Bundespolizei Virus - Computer gesperrt

Slava105 · 18.10.2012, 14:36

Hallo,

ich war heute anscheinend auf dubiösen Internetseiten (

) mit ausgeschaltetem Antivirenprogramm unterwegs und habe dann eine Meldung bekommen, dass mein PC von der Bundespolizei gesperrt wurde und ich nun 100€ strafe bezahlen soll.

Natürlich habe ich gleich von einem anderen PC danach gegooglet und bin auf folgendes Thema gestossen: http://www.trojaner-board.de/120709-...-trojaner.html

Ich habe leider nur sehr wenig Ahnung von diesem Zeug, wollte mich aber trotzdem gleich ans Werk machen und die Schritte im oben genannten Thread ausführen, habe jedoch gelesen, dass das dort gepostete OTL-Script nur ausschließlich für den User erstellt wurde, weshalb ich mich auch entschloss hier anzumelden und diesen Thread zu erstellen...

In der Zwischenzeit habe ich den OTL-Scan durchgeführt, nachdem ich den PC im abgesicherten Modus gestartet habe.

OTL:

Code:

ATTFilter

OTL logfile created on: 18.10.2012 15:23:44 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Slava\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,93 Gb Total Physical Memory | 7,17 Gb Available Physical Memory | 90,43% Memory free
15,85 Gb Paging File | 15,13 Gb Available in Paging File | 95,46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,14 Gb Total Space | 31,71 Gb Free Space | 26,62% Space Free | Partition Type: NTFS
Drive D: | 100,00 Mb Total Space | 71,61 Mb Free Space | 71,61% Space Free | Partition Type: NTFS
Drive F: | 465,76 Gb Total Space | 205,93 Gb Free Space | 44,21% Space Free | Partition Type: NTFS
Drive L: | 14,92 Gb Total Space | 11,37 Gb Free Space | 76,23% Space Free | Partition Type: FAT32
 
Computer Name: SLAVA-LAPTOP | User Name: Slava | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Slava\Desktop\OTL.exe (OldTimer Tools)
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (lxec_device) -- C:\Windows\SysNative\lxeccoms.exe ( )
SRV:64bit: - (lxecCATSCustConnectService) -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxecserv.exe ()
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (HiPatchService) -- F:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe (Hi-Rez Studios)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Security Suite CBE 12\avp.exe (Kaspersky Lab ZAO)
SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (CyberLink PowerDVD 12 Media Server Service) -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe (CyberLink)
SRV - (CLHNServiceForPowerDVD12) -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe (CyberLink Corp.)
SRV - (CyberLink PowerDVD 12 Media Server Monitor Service) -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe (CyberLink)
SRV - (ABBYY.Licensing.FineReader.Professional.11.0) -- C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe (ABBYY)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (BITCOMET_HELPER_SERVICE) -- C:\Programme\BitComet\tools\BitCometService.exe (www.BitComet.com)
SRV - (PSI_SVC_2_x64) -- c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe (arvato digital services llc)
SRV - (lxecCATSCustConnectService) -- C:\Windows\system32\spool\DRIVERS\x64\3\\lxecserv.exe ()
SRV - (lxec_device) -- C:\Windows\SysWOW64\lxeccoms.exe ( )
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (ATKGFNEXSrv) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS)
SRV - (TurboBoost) -- C:\Programme\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation)
SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV:64bit: - (kl2) -- C:\Windows\SysNative\drivers\kl2.sys (Kaspersky Lab ZAO)
DRV:64bit: - (KL1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (AmUStor) -- C:\Windows\SysNative\drivers\AmUStor.sys (Alcor Micro, Corp.)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (AndGps) -- C:\Windows\SysNative\drivers\lgandgps64.sys (LG Electronics Inc.)
DRV:64bit: - (AndDiag) -- C:\Windows\SysNative\drivers\lganddiag64.sys (LG Electronics Inc.)
DRV:64bit: - (ANDModem) -- C:\Windows\SysNative\drivers\lgandmodem64.sys (LG Electronics Inc.)
DRV:64bit: - (Andbus) -- C:\Windows\SysNative\drivers\lgandbus64.sys (LG Electronics Inc.)
DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab)
DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys ()
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\drivers\kbfiltr.sys ( )
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ATK64AMD.sys (ASUS)
DRV:64bit: - (KMWDFILTER) -- C:\Windows\SysNative\drivers\KMWDFILTER.sys (Windows (R) Codename Longhorn DDK provider)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (WinRing0_1_2_0) -- C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys (OpenLibSys.org)
DRV - ({329F96B6-DF1E-4328-BFDA-39EA953C1312}) -- C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl (CyberLink Corp.)
DRV - (ntk_PowerDVD12) -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys (Cyberlink Corp.)
DRV - ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}) -- C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl (CyberLink Corp.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (ASMMAP64) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys (ASUS)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-526365458-2449696219-1328568343-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
IE - HKU\S-1-5-21-526365458-2449696219-1328568343-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-526365458-2449696219-1328568343-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-526365458-2449696219-1328568343-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 33 14 87 BF C0 8A CC 01  [binary data]
IE - HKU\S-1-5-21-526365458-2449696219-1328568343-1001\..\SearchScopes,DefaultScope = {9E6DB2CB-496F-4EB9-9EAB-3804730EEF11}
IE - HKU\S-1-5-21-526365458-2449696219-1328568343-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-526365458-2449696219-1328568343-1001\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKU\S-1-5-21-526365458-2449696219-1328568343-1001\..\SearchScopes\{9E6DB2CB-496F-4EB9-9EAB-3804730EEF11}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-526365458-2449696219-1328568343-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-526365458-2449696219-1328568343-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..extensions.enabledAddons: firefox-extension@shareaholic.com:3.0.1
FF - prefs.js..extensions.enabledAddons: stealthyextension@gmail.com:2.3.3
FF - prefs.js..extensions.enabledAddons: tabscope@xuldev.org:1.1.7
FF - prefs.js..extensions.enabledAddons: tineye@ideeinc.com:1.1
FF - prefs.js..extensions.enabledAddons: wotstats@mywot.com:2.11.7
FF - prefs.js..extensions.enabledAddons: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.4.6
FF - prefs.js..extensions.enabledAddons: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.2
FF - prefs.js..extensions.enabledAddons: {76C80A11-FAD4-406c-8246-F5ED4F9367B5}:0.1.7
FF - prefs.js..extensions.enabledAddons: {987311C6-B504-4aa2-90BF-60CC49808D42}:2.2
FF - prefs.js..extensions.enabledAddons: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.68
FF - prefs.js..extensions.enabledAddons: {bb6bc1bb-f824-4702-90cd-35e2fb24f25d}:1.5.1.1
FF - prefs.js..extensions.enabledAddons: smarterwiki@wikiatic.com:5.0.2
FF - prefs.js..extensions.enabledAddons: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.15
FF - prefs.js..extensions.enabledAddons: ich@maltegoetz.de:1.4.3
FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.10
FF - prefs.js..extensions.enabledAddons: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.2.2
FF - prefs.js..network.proxy.http: "proxyuk1.stealthy.co"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Slava\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Slava\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Security Suite CBE 12\FFExt\virtualKeyboard@kaspersky.ru [2012.06.09 10:41:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Security Suite CBE 12\FFExt\linkfilter@kaspersky.ru [2012.06.09 10:41:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Security Suite CBE 12\FFExt\KavAntiBanner@Kaspersky.ru [2012.06.09 10:41:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012.10.10 16:58:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.07 16:40:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.10 16:52:34 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.07 16:40:43 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.10 16:52:34 | 000,000,000 | ---D | M]
 
