlayer.lnk = C:\Users\alx\AppData\Local\vghd\bin\vghd.exe (Totem Entertainment) O4 - Startup: C:\Users\alx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\alx\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0 O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~4\OFFICE11\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~4\OFFICE11\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites) O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class) O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F36DF460-6656-4356-AC69-8A37945ED217}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FA92405A-2AA9-4546-964D-8016BF7078D0}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{43c59bd6-2c71-11e1-ad77-00269ea162a6}\Shell\AutoRun\command - "" = F:\fscommand\LS_Start_Launch.cmd O33 - MountPoints2\{43c59bd6-2c71-11e1-ad77-00269ea162a6}\Shell\Launcher\command - "" = F:\fscommand\LS_Start_Launch.cmd O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.09.06 12:33:41 | 000,599,040 | ---- | C] (OldTimer Tools) -- C:\Users\alx\Desktop\OTL.exe [2012.09.06 12:21:11 | 000,000,000 | ---D | C] -- C:\Users\alx\AppData\Roaming\Malwarebytes [2012.09.06 12:20:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.09.06 12:20:36 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.09.06 12:20:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.09.06 11:54:43 | 000,000,000 | ---D | C] -- C:\Users\alx\AppData\Roaming\DriverCure [2012.09.06 11:54:42 | 000,000,000 | ---D | C] -- C:\Users\alx\AppData\Roaming\SpeedyPC Software [2012.09.06 11:54:35 | 000,000,000 | ---D | C] -- C:\Users\alx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedyPC Software [2012.09.06 11:54:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SpeedyPC Software [2012.09.06 11:54:21 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software [2012.09.06 11:54:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpeedyPC Software [2012.09.06 11:47:11 | 000,000,000 | ---D | C] -- C:\Users\alx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyNoMore [2012.09.06 11:47:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpyNoMore [2012.09.06 11:47:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpyNoMore [2012.09.04 16:41:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft [2012.09.04 14:57:18 | 000,000,000 | ---D | C] -- C:\Users\alx\Documents\Diablo III [2012.09.04 12:15:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III [2012.09.04 12:15:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Diablo III [2012.09.04 09:39:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net [2012.08.24 07:57:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012.08.24 07:57:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2012.08.24 07:57:46 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2012.08.23 19:09:08 | 000,000,000 | ---D | C] -- C:\Users\alx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DeskBabes [2012.08.23 19:09:01 | 000,000,000 | ---D | C] -- C:\Users\alx\AppData\Local\vghd [2012.08.19 14:37:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.09.06 12:33:46 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Users\alx\Desktop\OTL.exe [2012.09.06 11:54:47 | 000,000,440 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Registration3.job [2012.09.06 11:54:34 | 000,000,512 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Update Version3 Startup Task.job [2012.09.06 11:54:33 | 000,000,460 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Update Version3.job [2012.09.06 11:54:32 | 000,000,416 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Pro.job [2012.09.06 11:47:19 | 000,001,152 | ---- | M] () -- C:\Windows\SysWow64\windrv.sys [2012.09.06 11:47:12 | 000,000,947 | ---- | M] () -- C:\Users\alx\Desktop\SpyNoMore.lnk [2012.09.06 11:18:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.09.05 11:32:29 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.09.03 10:20:19 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.09.03 10:20:19 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.09.03 10:10:06 | 3218,235,392 | -HS- | M] () -- C:\hiberfil.sys [2012.08.23 19:09:09 | 000,001,119 | ---- | M] () -- C:\Users\alx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopVideoPlayer.lnk [2012.08.21 13:28:25 | 003,058,504 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.08.20 16:52:49 | 001,619,988 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.08.20 16:52:49 | 000,699,210 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.08.20 16:52:49 | 000,654,488 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.08.20 16:52:49 | 000,149,374 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.08.20 16:52:49 | 000,122,320 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.09.06 11:54:47 | 000,000,440 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Registration3.job [2012.09.06 11:54:34 | 000,000,512 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Update Version3 Startup Task.job [2012.09.06 11:54:33 | 000,000,460 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Update Version3.job [2012.09.06 11:54:27 | 000,000,416 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Pro.job [2012.09.06 11:47:19 | 000,001,152 | ---- | C] () -- C:\Windows\SysWow64\windrv.sys [2012.09.06 11:47:12 | 000,000,947 | ---- | C] () -- C:\Users\alx\Desktop\SpyNoMore.lnk [2012.08.23 19:09:09 | 000,001,119 | ---- | C] () -- C:\Users\alx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopVideoPlayer.lnk [2012.08.03 17:48:26 | 000,005,664 | ---- | C] () -- C:\Users\alx\.recently-used.xbel [2012.07.10 20:48:37 | 000,009,064 | ---- | C] () -- C:\Users\alx\Neues Dokument 2.2012_07_10_20_48_37.0.svg [2012.07.10 20:35:46 | 000,014,642 | ---- | C] () -- C:\Users\alx\Neues Dokument 2.2012_07_10_20_35_45.0.svg [2012.07.01 22:00:07 | 000,000,021 | ---- | C] () -- C:\Windows\preview.ini [2012.02.02 14:36:28 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll [2012.01.20 14:02:56 | 000,159,400 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat [2011.07.31 18:43:28 | 000,000,020 | ---- | C] () -- C:\Windows\mafosav.INI [2011.07.22 13:22:22 | 000,000,000 | ---- | C] () -- C:\Users\alx\support [2011.01.12 21:11:41 | 000,000,118 | ---- | C] () -- C:\Windows\Podcasts.INI [2011.01.12 12:09:19 | 000,023,761 | ---- | C] () -- C:\Windows\hpqins15.dat.temp [2010.12.25 23:53:04 | 000,023,324 | ---- | C] () -- C:\Windows\hpqins15.dat [2010.12.23 12:53:50 | 000,181,764 | ---- | C] () -- C:\Windows\hpoins28.dat [2010.12.23 12:53:50 | 000,000,442 | ---- | C] () -- C:\Windows\hpomdl28.dat [2010.11.03 11:04:28 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2010.11.03 11:04:28 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2010.03.26 18:43:22 | 000,000,000 | ---- | C] () -- C:\Users\alx\AppData\Roaming\wklnhst.dat [2010.03.26 18:41:04 | 000,006,144 | ---- | C] () -- C:\Users\alx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.03.21 12:44:56 | 000,020,143 | ---- | C] () -- C:\Users\alx\AppData\Roaming\UserTile.png ========== LOP Check ========== [2012.09.04 09:38:17 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\.minecraft [2012.04.21 18:23:02 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\Amazon [2012.08.06 21:02:31 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\Artisteer [2012.05.06 11:03:19 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\Downloaded Installations [2012.09.06 11:54:43 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\DriverCure [2012.09.05 12:00:46 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\Dropbox [2012.05.04 12:02:58 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\FILEminimizerPictures [2010.07.30 19:40:52 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\FreeVideoConverter [2011.03.10 12:16:18 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\FRITZ! [2011.12.23 15:36:26 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\Hitachigst [2010.09.30 17:41:01 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\inkscape [2010.03.15 16:11:04 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\Leadertech [2012.08.28 22:37:01 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\Mp3tag [2012.07.16 12:12:22 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\Nitro PDF [2011.03.04 21:28:25 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\Notepad++ [2010.09.03 20:21:20 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\Registry Mechanic [2012.07.04 12:45:15 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\RotMG.Production [2012.09.06 11:54:42 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\SpeedyPC Software [2012.09.06 11:23:32 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\Spotify [2010.03.14 02:49:37 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\Thunderbird [2012.08.24 09:28:54 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\uTorrent [2010.04.01 16:35:30 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\Windows Live Writer [2010.03.05 13:04:29 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\_MDLogs [2010.08.31 23:13:07 | 000,000,262 | ---- | M] () -- C:\Windows\Tasks\RMSchedule.job [2012.07.19 16:17:01 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012.09.06 11:54:32 | 000,000,416 | ---- | M] () -- C:\Windows\Tasks\SpeedyPC Pro.job [2012.09.06 11:54:47 | 000,000,440 | ---- | M] () -- C:\Windows\Tasks\SpeedyPC Registration3.job [2012.09.06 11:54:34 | 000,000,512 | ---- | M] () -- C:\Windows\Tasks\SpeedyPC Update Version3 Startup Task.job [2012.09.06 11:54:33 | 000,000,460 | ---- | M] () -- C:\Windows\Tasks\SpeedyPC Update Version3.job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:364682BC @Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:D1B5B4F1 < End of report > Code:
ATTFilter OTL Extras logfile created on: 06.09.2012 12:34:48 - Run 1 OTL by OldTimer - Version 3.2.61.0 Folder = C:\Users\alx\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,50 Gb Available Physical Memory | 62,63% Memory free 7,99 Gb Paging File | 6,04 Gb Available in Paging File | 75,59% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 284,56 Gb Total Space | 8,28 Gb Free Space | 2,91% Space Free | Partition Type: NTFS Drive D: | 13,23 Gb Total Space | 2,17 Gb Free Space | 16,38% Space Free | Partition Type: NTFS Computer Name: ALX | User Name: alx | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = htmlfile] -- Reg Error: Key error. File not found .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- Reg Error: Key error. File not found [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla\Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- "C:\Program Files (x86)\Microsoft\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [open] -- Reg Error: Key error. htmlfile [opennew] -- Reg Error: Key error. htmlfile [print] -- "C:\Program Files (x86)\Microsoft\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- Reg Error: Key error. CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- "C:\Program Files (x86)\Microsoft\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [open] -- Reg Error: Key error. htmlfile [opennew] -- Reg Error: Key error. htmlfile [print] -- "C:\Program Files (x86)\Microsoft\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- Reg Error: Key error. CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error. ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{13B003B6-7740-490C-8A8C-84874A5FAC83}" = lport=137 | protocol=17 | dir=in | app=system | "{325DA056-DF12-4ED8-9D39-569A86619791}" = rport=10243 | protocol=6 | dir=out | app=system | "{3727B647-83DD-4920-8D76-D4D6C106326E}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{395356CA-E1CA-450F-8C50-6385354E41D5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{427B4546-A6F8-4C87-BB8D-DE310B48452C}" = rport=445 | protocol=6 | dir=out | app=system | "{52726DC1-A52A-4665-8F23-392D6436BD56}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{52B21631-8887-452E-9566-DA17AA5325EC}" = rport=138 | protocol=17 | dir=out | app=system | "{56D159AF-764B-46B3-821F-C4BA12EB472F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{58FF0915-ED23-408D-8A9B-B16DDC3B7DD5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{594EEF36-8A27-4066-96C7-278F732F2550}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{6D17F07C-3486-4664-9D57-313A50417CA8}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{7150B431-B647-4B62-85C7-E43FD6D04F2B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{8065D405-A7E5-45B4-BA70-ADD8FFE15FA0}" = lport=138 | protocol=17 | dir=in | app=system | "{836B6DBE-D037-41EC-B905-2038FC56B736}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{8890C906-E5FB-4ACE-957A-A0397B859463}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | "{89AE6958-F934-45C9-8257-A5E5F9414D28}" = lport=10243 | protocol=6 | dir=in | app=system | "{8BBBA242-FD4D-40C6-A2AA-CF619405AA72}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 | "{8D4A85B9-DA2F-4E23-B879-632BF79EE11E}" = lport=445 | protocol=6 | dir=in | app=system | "{97B40887-B583-4427-8FC6-C2328711B0B3}" = rport=139 | protocol=6 | dir=out | app=system | "{A31A9392-1556-4A78-A246-5D0975AB52E7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{C609BAA2-64F5-4268-9263-D1A338EC3D44}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{CCA21C25-FB45-44E3-81E6-1E6B95006C37}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{D0411442-315C-4471-94F4-AA312067F03C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{D60377EA-3839-41AD-BFBE-0B9B29F95FDB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{E448E49D-A6FB-47A9-95DE-AD05D57E19F7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{E60DDF22-E8CF-42C9-AA9F-541457C7F498}" = lport=2869 | protocol=6 | dir=in | app=system | "{E714284E-1AA2-4A5D-BDB1-63C75129D48F}" = rport=137 | protocol=17 | dir=out | app=system | "{F472F24B-692B-474E-8AE4-F5AB5A461A23}" = lport=139 | protocol=6 | dir=in | app=system | "{F4E5E7BB-0850-4FD7-B9EB-178E1A6E2E34}" = lport=2869 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0009167E-FE81-4CAE-8309-2229CDC7BE3E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{0652AE9E-CBB7-4253-B535-430B5FE9F4D3}" = protocol=6 | dir=in | app=c:\users\alx\appdata\roaming\dropbox\bin\dropbox.exe | "{18CC167E-9187-4BE5-90B8-D99CBD20BEC9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe | "{1F4B7235-8424-4559-B70F-B455DF76CC16}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | "{200987D1-EEE2-4026-80EF-076BE68E91EC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\audiosurf\engine\questviewer.exe | "{25C778CD-A8B4-42AE-B7C4-92AD48CAEDB9}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{2DA8CE25-CC91-4283-9014-0684166ECBA1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{2E20B7FE-74A4-4AF5-AF99-3308E6FF1CB0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{394A3F8F-08AE-45A5-8AD8-C81F98B9CF91}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | "{4245F6E2-3A76-4D5D-AF6D-44DE11807F93}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{43B11366-9816-4D1F-A7F4-15EE66E4702A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{46379CAA-E9AA-46D8-B0FC-6FB6E997E0FC}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | "{4CD90FA8-7041-4BCE-950F-E9B7C4FEECE4}" = protocol=6 | dir=out | app=system | "{5A61E3D8-C9AD-4549-8CAD-60073A3EEFCA}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe | "{5E7182CE-3BAB-41C1-9CB9-B6B74DEC5BE8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe | "{616A90F0-53E9-43D3-BCFE-35E5ACD59101}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{6A0AD46A-063E-4790-9E3D-FF4991FE5E57}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{6B03837F-5284-4FAB-B792-1E90EAE42A69}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe | "{6B29720D-5D88-4340-9A97-FD856D36B7E9}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{6D09F2E6-3C22-40E9-948A-ED924764E254}" = protocol=17 | dir=in | app=c:\users\alx\appdata\roaming\dropbox\bin\dropbox.exe | "{722B7739-5423-4D97-8E2E-3634600C2B32}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{76978451-7982-40D0-972D-55A285317817}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | "{775EB963-9BB2-48EB-B0A3-55B65D2E499A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{7B7F2A72-398C-419C-AFF1-91E53E0E095F}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "{7CDB582B-600F-44FE-9AC4-BA0C17C707BE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{820F9052-5CE4-49B5-94F8-6A98C2875E1D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{8651F9F0-A2E7-4041-9CF0-FBB57AC0C742}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{8A8A7919-0005-41FB-B9E8-1F32B36A48E7}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | "{914E3213-DC8B-478D-8A8C-0483D5A7FB14}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{946B457E-31AD-4002-A2C0-919A916D7719}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{9A066A79-67F3-427A-BEA9-61D3AF78E966}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "{A13CE354-41BA-4913-8ED1-E3AC3909FF6F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{A5065139-3386-4565-8159-17FD10324AF1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{A658D438-16EA-49E5-AE37-799799EE5E7E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe | "{A80C8278-2FC0-4894-8B89-36F1922B6F4D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | "{A8CE6D14-F52C-4EB0-A0E6-25FCDEAB1F85}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{A9AE84BE-CEBA-49B4-A070-6DD8CD704A64}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{AA61204F-9909-43FD-971E-584ECFF9A0C2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe | "{BB4F063A-2653-4A68-BD00-BF277C9DA876}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{BBD7AAEA-FE38-40EB-93CD-A1CB2FB7843C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe | "{BE0A166B-9A49-4400-8125-7C899882C22D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{C5304CA0-6DEC-41F4-B92D-EA58E0623BDB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | "{C700FD97-46B1-4D98-A456-0B25E22843FB}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | "{CFE2C2AA-D743-4233-9798-304510B06F97}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\audiosurf\engine\questviewer.exe | "{D5853299-F2A5-46F2-8F17-7D35470B2732}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{DFDCF05A-65C1-4807-B2B8-63F5128ED93B}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe | "{E08DEC35-8ADB-4855-8689-F3D71ED6FA7F}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{E08F4DAC-5E45-4EF6-A2E9-DD749D6EED92}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{E0F11DF4-358E-4814-B803-8D210B71F4CA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{E35D10E5-D440-4866-B606-3E719D39E7F4}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{E9258ADA-54C3-4B71-9905-D9454B969C3C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe | "{F94E7E99-F341-4117-A43E-AC6B7C68C619}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe | "{FBDD2786-D634-49A9-B28B-5CDB530996D6}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{FDAD1CEF-135F-412C-A9CE-D9BFBC3850EF}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{FF864A5D-EC5E-48BB-9516-41D438EDAC6D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | "TCP Query User{07B0E97A-0E54-4F67-A877-8B55B83FF123}C:\program files (x86)\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe | "TCP Query User{094766DA-1AEB-47D4-98AA-E03FF6184ED8}C:\program files (x86)\hitachi\lifestudio\lifestudio.exe" = protocol=6 | dir=in | app=c:\program files (x86)\hitachi\lifestudio\lifestudio.exe | "TCP Query User{144AE2CD-06EF-4B6F-B070-91BF1B2F303A}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe | "TCP Query User{169CEBC4-B5A9-4D32-9A00-B54337F615FD}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe | "TCP Query User{1B1A95F3-447B-4344-BD05-BE714BB60FDD}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | "TCP Query User{1D6493C9-4A9C-4AE5-A3DC-0343E461C780}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2609-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2609-enus-tools-downloader.exe | "TCP Query User{20405363-E488-406A-B91A-04FBDF442692}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe | "TCP Query User{22E0BE2C-7D93-46AF-85BA-05EAD9BD5310}C:\program files (x86)\steam\steamapps\common\magic the gathering tactics\mtgtactics.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magic the gathering tactics\mtgtactics.exe | "TCP Query User{354DA4BE-C65C-4A3E-8DF4-EE628664DC4B}C:\users\alx\saved games\wciii\war3.exe" = protocol=6 | dir=in | app=c:\users\alx\saved games\wciii\war3.exe | "TCP Query User{4162BCD9-DAD3-4B22-8A56-9BC5D9862107}C:\program files (x86)\world of warcraft\temp\wow-4.2.0.2552-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.0.2552-enus-tools-downloader.exe | "TCP Query User{4B44ADB5-54B5-4B7E-84EC-69BE0E977AEE}C:\program files (x86)\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe | "TCP Query User{4FF4F65C-4073-47F8-81D3-F491055E3D41}C:\users\alx\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\alx\appdata\roaming\dropbox\bin\dropbox.exe | "TCP Query User{52343CD7-453D-4585-BFE7-B6818CE03161}C:\users\alx\saved games\cs\counter strike 1.6\hl.exe" = protocol=6 | dir=in | app=c:\users\alx\saved games\cs\counter strike 1.6\hl.exe | "TCP Query User{7BA90C37-576E-4A16-BE28-4AA58104EC9A}C:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe | "TCP Query User{837496DE-B014-4614-8F1F-B059D7FB7570}C:\program files (x86)\world of warcraft\launcher.patch.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe | "TCP Query User{85BBB98D-97D8-41B9-8334-2971901EBAAF}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | "TCP Query User{8EF1FD4C-2ABE-4CD8-A09B-5DBC80F8A6D0}C:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe | "TCP Query User{934390B8-DB76-4A35-8AB7-A7E6985D49D8}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe | "TCP Query User{9C583F8D-23BB-4B45-AE2F-D13E205E4B77}C:\users\alx\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\alx\appdata\roaming\spotify\spotify.exe | "TCP Query User{9CABF7AD-BE9F-4D5B-9F35-BBF75DB039B5}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | "TCP Query User{9D102304-09E4-4C3C-80E9-1E2C186094B0}C:\users\alx\appdata\local\vghd\bin\virtuagirl_downloader.exe" = protocol=6 | dir=in | app=c:\users\alx\appdata\local\vghd\bin\virtuagirl_downloader.exe | "TCP Query User{C5FDF4E6-29D7-499E-921B-B567D89ACE18}C:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe | "TCP Query User{C968A564-3CC1-4B95-8A91-0CA0EE0209BF}C:\users\alx\appdata\local\vghd\bin\virtuagirl_downloader.exe" = protocol=6 | dir=in | app=c:\users\alx\appdata\local\vghd\bin\virtuagirl_downloader.exe | "TCP Query User{D4B87156-1C4E-41E4-AD8C-0C35226255FD}C:\program files (x86)\mozilla\firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla\firefox\firefox.exe | "TCP Query User{D73690A7-14FA-43E2-ADFD-6D42F47AEB07}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2685-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2685-enus-tools-downloader.exe | "TCP Query User{DD98DE6E-E8E1-4E62-8C70-09CDB8D51062}C:\users\alx\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\alx\appdata\roaming\spotify\spotify.exe | "TCP Query User{E6EC7AFF-5004-43A9-B6F2-B3F73DE5F507}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe | "TCP Query User{F2936BD4-0CC1-4536-AA86-A055769A1D4C}C:\program files (x86)\ubisoft\related designs\anno 2070 demo\anno5.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070 demo\anno5.exe | "TCP Query User{F8BE2F4D-80B9-4879-9E34-104AA3B3BD3F}C:\program files (x86)\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe | "TCP Query User{FD942591-D65D-46C1-8424-D9B9C7DAF70C}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe | "UDP Query User{0508A343-77DD-4B25-8B6D-0811C8C6B6F8}C:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe | "UDP Query User{239B73CE-3F9F-4D6E-B61D-B24030B44AF6}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2685-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2685-enus-tools-downloader.exe | "UDP Query User{3377A3CF-EDC9-4916-8EAB-7A8D36B964A8}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe | "UDP Query User{3B1D1AC7-38C3-4D47-9320-3D90113A7B72}C:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe | "UDP Query User{443777AC-56AA-4479-854A-5316B60D4EDF}C:\program files (x86)\steam\steamapps\common\magic the gathering tactics\mtgtactics.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magic the gathering tactics\mtgtactics.exe | "UDP Query User{5071DAED-EFFF-4CDD-9C8D-79A0F30F365C}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | "UDP Query User{52BE2870-5B0A-4A62-9D3C-BE7FD3A7B50B}C:\program files (x86)\world of warcraft\temp\wow-4.2.0.2552-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.0.2552-enus-tools-downloader.exe | "UDP Query User{672A2DCC-9D49-418C-9A01-407E4A3CB65D}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe | "UDP Query User{6D070942-37C1-4B3B-8F41-835DD7C7A51E}C:\program files (x86)\hitachi\lifestudio\lifestudio.exe" = protocol=17 | dir=in | app=c:\program files (x86)\hitachi\lifestudio\lifestudio.exe | "UDP Query User{6D3FD1C2-E971-42DF-8FB2-63B33481DF00}C:\program files (x86)\world of warcraft\launcher.patch.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe | "UDP Query User{71DC42ED-356F-4DE1-87B6-6489960348A7}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2609-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2609-enus-tools-downloader.exe | "UDP Query User{769A28F1-1AD8-446F-ACF4-06E74D9789C2}C:\program files (x86)\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe | "UDP Query User{7701300D-50BC-4941-84EF-DC4B46ACA791}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe | "UDP Query User{8244723C-D0A7-4385-92F9-437CAFCD91C7}C:\program files (x86)\mozilla\firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla\firefox\firefox.exe | "UDP Query User{835BCAE3-239B-4FF6-9E39-F362D68F712C}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe | "UDP Query User{87EBA4CD-678F-49B3-AC21-121056A0D214}C:\program files (x86)\ubisoft\related designs\anno 2070 demo\anno5.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070 demo\anno5.exe | "UDP Query User{8B30169A-7103-4512-AC5B-4FC1424D9A32}C:\users\alx\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\alx\appdata\roaming\spotify\spotify.exe | "UDP Query User{9174227A-B793-4775-97BC-041485FD43DF}C:\users\alx\saved games\wciii\war3.exe" = protocol=17 | dir=in | app=c:\users\alx\saved games\wciii\war3.exe | "UDP Query User{91B7F9F4-F221-4F64-B56A-05E1053BE6CE}C:\users\alx\appdata\local\vghd\bin\virtuagirl_downloader.exe" = protocol=17 | dir=in | app=c:\users\alx\appdata\local\vghd\bin\virtuagirl_downloader.exe | "UDP Query User{9391228D-C749-46A6-8DD4-965C6D43F238}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe | "UDP Query User{98E38F29-56B1-4504-8A66-C410B62197D4}C:\users\alx\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\alx\appdata\roaming\dropbox\bin\dropbox.exe | "UDP Query User{A18D2F1C-10EA-4B7D-9A15-C4F06F8E62CD}C:\program files (x86)\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe | "UDP Query User{AABF1E75-617C-4E88-BD0D-8D6451C862C6}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | "UDP Query User{BD436BA4-AD71-4C50-BC17-B31895448050}C:\users\alx\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\alx\appdata\roaming\spotify\spotify.exe | "UDP Query User{BD798980-2C0E-47B4-A80B-DDDF1CCA269B}C:\users\alx\saved games\cs\counter strike 1.6\hl.exe" = protocol=17 | dir=in | app=c:\users\alx\saved games\cs\counter strike 1.6\hl.exe | "UDP Query User{CBFE82A4-1C1F-46E0-84E6-0D0E9D788B6D}C:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe | "UDP Query User{D46BE792-E32D-4E9E-BB3B-09696D46A35D}C:\program files (x86)\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe | "UDP Query User{E53CCF35-7E2D-4C31-9B24-F366F7658E77}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe | "UDP Query User{F756ABE1-1AB3-4615-A5BB-DDD88ADAD9B2}C:\users\alx\appdata\local\vghd\bin\virtuagirl_downloader.exe" = protocol=17 | dir=in | app=c:\users\alx\appdata\local\vghd\bin\virtuagirl_downloader.exe | "UDP Query User{F968A326-08A4-404E-AB71-92B60B62F6A9}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack "{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{26A24AE4-039D-4CA4-87B4-2F86416029FF}" = Java(TM) 6 Update 29 (64-bit) "{4237FF56-4BD0-481E-BD44-C1A8DDA9C753}_is1" = WinDS PRO 2012.7.1 "{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{6C47240C-016E-03B5-D13E-AECAED09F2E3}" = ATI Catalyst Install Manager "{7FD7F421-39B2-4CAC-BC41-7D83DDBAB329}" = HP 3D DriveGuard "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 "{8753DF4D-64B0-474E-9A97-0AB5585D9A53}" = Logitech Gaming Software 5.04 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client "{A00C9114-40E6-4C70-A619-7DF264B23485}" = HP Deskjet F4200 All-In-One Driver Software 13.0 Rel. 3 "{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{ADEB3402-CFBD-00E2-0EE6-F6A3F1AFACF0}" = ccc-utility64 "{B67C01B3-8502-4BE7-AEAB-BBDE910AD3EE}" = Microsoft Web Platform Installer 2.0 "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{F9B292AE-1BA8-481B-9C09-1C5CABFB0E4C}" = Nitro Reader 2 "{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer "Defraggler" = Defraggler "FFE7D41DF3C645075BB149E21988B63996C34187" = ENE CIR Receiver Driver "HP Imaging Device Functions" = HP Imaging Device Functions 13.0 "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0 "HPOCR" = OCR Software by I.R.I.S. 13.0 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft Security Client" = Microsoft Security Essentials "SP6" = Logitech SetPoint 6.0 "SynTPDeinstKey" = Synaptics Pointing Device Driver "WinRAR archiver" = WinRAR 4.01 (64-Bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam "{022D2599-2316-4927-89F1-9188894CEB02}" = StarMoney "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan "{09CC0D0E-061D-3C7B-3881-D2EB53A8AAFC}" = CCC Help Polish "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status "{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library "{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver "{26606D8F-3133-DBE2-8AF5-AB28F300860A}" = CCC Help Chinese Standard "{266D0EEA-E5A6-4A08-A0EE-5391D4EA44A7}" = Catalyst Control Center - Branding "{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 35 "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm "{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update "{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{33C17B75-EA9C-0687-9CED-03D92637B042}" = CCC Help Hungarian "{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons "{363CEA5C-C9D0-45DD-9511-A461DBDEE94B}" = DJ_AIO_03_F4200_Software_Min "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg "{3FBDB7B8-7472-E895-2E5D-99D190B2D1B6}" = Catalyst Control Center InstallProxy "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg "{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = PowerRecover "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter "{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport "{4F46FDB9-B906-47BF-B3D5-C62E01B3C5EE}" = HP Support Assistant "{5271C0D4-24E4-4C3D-A782-C012033FD3CF}" = AMD USB Filter Driver "{546937C5-0529-333E-0D5E-FE3C53108806}" = CCC Help Japanese "{54CC7901-804D-4155-B353-21F0CC9112AB}" = HP Wireless Assistant "{55C70B62-5EF1-D527-7CAB-E50D8B3B4990}" = Catalyst Control Center Graphics Full New "{577ED77E-25D9-1A76-4EF0-773B9C173758}" = CCC Help Portuguese "{5B295588-59C1-4386-9F85-BB4BEDCB0D22}" = HP Customer Experience Enhancements "{5DB4EA68-A509-D408-585C-C9D045FADF72}" = Catalyst Control Center Graphics Previews Vista "{604CD5A1-4520-4844-B064-A3D884B77E91}" = SpeedyPC Pro "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2 "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox "{6D335F78-1F4F-7826-56DD-4F350EA6EADD}" = CCC Help Greek "{6EF04EAE-0354-9919-E757-F1203E6F422B}" = CCC Help Italian "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0 "{7028B245-30A2-BD8C-31B9-6008216FBDC2}" = CCC Help French "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{779D3256-84D0-936F-18F9-A154DC85B4B4}" = Catalyst Control Center Localization All "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime "{7F4DA5B8-6884-47F2-AEBA-D9111E420C63}" = CCC Help Danish "{7F9A8D27-A1B9-164F-FCB1-0B64C88629CF}" = CCC Help Norwegian "{803263F7-8CAC-DC6D-3288-8128865A7472}" = CCC Help German "{82EF29B1-9B60-4142-A155-0599216DD053}" = LightScribe System Software "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver "{8CC47AA0-5774-61FC-6A59-7E1C936DB753}" = ccc-core-static "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195 "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9A28867B-109A-5BBF-85C0-FC1BAA98CA1C}" = CCC Help Russian "{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support "{A8BCC9E4-9036-3029-F2BC-AA73A62DA73D}" = CCC Help Turkish "{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}" = PixiePack Codec Pack "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{B1A70A4D-549B-4C56-9C00-EF55A22E52B6}" = StarMoney "{B51605BF-6326-4553-AE96-6D7F1813D5F5}" = HP User Guides 0154 "{B5C746E6-D961-445C-3768-5B6FAF6A1A31}" = CCC Help Spanish "{BB367ACC-0F34-4D69-94F3-F0E667A57921}" = Star Wars: X-Wing vs. TIE Fighter v1.1.4 "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations "{C0769946-2CF1-9E8D-009B-5C413B3F01D1}" = CCC Help Czech "{C2524280-A5CF-4458-B809-167F13FAB56D}" = F4200 "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant "{C4F7EEE5-3D99-8552-7483-B2F412838B2A}" = Catalyst Control Center Graphics Previews Common "{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D4C41D27-A2D5-94C6-1D08-3D470A12EAF0}" = CCC Help Swedish "{D9D6A848-1BFD-592B-5F9D-0BA8692FDF0B}" = CCC Help Finnish "{DCD91C2F-3A86-B328-59A0-5EED6190D983}" = Catalyst Control Center Graphics Full Existing "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{E5F5CAA5-84ED-DE41-40D0-8926FE7E5F4D}" = Catalyst Control Center Graphics Light "{E6415AEF-3B3E-43FF-AD3A-0258D854E7D6}" = Microsoft Sync Framework 2.0 Core Components (x86) DEU "{E6CE345D-BF83-1242-9E4D-3D60A5036D87}" = CCC Help English "{E90A1941-4989-4172-AB5C-DBCB02202A84}" = Microsoft Sync Framework 2.0 Provider Services (x86) DEU "{EC155897-712F-5637-A5DA-6C7CE7CB5521}" = CCC Help Korean "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{F0580F64-44A1-C607-9364-887912B74F4D}" = CCC Help Thai "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL "{F3F9A4E5-CD9F-4657-CF99-5CE3F7729909}" = Catalyst Control Center Core Implementation "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F5B1D41A-05B9-98E2-C350-E69D4A444CB4}" = CCC Help Chinese Traditional "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FCF0F615-6E70-B949-028F-88D32C55C2BC}" = CCC Help Dutch "7-Zip" = 7-Zip 9.20 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.6 "Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9 "Artisteer 3" = Artisteer 3 "AudibleManager" = AudibleManager "Audiograbber" = Audiograbber 1.83 SE "Audiograbber-Lame" = Audiograbber Lame-MP3-Plugin "Avira AntiVir Desktop" = Avira Free Antivirus "ClassicPro" = ClassicPro© v1.14 "Diablo III" = Diablo III "DivX Setup" = DivX-Setup "ENTERPRISE" = Microsoft Office Enterprise 2007 "FILEminimizer Pictures_is1" = FILEminimizer Pictures "Inkscape" = Inkscape 0.48.0 "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "LastFM_is1" = Last.fm 1.5.4.27091 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300 "Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de) "Mozilla Thunderbird 15.0 (x86 de)" = Mozilla Thunderbird 15.0 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "Mp3tag" = Mp3tag v2.50 "Notepad++" = Notepad++ "OpenAL" = OpenAL "SpyNoMore" = SpyNoMore 3.00 "Steam App 12900" = Audiosurf "uTorrent" = µTorrent "vghd" = DeskBabes "VideoPad" = VideoPad Video Editor "VLC media player" = VLC media player 2.0.2 "WildTangent hp Master Uninstall" = HP Games "Winamp" = Winamp "WinLiveSuite" = Windows Live Essentials "World of Warcraft" = World of Warcraft "Xvid_is1" = Xvid 1.2.2 final uninstall ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "DeskBabes_is1" = DeskBabes version 1.1.0.16 "Dropbox" = Dropbox "Spotify" = Spotify "Winamp Detect" = Winamp Erkennungs-Plug-in ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 22.07.2011 07:46:59 | Computer Name = alx | Source = MsiInstaller | ID = 11308 Description = Error - 25.07.2011 12:25:05 | Computer Name = alx | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: wmpnetwk.exe, Version: 12.0.7601.17514, Zeitstempel: 0x4ce7ae7f Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17625, Zeitstempel: 0x4de88429 Ausnahmecode: 0x0000046b Fehleroffset: 0x000000000000cacd ID des fehlerhaften Prozesses: 0x9a8 Startzeit der fehlerhaften Anwendung: 0x01cc49ee28dc0ea7 Pfad der fehlerhaften Anwendung: C:\Program Files\Windows Media Player\wmpnetwk.exe Pfad des fehlerhaften Moduls: C:\Windows\system32\KERNELBASE.dll Berichtskennung: a75fb5ca-b6da-11e0-86c4-00269ea162a6 Error - 01.08.2011 16:06:12 | Computer Name = alx | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: vghd.exe, Version: 1.0.5.2, Zeitstempel: 0x4d5d1d20 Name des fehlerhaften Moduls: vghd.exe, Version: 1.0.5.2, Zeitstempel: 0x4d5d1d20 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00012b07 ID des fehlerhaften Prozesses: 0x12f0 Startzeit der fehlerhaften Anwendung: 0x01cc5086500048fb Pfad der fehlerhaften Anwendung: C:\Users\alx\AppData\Local\vghd\bin\vghd.exe Pfad des fehlerhaften Moduls: C:\Users\alx\AppData\Local\vghd\bin\vghd.exe Berichtskennung: b3b1ee44-bc79-11e0-8db6-00269ea162a6 Error - 02.08.2011 16:05:30 | Computer Name = alx | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: Skype.exe, Version: 4.0.0.224, Zeitstempel: 0x49cc7813 Name des fehlerhaften Moduls: Skype.exe, Version: 4.0.0.224, Zeitstempel: 0x49cc7813 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0010d258 ID des fehlerhaften Prozesses: 0x39c Startzeit der fehlerhaften Anwendung: 0x01cc514dedbf6a33 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Skype\Phone\Skype.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Skype\Phone\Skype.exe Berichtskennung: c561f448-bd42-11e0-86c6-00269ea162a6 Error - 09.08.2011 13:36:47 | Computer Name = alx | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: winamp.exe, Version: 5.6.2.3173, Zeitstempel: 0x4e1b6f92 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00680026 ID des fehlerhaften Prozesses: 0x1390 Startzeit der fehlerhaften Anwendung: 0x01cc56b5999559a0 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Winamp\winamp.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: 27bf6872-c2ae-11e0-85ad-00269ea162a6 Error - 15.08.2011 08:52:48 | Computer Name = alx | Source = BugSplat | ID = 1 Description = Error - 16.08.2011 05:20:08 | Computer Name = alx | Source = Application Hang | ID = 1002 Description = Programm WINWORD.EXE, Version 12.0.6545.5000 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1008 Startzeit: 01cc5bf4d411a00e Endzeit: 0 Anwendungspfad: C:\Program Files (x86)\Microsoft\Office12\WINWORD.EXE Berichts-ID: Error - 16.08.2011 05:20:35 | Computer Name = alx | Source = Application Hang | ID = 1002 Description = Programm WINWORD.EXE, Version 12.0.6545.5000 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1640 Startzeit: 01cc5bf5b10f4bad Endzeit: 18 Anwendungspfad: C:\Program Files (x86)\Microsoft\Office12\WINWORD.EXE Berichts-ID: Error - 17.08.2011 19:09:00 | Computer Name = alx | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: wmpnetwk.exe, Version: 12.0.7601.17514, Zeitstempel: 0x4ce7ae7f Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7c8f9 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000004e4b4 ID des fehlerhaften Prozesses: 0xdf4 Startzeit der fehlerhaften Anwendung: 0x01cc5d1c20b598b8 Pfad der fehlerhaften Anwendung: C:\Program Files\Windows Media Player\wmpnetwk.exe Pfad des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: e419c437-c925-11e0-849e-00269ea162a6 Error - 17.08.2011 19:13:12 | Computer Name = alx | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: vghd.exe, Version: 1.0.5.2, Zeitstempel: 0x4d5d1d20 Name des fehlerhaften Moduls: vghd.exe, Version: 1.0.5.2, Zeitstempel: 0x4d5d1d20 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00012b07 ID des fehlerhaften Prozesses: 0x9f4 Startzeit der fehlerhaften Anwendung: 0x01cc5d32e4713a7c Pfad der fehlerhaften Anwendung: C:\Users\alx\AppData\Local\vghd\bin\vghd.exe Pfad des fehlerhaften Moduls: C:\Users\alx\AppData\Local\vghd\bin\vghd.exe Berichtskennung: 7a3b4d3f-c926-11e0-849e-00269ea162a6 [ Hewlett-Packard Events ] Error - 04.04.2010 08:49:53 | Computer Name = alx | Source = Hewlett-Packard | ID = 0 Description = de-DE Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt. HPSF bei HPAssistant.Pages.DiagnoseMain.brdAssistance_MouseDown(Object sender, MouseButtonEventArgs e) bei System.Windows.Input.MouseButtonEventArgs.InvokeEventHandler(Delegate genericHandler, Object genericTarget) bei System.Windows.RoutedEventArgs.InvokeHandler(Delegate handler, Object target) bei System.Windows.RoutedEventHandlerInfo.InvokeHandler(Object target, RoutedEventArgs routedEventArgs) bei System.Windows.EventRoute.InvokeHandlersImpl(Object source, RoutedEventArgs args, Boolean reRaised) bei System.Windows.UIElement.RaiseEventImpl(DependencyObject sender, RoutedEventArgs args) bei System.Windows.UIElement.RaiseEvent(RoutedEventArgs args, Boolean trusted) bei System.Windows.Input.InputManager.ProcessStagingArea() bei System.Windows.Input.InputManager.ProcessInput(InputEventArgs input) bei System.Windows.Input.InputProviderSite.ReportInput(InputReport inputReport) bei System.Windows.Interop.HwndMouseInputProvider.ReportInput(IntPtr hwnd, InputMode mode, Int32 timestamp, RawMouseActions actions, Int32 x, Int32 y, Int32 wheel) bei System.Windows.Interop.HwndMouseInputProvider.FilterMessage(IntPtr hwnd, Int32 msg, IntPtr wParam, IntPtr lParam, Boolean& handled) bei System.Windows.Interop.HwndSource.InputFilterMessage(IntPtr hwnd, Int32 msg, IntPtr wParam, IntPtr lParam, Boolean& handled) bei MS.Win32.HwndWrapper.WndProc(IntPtr hwnd, Int32 msg, IntPtr wParam, IntPtr lParam, Boolean& handled) bei MS.Win32.HwndSubclass.DispatcherCallbackOperation(Object o) bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback, Object args, Boolean isSingleParameter) bei System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler) [ OSession Events ] Error - 29.06.2010 10:29:54 | Computer Name = alx | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6535.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 16 seconds with 0 seconds of active time. This session ended with a crash. Error - 16.07.2010 07:58:12 | Computer Name = alx | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6535.5002, Microsoft Office Version: 12.0.6425.1000. This session lasted 3 seconds with 0 seconds of active time. This session ended with a crash. Error - 08.11.2010 10:04:27 | Computer Name = alx | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1 seconds with 0 seconds of active time. This session ended with a crash. Error - 14.11.2010 17:00:45 | Computer Name = alx | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3 seconds with 0 seconds of active time. This session ended with a crash. Error - 16.11.2010 17:11:14 | Computer Name = alx | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5 seconds with 0 seconds of active time. This session ended with a crash. Error - 30.11.2010 07:26:19 | Computer Name = alx | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2 seconds with 0 seconds of active time. This session ended with a crash. Error - 20.01.2011 09:01:19 | Computer Name = alx | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3 seconds with 0 seconds of active time. This session ended with a crash. Error - 03.06.2011 09:58:02 | Computer Name = alx | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 13 seconds with 0 seconds of active time. This session ended with a crash. Error - 15.08.2011 08:44:24 | Computer Name = alx | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1 seconds with 0 seconds of active time. This session ended with a crash. Error - 05.12.2011 02:25:56 | Computer Name = alx | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 42 seconds with 0 seconds of active time. This session ended with a crash. [ System Events ] Error - 31.08.2012 07:04:22 | Computer Name = alx | Source = Microsoft Antimalware | ID = 2001 Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt. Neue Signaturversion: Vorherige Signaturversion: 1.135.81.0 Aktualisierungsquelle: %%859 Aktualisierungsphase: %%853 Quellpfad: hxxp://www.microsoft.com Signaturtyp: %%800 Aktualisierungstyp: %%803 Benutzer: NT-AUTORITÄT\SYSTEM Aktuelle Modulversion: Vorherige Modulversion: 1.1.8704.0 Fehlercode: 0x80240022 Fehlerbeschreibung: Die Suche des Programms nach Definitionsaktualisierungen ist nicht möglich. Error - 01.09.2012 08:39:46 | Computer Name = alx | Source = Microsoft-Windows-TaskScheduler | ID = 413 Description = Beim Start des Aufgabenplanungsdiensts konnten Aufgaben nicht geladen werden. Zusätzliche Daten: Fehlerwert: 2147549183. Error - 01.09.2012 08:40:10 | Computer Name = alx | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: [verify-U]_System Error - 01.09.2012 08:42:40 | Computer Name = alx | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Microsoft .NET Framework NGEN v4.0.30319_X86 erreicht. Error - 03.09.2012 04:10:26 | Computer Name = alx | Source = Microsoft-Windows-TaskScheduler | ID = 413 Description = Beim Start des Aufgabenplanungsdiensts konnten Aufgaben nicht geladen werden. Zusätzliche Daten: Fehlerwert: 2147549183. Error - 03.09.2012 04:10:58 | Computer Name = alx | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: [verify-U]_System Error - 03.09.2012 04:12:10 | Computer Name = alx | Source = WMPNetworkSvc | ID = 866300 Description = Error - 04.09.2012 04:52:17 | Computer Name = alx | Source = volsnap | ID = 393252 Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte. Error - 04.09.2012 13:52:53 | Computer Name = alx | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst ShellHWDetection erreicht. Error - 06.09.2012 05:18:32 | Computer Name = alx | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst lmhosts erreicht. < End of report > Geändert von Homunkoloss (06.09.2012 um 12:18 Uhr) |
06.09.2012, 16:27 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Kann CodecV & Incredibar nicht mehr entfernen Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
__________________Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ |
16.09.2012, 16:42 | #3 |
| Kann CodecV & Incredibar nicht mehr entfernen Erst einmal meine Entschuldigung für die Verspätung, die Scans haben mehr Zeit in Anspruch genommen als gedacht, so dass ich sie hab weiterlaufen lassen, als ich jetzt für ne Woche weg war...
__________________Weder Malwarebytes, noch ESET haben irgendetwas gefunden. Daher agibt es ach keine Log von ESET. Die von Malwarebytes lautet: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.09.06.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 alx :: ALX [Administrator] Schutz: Aktiviert 06.09.2012 18:14:16 mbam-log-2012-09-06 (18-14-16).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 675706 Laufzeit: 6 Stunde(n), 16 Minute(n), 40 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
16.09.2012, 18:58 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Kann CodecV & Incredibar nicht mehr entfernen adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren Downloade Dir bitte AdwCleaner auf deinen Desktop. Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
__________________ Logfiles bitte immer in CODE-Tags posten |
17.09.2012, 11:56 | #5 |
| Kann CodecV & Incredibar nicht mehr entfernenCode:
ATTFilter # AdwCleaner v2.002 - Datei am 09/17/2012 um 12:56:07 erstellt # Aktualisiert am 16/09/2012 von Xplode # Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits) # Benutzer : alx - ALX # Bootmodus : Normal # Ausgeführt unter : C:\Users\alx\Desktop\adwcleaner.exe # Option [Suche] **** [Dienste] **** ***** [Dateien / Ordner] ***** Ordner Gefunden : C:\Users\alx\AppData\Local\vghd ***** [Registrierungsdatenbank] ***** ***** [Internet Browser] ***** -\\ Internet Explorer v8.0.7601.17514 [OK] Die Registrierungsdatenbank ist sauber. -\\ Mozilla Firefox v15.0 (de) Profilname : default Datei : C:\Users\alx\AppData\Roaming\Mozilla\Firefox\Profiles\ck8le8cj.default\prefs.js Gefunden : user_pref("extensions.4f807b3748d97.scode", "(function(){try{if('aol.com,mystart.incredibar.com,prem[...] Gefunden : user_pref("extensions.skipscreen.hostMatchStr", "hxxp://www.4shared.com/(get|audio|file|document|dir[...] ************************* AdwCleaner[R1].txt - [992 octets] - [17/09/2012 12:56:07] ########## EOF - C:\AdwCleaner[R1].txt - [1051 octets] ########## |
17.09.2012, 12:34 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Kann CodecV & Incredibar nicht mehr entfernen adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
__________________ --> Kann CodecV & Incredibar nicht mehr entfernen |
17.09.2012, 14:30 | #7 |
| Kann CodecV & Incredibar nicht mehr entfernenCode:
ATTFilter # AdwCleaner v2.002 - Datei am 09/17/2012 um 15:23:35 erstellt # Aktualisiert am 16/09/2012 von Xplode # Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits) # Benutzer : alx - ALX # Bootmodus : Normal # Ausgeführt unter : C:\Users\alx\Desktop\adwcleaner.exe # Option [Löschen] **** [Dienste] **** ***** [Dateien / Ordner] ***** Ordner Gelöscht : C:\Users\alx\AppData\Local\vghd ***** [Registrierungsdatenbank] ***** ***** [Internet Browser] ***** -\\ Internet Explorer v8.0.7601.17514 Wiederhergestellt : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope] Wiederhergestellt : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope] Wiederhergestellt : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope] Wiederhergestellt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope] Wiederhergestellt : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope] Wiederhergestellt : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope] Wiederhergestellt : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope] -\\ Mozilla Firefox v15.0 (de) Profilname : default Datei : C:\Users\alx\AppData\Roaming\Mozilla\Firefox\Profiles\ck8le8cj.default\prefs.js Gelöscht : user_pref("extensions.4f807b3748d97.scode", "(function(){try{if('aol.com,mystart.incredibar.com,prem[...] Gelöscht : user_pref("extensions.skipscreen.hostMatchStr", "hxxp://www.4shared.com/(get|audio|file|document|dir[...] ************************* AdwCleaner[R1].txt - [1120 octets] - [17/09/2012 15:23:05] AdwCleaner[S1].txt - [1711 octets] - [17/09/2012 15:23:35] ########## EOF - C:\AdwCleaner[S1].txt - [1771 octets] ########## |
17.09.2012, 14:56 | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Kann CodecV & Incredibar nicht mehr entfernen Hätte da mal drei Fragen bevor es weiter geht (wir sind noch nicht fertig!) 1.) Geht der normale Modus von Windows (wieder) uneingeschränkt? 2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden? 3.) Die Werbeeinblendungen bzw Weiterleitungen wie zB Incredibar oder Mystart sind nun weg?