[2011.10.15 00:32:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Slava\AppData\Roaming\mozilla\Extensions
[2012.10.18 12:30:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Slava\AppData\Roaming\mozilla\Firefox\Profiles\bz8joakp.default\extensions
[2012.10.09 19:50:45 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Slava\AppData\Roaming\mozilla\Firefox\Profiles\bz8joakp.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2012.05.22 19:25:32 | 000,000,000 | ---D | M] (BitComet Video Downloader) -- C:\Users\Slava\AppData\Roaming\mozilla\Firefox\Profiles\bz8joakp.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[2012.09.16 15:07:41 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Slava\AppData\Roaming\mozilla\Firefox\Profiles\bz8joakp.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.09.01 19:56:45 | 000,000,000 | ---D | M] (Cookies Manager+) -- C:\Users\Slava\AppData\Roaming\mozilla\Firefox\Profiles\bz8joakp.default\extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d}
[2012.09.15 22:47:23 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Slava\AppData\Roaming\mozilla\Firefox\Profiles\bz8joakp.default\extensions\ich@maltegoetz.de
[2012.01.16 03:23:31 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Slava\AppData\Roaming\mozilla\Firefox\Profiles\bz8joakp.default\extensions\wotstats@mywot.com
[2012.10.18 12:30:34 | 000,005,413 | ---- | M] () (No name found) -- C:\Users\Slava\AppData\Roaming\mozilla\firefox\profiles\bz8joakp.default\extensions\507fdc0921b2e@507fdc0921b67.com.xpi
[2011.10.15 02:27:23 | 000,161,864 | ---- | M] () (No name found) -- C:\Users\Slava\AppData\Roaming\mozilla\firefox\profiles\bz8joakp.default\extensions\firefox-extension@shareaholic.com.xpi
[2012.09.08 19:54:12 | 000,371,729 | ---- | M] () (No name found) -- C:\Users\Slava\AppData\Roaming\mozilla\firefox\profiles\bz8joakp.default\extensions\smarterwiki@wikiatic.com.xpi
[2012.07.27 12:01:09 | 000,184,864 | ---- | M] () (No name found) -- C:\Users\Slava\AppData\Roaming\mozilla\firefox\profiles\bz8joakp.default\extensions\stealthyextension@gmail.com.xpi
[2012.07.27 12:01:09 | 000,057,698 | ---- | M] () (No name found) -- C:\Users\Slava\AppData\Roaming\mozilla\firefox\profiles\bz8joakp.default\extensions\tabscope@xuldev.org.xpi
[2011.10.15 02:27:24 | 000,008,001 | ---- | M] () (No name found) -- C:\Users\Slava\AppData\Roaming\mozilla\firefox\profiles\bz8joakp.default\extensions\tineye@ideeinc.com.xpi
[2011.10.15 02:27:24 | 000,079,135 | ---- | M] () (No name found) -- C:\Users\Slava\AppData\Roaming\mozilla\firefox\profiles\bz8joakp.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}.xpi
[2012.08.12 02:02:20 | 000,379,698 | ---- | M] () (No name found) -- C:\Users\Slava\AppData\Roaming\mozilla\firefox\profiles\bz8joakp.default\extensions\{1BFCBDFC-41DB-11E1-9FC4-D3C94824019B}.xpi
[2011.10.15 02:27:24 | 000,164,858 | ---- | M] () (No name found) -- C:\Users\Slava\AppData\Roaming\mozilla\firefox\profiles\bz8joakp.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}.xpi
[2012.06.22 16:13:04 | 000,009,664 | ---- | M] () (No name found) -- C:\Users\Slava\AppData\Roaming\mozilla\firefox\profiles\bz8joakp.default\extensions\{76C80A11-FAD4-406c-8246-F5ED4F9367B5}.xpi
[2011.10.15 02:27:24 | 000,022,573 | ---- | M] () (No name found) -- C:\Users\Slava\AppData\Roaming\mozilla\firefox\profiles\bz8joakp.default\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}.xpi
[2012.08.13 22:38:30 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Slava\AppData\Roaming\mozilla\firefox\profiles\bz8joakp.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.01.22 23:54:36 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\Slava\AppData\Roaming\mozilla\firefox\profiles\bz8joakp.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
[2012.09.13 19:10:49 | 000,698,867 | ---- | M] () (No name found) -- C:\Users\Slava\AppData\Roaming\mozilla\firefox\profiles\bz8joakp.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2012.09.07 16:40:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.09.07 16:40:41 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.09.07 16:40:41 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files (x86)\mozilla firefox\extensions\KavAntiBanner@kaspersky.ru_bak2
[2012.09.07 16:40:41 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Program Files (x86)\mozilla firefox\extensions\linkfilter@kaspersky.ru_bak2
[2012.09.07 16:40:43 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.04.15 14:20:18 | 001,034,544 | ---- | M] (BitComet) -- C:\Program Files (x86)\mozilla firefox\plugins\npBitCometAgent.dll
[2012.06.23 09:38:10 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.29 14:11:06 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.23 09:38:10 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.15 02:09:22 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
[2012.06.23 09:38:10 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.23 09:38:10 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.23 09:38:10 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Slava\AppData\Local\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Slava\AppData\Local\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Slava\AppData\Local\Google\Chrome\Application\22.0.1229.94\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Slava\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.486_0\plugin/npVKPlugin.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Slava\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.486_0\plugin/npUrlAdvisor.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.270.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U27 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: BitCometAgent (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npBitCometAgent.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Slava\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - Extension: Modul zur Link-Untersuchung = C:\Users\Slava\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.486_0\
CHR - Extension: Virtuelle Tastatur = C:\Users\Slava\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.486_0\
CHR - Extension: WOT = C:\Users\Slava\AppData\Local\Google\Chrome\User Data\Default\Extensions\nphjeokkkbngjpiofnfpnafjeofjomfb\2.11.7_0\
 
O1 HOSTS File: ([2012.10.10 22:52:56 | 000,000,854 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Programme\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-526365458-2449696219-1328568343-1001\..\Toolbar\WebBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Security Suite CBE 12\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [Bonus.SSR.FR11] C:\Program Files (x86)\ABBYY FineReader 11\Bonus.ScreenshotReader.exe (ABBYY.)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-526365458-2449696219-1328568343-1001..\Run: [Adobe Acrobat Synchronizer] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-526365458-2449696219-1328568343-1001..\Run: [Akamai NetSession Interface] "C:\Users\Slava\AppData\Local\Akamai\netsession_win.exe" File not found
O4 - HKU\S-1-5-21-526365458-2449696219-1328568343-1001..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-526365458-2449696219-1328568343-1001..\Run: [mufjjtvqxrhkbnt] C:\ProgramData\mufjjtvq.exe ()
O4 - HKU\S-1-5-21-526365458-2449696219-1328568343-1001..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: &Alles mit BitComet herunterladen - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Mit BitComet herunter&laden - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: &Alles mit BitComet herunterladen - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Mit BitComet herunter&laden - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\x64\ievkbd.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0530377B-4FF1-48E5-AF07-6FF7DC8F38D8}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\MP3 Skype Recorder\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0cb2f596-142d-11e1-88cf-74f06da847bd}\Shell - "" = AutoRun
O33 - MountPoints2\{0cb2f596-142d-11e1-88cf-74f06da847bd}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O33 - MountPoints2\{276e7baa-be04-11e1-aaf5-74f06da847bd}\Shell - "" = AutoRun
O33 - MountPoints2\{276e7baa-be04-11e1-aaf5-74f06da847bd}\Shell\AutoRun\command - "" = G:\I_am_Alive_Setup.exe
O33 - MountPoints2\{e3f74625-f6bd-11e0-933f-74f06da847bd}\Shell - "" = AutoRun
O33 - MountPoints2\{e3f74625-f6bd-11e0-933f-74f06da847bd}\Shell\AutoRun\command - "" = G:\setup_alan_wake_american_nightmare_1.0.0.13.exe
O33 - MountPoints2\{f33c3d28-0178-11e1-8ccd-74f06da847bd}\Shell - "" = AutoRun
O33 - MountPoints2\{f33c3d28-0178-11e1-8ccd-74f06da847bd}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.18 15:21:16 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Slava\Desktop\OTL.exe
[2012.10.18 14:44:21 | 000,000,000 | ---D | C] -- C:\Users\Slava\AppData\Local\ElevatedDiagnostics
[2012.10.18 14:17:00 | 000,000,000 | ---D | C] -- C:\ProgramData\thlbrefixwmbmvy
[2012.10.18 12:57:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Catalyst
[2012.10.18 11:12:28 | 000,000,000 | ---D | C] -- C:\Users\Slava\AppData\Local\{08CF7B2D-9DE1-4D2B-B72B-B1C49A036798}
[2012.10.17 23:11:43 | 000,000,000 | ---D | C] -- C:\Users\Slava\AppData\Local\{1C04DBC3-2528-4C2E-AB00-3FDC96A524F5}
[2012.10.17 11:10:58 | 000,000,000 | ---D | C] -- C:\Users\Slava\AppData\Local\{77F1743E-7A47-46CF-9110-68D05A8DE7BD}
[2012.10.16 14:05:30 | 000,000,000 | ---D | C] -- C:\Users\Slava\AppData\Local\{5AFBFCA7-77A0-46A8-8143-16D37B72DC4F}
[2012.10.15 14:33:22 | 000,000,000 | ---D | C] -- C:\Users\Slava\AppData\Local\{DC5C5F92-B1AF-4910-8047-2F26BFB17819}
[2012.10.15 08:43:23 | 000,000,000 | ---D | C] -- C:\Users\Slava\AppData\Local\{FCFD6560-0450-4042-8496-7E4E37BE7AFC}
[2012.10.14 20:11:55 | 000,000,000 | ---D | C] -- C:\Users\Slava\AppData\Local\{5D040916-23A5-46B6-A440-E94C9B061993}
[2012.10.13 13:33:26 | 000,000,000 | ---D | C] -- C:\Users\Slava\AppData\Local\{C2CCD009-8780-4F51-A91D-C30C3AE51C98}
[2012.10.12 23:53:55 | 000,000,000 | ---D | C] -- C:\Users\Slava\Documents\IAmAlive
[2012.10.12 23:20:21 | 000,000,000 | R--D | C] -- C:\Users\Slava\Desktop\Spiele
[2012.10.12 14:42:55 | 000,000,000 | ---D | C] -- C:\Users\Slava\AppData\Local\{4ADA3074-95D5-4CD1-8350-4206E2F7F03D}
[2012.10.11 17:09:17 | 000,000,000 | ---D | C] -- C:\Users\Slava\Documents\Meine Paletten
[2012.10.11 17:04:32 | 000,000,000 | ---D | C] -- C:\Users\Slava\AppData\Roaming\Corel
[2012.10.11 17:04:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Protexis64
[2012.10.11 17:02:38 | 000,000,000 | ---D | C] -- C:\Users\Slava\Documents\Corel
[2012.10.11 17:02:22 | 000,000,000 | ---D | C] -- C:\Users\Slava\Documents\Visual Studio 2008
[2012.10.11 17:00:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SDKs
[2012.10.11 17:00:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 9.0
[2012.10.11 17:00:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Corel
[2012.10.11 16:59:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Protexis
[2012.10.11 16:59:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Corel
[2012.10.11 16:58:27 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Corel
[2012.10.11 16:58:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X6 (64-Bit)
[2012.10.11 16:57:56 | 000,000,000 | ---D | C] -- C:\Program Files\Corel
[2012.10.11 16:56:29 | 000,000,000 | ---D | C] -- C:\ProgramData\CorelDRAW Graphics Suite X6
[2012.10.11 13:46:43 | 000,000,000 | ---D | C] -- C:\Users\Slava\AppData\Local\{BF1794A5-6A92-402F-935C-E86A8D0B8C46}
[2012.10.10 19:03:15 | 000,000,000 | ---D | C] -- C:\Users\Slava\AppData\Local\{D1023244-A572-401B-B951-920921E58C7F}
[2012.10.10 18:53:05 | 000,000,000 | ---D | C] -- C:\Users\Slava\AppData\Roaming\ABBYY
[2012.10.10 18:18:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABBYY FineReader 11
[2012.10.10 18:18:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ABBYY FineReader 11
[2012.10.10 18:18:10 | 000,000,000 | ---D | C] -- C:\ProgramData\ABBYY
[2012.10.10 16:54:44 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2012.10.10 16:52:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe LiveCycle ES2
[2012.10.10 16:51:41 | 000,000,000 | ---D | C] -- C:\Users\Slava\AppData\Local\FLT