__________________ Logfiles bitte immer in CODE-Tags posten |
17.09.2012, 15:31 | #9 |
| Kann CodecV & Incredibar nicht mehr entfernen 1.) Habe vorher keinen Unterschied in der Funktion bemerkt, folglich jetzt auch keine Änderung zum Besseren. 2.) Habe 2 leere Ordner gefunden, die aber zu bereits deinstallierten Programmen gehörten. Ansonsten fehlt nix. 3.) Weiterleitungen sind behoben so weit ich das sehe (neues fenster / tab), aber die Werbelink-Einblendungen (by text-enhance) sind immer noch da. |
17.09.2012, 19:56 | #10 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Kann CodecV & Incredibar nicht mehr entfernen Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
ATTFilter netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start wininit.exe userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
26.09.2012, 16:01 | #11 |
| Kann CodecV & Incredibar nicht mehr entfernenCode:
ATTFilter OTL logfile created on: 26.09.2012 12:50:55 - Run 3 OTL by OldTimer - Version 3.2.68.0 Folder = C:\Users\alx\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,61 Gb Available Physical Memory | 65,24% Memory free 7,99 Gb Paging File | 6,44 Gb Available in Paging File | 80,57% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 284,56 Gb Total Space | 5,61 Gb Free Space | 1,97% Space Free | Partition Type: NTFS Drive D: | 13,23 Gb Total Space | 2,17 Gb Free Space | 16,38% Space Free | Partition Type: NTFS Computer Name: ALX | User Name: alx | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\alx\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Users\alx\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe () PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Users\alx\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () ========== Modules (No Company Name) ========== MOD - C:\Users\alx\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe () MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll () MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () ========== Services (SafeList) ========== SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard Company) SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\stacsv64.exe (IDT, Inc.) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe (Andrea Electronics Corporation) SRV - (NitroReaderDriverReadSpool2) -- C:\Programme\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe (Nitro PDF Software) SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe (IDT, Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (LBTServ) -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe (Andrea Electronics Corporation) SRV - (ezSharedSvc) -- C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS) ========== Driver Services (SafeList) ========== DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Qualcomm Atheros Communications, Inc.) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard Company) DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard Company) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys () DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.) DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\drivers\LUsbFilt.sys (Logitech, Inc.) DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.) DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.) DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (enecir) -- C:\Windows\SysNative\drivers\enecir.sys (ENE TECHNOLOGY INC.) DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.) DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corp) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell) DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Research Inc.) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (grmnusb) -- C:\Windows\SysNative\drivers\grmnusb.sys (GARMIN Corp.) DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.) DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.) DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices) DRV:64bit: - (WmXlCore) -- C:\Windows\SysNative\drivers\WmXlCore.sys (Logitech Inc.) DRV:64bit: - (WmVirHid) -- C:\Windows\SysNative\drivers\WmVirHid.sys (Logitech Inc.) DRV:64bit: - (WmFilter) -- C:\Windows\SysNative\drivers\WmFilter.sys (Logitech Inc.) DRV:64bit: - (WmBEnum) -- C:\Windows\SysNative\drivers\WmBEnum.sys (Logitech Inc.) DRV:64bit: - (adfs) -- C:\Windows\SysNative\drivers\adfs.sys (Adobe Systems, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cnnb IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{1366F70F-D4B1-41A2-9C50-344E76EADE50}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 IE:64bit: - HKLM\..\SearchScopes\{2C7072CC-3B6A-4D18-856D-F60EF665414F}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de IE:64bit: - HKLM\..\SearchScopes\{3CA7DAB2-1C99-4C76-88C3-55972FB79B59}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cnnb IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{1366F70F-D4B1-41A2-9C50-344E76EADE50}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 IE - HKLM\..\SearchScopes\{2C7072CC-3B6A-4D18-856D-F60EF665414F}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de IE - HKLM\..\SearchScopes\{3CA7DAB2-1C99-4C76-88C3-55972FB79B59}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008 IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2782641458-2596408217-2259115555-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cnnb IE - HKU\S-1-5-21-2782641458-2596408217-2259115555-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cnnb IE - HKU\S-1-5-21-2782641458-2596408217-2259115555-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2782641458-2596408217-2259115555-1001\..\SearchScopes\{1366F70F-D4B1-41A2-9C50-344E76EADE50}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 IE - HKU\S-1-5-21-2782641458-2596408217-2259115555-1001\..\SearchScopes\{2C7072CC-3B6A-4D18-856D-F60EF665414F}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de IE - HKU\S-1-5-21-2782641458-2596408217-2259115555-1001\..\SearchScopes\{3CA7DAB2-1C99-4C76-88C3-55972FB79B59}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008 IE - HKU\S-1-5-21-2782641458-2596408217-2259115555-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "about:home" FF - prefs.js..extensions.enabledAddons: 4f807b3748d91@4f807b3748d92.info:1.0 FF - prefs.js..extensions.enabledAddons: de_DE@dicts.j3e.de:20120628 FF - prefs.js..extensions.enabledAddons: fb_add_on@avm.de:1.6.3 FF - prefs.js..extensions.enabledAddons: kosa@kallout.com:2.2.4 FF - prefs.js..extensions.enabledAddons: SkipScreen@SkipScreen:0.6.4 FF - prefs.js..extensions.enabledAddons: trackerblock@privacychoice.org:2.2 FF - prefs.js..extensions.enabledAddons: {1280606b-2510-4fe0-97ef-9b5a22eafe80}:0.9 FF - prefs.js..extensions.enabledAddons: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.2 FF - prefs.js..extensions.enabledAddons: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:2.0.7 FF - prefs.js..extensions.enabledAddons: {ab91efd4-6975-4081-8552-1b3922ed79e2}:1.0.15.0 FF - prefs.js..extensions.enabledAddons: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.10 FF - prefs.js..extensions.enabledAddons: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145 FF - prefs.js..extensions.enabledAddons: ich@maltegoetz.de:1.4.3 FF - prefs.js..extensions.enabledAddons: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.2.1 FF - prefs.js..extensions.enabledAddons: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:6.0 FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}:6.0.33 FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35 FF - prefs.js..extensions.enabledAddons: searchdictcc@roughael:3.4 FF - prefs.js..extensions.enabledItems: de_DE@dicts.j3e.de:20110321 FF - prefs.js..extensions.enabledItems: kosa@kallout.com:2.0.1.1 FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.12.2.44172 FF - prefs.js..extensions.enabledItems: SkipScreen@SkipScreen:0.5.21amo FF - prefs.js..extensions.enabledItems: twitternotifier@naan.net:1.9.7.3 FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0.2 FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.1 FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5 FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8 FF - prefs.js..extensions.enabledItems: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:5.0.1 FF - prefs.js..extensions.enabledItems: {d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}:2.0 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4 FF - prefs.js..extensions.enabledItems: verify-u@cybits.de:1.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: fb_add_on@avm.de:1.5.5 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1 FF - prefs.js..network.proxy.autoconfig_url: "file:///C:\\Users\\alx\\AppData\\Local\\Temp\\proxtube.pac" FF - prefs.js..network.proxy.http: "199.195.109.23" FF - prefs.js..network.proxy.http_port: 9090 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.0: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.1: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll () FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro PDF Reader 2\npnitromozilla.dll ( ) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.12.16 21:29:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla\Firefox\components [2012.09.07 17:43:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla\Firefox\plugins [2012.09.07 17:43:07 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla\Thunderbird\components [2012.06.18 00:40:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla\Thunderbird\plugins [2012.08.18 23:22:47 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla\Firefox\components [2012.09.07 17:43:44 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla\Firefox\plugins [2012.09.07 17:43:07 | 000,000,000 | ---D | M] [2010.03.14 02:49:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\alx\AppData\Roaming\mozilla\Extensions [2010.03.14 02:49:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\alx\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.09.24 14:21:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\alx\AppData\Roaming\mozilla\Firefox\Profiles\ck8le8cj.default\extensions [2012.09.16 15:53:29 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\alx\AppData\Roaming\mozilla\Firefox\Profiles\ck8le8cj.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} [2012.03.18 12:32:02 | 000,000,000 | ---D | M] (HP Detect) -- C:\Users\alx\AppData\Roaming\mozilla\Firefox\Profiles\ck8le8cj.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2} [2012.04.09 11:29:28 | 000,000,000 | ---D | M] (Codecv) -- C:\Users\alx\AppData\Roaming\mozilla\Firefox\Profiles\ck8le8cj.default\extensions\4f807b3748d91@4f807b3748d92.info [2012.06.29 16:54:49 | 000,000,000 | ---D | M] (Wörterbuch Deutsch (de-DE), Hunspell-unterstützt) -- C:\Users\alx\AppData\Roaming\mozilla\Firefox\Profiles\ck8le8cj.default\extensions\de_DE@dicts.j3e.de [2012.05.15 14:18:54 | 000,000,000 | ---D | M] ("FRITZ!Box AddOn") -- C:\Users\alx\AppData\Roaming\mozilla\Firefox\Profiles\ck8le8cj.default\extensions\fb_add_on@avm.de [2012.09.16 15:53:28 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\alx\AppData\Roaming\mozilla\Firefox\Profiles\ck8le8cj.default\extensions\ich@maltegoetz.de [2012.08.07 17:18:11 | 000,221,273 | ---- | M] () (No name found) -- C:\Users\alx\AppData\Roaming\mozilla\firefox\profiles\ck8le8cj.default\extensions\kosa@kallout.com.xpi [2012.09.24 14:21:13 | 000,037,531 | ---- | M] () (No name found) -- C:\Users\alx\AppData\Roaming\mozilla\firefox\profiles\ck8le8cj.default\extensions\searchdictcc@roughael.xpi [2012.02.22 14:07:20 | 000,072,222 | ---- | M] () (No name found) -- C:\Users\alx\AppData\Roaming\mozilla\firefox\profiles\ck8le8cj.default\extensions\SkipScreen@SkipScreen.xpi [2012.02.18 22:21:52 | 000,049,540 | ---- | M] () (No name found) -- C:\Users\alx\AppData\Roaming\mozilla\firefox\profiles\ck8le8cj.default\extensions\trackerblock@privacychoice.org.xpi [2011.12.22 10:12:41 | 000,108,965 | ---- | M] () (No name found) -- C:\Users\alx\AppData\Roaming\mozilla\firefox\profiles\ck8le8cj.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe80}.xpi [2011.07.21 22:52:17 | 000,164,858 | ---- | M] () (No name found) -- C:\Users\alx\AppData\Roaming\mozilla\firefox\profiles\ck8le8cj.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}.xpi [2012.08.22 20:46:08 | 000,341,143 | ---- | M] () (No name found) -- C:\Users\alx\AppData\Roaming\mozilla\firefox\profiles\ck8le8cj.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi [2012.07.25 10:14:55 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\alx\AppData\Roaming\mozilla\firefox\profiles\ck8le8cj.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011.10.30 01:10:24 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\alx\AppData\Roaming\mozilla\firefox\profiles\ck8le8cj.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi [2012.09.14 20:10:47 | 000,270,876 | ---- | M] () (No name found) -- C:\Users\alx\AppData\Roaming\mozilla\firefox\profiles\ck8le8cj.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2012.09.16 15:53:29 | 000,045,208 | ---- | M] () (No name found) -- C:\Users\alx\AppData\Roaming\mozilla\firefox\profiles\ck8le8cj.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}.xpi [2012.03.14 09:20:13 | 000,002,321 | ---- | M] () -- C:\Users\alx\AppData\Roaming\mozilla\firefox\profiles\ck8le8cj.default\searchplugins\dictcc.xml [2012.02.01 21:06:57 | 000,012,703 | ---- | M] () -- C:\Users\alx\AppData\Roaming\mozilla\firefox\profiles\ck8le8cj.default\searchplugins\imdb.xml [2012.02.13 17:42:19 | 000,001,330 | ---- | M] () -- C:\Users\alx\AppData\Roaming\mozilla\firefox\profiles\ck8le8cj.default\searchplugins\wikipedia-en.xml [2012.05.29 16:07:30 | 000,002,446 | ---- | M] () -- C:\Users\alx\AppData\Roaming\mozilla\firefox\profiles\ck8le8cj.default\searchplugins\wiktionary-de.xml [2012.05.29 16:07:13 | 000,001,336 | ---- | M] () -- C:\Users\alx\AppData\Roaming\mozilla\firefox\profiles\ck8le8cj.default\searchplugins\wiktionary-en.xml [2011.12.15 16:58:05 | 000,002,057 | ---- | M] () -- C:\Users\alx\AppData\Roaming\mozilla\firefox\profiles\ck8le8cj.default\searchplugins\youtube-videosuche.xml [2011.12.16 21:29:57 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5 [2012.09.07 17:43:05 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES (X86)\MOZILLA\FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012.09.07 17:43:05 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES (X86)\MOZILLA\FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [SNM] C:\Program Files (x86)\SpyNoMore\SNM.exe /startup File not found O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2782641458-2596408217-2259115555-1001..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner64.exe" /AUTO File not found O4 - HKU\S-1-5-21-2782641458-2596408217-2259115555-1001..\Run: [Spotify Web Helper] C:\Users\alx\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe () O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\alx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopVideoPlayer.lnk = File not found O4 - Startup: C:\Users\alx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\alx\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2 O7 - HKU\S-1-5-21-2782641458-2596408217-2259115555-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2 O7 - HKU\S-1-5-21-2782641458-2596408217-2259115555-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0 O7 - HKU\S-1-5-21-2782641458-2596408217-2259115555-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0 O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~4\OFFICE11\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~4\OFFICE11\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-2782641458-2596408217-2259115555-1001\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-2782641458-2596408217-2259115555-1001\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-2782641458-2596408217-2259115555-1001\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-2782641458-2596408217-2259115555-1001\..Trusted Domains: sony.com ([]* in Trusted sites) O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class) O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F36DF460-6656-4356-AC69-8A37945ED217}: DhcpNameServer = 192.168.181.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FA92405A-2AA9-4546-964D-8016BF7078D0}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{43c59bd6-2c71-11e1-ad77-00269ea162a6}\Shell\AutoRun\command - "" = F:\fscommand\LS_Start_Launch.cmd O33 - MountPoints2\{43c59bd6-2c71-11e1-ad77-00269ea162a6}\Shell\Launcher\command - "" = F:\fscommand\LS_Start_Launch.cmd O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) NetSvcs: ezSharedSvc - C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS) MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.) MsConfig:64bit - StartUpFolder: C:^Users^alx^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^DesktopVideoPlayer.LNK - - File not found MsConfig:64bit - StartUpFolder: C:^Users^alx^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk - C:\Users\alx\AppData\Roaming\Dropbox\bin\Dropbox.exe - (Dropbox, Inc.) MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - File not found MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () MsConfig:64bit - StartUpReg: Easybits Recovery - hkey= - key= - File not found MsConfig:64bit - StartUpReg: EvtMgr6 - hkey= - key= - C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) MsConfig:64bit - StartUpReg: HP Software Update - hkey= - key= - C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe (Hewlett-Packard) MsConfig:64bit - StartUpReg: HPCam_Menu - hkey= - key= - c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) MsConfig:64bit - StartUpReg: LightScribe Control Panel - hkey= - key= - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company) MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.) MsConfig:64bit - StartUpReg: StartCCC - hkey= - key= - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - File not found MsConfig:64bit - StartUpReg: SysTrayApp - hkey= - key= - C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.) MsConfig:64bit - StartUpReg: UpdatePRCShortCut - hkey= - key= - C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) MsConfig:64bit - StartUpReg: WinampAgent - hkey= - key= - C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.) MsConfig:64bit - StartUpReg: WirelessAssistant - hkey= - key= - C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard) MsConfig:64bit - State: "startup" - Reg Error: Key error. MsConfig:64bit - State: "services" - Reg Error: Key error. SafeBootMin:64bit: AppMgmt - Service SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: MsMpSvc - c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - Service SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: MsMpSvc - c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe" ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2} - C:\Program Files (x86)\PixiePack Codec Pack\InstallerHelper.exe ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.) Drivers32: vidc.i420 - C:\Windows\SysWow64\i420vfw.dll (www.helixcommunity.org) Drivers32: vidc.VSPX - C:\Windows\SysWow64\vspxvfw.dll () Drivers32: vidc.XVID - C:\Windows\SysWow64\xvidvfw.dll () Drivers32: vidc.yv12 - C:\Windows\SysWow64\yv12vfw.dll (www.helixcommunity.org) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.09.26 12:30:50 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\alx\Desktop\OTL.exe [2012.09.16 18:13:28 | 000,029,712 | ---- | C] (Nitro PDF Software) -- C:\Windows\SysNative\nitrolocalmon2.dll [2012.09.16 18:13:28 | 000,017,936 | ---- | C] (Nitro PDF Software) -- C:\Windows\SysNative\nitrolocalui2.dll [2012.09.16 18:13:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nitro PDF [2012.09.16 18:13:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nitro PDF Reader 2 [2012.09.16 18:13:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nitro PDF [2012.09.16 16:01:31 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee [2012.09.06 12:21:11 | 000,000,000 | ---D | C] -- C:\Users\alx\AppData\Roaming\Malwarebytes [2012.09.06 12:20:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.09.06 11:54:43 | 000,000,000 | ---D | C] -- C:\Users\alx\AppData\Roaming\DriverCure [2012.09.06 11:54:42 | 000,000,000 | ---D | C] -- C:\Users\alx\AppData\Roaming\SpeedyPC Software [2012.09.06 11:54:21 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software [2012.09.04 16:41:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft [2012.09.04 14:57:18 | 000,000,000 | ---D | C] -- C:\Users\alx\Documents\Diablo III [2012.09.04 12:15:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III [2012.09.04 