[2012.10.10 13:12:32 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012.10.10 13:12:29 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.10.10 13:12:28 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012.10.10 13:12:27 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012.10.10 13:12:17 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012.10.10 13:12:16 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012.10.10 13:12:07 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012.10.10 13:12:07 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012.10.10 13:12:07 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012.10.10 13:12:07 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012.10.10 13:12:06 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012.10.10 13:12:06 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012.10.10 13:12:06 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012.10.10 13:12:06 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012.10.10 13:12:06 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012.10.10 13:12:06 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012.10.10 13:12:06 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012.10.10 13:12:06 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012.10.10 13:12:06 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012.10.10 13:12:06 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012.10.10 13:12:06 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012.10.10 13:12:06 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012.10.10 13:12:06 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012.10.10 13:12:06 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012.10.10 13:12:06 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.10.10 13:12:06 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.10.10 13:12:06 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012.10.10 13:12:06 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012.10.10 13:12:06 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012.10.10 13:12:06 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012.10.10 13:12:06 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012.10.10 13:12:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.10.10 13:12:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.10.10 13:12:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.10.10 13:12:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.10.10 13:12:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.10.10 13:12:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012.10.10 13:12:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012.10.10 13:12:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012.10.10 13:12:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.10 13:12:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.10 13:12:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012.10.10 13:12:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012.10.10 13:12:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012.10.10 13:12:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012.10.10 13:12:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012.10.10 13:12:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012.10.10 13:12:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012.10.10 13:12:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.10.10 13:12:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012.10.10 13:12:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012.10.10 13:12:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012.10.10 13:12:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012.10.10 13:12:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012.10.10 13:12:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012.10.10 13:12:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012.10.10 13:12:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012.10.10 13:12:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012.10.10 13:12:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.10.10 13:12:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.10.10 13:12:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012.10.10 13:12:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012.10.10 13:12:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012.10.10 13:12:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012.10.10 13:12:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012.10.10 13:12:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012.10.10 13:12:05 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012.10.10 13:12:05 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012.10.10 13:12:05 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012.10.10 13:12:05 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012.10.10 13:12:05 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012.10.10 13:12:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012.10.10 13:12:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012.10.10 13:12:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012.10.10 13:12:05 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012.10.10 07:02:53 | 000,000,000 | ---D | C] -- C:\Users\Slava\AppData\Local\{D3CB2BD7-33D4-4085-B834-C5450DF80915}
[2012.10.09 18:32:16 | 000,000,000 | ---D | C] -- C:\Users\Slava\AppData\Local\Razer
[2012.10.09 18:32:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
[2012.10.09 18:32:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Razer
[2012.10.09 18:32:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Razer
[2012.10.09 14:03:07 | 000,000,000 | ---D | C] -- C:\Users\Slava\AppData\Local\{23EE2857-F1E6-499F-9FEF-F8719ECADB00}
[2012.10.08 15:04:40 | 000,000,000 | ---D | C] -- C:\Users\Slava\AppData\Local\{1DED12CE-1DD9-4D67-B743-0F1779923987}