12:15:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Diablo III [2012.09.04 09:39:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.09.26 12:30:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\alx\Desktop\OTL.exe [2012.09.26 10:24:06 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.09.26 08:52:03 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif [2012.09.26 08:51:55 | 000,697,082 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.09.26 08:51:55 | 000,652,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.09.26 08:51:55 | 000,148,346 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.09.26 08:51:55 | 000,121,292 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.09.26 08:35:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.09.25 12:13:08 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.09.25 12:13:08 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.09.25 12:03:05 | 3218,235,392 | -HS- | M] () -- C:\hiberfil.sys [2012.09.16 19:37:33 | 000,000,744 | ---- | M] () -- C:\Users\alx\.recently-used.xbel [2012.09.16 19:36:41 | 000,012,564 | ---- | M] () -- C:\Users\alx\Desktop\Gilwell Logo.png [2012.09.16 16:27:58 | 001,619,988 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.09.13 01:52:54 | 000,029,712 | ---- | M] (Nitro PDF Software) -- C:\Windows\SysNative\nitrolocalmon2.dll [2012.09.13 01:52:54 | 000,017,936 | ---- | M] (Nitro PDF Software) -- C:\Windows\SysNative\nitrolocalui2.dll [2012.09.06 11:47:19 | 000,001,152 | ---- | M] () -- C:\Windows\SysWow64\windrv.sys [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.09.16 19:37:33 | 000,000,744 | ---- | C] () -- C:\Users\alx\.recently-used.xbel [2012.09.16 19:11:14 | 000,012,564 | ---- | C] () -- C:\Users\alx\Desktop\Gilwell Logo.png [2012.09.16 18:13:22 | 000,002,507 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nitro Reader 2.lnk [2012.09.06 11:47:19 | 000,001,152 | ---- | C] () -- C:\Windows\SysWow64\windrv.sys [2012.07.10 20:48:37 | 000,009,064 | ---- | C] () -- C:\Users\alx\Neues Dokument 2.2012_07_10_20_48_37.0.svg [2012.07.10 20:35:46 | 000,014,642 | ---- | C] () -- C:\Users\alx\Neues Dokument 2.2012_07_10_20_35_45.0.svg [2012.07.01 22:00:07 | 000,000,021 | ---- | C] () -- C:\Windows\preview.ini [2012.02.02 14:36:28 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll [2012.01.20 14:02:56 | 000,159,400 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat [2011.07.31 18:43:28 | 000,000,020 | ---- | C] () -- C:\Windows\mafosav.INI [2011.07.22 13:22:22 | 000,000,000 | ---- | C] () -- C:\Users\alx\support [2011.01.12 21:11:41 | 000,000,118 | ---- | C] () -- C:\Windows\Podcasts.INI [2011.01.12 12:09:19 | 000,023,761 | ---- | C] () -- C:\Windows\hpqins15.dat.temp [2010.12.25 23:53:04 | 000,023,324 | ---- | C] () -- C:\Windows\hpqins15.dat [2010.12.23 12:53:50 | 000,181,764 | ---- | C] () -- C:\Windows\hpoins28.dat [2010.12.23 12:53:50 | 000,000,442 | ---- | C] () -- C:\Windows\hpomdl28.dat [2010.11.03 11:04:28 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2010.11.03 11:04:28 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2010.03.26 18:43:22 | 000,000,000 | ---- | C] () -- C:\Users\alx\AppData\Roaming\wklnhst.dat [2010.03.26 18:41:04 | 000,006,144 | ---- | C] () -- C:\Users\alx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.03.21 12:44:56 | 000,020,143 | ---- | C] () -- C:\Users\alx\AppData\Roaming\UserTile.png ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.09.04 09:38:17 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\.minecraft [2012.04.21 18:23:02 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\Amazon [2012.08.06 21:02:31 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\Artisteer [2012.09.16 18:09:44 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\Downloaded Installations [2012.09.06 11:54:43 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\DriverCure [2012.09.25 12:05:31 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\Dropbox [2012.05.04 12:02:58 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\FILEminimizerPictures [2010.07.30 19:40:52 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\FreeVideoConverter [2011.03.10 12:16:18 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\FRITZ! [2011.12.23 15:36:26 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\Hitachigst [2010.09.30 17:41:01 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\inkscape [2010.03.15 16:11:04 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\Leadertech [2012.08.28 22:37:01 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\Mp3tag [2012.09.16 18:08:47 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\Nitro PDF [2011.03.04 21:28:25 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\Notepad++ [2010.09.03 20:21:20 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\Registry Mechanic [2012.07.04 12:45:15 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\RotMG.Production [2012.09.06 11:54:42 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\SpeedyPC Software [2012.09.18 22:18:16 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\Spotify [2010.03.14 02:49:37 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\Thunderbird [2012.09.26 13:40:24 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\uTorrent [2010.04.01 16:35:30 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\Windows Live Writer [2010.03.05 13:04:29 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\_MDLogs ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2012.09.04 09:38:17 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\.minecraft [2011.02.16 16:22:55 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\Adobe [2012.04.21 18:23:02 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\Amazon [2012.08.06 21:02:30 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\Apple Computer [2012.08.06 21:02:31 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\Artisteer [2010.03.05 12:55:59 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\ATI [2012.03.19 14:55:03 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\Avira [2010.05.17 13:54:28 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\CyberLink [2010.10.13 15:53:15 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\DivX [2012.09.16 18:09:44 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\Downloaded Installations [2012.09.06 11:54:43 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\DriverCure [2012.09.25 12:05:31 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\Dropbox [2012.05.04 12:02:58 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\FILEminimizerPictures [2010.07.30 19:40:52 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\FreeVideoConverter [2011.03.10 12:16:18 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\FRITZ! [2010.03.13 23:20:54 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\hewlett-packard [2011.12.23 15:36:26 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\Hitachigst [2010.12.23 13:09:23 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\HP [2010.03.17 14:43:23 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\HP Support Assistant [2010.03.05 11:50:41 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\HP TCS [2010.05.05 15:57:44 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\hpqlog [2012.07.09 18:00:25 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\HpUpdate [2010.03.05 12:55:27 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\Identities [2010.09.30 17:41:01 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\inkscape [2010.03.15 16:11:04 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\Leadertech [2010.03.15 16:08:07 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\Logishrd [2010.03.15 16:11:40 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\Logitech [2010.03.05 12:57:53 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\Macromedia [2012.09.06 12:21:11 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\Malwarebytes [2009.11.24 11:11:53 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\Media Center Programs [2011.02.16 16:22:55 | 000,000,000 | --SD | M] -- C:\Users\alx\AppData\Roaming\Microsoft [2010.03.05 14:19:29 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\Mozilla [2012.08.28 22:37:01 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\Mp3tag [2012.02.04 16:27:00 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\NCH Software [2012.09.16 18:08:47 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\Nitro PDF [2011.03.04 21:28:25 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\Notepad++ [2010.09.03 20:21:20 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\Registry Mechanic [2012.07.04 12:45:15 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\RotMG.Production [2012.08.24 08:01:27 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\Skype [2012.09.06 11:54:42 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\SpeedyPC Software [2012.09.18 22:18:16 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\Spotify [2010.03.14 02:49:37 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\Thunderbird [2012.09.26 13:40:24 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\uTorrent [2012.09.26 10:34:20 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\vlc [2011.09.28 01:51:11 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\Winamp [2010.04.01 16:35:30 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\Windows Live Writer [2010.10.20 17:11:15 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\WinRAR [2010.03.05 13:04:29 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\_MDLogs < %APPDATA%\*.exe /s > [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\alx\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012.05.24 20:39:24 | 000,872,144 | ---- | M] (Dropbox, Inc.) -- C:\Users\alx\AppData\Roaming\Dropbox\bin\DropboxUpdateHelper.exe [2012.05.24 20:39:56 | 000,177,280 | ---- | M] (Dropbox, Inc.) -- C:\Users\alx\AppData\Roaming\Dropbox\bin\Uninstall.exe [2011.02.16 16:28:19 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\alx\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe [2010.03.15 16:11:02 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Users\alx\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe [2011.02.16 15:24:43 | 000,010,134 | R--- | M] () -- C:\Users\alx\AppData\Roaming\Microsoft\Installer\{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}\ARPPRODUCTICON.exe [2011.10.28 16:34:06 | 000,018,488 | ---- | M] (Hewlett-Packard Company) -- C:\Users\alx\AppData\Roaming\Mozilla\Firefox\Profiles\ck8le8cj.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\Setup.exe [2008.02.13 09:07:36 | 000,393,216 | ---- | M] () -- C:\Users\alx\AppData\Roaming\NCH Software\Components\aacenc3\aacenc3.exe [2007.11.27 09:41:32 | 000,405,504 | ---- | M] () -- C:\Users\alx\AppData\Roaming\NCH Software\Components\mp3el2\lame.exe [2012.01.25 16:46:26 | 001,465,393 | ---- | M] () -- C:\Users\alx\AppData\Roaming\NCH Software\Components\x264enc2\x264enc2.exe [2012.08.22 14:15:11 | 005,576,408 | ---- | M] (Spotify Ltd) -- C:\Users\alx\AppData\Roaming\Spotify\spotify.exe [2012.08.22 14:14:59 | 000,114,904 | ---- | M] () -- C:\Users\alx\AppData\Roaming\Spotify\SpotifyLauncher.exe [2012.08.22 14:14:58 | 001,193,176 | ---- | M] () -- C:\Users\alx\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EVENTLOG.DLL > [2009.12.20 01:00:00 | 000,037,520 | ---- | M] (perl.org) MD5=2852D57385C4709EAAE2F9DB01AD3672 -- C:\xampp\perl\site\lib\auto\Win32\EventLog\EventLog.dll [2007.05.17 21:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files (x86)\CyberLink\PowerDirector\EventLog.dll < MD5 for: IASTORV.SYS > [2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2009.07.14 03:15:21 | 000,462,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\FirewallAPI.dll < > [2009.07.14 07:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2009.07.14 07:08:49 | 000,032,640 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2010.03.05 12:55:16 | 000,000,326 | ---- | C] () -- C:\Windows\Tasks\HPCeeScheduleForalx.job [2010.03.26 01:46:11 | 000,001,100 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [2010.03.26 01:46:12 | 000,001,104 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job [2010.08.30 21:44:34 | 000,000,262 | ---- | C] () -- C:\Windows\Tasks\RMSchedule.job ========== Alternate Data Streams ========== @Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:364682BC @Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:D1B5B4F1 < End of report > |
26.09.2012, 16:39 | #12 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Kann CodecV & Incredibar nicht mehr entfernen Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL FF - user.js - File not found IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cnnb IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{1366F70F-D4B1-41A2-9C50-344E76EADE50}: "URL" = http://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 IE:64bit: - HKLM\..\SearchScopes\{2C7072CC-3B6A-4D18-856D-F60EF665414F}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de IE:64bit: - HKLM\..\SearchScopes\{3CA7DAB2-1C99-4C76-88C3-55972FB79B59}: "URL" = http://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cnnb IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{1366F70F-D4B1-41A2-9C50-344E76EADE50}: "URL" = http://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 IE - HKLM\..\SearchScopes\{2C7072CC-3B6A-4D18-856D-F60EF665414F}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de IE - HKLM\..\SearchScopes\{3CA7DAB2-1C99-4C76-88C3-55972FB79B59}: "URL" = http://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008 IE - HKU\S-1-5-21-2782641458-2596408217-2259115555-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cnnb IE - HKU\S-1-5-21-2782641458-2596408217-2259115555-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cnnb IE - HKU\S-1-5-21-2782641458-2596408217-2259115555-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2782641458-2596408217-2259115555-1001\..\SearchScopes\{1366F70F-D4B1-41A2-9C50-344E76EADE50}: "URL" = http://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 IE - HKU\S-1-5-21-2782641458-2596408217-2259115555-1001\..\SearchScopes\{2C7072CC-3B6A-4D18-856D-F60EF665414F}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de IE - HKU\S-1-5-21-2782641458-2596408217-2259115555-1001\..\SearchScopes\{3CA7DAB2-1C99-4C76-88C3-55972FB79B59}: "URL" = http://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008 O4 - HKLM..\Run: [] File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\alx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopVideoPlayer.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2 O7 - HKU\S-1-5-21-2782641458-2596408217-2259115555-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2 O7 - HKU\S-1-5-21-2782641458-2596408217-2259115555-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0 O7 - HKU\S-1-5-21-2782641458-2596408217-2259115555-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0 O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{43c59bd6-2c71-11e1-ad77-00269ea162a6}\Shell\AutoRun\command - "" = F:\fscommand\LS_Start_Launch.cmd O33 - MountPoints2\{43c59bd6-2c71-11e1-ad77-00269ea162a6}\Shell\Launcher\command - "" = F:\fscommand\LS_Start_Launch.cmd @Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:364682BC @Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:D1B5B4F1 :Files ipconfig /flushdns /c :Commands [purity] [emptytemp] [resethosts] Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
26.09.2012, 20:57 | #13 |
| Kann CodecV & Incredibar nicht mehr entfernenCode:
ATTFilter All processes killed ========== OTL ========== HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1366F70F-D4B1-41A2-9C50-344E76EADE50}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1366F70F-D4B1-41A2-9C50-344E76EADE50}\ not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2C7072CC-3B6A-4D18-856D-F60EF665414F}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2C7072CC-3B6A-4D18-856D-F60EF665414F}\ not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3CA7DAB2-1C99-4C76-88C3-55972FB79B59}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA7DAB2-1C99-4C76-88C3-55972FB79B59}\ not found. HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1366F70F-D4B1-41A2-9C50-344E76EADE50}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1366F70F-D4B1-41A2-9C50-344E76EADE50}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2C7072CC-3B6A-4D18-856D-F60EF665414F}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2C7072CC-3B6A-4D18-856D-F60EF665414F}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3CA7DAB2-1C99-4C76-88C3-55972FB79B59}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA7DAB2-1C99-4C76-88C3-55972FB79B59}\ not found. HKU\S-1-5-21-2782641458-2596408217-2259115555-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully! HKU\S-1-5-21-2782641458-2596408217-2259115555-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! HKEY_USERS\S-1-5-21-2782641458-2596408217-2259115555-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_USERS\S-1-5-21-2782641458-2596408217-2259115555-1001\Software\Microsoft\Internet Explorer\SearchScopes\{1366F70F-D4B1-41A2-9C50-344E76EADE50}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1366F70F-D4B1-41A2-9C50-344E76EADE50}\ not found. Registry key HKEY_USERS\S-1-5-21-2782641458-2596408217-2259115555-1001\Software\Microsoft\Internet Explorer\SearchScopes\{2C7072CC-3B6A-4D18-856D-F60EF665414F}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2C7072CC-3B6A-4D18-856D-F60EF665414F}\ not found. Registry key HKEY_USERS\S-1-5-21-2782641458-2596408217-2259115555-1001\Software\Microsoft\Internet Explorer\SearchScopes\{3CA7DAB2-1C99-4C76-88C3-55972FB79B59}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA7DAB2-1C99-4C76-88C3-55972FB79B59}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully. Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully. C:\Users\alx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopVideoPlayer.lnk moved successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideFastUserSwitching deleted successfully. Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\WallpaperStyle deleted successfully. Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\WallpaperStyle not found. Registry value HKEY_USERS\S-1-5-21-2782641458-2596408217-2259115555-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\WallpaperStyle deleted successfully. Registry value HKEY_USERS\S-1-5-21-2782641458-2596408217-2259115555-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableLockWorkstation deleted successfully. Registry value HKEY_USERS\S-1-5-21-2782641458-2596408217-2259115555-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableChangePassword deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{43c59bd6-2c71-11e1-ad77-00269ea162a6}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{43c59bd6-2c71-11e1-ad77-00269ea162a6}\ not found. File F:\fscommand\LS_Start_Launch.cmd not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{43c59bd6-2c71-11e1-ad77-00269ea162a6}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{43c59bd6-2c71-11e1-ad77-00269ea162a6}\ not found. File F:\fscommand\LS_Start_Launch.cmd not found. ADS C:\ProgramData\Temp:364682BC deleted successfully. ADS C:\ProgramData\Temp:D1B5B4F1 deleted successfully. ========== FILES ========== < ipconfig /flushdns /c > Windows-IP-Konfiguration Der DNS-Aufl”sungscache wurde geleert. C:\Users\alx\Desktop\cmd.bat deleted successfully. C:\Users\alx\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: alx ->Temp folder emptied: 47522917 bytes ->Temporary Internet Files folder emptied: 305299691 bytes ->Java cache emptied: 12380251 bytes ->FireFox cache emptied: 482336374 bytes ->Flash cache emptied: 123384 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 56502 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 561679995 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50233 bytes %systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 668 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 1.344,00 mb File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot. Error: Unble to create default HOSTS file! OTL by OldTimer - Version 3.2.68.0 log created on 09262012_210500 Files\Folders moved on Reboot... C:\Users\alx\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot. PendingFileRenameOperations files... Registry entries deleted on Reboot... |
27.09.2012, 15:42 | #14 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Kann CodecV & Incredibar nicht mehr entfernen Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!
__________________ Logfiles bitte immer in CODE-Tags posten |
27.09.2012, 18:07 | #15 |
| Kann CodecV & Incredibar nicht mehr entfernenCode:
ATTFilter 19:05:14.0484 5432 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24 19:05:14.0654 5432 ============================================================ 19:05:14.0654 5432 Current date / time: 2012/09/27 19:05:14.0654 19:05:14.0654 5432 SystemInfo: 19:05:14.0654 5432 19:05:14.0654 5432 OS Version: 6.1.7601 ServicePack: 1.0 19:05:14.0654 5432 Product type: Workstation 19:05:14.0654 5432 ComputerName: ALX 19:05:14.0654 5432 UserName: alx 19:05:14.0654 5432 Windows directory: C:\Windows 19:05:14.0654 5432 System windows directory: C:\Windows 19:05:14.0654 5432 Running under WOW64 19:05:14.0654 5432 Processor architecture: Intel x64 19:05:14.0654 5432 Number of processors: 2 19:05:14.0654 5432 Page size: 0x1000 19:05:14.0654 5432 Boot type: Normal boot 19:05:14.0654 5432 ============================================================ 19:05:16.0840 5432 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 19:05:16.0840 5432 ============================================================ 19:05:16.0840 5432 \Device\Harddisk0\DR0: 19:05:16.0840 5432 MBR partitions: 19:05:16.0840 5432 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800 19:05:16.0840 5432 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x23921000 19:05:16.0840 5432 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x23985000, BlocksNum 0x1A75800 19:05:16.0840 5432 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x253FA800, BlocksNum 0x33AB0 19:05:16.0840 5432 ============================================================ 19:05:16.0880 5432 C: <-> \Device\Harddisk0\DR0\Partition2 19:05:16.0910 5432 D: <-> \Device\Harddisk0\DR0\Partition3 19:05:16.0910 5432 ============================================================ 19:05:16.0910 5432 Initialize success 19:05:16.0910 5432 ============================================================ 19:05:44.0280 4328 ============================================================ 19:05:44.0280 4328 Scan started 19:05:44.0280 4328 Mode: Manual; SigCheck; TDLFS; 19:05:44.0280 4328 ============================================================ 19:05:44.0560 4328 ================ Scan system memory ======================== 19:05:44.0560 4328 System memory - ok 19:05:44.0560 4328 ================ Scan services ============================= 19:05:44.0700 4328 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 19:05:44.0800 4328 1394ohci - ok 19:05:44.0830 4328 [ 5C368F4B04ED2A923E6AFCA2D37BAFF5 ] Accelerometer C:\Windows\system32\DRIVERS\Accelerometer.sys 19:05:44.0870 4328 Accelerometer - ok 19:05:44.0890 4328 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys 19:05:44.0910 4328 ACPI - ok 19:05:44.0930 4328 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 19:05:44.0990 4328 AcpiPmi - ok 19:05:45.0030 4328 [ 2F0683FD2DF1D92E891CACA14B45A8C1 ] adfs C:\Windows\system32\drivers\adfs.sys 19:05:45.0040 4328 adfs - ok 19:05:45.0190 4328 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 19:05:45.0230 4328 AdobeARMservice - ok 19:05:45.0272 4328 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys 19:05:45.0302 4328 adp94xx - ok 19:05:45.0332 4328 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys 19:05:45.0352 4328 adpahci - ok 19:05:45.0372 4328 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys 19:05:45.0382 4328 adpu320 - ok 19:05:45.0412 4328 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 19:05:45.0542 4328 AeLookupSvc - ok 19:05:45.0622 4328 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe 19:05:45.0672 4328 AESTFilters - ok 19:05:45.0722 4328 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys 19:05:45.0772 4328 AFD - ok 19:05:45.0832 4328 [ 98022774D9930ECBB292E70DB7601DF6 ] AgereSoftModem C:\Windows\system32\DRIVERS\agrsm64.sys 19:05:45.0902 4328 AgereSoftModem - ok 19:05:45.0952 4328 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys 19:05:45.0962 4328 agp440 - ok 19:05:45.0992 4328 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe 19:05:46.0032 4328 ALG - ok 19:05:46.0062 4328 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys 19:05:46.0072 4328 aliide - ok 19:05:46.0122 4328 [ D0D8877969011D1B0ED9C3C55A9A9108 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe 19:05:46.0172 4328 AMD External Events Utility - ok 19:05:46.0192 4328 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys 19:05:46.0202 4328 amdide - ok 19:05:46.0242 4328 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys 19:05:46.0272 4328 AmdK8 - ok 19:05:46.0292 4328 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys 19:05:46.0312 4328 AmdPPM - ok 19:05:46.0342 4328 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys 19:05:46.0352 4328 amdsata - ok 19:05:46.0382 4328 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys 19:05:46.0402 4328 amdsbs - ok 19:05:46.0412 4328 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys 19:05:46.0432 4328 amdxata - ok 19:05:46.0552 4328 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe 19:05:46.0592 4328 AntiVirSchedulerService - ok 19:05:46.0612 4328 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe 19:05:46.0622 4328 AntiVirService - ok 19:05:46.0672 4328 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys 19:05:46.0792 4328 AppID - ok 19:05:46.0822 4328 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll 19:05:46.0872 4328 AppIDSvc - ok 19:05:46.0912 4328 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll 19:05:46.0962 4328 Appinfo - ok 19:05:47.0002 4328 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys 19:05:47.0012 4328 arc - ok 19:05:47.0022 4328 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys 19:05:47.0042 4328 arcsas - ok 19:05:47.0132 4328 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe 19:05:47.0142 4328 aspnet_state - ok 19:05:47.0182 4328 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 19:05:47.0232 4328 AsyncMac - ok 19:05:47.0252 4328 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys 19:05:47.0272 4328 atapi - ok 19:05:47.0392 4328 [ B4421D8CDADC441F76BA39532A3E3414 ] athr C:\Windows\system32\DRIVERS\athrx.sys 19:05:47.0492 4328 athr - ok 19:05:47.0552 4328 [ 38467FF83C2B4265D51F418812A91E3C ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys 19:05:47.0562 4328 AtiHdmiService - ok 19:05:47.0692 4328 [ C5758BF1DFD762A5B17041FF061B7750 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys 19:05:47.0822 4328 atikmdag - ok 19:05:47.0862 4328 [ 7C5D273E29DCC5505469B299C6F29163 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys 19:05:47.0882 4328 AtiPcie - ok 19:05:47.0912 4328 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 19:05:47.0972 4328 AudioEndpointBuilder - ok 19:05:47.0982 4328 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll 19:05:48.0032 4328 AudioSrv - ok 19:05:48.0102 4328 [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys 19:05:48.0132 4328 avgntflt - ok 19:05:48.0142 4328 [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys 19:05:48.0162 4328 avipbb - ok 19:05:48.0172 4328 [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys 19:05:48.0182 4328 avkmgr - ok 19:05:48.0212 4328 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll 19:05:48.0272 4328 AxInstSV - ok 19:05:48.0312 4328 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys 19:05:48.0442 4328 b06bdrv - ok 19:05:48.0612 4328 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 19:05:48.0652 4328 b57nd60a - ok 19:05:48.0702 4328 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll 19:05:48.0732 4328 BDESVC - ok 19:05:48.0752 4328 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys 19:05:48.0802 4328 Beep - ok 19:05:48.0842 4328 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll 19:05:48.0892 4328 BFE - ok 19:05:48.0922 4328 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll 19:05:48.0982 4328 BITS - ok 19:05:49.0002 4328 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 19:05:49.0032 4328 blbdrive - ok 19:05:49.0052 4328 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 19:05:49.0082 4328 bowser - ok 19:05:49.0132 4328 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys 19:05:49.0162 4328 BrFiltLo - ok 19:05:49.0172 4328 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys 19:05:49.0202 4328 BrFiltUp - ok 19:05:49.0242 4328 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll 19:05:49.0312 4328 Browser - ok 19:05:49.0352 4328 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys 19:05:49.0382 4328 Brserid - ok 19:05:49.0402 4328 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 19:05:49.0432 4328 BrSerWdm - ok 19:05:49.0442 4328 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 19:05:49.0472 4328 BrUsbMdm - ok 19:05:49.0482 4328 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 19:05:49.0502 4328 BrUsbSer - ok 19:05:49.0542 4328 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys 19:05:49.0572 4328 BTHMODEM - ok 19:05:49.0612 4328 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll 19:05:49.0652 4328 bthserv - ok 19:05:49.0682 4328 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 19:05:49.0732 4328 cdfs - ok 19:05:49.0762 4328 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 19:05:49.0792 4328 cdrom - ok 19:05:49.0822 4328 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll 19:05:49.0872 4328 CertPropSvc - ok 19:05:49.0912 4328 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys 19:05:49.0922 4328 circlass - ok 19:05:49.0962 4328 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys 19:05:49.0982 4328 CLFS - ok 19:05:50.0042 4328 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 19:05:50.0102 4328 clr_optimization_v2.0.50727_32 - ok 19:05:50.0152 4328 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 19:05:50.0172 4328 clr_optimization_v2.0.50727_64 - ok 19:05:50.0232 4328 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 19:05:50.0262 4328 clr_optimization_v4.0.30319_32 - ok 19:05:50.0272 4328 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 19:05:50.0292 4328 clr_optimization_v4.0.30319_64 - ok 19:05:50.0312 4328 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 19:05:50.0342 4328 CmBatt - ok 19:05:50.0372 4328 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys 19:05:50.0382 4328 cmdide - ok 19:05:50.0432 4328 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys 19:05:50.0474 4328 CNG - ok 19:05:50.0564 4328 [ F9A79C5B27037821112C50A9C8FB367A ] Com4QLBEx C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe 19:05:50.0574 4328 Com4QLBEx - ok 19:05:50.0584 4328 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 19:05:50.0594 4328 Compbatt - ok 19:05:50.0624 4328 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys 19:05:50.0654 4328 CompositeBus - ok 19:05:50.0664 4328 COMSysApp - ok 19:05:50.0694 4328 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys 19:05:50.0714 4328 crcdisk - ok 19:05:50.0774 4328 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll 19:05:50.0824 4328 CryptSvc - ok 19:05:50.0874 4328 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll 19:05:50.0934 4328 DcomLaunch - ok 19:05:50.0964 4328 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll 19:05:51.0024 4328 defragsvc - ok 19:05:51.0054 4328 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 19:05:51.0104 4328 DfsC - ok 19:05:51.0124 4328 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll 19:05:51.0194 4328 Dhcp - ok 19:05:51.0224 4328 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys 19:05:51.0264 4328 discache - ok 19:05:51.0294 4328 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys 19:05:51.0304 4328 Disk - ok 19:05:51.0334 4328 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll 19:05:51.0364 4328 Dnscache - ok 19:05:51.0394 4328 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll 19:05:51.0454 4328 dot3svc - ok 19:05:51.0494 4328 [ B42ED0320C6E41102FDE0005154849BB ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys 19:05:51.0524 4328 Dot4 - ok 19:05:51.0564 4328 [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys 19:05:51.0584 4328 Dot4Print - ok 19:05:51.0594 4328 [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys 19:05:51.0614 4328 dot4usb - ok 19:05:51.0644 4328 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll 19:05:51.0694 4328 DPS - ok 19:05:51.0724 4328 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 19:05:51.0754 4328 drmkaud - ok 19:05:51.0794 4328 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 19:05:51.0824 4328 DXGKrnl - ok 19:05:51.0864 4328 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll 19:05:51.0914 4328 EapHost - ok 19:05:52.0024 4328 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys 19:05:52.0104 4328 ebdrv - ok 19:05:52.0144 4328 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe 19:05:52.0204 4328 EFS - ok 19:05:52.0254 4328 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys 19:05:52.0274 4328 elxstor - ok 19:05:52.0304 4328 [ 524C79054636D2E5751169005006460B ] enecir C:\Windows\system32\DRIVERS\enecir.sys 19:05:52.0334 4328 enecir - ok 19:05:52.0374 4328 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys 19:05:52.0424 4328 ErrDev - ok 19:05:52.0474 4328 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll 19:05:52.0534 4328 EventSystem - ok 19:05:52.0564 4328 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys 19:05:52.0624 4328 exfat - ok 19:05:52.0654 4328 ezSharedSvc - ok 19:05:52.0674 4328 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys 19:05:52.0724 4328 fastfat - ok 19:05:52.0774 4328 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe 19:05:52.0824 4328 Fax - ok 19:05:52.0844 4328 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys 19:05:52.0854 4328 fdc - ok 19:05:52.0884 4328 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll 19:05:52.0944 4328 fdPHost - ok 19:05:52.0964 4328 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll 19:05:53.0004 4328 FDResPub - ok 19:05:53.0024 4328 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 19:05:53.0044 4328 FileInfo - ok 19:05:53.0054 4328 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 19:05:53.0104 4328 Filetrace - ok 19:05:53.0124 4328 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 19:05:53.0134 4328 flpydisk - ok 19:05:53.0174 4328 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 19:05:53.0194 4328 FltMgr - ok 19:05:53.0244 4328 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll 19:05:53.0294 4328 FontCache - ok 19:05:53.0344 4328 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 19:05:53.0364 4328 FontCache3.0.0.0 - ok 19:05:53.0394 4328 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 19:05:53.0404 4328 FsDepends - ok 19:05:53.0444 4328 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 19:05:53.0454 4328 Fs_Rec - ok 19:05:53.0514 4328 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 19:05:53.0534 4328 fvevol - ok 19:05:53.0584 4328 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys 19:05:53.0594 4328 gagp30kx - ok 19:05:53.0634 4328 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll 19:05:53.0694 4328 gpsvc - ok 19:05:53.0734 4328 [ 2ED7FF3E1ADA4092632393781518B3A7 ] grmnusb C:\Windows\system32\drivers\grmnusb.sys 19:05:53.0764 4328 grmnusb - ok 19:05:53.0824 4328 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 19:05:53.0844 4328 gupdate - ok 19:05:53.0864 4328 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 19:05:53.0874 4328 gupdatem - ok 19:05:53.0894 4328 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 19:05:53.0924 4328 hcw85cir - ok 19:05:53.0964 4328 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 19:05:53.0994 4328 HdAudAddService - ok 19:05:54.0024 4328 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys 19:05:54.0054 4328 HDAudBus - ok 19:05:54.0054 4328 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys 19:05:54.0084 4328 HidBatt - ok 19:05:54.0104 4328 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys 19:05:54.0144 4328 HidBth - ok 19:05:54.0184 4328 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys 19:05:54.0214 4328 HidIr - ok 19:05:54.0234 4328 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll 19:05:54.0284 4328 hidserv - ok 19:05:54.0314 4328 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 19:05:54.0324 4328 HidUsb - ok 19:05:54.0344 4328 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll 19:05:54.0394 4328 hkmsvc - ok 19:05:54.0424 4328 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll 19:05:54.0454 4328 HomeGroupListener - ok 19:05:54.0484 4328 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 19:05:54.0514 4328 HomeGroupProvider - ok 19:05:54.0544 4328 [ 0141816A095A3F5A83FFA5B4A47B8023 ] HP Health Check Service C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe 19:05:54.0574 4328 HP Health Check Service ( UnsignedFile.Multi.Generic ) - warning 19:05:54.0574 4328 HP Health Check Service - detected UnsignedFile.Multi.Generic (1) 19:05:54.0604 4328 [ 4E0BEC0F78096FFD6D3314B497FC49D3 ] hpdskflt C:\Windows\system32\DRIVERS\hpdskflt.sys 19:05:54.0614 4328 hpdskflt - ok 19:05:54.0714 4328 [ 1DAE5C46D42B02A6D5862E1482EFB390 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll 19:05:54.0744 4328 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning 19:05:54.0744 4328 hpqcxs08 - detected UnsignedFile.Multi.Generic (1) 19:05:54.0794 4328 [ 99E8EEF42FE2F4AF29B08C3355DD7685 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll 19:05:54.0814 4328 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning 19:05:54.0814 4328 hpqddsvc - detected UnsignedFile.Multi.Generic (1) 19:05:54.0844 4328 [ 9AF482D058BE59CC28BCE52E7C4B747C ] HpqKbFiltr C:\Windows\system32\DRIVERS\HpqKbFiltr.sys 19:05:54.0874 4328 HpqKbFiltr - ok 19:05:54.0944 4328 [ FDF273A845F1FFCCEADF363AAF47582F ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe 19:05:54.0974 4328 hpqwmiex - ok 19:05:55.0004 4328 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 19:05:55.0014 4328 HpSAMD - ok 19:05:55.0034 4328 [ FC7C13B5A9E9BE23B7AE72BBC7FDB278 ] hpsrv C:\Windows\system32\Hpservice.exe 