[2012.10.07 15:52:34 | 000,000,000 | ---D | C] -- C:\Users\Slava\AppData\Local\{FA60350D-3347-4F7C-BB47-0E3BCB8C7CE4}
[2012.10.06 14:36:09 | 000,000,000 | ---D | C] -- C:\Users\Slava\AppData\Local\{E7CEF87B-6A38-468E-BCEA-CABB1E1245B4}
[2012.10.05 14:22:31 | 000,000,000 | ---D | C] -- C:\Users\Slava\AppData\Local\{901E236F-A620-4B33-85AC-61C476F0AA17}
[2012.10.04 14:05:19 | 000,000,000 | ---D | C] -- C:\Users\Slava\AppData\Local\{5CE54690-B05F-48B0-AC7E-D0B318099FF9}
[2012.10.04 00:41:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\2K Games
[2012.10.03 15:52:57 | 000,000,000 | ---D | C] -- C:\Users\Slava\AppData\Local\{0D7559BE-F291-4978-9C33-A3CA5E92E160}
[2012.10.02 11:34:07 | 000,000,000 | ---D | C] -- C:\Users\Slava\AppData\Local\{38D8ED99-BD95-40B8-A87D-C194EB328A4D}
[2012.10.01 15:06:35 | 000,000,000 | ---D | C] -- C:\Users\Slava\AppData\Local\{58FA4CEB-BC32-4CB3-BBC2-A96B3B2A60C6}
[2012.09.30 15:25:31 | 000,000,000 | ---D | C] -- C:\Users\Slava\AppData\Local\{4F77C135-0197-4A2A-A3B1-CE7B9223147D}
[2012.09.29 17:50:17 | 000,000,000 | ---D | C] -- C:\Users\Slava\AppData\Local\{F1FAD53D-8594-498F-B3FF-B48761E3B277}
[2012.09.28 07:12:19 | 000,000,000 | ---D | C] -- C:\Users\Slava\AppData\Local\{F0640A90-A733-442D-968E-2645D8FA5D87}
[2012.09.27 13:30:47 | 000,000,000 | ---D | C] -- C:\Users\Slava\AppData\Local\{4DC2895F-8D8D-4E14-9559-B1473397466F}
[2012.09.26 12:06:48 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OxpsConverter.exe
[2012.09.25 09:17:54 | 000,000,000 | ---D | C] -- C:\Users\Slava\AppData\Local\{5316AF5C-5909-444A-991E-10368FC8B319}
[2012.09.24 15:16:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
[2012.09.24 12:29:11 | 000,000,000 | ---D | C] -- C:\Users\Slava\AppData\Local\{E1C7F705-E763-440B-98D4-7FCEAB39AE33}
[2012.09.23 14:14:35 | 000,000,000 | ---D | C] -- C:\Users\Slava\AppData\Local\{363DAB50-53EA-424F-A0AA-D554B6FC50BB}
[2012.09.23 14:14:27 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.09.23 14:14:27 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.09.23 14:14:26 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.09.23 14:14:26 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.09.23 14:14:26 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.09.23 14:14:26 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.09.23 14:14:25 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.09.23 14:14:25 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.09.23 14:14:25 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.09.23 14:14:25 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.09.23 14:14:25 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.09.23 14:14:24 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.09.23 14:14:23 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.09.23 14:14:23 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012.09.23 14:14:22 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.09.22 13:21:30 | 000,000,000 | ---D | C] -- C:\Users\Slava\AppData\Local\{1D0B1036-4EEC-4CD0-A4CC-97ED5C60D457}
[2012.09.21 14:46:41 | 000,000,000 | ---D | C] -- C:\Users\Slava\AppData\Local\{4FF046D4-37DD-4F27-A7CE-3AF4FD0EC3E9}
[2012.09.20 20:46:06 | 000,000,000 | ---D | C] -- C:\Users\Slava\AppData\Local\{B3A65837-66BA-457A-B806-2F36ED1153C5}
[2012.09.19 16:26:24 | 000,000,000 | ---D | C] -- C:\Users\Slava\AppData\Local\{41A127C4-C0F6-4371-A3F3-9A789A9D508E}
[1 C:\Users\Slava\Desktop\*.tmp files -> C:\Users\Slava\Desktop\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.18 15:21:03 | 001,613,412 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.10.18 15:21:03 | 000,696,848 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.10.18 15:21:03 | 000,652,166 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.10.18 15:21:03 | 000,148,144 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.10.18 15:21:03 | 000,121,098 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.10.18 15:19:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.18 15:19:31 | 2088,144,895 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.18 14:58:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Slava\Desktop\OTL.exe
[2012.10.18 14:57:16 | 000,023,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.18 14:57:16 | 000,023,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.18 14:53:07 | 000,000,266 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2012.10.18 14:17:00 | 000,076,361 | ---- | M] () -- C:\ProgramData\wrhikbxvpflmpwg
[2012.10.18 14:16:39 | 000,100,352 | ---- | M] () -- C:\ProgramData\mufjjtvq.exe
[2012.10.18 14:16:39 | 000,100,352 | ---- | M] () -- C:\Users\Slava\0.9104294007267247.exe
[2012.10.18 13:42:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-526365458-2449696219-1328568343-1001UA.job
[2012.10.18 13:22:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.17 18:50:55 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-526365458-2449696219-1328568343-1001Core.job
[2012.10.17 18:50:46 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe
[2012.10.13 01:33:42 | 001,591,306 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.10.12 15:05:46 | 000,000,058 | ---- | M] () -- C:\Users\Slava\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
[2012.10.11 23:30:45 | 000,494,664 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.10.11 22:39:03 | 002,010,599 | ---- | M] () -- C:\Users\Slava\Desktop\polizei_schulung.pdf
[2012.10.10 07:28:24 | 000,005,629 | ---- | M] () -- C:\Users\Slava\Desktop\Lebenslauf.odt
[2012.10.09 18:32:04 | 000,002,150 | ---- | M] () -- C:\Users\Public\Desktop\Razer Game Booster.lnk
[2012.10.09 18:06:48 | 000,224,244 | ---- | M] () -- C:\Users\Slava\Desktop\Synästhesie.pdf
[2012.10.09 17:22:43 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.10.09 17:22:42 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[1 C:\Users\Slava\Desktop\*.tmp files -> C:\Users\Slava\Desktop\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.10.18 14:16:59 | 000,100,352 | ---- | C] () -- C:\ProgramData\mufjjtvq.exe
[2012.10.18 14:16:41 | 000,076,361 | ---- | C] () -- C:\ProgramData\wrhikbxvpflmpwg
[2012.10.18 14:16:39 | 000,100,352 | ---- | C] () -- C:\Users\Slava\0.9104294007267247.exe
[2012.10.11 22:39:02 | 002,010,599 | ---- | C] () -- C:\Users\Slava\Desktop\polizei_schulung.pdf
[2012.10.10 16:52:35 | 000,002,465 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller X.lnk
[2012.10.10 16:52:35 | 000,002,453 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat X Pro.lnk
[2012.10.10 07:28:24 | 000,005,629 | ---- | C] () -- C:\Users\Slava\Desktop\Lebenslauf.odt
[2012.10.09 18:50:55 | 000,494,664 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.10.09 18:32:04 | 000,002,150 | ---- | C] () -- C:\Users\Public\Desktop\Razer Game Booster.lnk
[2012.10.09 18:29:48 | 001,591,306 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.10.09 18:06:47 | 000,224,244 | ---- | C] () -- C:\Users\Slava\Desktop\Synästhesie.pdf
[2012.07.21 21:07:33 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012.07.21 21:07:33 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2012.06.02 20:18:55 | 000,017,408 | ---- | C] () -- C:\Users\Slava\AppData\Local\WebpageIcons.db
[2012.05.20 19:38:21 | 000,000,890 | ---- | C] () -- C:\Users\Slava\AppData\Local\recently-used.xbel
[2012.05.09 14:15:50 | 000,001,536 | ---- | C] () -- C:\Users\Slava\Spiele.lnk
[2012.04.06 03:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.04.06 03:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.03.16 17:03:31 | 000,000,663 | ---- | C] () -- C:\Users\Slava\Downloads.lnk
[2012.03.09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.01.12 23:49:26 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2012.01.12 23:49:23 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll
[2012.01.12 23:49:22 | 004,078,592 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll
[2012.01.12 23:49:22 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012.01.12 23:49:22 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012.01.12 23:49:22 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012.01.12 05:39:22 | 002,392,064 | ---- | C] () -- C:\Windows\SysWow64\videotrans.dll
[2012.01.12 05:39:22 | 000,215,040 | ---- | C] () -- C:\Windows\SysWow64\videoformat.dll
[2012.01.12 05:39:22 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\imgscaler.dll
[2012.01.12 05:39:22 | 000,022,016 | ---- | C] () -- C:\Windows\SysWow64\img_utils.dll
[2012.01.12 05:39:22 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\videocore.dll
[2012.01.12 05:39:20 | 000,128,512 | ---- | C] () -- C:\Windows\SysWow64\xvid.dll
[2012.01.12 05:32:35 | 000,004,608 | ---- | C] () -- C:\Users\Slava\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.12.21 01:01:09 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2011.11.15 12:40:40 | 000,000,058 | ---- | C] () -- C:\Users\Slava\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
[2011.10.18 23:24:39 | 008,676,883 | ---- | C] () -- C:\Windows\SysWow64\mp3Media2.dll
[2011.10.15 21:17:17 | 000,344,064 | ---- | C] () -- C:\Windows\SysWow64\lxeccomx.dll
[2011.10.15 21:17:17 | 000,331,776 | ---- | C] () -- C:\Windows\SysWow64\LXECinst.dll
[2011.10.15 21:17:16 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxecpmui.dll
[2011.10.15 21:17:16 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxecinpa.dll
[2011.10.15 21:17:16 | 000,344,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeciesc.dll
[2011.10.15 21:17:16 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\lxecinsr.dll
[2011.10.15 21:17:16 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\lxecjswr.dll
[2011.10.15 21:17:16 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\lxeccur.dll
[2011.10.15 21:17:15 | 001,048,576 | ---- | C] ( ) -- C:\Windows\SysWow64\lxecserv.dll
[2011.10.15 21:17:15 | 000,847,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxecusb1.dll
[2011.10.15 21:17:15 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\lxecins.dll
[2011.10.15 21:17:15 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\lxecinsb.dll
[2011.10.15 21:17:15 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\lxeccu.dll
[2011.10.15 21:17:15 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\lxeccub.dll
[2011.10.15 21:17:14 | 000,688,128 | ---- | C] ( ) -- C:\Windows\SysWow64\lxechbn3.dll
[2011.10.15 21:17:14 | 000,598,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeccoms.exe
[2011.10.15 21:17:14 | 000,577,536 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeclmpm.dll
[2011.10.15 21:17:14 | 000,372,736 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeccomm.dll
[2011.10.15 21:17:14 | 000,324,264 | ---- | C] ( ) -- C:\Windows\SysWow64\lxecih.exe
[2011.10.15 21:17:13 | 000,802,816 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeccomc.dll
[2011.10.15 21:17:13 | 000,373,416 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeccfg.exe
[2011.10.15 21:16:22 | 000,299,008 | ---- | C] () -- C:\Windows\SysWow64\LXECsm.dll
[2011.10.15 21:16:22 | 000,024,064 | ---- | C] () -- C:\Windows\SysWow64\LXECsmr.dll
[2011.10.15 20:35:00 | 000,000,271 | ---- | C] () -- C:\Windows\lgfwup.ini
[2011.10.15 14:32:38 | 000,001,517 | ---- | C] () -- C:\Users\Slava\Progs.lnk
[2011.10.15 14:32:38 | 000,001,517 | ---- | C] () -- C:\Users\Slava\Dokumente.lnk
[2011.10.15 14:32:38 | 000,001,494 | ---- | C] () -- C:\Users\Slava\Serien.lnk
[2011.10.15 14:32:38 | 000,001,494 | ---- | C] () -- C:\Users\Slava\Bilder.lnk
[2011.10.15 14:32:38 | 000,001,485 | ---- | C] () -- C:\Users\Slava\Musik.lnk
[2011.10.15 14:32:38 | 000,001,485 | ---- | C] () -- C:\Users\Slava\Filme.lnk
[2011.10.15 14:32:38 | 000,000,733 | ---- | C] () -- C:\Users\Slava\Installierte Spiele.lnk
[2011.10.15 14:18:48 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
[2011.10.15 01:40:33 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.10.15 00:38:26 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