19:05:55.0044 4328 hpsrv - ok 19:05:55.0074 4328 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys 19:05:55.0134 4328 HTTP - ok 19:05:55.0164 4328 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 19:05:55.0174 4328 hwpolicy - ok 19:05:55.0214 4328 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys 19:05:55.0224 4328 i8042prt - ok 19:05:55.0264 4328 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 19:05:55.0294 4328 iaStorV - ok 19:05:55.0354 4328 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 19:05:55.0424 4328 idsvc - ok 19:05:55.0584 4328 [ A87261EF1546325B559374F5689CF5BC ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys 19:05:55.0757 4328 igfx - ok 19:05:55.0787 4328 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys 19:05:55.0801 4328 iirsp - ok 19:05:55.0836 4328 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll 19:05:55.0906 4328 IKEEXT - ok 19:05:55.0916 4328 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys 19:05:55.0936 4328 intelide - ok 19:05:55.0968 4328 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 19:05:55.0984 4328 intelppm - ok 19:05:56.0008 4328 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll 19:05:56.0058 4328 IPBusEnum - ok 19:05:56.0078 4328 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 19:05:56.0169 4328 IpFilterDriver - ok 19:05:56.0189 4328 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 19:05:56.0230 4328 iphlpsvc - ok 19:05:56.0260 4328 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 19:05:56.0300 4328 IPMIDRV - ok 19:05:56.0330 4328 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 19:05:56.0390 4328 IPNAT - ok 19:05:56.0410 4328 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 19:05:56.0440 4328 IRENUM - ok 19:05:56.0450 4328 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys 19:05:56.0460 4328 isapnp - ok 19:05:56.0500 4328 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 19:05:56.0510 4328 iScsiPrt - ok 19:05:56.0560 4328 [ F8844B00C10E386C704C610E95A9847D ] JMCR C:\Windows\system32\DRIVERS\jmcr.sys 19:05:56.0630 4328 JMCR - ok 19:05:56.0650 4328 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 19:05:56.0670 4328 kbdclass - ok 19:05:56.0690 4328 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 19:05:56.0710 4328 kbdhid - ok 19:05:56.0720 4328 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe 19:05:56.0740 4328 KeyIso - ok 19:05:56.0780 4328 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 19:05:56.0810 4328 KSecDD - ok 19:05:56.0850 4328 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 19:05:56.0870 4328 KSecPkg - ok 19:05:56.0890 4328 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 19:05:56.0940 4328 ksthunk - ok 19:05:56.0970 4328 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll 19:05:57.0020 4328 KtmRm - ok 19:05:57.0050 4328 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll 19:05:57.0090 4328 LanmanServer - ok 19:05:57.0130 4328 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 19:05:57.0180 4328 LanmanWorkstation - ok 19:05:57.0280 4328 [ 6771CAC91BB89E15B13C27F1E3CDD320 ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe 19:05:57.0320 4328 LBTServ - ok 19:05:57.0340 4328 [ CEB6E18DCFAD5C72B81C7DA1AC3C1CC1 ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys 19:05:57.0350 4328 LHidFilt - ok 19:05:57.0410 4328 [ 83D8BE94E1CBCBE2EA8372DB1A95A159 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe 19:05:57.0450 4328 LightScribeService ( UnsignedFile.Multi.Generic ) - warning 19:05:57.0450 4328 LightScribeService - detected UnsignedFile.Multi.Generic (1) 19:05:57.0480 4328 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 19:05:57.0540 4328 lltdio - ok 19:05:57.0560 4328 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll 19:05:57.0620 4328 lltdsvc - ok 19:05:57.0630 4328 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll 19:05:57.0670 4328 lmhosts - ok 19:05:57.0690 4328 [ F9E48F18BE4D2B365F138987B8E7885B ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys 19:05:57.0700 4328 LMouFilt - ok 19:05:57.0720 4328 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys 19:05:57.0730 4328 LSI_FC - ok 19:05:57.0760 4328 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys 19:05:57.0780 4328 LSI_SAS - ok 19:05:57.0790 4328 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys 19:05:57.0810 4328 LSI_SAS2 - ok 19:05:57.0820 4328 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys 19:05:57.0840 4328 LSI_SCSI - ok 19:05:57.0870 4328 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys 19:05:57.0910 4328 luafv - ok 19:05:57.0940 4328 [ 51B20B742C9E35ADE40B840F6F4F5EE2 ] LUsbFilt C:\Windows\system32\Drivers\LUsbFilt.Sys 19:05:57.0950 4328 LUsbFilt - ok 19:05:57.0960 4328 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys 19:05:57.0980 4328 megasas - ok 19:05:57.0990 4328 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys 19:05:58.0010 4328 MegaSR - ok 19:05:58.0050 4328 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll 19:05:58.0090 4328 MMCSS - ok 19:05:58.0110 4328 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys 19:05:58.0160 4328 Modem - ok 19:05:58.0180 4328 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys 19:05:58.0210 4328 monitor - ok 19:05:58.0240 4328 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 19:05:58.0250 4328 mouclass - ok 19:05:58.0290 4328 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 19:05:58.0310 4328 mouhid - ok 19:05:58.0330 4328 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 19:05:58.0340 4328 mountmgr - ok 19:05:58.0430 4328 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 19:05:58.0470 4328 MozillaMaintenance - ok 19:05:58.0530 4328 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys 19:05:58.0560 4328 MpFilter - ok 19:05:58.0590 4328 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys 19:05:58.0610 4328 mpio - ok 19:05:58.0630 4328 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 19:05:58.0670 4328 mpsdrv - ok 19:05:58.0710 4328 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll 19:05:58.0770 4328 MpsSvc - ok 19:05:58.0800 4328 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 19:05:58.0820 4328 MRxDAV - ok 19:05:58.0840 4328 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 19:05:58.0880 4328 mrxsmb - ok 19:05:58.0920 4328 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 19:05:58.0940 4328 mrxsmb10 - ok 19:05:58.0950 4328 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 19:05:58.0960 4328 mrxsmb20 - ok 19:05:58.0990 4328 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys 19:05:59.0000 4328 msahci - ok 19:05:59.0010 4328 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys 19:05:59.0030 4328 msdsm - ok 19:05:59.0050 4328 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe 19:05:59.0090 4328 MSDTC - ok 19:05:59.0110 4328 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys 19:05:59.0150 4328 Msfs - ok 19:05:59.0180 4328 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 19:05:59.0230 4328 mshidkmdf - ok 19:05:59.0240 4328 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 19:05:59.0250 4328 msisadrv - ok 19:05:59.0290 4328 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 19:05:59.0330 4328 MSiSCSI - ok 19:05:59.0330 4328 msiserver - ok 19:05:59.0360 4328 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 19:05:59.0400 4328 MSKSSRV - ok 19:05:59.0500 4328 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe 19:05:59.0530 4328 MsMpSvc - ok 19:05:59.0590 4328 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 19:05:59.0680 4328 MSPCLOCK - ok 19:05:59.0700 4328 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 19:05:59.0760 4328 MSPQM - ok 19:05:59.0790 4328 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 19:05:59.0810 4328 MsRPC - ok 19:05:59.0840 4328 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys 19:05:59.0850 4328 mssmbios - ok 19:05:59.0880 4328 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 19:05:59.0920 4328 MSTEE - ok 19:05:59.0950 4328 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys 19:05:59.0970 4328 MTConfig - ok 19:06:00.0000 4328 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys 19:06:00.0010 4328 Mup - ok 19:06:00.0040 4328 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll 19:06:00.0100 4328 napagent - ok 19:06:00.0140 4328 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 19:06:00.0180 4328 NativeWifiP - ok 19:06:00.0220 4328 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys 19:06:00.0250 4328 NDIS - ok 19:06:00.0270 4328 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 19:06:00.0330 4328 NdisCap - ok 19:06:00.0340 4328 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 19:06:00.0400 4328 NdisTapi - ok 19:06:00.0430 4328 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 19:06:00.0480 4328 Ndisuio - ok 19:06:00.0500 4328 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 19:06:00.0560 4328 NdisWan - ok 19:06:00.0590 4328 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 19:06:00.0630 4328 NDProxy - ok 19:06:00.0690 4328 [ 2334DC48997BA203B794DF3EE70521DB ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll 19:06:00.0720 4328 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning 19:06:00.0720 4328 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1) 19:06:00.0800 4328 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 19:06:00.0960 4328 NetBIOS - ok 19:06:00.0990 4328 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 19:06:01.0040 4328 NetBT - ok 19:06:01.0060 4328 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe 19:06:01.0070 4328 Netlogon - ok 19:06:01.0110 4328 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll 19:06:01.0170 4328 Netman - ok 19:06:01.0220 4328 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 19:06:01.0260 4328 NetMsmqActivator - ok 19:06:01.0280 4328 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 19:06:01.0290 4328 NetPipeActivator - ok 19:06:01.0310 4328 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll 19:06:01.0370 4328 netprofm - ok 19:06:01.0390 4328 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 19:06:01.0400 4328 NetTcpActivator - ok 19:06:01.0400 4328 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 19:06:01.0420 4328 NetTcpPortSharing - ok 19:06:01.0560 4328 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys 19:06:01.0680 4328 netw5v64 - ok 19:06:01.0700 4328 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys 19:06:01.0720 4328 nfrd960 - ok 19:06:01.0780 4328 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys 19:06:01.0820 4328 NisDrv - ok 19:06:01.0860 4328 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe 19:06:01.0890 4328 NisSrv - ok 19:06:01.0960 4328 [ F007C2D3283F910D2F7436A7260F5A88 ] NitroReaderDriverReadSpool2 C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe 19:06:01.0970 4328 NitroReaderDriverReadSpool2 - ok 19:06:02.0010 4328 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll 19:06:02.0060 4328 NlaSvc - ok 19:06:02.0080 4328 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys 19:06:02.0120 4328 Npfs - ok 19:06:02.0150 4328 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll 19:06:02.0200 4328 nsi - ok 19:06:02.0210 4328 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 19:06:02.0250 4328 nsiproxy - ok 19:06:02.0300 4328 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 19:06:02.0340 4328 Ntfs - ok 19:06:02.0360 4328 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys 19:06:02.0400 4328 Null - ok 19:06:02.0420 4328 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys 19:06:02.0430 4328 nvraid - ok 19:06:02.0450 4328 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys 19:06:02.0470 4328 nvstor - ok 19:06:02.0490 4328 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 19:06:02.0510 4328 nv_agp - ok 19:06:02.0590 4328 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 19:06:02.0660 4328 odserv - ok 19:06:02.0680 4328 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 19:06:02.0700 4328 ohci1394 - ok 19:06:02.0750 4328 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 19:06:02.0770 4328 ose - ok 19:06:02.0800 4328 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 19:06:02.0830 4328 p2pimsvc - ok 19:06:02.0850 4328 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll 19:06:02.0870 4328 p2psvc - ok 19:06:02.0900 4328 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys 19:06:02.0910 4328 Parport - ok 19:06:02.0960 4328 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys 19:06:02.0990 4328 partmgr - ok 19:06:03.0010 4328 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll 19:06:03.0040 4328 PcaSvc - ok 19:06:03.0070 4328 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys 19:06:03.0080 4328 pci - ok 19:06:03.0090 4328 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys 19:06:03.0110 4328 pciide - ok 19:06:03.0130 4328 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys 19:06:03.0150 4328 pcmcia - ok 19:06:03.0180 4328 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys 19:06:03.0190 4328 pcw - ok 19:06:03.0210 4328 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys 19:06:03.0270 4328 PEAUTH - ok 19:06:03.0360 4328 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe 19:06:03.0400 4328 PerfHost - ok 19:06:03.0460 4328 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll 19:06:03.0540 4328 pla - ok 19:06:03.0610 4328 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 19:06:03.0670 4328 PlugPlay - ok 19:06:03.0770 4328 [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll 19:06:03.0790 4328 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning 19:06:03.0790 4328 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1) 19:06:03.0800 4328 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 19:06:03.0830 4328 PNRPAutoReg - ok 19:06:03.0840 4328 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 19:06:03.0860 4328 PNRPsvc - ok 19:06:03.0890 4328 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 19:06:03.0950 4328 PolicyAgent - ok 19:06:03.0980 4328 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll 19:06:04.0040 4328 Power - ok 19:06:04.0080 4328 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 19:06:04.0120 4328 PptpMiniport - ok 19:06:04.0140 4328 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys 19:06:04.0170 4328 Processor - ok 19:06:04.0220 4328 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll 19:06:04.0290 4328 ProfSvc - ok 19:06:04.0310 4328 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe 19:06:04.0320 4328 ProtectedStorage - ok 19:06:04.0350 4328 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys 19:06:04.0390 4328 Psched - ok 19:06:04.0440 4328 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys 19:06:04.0490 4328 ql2300 - ok 19:06:04.0500 4328 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys 19:06:04.0520 4328 ql40xx - ok 19:06:04.0542 4328 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll 19:06:04.0582 4328 QWAVE - ok 19:06:04.0612 4328 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 19:06:04.0642 4328 QWAVEdrv - ok 19:06:04.0652 4328 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 19:06:04.0712 4328 RasAcd - ok 19:06:04.0732 4328 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 19:06:04.0792 4328 RasAgileVpn - ok 19:06:04.0802 4328 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll 19:06:04.0842 4328 RasAuto - ok 19:06:04.0872 4328 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 19:06:04.0912 4328 Rasl2tp - ok 19:06:04.0942 4328 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll 19:06:04.0992 4328 RasMan - ok 19:06:05.0032 4328 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 19:06:05.0082 4328 RasPppoe - ok 19:06:05.0102 4328 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 19:06:05.0152 4328 RasSstp - ok 19:06:05.0172 4328 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 19:06:05.0222 4328 rdbss - ok 19:06:05.0252 4328 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 19:06:05.0282 4328 rdpbus - ok 19:06:05.0292 4328 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 19:06:05.0332 4328 RDPCDD - ok 19:06:05.0362 4328 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 19:06:05.0412 4328 RDPENCDD - ok 19:06:05.0442 4328 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 19:06:05.0482 4328 RDPREFMP - ok 19:06:05.0522 4328 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 19:06:05.0582 4328 RDPWD - ok 19:06:05.0622 4328 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 19:06:05.0652 4328 rdyboost - ok 19:06:05.0682 4328 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll 19:06:05.0742 4328 RemoteAccess - ok 19:06:05.0771 4328 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll 19:06:05.0824 4328 RemoteRegistry - ok 19:06:05.0904 4328 [ 498EB62A160674E793FA40FD65390625 ] RichVideo C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe 19:06:05.0924 4328 RichVideo - ok 19:06:05.0944 4328 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 19:06:06.0034 4328 RpcEptMapper - ok 19:06:06.0044 4328 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe 19:06:06.0064 4328 RpcLocator - ok 19:06:06.0094 4328 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll 19:06:06.0144 4328 RpcSs - ok 19:06:06.0174 4328 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 19:06:06.0224 4328 rspndr - ok 19:06:06.0254 4328 [ B49DC435AE3695BAC5623DD94B05732D ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys 19:06:06.0304 4328 RTL8167 - ok 19:06:06.0334 4328 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe 19:06:06.0344 4328 SamSs - ok 19:06:06.0364 4328 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 19:06:06.0384 4328 sbp2port - ok 19:06:06.0404 4328 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll 19:06:06.0464 4328 SCardSvr - ok 19:06:06.0484 4328 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 19:06:06.0524 4328 scfilter - ok 19:06:06.0564 4328 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll 19:06:06.0624 4328 Schedule - ok 19:06:06.0654 4328 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll 19:06:06.0684 4328 SCPolicySvc - ok 19:06:06.0734 4328 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys 19:06:06.0754 4328 sdbus - ok 19:06:06.0794 4328 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll 19:06:06.0824 4328 SDRSVC - ok 19:06:06.0844 4328 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 19:06:06.0894 4328 secdrv - ok 19:06:06.0914 4328 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll 19:06:06.0964 4328 seclogon - ok 19:06:06.0974 4328 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll 19:06:07.0034 4328 SENS - ok 19:06:07.0064 4328 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll 19:06:07.0084 4328 SensrSvc - ok 19:06:07.0114 4328 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 19:06:07.0134 4328 Serenum - ok 19:06:07.0154 4328 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys 19:06:07.0174 4328 Serial - ok 19:06:07.0214 4328 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys 19:06:07.0244 4328 sermouse - ok 19:06:07.0284 4328 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll 19:06:07.0324 4328 SessionEnv - ok 19:06:07.0364 4328 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 19:06:07.0384 4328 sffdisk - ok 19:06:07.0414 4328 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 19:06:07.0444 4328 sffp_mmc - ok 19:06:07.0454 4328 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 19:06:07.0484 4328 sffp_sd - ok 19:06:07.0514 4328 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys 19:06:07.0544 4328 sfloppy - ok 19:06:07.0584 4328 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll 19:06:07.0644 4328 SharedAccess - ok 19:06:07.0674 4328 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll 19:06:07.0724 4328 ShellHWDetection - ok 19:06:07.0744 4328 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys 19:06:07.0764 4328 SiSRaid2 - ok 19:06:07.0784 4328 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys 19:06:07.0804 4328 SiSRaid4 - ok 19:06:07.0854 4328 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe 19:06:07.0954 4328 SkypeUpdate - ok 19:06:07.0984 4328 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys 19:06:08.0034 4328 Smb - ok 19:06:08.0074 4328 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe 19:06:08.0094 4328 SNMPTRAP - ok 19:06:08.0104 4328 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys 19:06:08.0124 4328 spldr - ok 19:06:08.0174 4328 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe 19:06:08.0224 4328 Spooler - ok 19:06:08.0334 4328 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe 19:06:08.0434 4328 sppsvc - ok 19:06:08.0454 4328 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll 19:06:08.0514 4328 sppuinotify - ok 19:06:08.0574 4328 [ 88E5162E58C8919CC873F5D8946197CF ] sptd C:\Windows\system32\Drivers\sptd.sys 19:06:08.0584 4328 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 88E5162E58C8919CC873F5D8946197CF 19:06:08.0584 4328 sptd ( LockedFile.Multi.Generic ) - warning 19:06:08.0584 4328 sptd - detected LockedFile.Multi.Generic (1) 19:06:08.0614 4328 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys 19:06:08.0664 4328 srv - ok 19:06:08.0694 4328 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 19:06:08.0724 4328 srv2 - ok 19:06:08.0744 4328 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS 19:06:08.0764 4328 SrvHsfHDA - ok 19:06:08.0804 4328 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS 19:06:08.0854 4328 SrvHsfV92 - ok 19:06:08.0884 4328 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS 19:06:08.0924 4328 SrvHsfWinac - ok 19:06:08.0934 4328 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 19:06:08.0964 4328 srvnet - ok 19:06:08.0994 4328 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 19:06:09.0054 4328 SSDPSRV - ok 19:06:09.0074 4328 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll 19:06:09.0124 4328 SstpSvc - ok 19:06:09.0194 4328 [ 7595D53EE8E8B0BAA9A2DDDE867EBB0C ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe 19:06:09.0244 4328 STacSV - ok 19:06:09.0294 4328 Steam Client Service - ok 19:06:09.0314 4328 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys 19:06:09.0334 4328 stexstor - ok 19:06:09.0384 4328 [ DFFBC024DFC7BB05B2129E05CBC7A201 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys 19:06:09.0414 4328 STHDA - ok 19:06:09.0454 4328 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll 19:06:09.0494 4328 stisvc - ok 19:06:09.0524 4328 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys 19:06:09.0534 4328 swenum - ok 19:06:09.0564 4328 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll 19:06:09.0614 4328 swprv - ok 19:06:09.0674 4328 [ AC3CC98B1BDB6540021D3FFB105AC2B9 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys 19:06:09.0694 4328 SynTP - ok 19:06:09.0744 4328 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll 19:06:09.0794 4328 SysMain - ok 19:06:09.0824 4328 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll 19:06:09.0864 4328 TabletInputService - ok 19:06:09.0884 4328 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll 19:06:09.0924 4328 TapiSrv - ok 19:06:09.0944 4328 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll 19:06:09.0994 4328 TBS - ok 19:06:10.0084 4328 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys 19:06:10.0144 4328 Tcpip - ok 19:06:10.0174 4328 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 19:06:10.0224 4328 TCPIP6 - ok 19:06:10.0254 4328 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 19:06:10.0294 4328 tcpipreg - ok 19:06:10.0324 4328 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 19:06:10.0354 4328 TDPIPE - ok 19:06:10.0384 4328 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 19:06:10.0444 4328 TDTCP - ok 19:06:10.0474 4328 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 19:06:10.0524 4328 tdx - ok 19:06:10.0544 4328 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys 19:06:10.0564 4328 TermDD - ok 19:06:10.0604 4328 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll 19:06:10.0664 4328 TermService - ok 19:06:10.0684 4328 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll 19:06:10.0714 4328 Themes - ok 19:06:10.0744 4328 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll 19:06:10.0794 4328 THREADORDER - ok 19:06:10.0804 4328 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll 19:06:10.0844 4328 TrkWks - ok 19:06:10.0894 4328 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 19:06:10.0964 4328 TrustedInstaller - ok 19:06:10.0984 4328 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 19:06:11.0024 4328 tssecsrv - ok 19:06:11.0064 4328 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 19:06:11.0094 4328 TsUsbFlt - ok 19:06:11.0144 4328 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 19:06:11.0184 4328 tunnel - ok 19:06:11.0214 4328 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys 19:06:11.0224 4328 uagp35 - ok 19:06:11.0264 4328 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 19:06:11.0314 4328 udfs - ok 19:06:11.0354 4328 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe 19:06:11.0374 4328 UI0Detect - ok 19:06:11.0394 4328 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 19:06:11.0404 4328 uliagpkx - ok 19:06:11.0444 4328 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys 19:06:11.0464 4328 umbus - ok 19:06:11.0504 4328 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys 19:06:11.0564 4328 UmPass - ok 19:06:11.0594 4328 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll 19:06:11.0644 4328 upnphost - ok 19:06:11.0684 4328 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys 19:06:11.0704 4328 usbaudio - ok 19:06:11.0734 4328 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 19:06:11.0774 4328 usbccgp - ok 19:06:11.0804 4328 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys 19:06:11.0824 4328 usbcir - ok 19:06:11.0864 4328 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 19:06:11.0884 4328 usbehci - ok 19:06:11.0904 4328 [ 44D9C773FEBFF10593B50DDFC2D6BC27 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys 19:06:11.0914 4328 usbfilter - ok 19:06:11.0954 4328 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 19:06:11.0984 4328 usbhub - ok 19:06:12.0004 4328 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys 19:06:12.0014 4328 usbohci - ok 19:06:12.0044 4328 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 19:06:12.0074 4328 usbprint - ok 19:06:12.0104 4328 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys 19:06:12.0134 4328 usbscan - ok 19:06:12.0154 4328 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 19:06:12.0194 4328 USBSTOR - ok 19:06:12.0214 4328 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys 19:06:12.0244 4328 usbuhci - ok 19:06:12.0274 4328 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys 19:06:12.0294 4328 usbvideo - ok 19:06:12.0314 4328 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll 19:06:12.0374 4328 UxSms - ok 19:06:12.0384 4328 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe 19:06:12.0394 4328 VaultSvc - ok 19:06:12.0424 4328 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 19:06:12.0444 4328 vdrvroot - ok 19:06:12.0474 4328 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe 19:06:12.0524 4328 vds - ok 19:06:12.0554 4328 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 19:06:12.0574 4328 vga - ok 19:06:12.0594 4328 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys 19:06:12.0644 4328 VgaSave - ok 19:06:12.0674 4328 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 19:06:12.0694 4328 vhdmp - ok 19:06:12.0714 4328 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys 19:06:12.0724 4328 viaide - ok 19:06:12.0734 4328 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys 19:06:12.0744 4328 volmgr - ok 19:06:12.0774 4328 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 19:06:12.0794 4328 volmgrx - ok 19:06:12.0814 4328 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys 19:06:12.0834 4328 volsnap - ok 19:06:12.0854 4328 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys 19:06:12.0874 4328 vsmraid - ok 19:06:12.0914 4328 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe 19:06:12.0984 4328 VSS - ok 19:06:13.0004 4328 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys 19:06:13.0034 4328 vwifibus - ok 19:06:13.0054 4328 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys 19:06:13.0074 4328 vwififlt - ok 19:06:13.0104 4328 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll 19:06:13.0144 4328 W32Time - ok 19:06:13.0184 4328 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys 19:06:13.0204 4328 WacomPen - ok 19:06:13.0244 4328 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 19:06:13.0304 4328 WANARP - ok 19:06:13.0304 4328 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 19:06:13.0344 4328 Wanarpv6 - ok 19:06:13.0434 4328 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe 19:06:13.0514 4328 WatAdminSvc - ok 19:06:13.0574 4328 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe 19:06:13.0614 4328 wbengine - ok 19:06:13.0654 4328 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 19:06:13.0674 4328 WbioSrvc - ok 19:06:13.0704 4328 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll 19:06:13.0744 4328 wcncsvc - ok 19:06:13.0754 4328 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 19:06:13.0774 4328 WcsPlugInService - ok 19:06:13.0794 4328 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys 19:06:13.0814 4328 Wd - ok 19:06:13.0844 4328 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 19:06:13.0864 4328 Wdf01000 - ok 19:06:13.0894 4328 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll 19:06:13.0964 4328 WdiServiceHost - ok 19:06:13.0964 4328 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll 19:06:13.0984 4328 WdiSystemHost - ok 19:06:14.0014 4328 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll 19:06:14.0054 4328 WebClient - ok 19:06:14.0064 4328 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll 19:06:14.0124 4328 Wecsvc - ok 19:06:14.0134 4328 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll 19:06:14.0184 4328 wercplsupport - ok 19:06:14.0224 4328 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll 19:06:14.0274 4328 WerSvc - ok 19:06:14.0304 4328 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 19:06:14.0344 4328 WfpLwf - ok 19:06:14.0374 4328 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys 19:06:14.0384 4328 WIMMount - ok 19:06:14.0414 4328 WinDefend - ok 19:06:14.0434 4328 WinHttpAutoProxySvc - ok 19:06:14.0474 4328 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 19:06:14.0534 4328 Winmgmt - ok 19:06:14.0584 4328 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll 19:06:14.0664 4328 WinRM - ok 19:06:14.0714 4328 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys 19:06:14.0744 4328 WinUsb - ok 19:06:14.0784 4328 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll 19:06:14.0834 4328 Wlansvc - ok 19:06:14.0974 4328 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 19:06:15.0034 4328 wlidsvc - ok 19:06:15.0074 4328 [ 14DC5897BC6C4E03C023AD80ABB7F539 ] WmBEnum C:\Windows\system32\drivers\WmBEnum.sys 19:06:15.0084 4328 WmBEnum - ok 19:06:15.0134 4328 [ 2DE0A0CEA49972C82C7E9D36BD4C1247 ] WmFilter C:\Windows\system32\drivers\WmFilter.sys 19:06:15.0144 4328 WmFilter - ok 19:06:15.0174 4328 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 19:06:15.0204 4328 WmiAcpi - ok 19:06:15.0224 4328 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 19:06:15.0254 4328 wmiApSrv - ok 19:06:15.0274 4328 WMPNetworkSvc - ok 19:06:15.0294 4328 [ 53C12AE1183F3F7787F1F1835001CCC0 ] WmVirHid C:\Windows\system32\drivers\WmVirHid.sys 19:06:15.0304 4328 WmVirHid - ok 19:06:15.0324 4328 [ C807E470CCA24F5E479DA4872A7D2121 ] WmXlCore C:\Windows\system32\drivers\WmXlCore.sys 19:06:15.0334 4328 WmXlCore - ok 19:06:15.0364 4328 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll 19:06:15.0384 4328 WPCSvc - ok 19:06:15.0414 4328 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 19:06:15.0444 4328 WPDBusEnum - ok 19:06:15.0474 4328 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 19:06:15.0534 4328 ws2ifsl - ok 19:06:15.0554 4328 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll 19:06:15.0584 4328 wscsvc - ok 19:06:15.0594 4328 WSearch - ok 19:06:15.0694 4328 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll 19:06:15.0764 4328 wuauserv - ok 19:06:15.0784 4328 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 19:06:15.0844 4328 WudfPf - ok 19:06:15.0864 4328 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 19:06:15.0914 4328 WUDFRd - ok 19:06:15.0944 4328 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 19:06:15.0984 4328 wudfsvc - ok 19:06:16.0014 4328 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll 19:06:16.0044 4328 WwanSvc - ok 19:06:16.0094 4328 [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys 19:06:16.0124 4328 yukonw7 - ok 19:06:16.0154 4328 [verify-U]_System - ok 19:06:16.0164 4328 ================ Scan global =============================== 19:06:16.0194 4328 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll 19:06:16.0214 4328 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll 19:06:16.0224 4328 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll 19:06:16.0254 4328 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll 19:06:16.0274 4328 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe 19:06:16.0274 4328 [Global] - ok 19:06:16.0274 4328 ================ Scan MBR ================================== 19:06:16.0284 4328 [ 80063A27F44478B1A9B3E74C2F4343C7 ] \Device\Harddisk0\DR0 19:06:16.0544 4328 \Device\Harddisk0\DR0 - ok 19:06:16.0544 4328 ================ Scan VBR ================================== 19:06:16.0554 4328 [ 07940DB04C9042CEE2C599EBEA7363A5 ] \Device\Harddisk0\DR0\Partition1 19:06:16.0554 4328 \Device\Harddisk0\DR0\Partition1 - ok 19:06:16.0584 4328 [ 746A4F7787ADF6BDE2496981A7E4DCF4 ] \Device\Harddisk0\DR0\Partition2 19:06:16.0584 4328 \Device\Harddisk0\DR0\Partition2 - ok 19:06:16.0624 4328 [ 31E7900D016F35E58100E7A1E5F05330 ] \Device\Harddisk0\DR0\Partition3 19:06:16.0624 4328 \Device\Harddisk0\DR0\Partition3 - ok 19:06:16.0644 4328 [ BC9F6B4A0A1729AC16489670180545B9 ] \Device\Harddisk0\DR0\Partition4 19:06:16.0644 4328 \Device\Harddisk0\DR0\Partition4 - ok 19:06:16.0644 4328 ============================================================ 19:06:16.0644 4328 Scan finished 19:06:16.0644 4328 ============================================================ 19:06:16.0654 5916 Detected object count: 7 19:06:16.0654 5916 Actual detected object count: 7 19:06:41.0384 5916 HP Health Check Service ( UnsignedFile.Multi.Generic ) - skipped by user 19:06:41.0384 5916 HP Health Check Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 19:06:41.0384 5916 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user 19:06:41.0384 5916 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip 19:06:41.0394 5916 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user 19:06:41.0394 5916 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 19:06:41.0394 5916 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user 19:06:41.0394 5916 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip 19:06:41.0394 5916 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user 19:06:41.0394 5916 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 19:06:41.0394 5916 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user 19:06:41.0394 5916 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 19:06:41.0394 5916 sptd ( LockedFile.Multi.Generic ) - skipped by user 19:06:41.0394 5916 sptd ( LockedFile.Multi.Generic ) - User select action: Skip |
Themen zu Kann CodecV & Incredibar nicht mehr entfernen |
7-zip, antivir, audiograbber, autorun, avira, bho, browser, codec, codecv, entfernen, error, excel, firefox, flash player, format, google, google earth, home, iexplore.exe, incredibar.com, install.exe, logfile, mozilla, mp3, msiinstaller, neue tabs, ntdll.dll, object, office 2007, plug-in, problem, realtek, registry, rundll, security, software, spotify web helper, svchost.exe, wallpapers, ändern |