Extras:

Code:

ATTFilter

OTL Extras logfile created on: 18.10.2012 15:23:44 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Slava\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,93 Gb Total Physical Memory | 7,17 Gb Available Physical Memory | 90,43% Memory free
15,85 Gb Paging File | 15,13 Gb Available in Paging File | 95,46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,14 Gb Total Space | 31,71 Gb Free Space | 26,62% Space Free | Partition Type: NTFS
Drive D: | 100,00 Mb Total Space | 71,61 Mb Free Space | 71,61% Space Free | Partition Type: NTFS
Drive F: | 465,76 Gb Total Space | 205,93 Gb Free Space | 44,21% Space Free | Partition Type: NTFS
Drive L: | 14,92 Gb Total Space | 11,37 Gb Free Space | 76,23% Space Free | Partition Type: FAT32
 
Computer Name: SLAVA-LAPTOP | User Name: Slava | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-526365458-2449696219-1328568343-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E0D1621-0872-424B-A0B6-1F79865DBF5C}" = rport=138 | protocol=17 | dir=out | app=system | 
"{1F01DB23-29BA-499C-AD14-CE46481C42D7}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{29897A44-0047-4EF8-B534-FAA34BBBF793}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{2AEE4C41-CF1C-404B-8D17-0ADF92370EB8}" = lport=138 | protocol=17 | dir=in | app=system | 
"{2C0BF9E6-DE1E-4BAC-98AE-7911EF2AA0EA}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{330AC187-F55D-446A-AF1B-F6A30BD64ABB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{346ABB31-7179-457C-B914-E3176CCCE71E}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{38BD6F69-BCA8-47E4-A26A-13C7FFDCB63A}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{4F172E83-7D4F-4ECA-8E07-F0D371144A1B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{699FBD15-6BB5-49C8-ACBE-7BA58FC13183}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{865583BE-2FC4-4C81-974B-BBDBFA497BDE}" = lport=139 | protocol=6 | dir=in | app=system | 
"{8742ABDC-F810-421E-9512-FA5AD6EFF735}" = lport=445 | protocol=6 | dir=in | app=system | 
"{9A1B3F59-2E33-4824-9DC3-8EC0362E968A}" = rport=137 | protocol=17 | dir=out | app=system | 
"{A7E34A3E-5D12-406C-8DA2-850E8C56CE63}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{A9310477-8601-49CF-8FFF-5BC0E7810399}" = lport=137 | protocol=17 | dir=in | app=system | 
"{B1A1F7E6-11B9-4895-9A69-DA0A53EDB715}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C7AF1D85-5C9A-48DB-9946-7B824F54C2DA}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{D7AA2F5A-0A57-4E1B-907A-C748C5631585}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{D973952A-9540-4939-9494-EF06DDE00DAE}" = rport=139 | protocol=6 | dir=out | app=system | 
"{E46C3EB8-D172-46D4-AD32-59628F91A5A9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E559BDEB-3286-4FCE-87D0-9C25754677E5}" = rport=2869 | protocol=6 | dir=out | app=system | 
"{EFC1A4B2-7D36-4833-B8EC-C08B90489C4B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{F1A0EEB3-7736-4B9E-964D-AA645896E5B7}" = rport=445 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01682F86-6D8D-4B5E-A2E8-FBE29F6DC7A8}" = protocol=17 | dir=in | app=f:\installierte spiele\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | 
"{03D507E8-6D0C-44AA-BDC8-3702DD106987}" = protocol=17 | dir=in | app=f:\installierte spiele\steam\steamapps\common\killingfloor\system\killingfloor.exe | 
"{0F1795D4-11C2-414B-A752-E3A4F41A942F}" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe | 
"{1053E8BF-DF1C-41CB-A9B6-7312FCFEFBA6}" = protocol=17 | dir=in | app=f:\installierte spiele\i am alive\iamalive_launcher.exe | 
"{1063360D-CAFD-43A4-B743-4CAEB96D5B8F}" = protocol=17 | dir=in | app=f:\installierte spiele\steam\steam.exe | 
"{10ED9AAB-1014-4352-A1EB-E5C0D755BD7C}" = protocol=17 | dir=in | app=f:\installierte spiele\steam\steamapps\emmerichj\counter-strike source\hl2.exe | 
"{13AD0628-EAF7-4BF0-B022-EB1FE0C945E5}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\powerdvd12.exe | 
"{19150F2B-FA7B-48CB-98D5-4BF305DC5428}" = protocol=17 | dir=in | app=f:\installierte spiele\steam\steamapps\common\the binding of isaac\isaac.exe | 
"{195562A7-8E68-4760-986A-9265EEE1C0D2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{1A26B498-9E93-45F8-A515-C09B4613141B}" = dir=in | app=c:\windows\system32\lxeccoms.exe | 
"{208EE4C9-57E2-4F4B-A767-7B6C150516F4}" = protocol=6 | dir=in | app=f:\installierte spiele\steam\steamapps\common\the binding of isaac\isaac.exe | 
"{209DB498-A152-4A2F-AF43-3A62CE45FBE3}" = protocol=17 | dir=in | app=f:\installierte spiele\i am alive\src\system\iamalive_game.exe | 
"{2716B2FB-B312-42F1-A368-6BFA4453950C}" = dir=in | app=c:\windows\system32\lxeccoms.exe | 
"{2EABB7D6-9B59-417A-8163-7486F8E49CC7}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{30240865-1932-46D1-B7FD-076BA3C79969}" = protocol=6 | dir=in | app=f:\installierte spiele\i am alive\iamalive_launcher.exe | 
"{326F11A8-54F5-4EC3-B8C1-F272C8E2DD4C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{341745FA-4320-44E6-B8F7-BD339BED73D6}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd8\powerdvd8.exe | 
"{35AF5AD1-9803-4671-BF0E-932D58F1772F}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{378B774A-BF7D-4F4C-8829-00E4CC4F362A}" = protocol=6 | dir=in | app=f:\installierte spiele\steam\steamapps\common\borderlands\binaries\borderlands.exe | 
"{38A95E7E-5C9D-465B-A3BB-34945574EEF4}" = protocol=6 | dir=in | app=f:\installierte spiele\steam\steamapps\common\blacklightretribution\blacklight retribution.exe | 
"{3AE7A916-E5FB-4035-93DE-D5CB7B51D3D7}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 
"{44354928-A70A-4A3F-ACC9-792F64080EB0}" = protocol=17 | dir=in | app=f:\installierte spiele\steam\steamapps\common\bit.trip runner\runner.exe | 
"{45FEE252-EE34-41CE-B538-394A517045E8}" = protocol=6 | dir=in | app=f:\installierte spiele\max payne 3\playmaxpayne3.exe | 
"{51C4840F-4617-426F-8BE6-166EFBBDCC2C}" = protocol=6 | dir=in | app=f:\installierte spiele\steam\steamapps\emmerichj\counter-strike source\hl2.exe | 
"{52FD007A-1DB1-4B54-B60C-F8A7E46323DC}" = protocol=17 | dir=in | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe | 
"{563C6D51-10AF-49D6-863D-DC42CAEEB4F7}" = protocol=6 | dir=in | app=f:\installierte spiele\steam\steamapps\common\gotham city impostors f2p\impostors.exe | 
"{57179715-B479-4F2F-BCC3-08F15C184AE9}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{5ABBA52C-365D-4DAC-84F1-FD5B4F1FD5B9}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\kernel\dms\clmsserverpdvd12.exe | 
"{5C9FA0FF-2CCE-4278-A46A-AE147EB26DD3}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{5D130CD9-69C3-42D3-B45B-7AB5184EB4D8}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{615CA665-C539-47A8-A488-CB8A3A5583BC}" = protocol=6 | dir=in | app=f:\installierte spiele\steam\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe | 
"{67394AA6-930C-41CC-9804-F057B5A9E2BF}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{68C7BCB6-97A7-4E99-AC78-A7D5F696DA52}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{692C8CA2-580E-477C-9590-30822477BECB}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{6BB81BD0-7933-4381-B148-531DD2B507BD}" = protocol=6 | dir=in | app=f:\installierte spiele\steam\steam.exe | 
"{6D293376-E892-4FC6-B0BC-3AC5855524F8}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{6D83B6C3-5CC5-4A3A-AA7B-8709EBDC37FC}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{714E2844-99E4-4CFF-8152-C3002B372ADD}" = protocol=17 | dir=in | app=f:\installierte spiele\steam\steamapps\common\trine\trine_launcher.exe | 
"{719025D1-A217-4A99-BE5A-795531387B4E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{72875258-29B4-4EAA-BC9B-40C8513E3FF2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{7757939B-9399-4E6C-95F8-D91F96D05CA7}" = protocol=6 | dir=in | app=f:\installierte spiele\i am alive\src\system\iamalive_game.exe | 
"{79499C5E-9A6B-4C81-B552-720E8DA2913F}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\powerdvd12agent.exe | 
"{7C081F45-0CAD-42D2-8C17-51A6EED21C0F}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{7E6FC3E1-AE16-496B-9117-DE47D89D499E}" = protocol=6 | dir=in | app=f:\installierte spiele\steam\steamapps\common\bit.trip runner\runner.exe | 
"{7F14AE24-92FF-4400-8213-864B6986F038}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{806F3B62-0A35-4372-A553-95FC53E408C7}" = protocol=17 | dir=in | app=f:\installierte spiele\steam\steamapps\common\blacklightretribution\blacklight retribution.exe | 
"{810609C2-3C03-4D98-A845-AE0772FB0503}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{837E517A-CEBC-4C58-84C5-F5FD465CFF42}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{8A027BCF-19C4-4A1C-B3E3-B9D9EBD6D8F3}" = dir=in | app=c:\windows\system32\lxeccoms.exe | 
"{9137F65F-43C8-4EC5-B567-CE6F916E1310}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{91454857-3030-449E-95C8-F566B1FBB83D}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\powerdvd12ml.exe | 
"{930D0B22-7A19-4AA0-A0E6-12AAE5A072AB}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{993FB316-1ED4-444C-B2D4-7F0A229A01EC}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{9B2AF0B4-E82E-45B8-AF03-4DE6EB9FFB31}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{9DAE3FD5-8842-42CF-804B-66683EF417B6}" = protocol=6 | dir=in | app=f:\installierte spiele\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | 
"{9FFE7057-D00B-4119-8BB9-D15ECC02BBF7}" = protocol=6 | dir=in | app=f:\installierte spiele\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{A237AFB6-C791-4018-B416-4C371C03CA56}" = protocol=17 | dir=in | app=f:\installierte spiele\steam\steamapps\common\amnesia the dark descent\launcher.exe | 
"{A966E9CC-AD8E-4871-B3F7-2BDCAC87F655}" = protocol=17 | dir=in | app=f:\installierte spiele\steam\steamapps\common\borderlands\binaries\borderlands.exe | 
"{ACBF8A88-3298-4E9F-8B44-49B22B661298}" = protocol=17 | dir=in | app=f:\installierte spiele\steam\steamapps\common\payday the heist\payday_win32_release.exe | 
"{AFF4CAEE-235E-4AAE-8B2C-BCE923D9628B}" = protocol=6 | dir=in | app=f:\installierte spiele\steam\steamapps\common\just cause 2\justcause2.exe | 
"{B1A64E65-D26C-4E03-9774-03EA8C4EAD09}" = protocol=17 | dir=in | app=f:\installierte spiele\steam\steamapps\common\just cause 2\justcause2.exe | 
"{B7C5FA91-A4A6-4EB2-BEDD-A9A7D1FEFB89}" = dir=in | app=c:\windows\system32\lxeccoms.exe | 
"{BA2255FF-DD49-4E81-ADED-BCEDDEF5EF7E}" = dir=in | app=c:\windows\system32\lxeccoms.exe | 
"{BD175B1E-0AFF-44FF-92D9-D68BD2EF2EB8}" = protocol=6 | dir=in | app=f:\installierte spiele\steam\steamapps\emmerichj\the ship\ship.exe | 
"{C1E30509-D65D-48BF-B793-47D62770EE14}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\kernel\dmr\powerdvd12dmrengine.exe | 
"{C35F9718-ECEE-444C-A422-16DDECEB6A3C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{C62DBD14-6067-4268-8EDA-0A15FA114E86}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{C75A6815-BCBD-46FA-ACFC-9F973CAFB360}" = protocol=17 | dir=in | app=f:\installierte spiele\steam\steamapps\emmerichj\the ship\ship.exe | 
"{C818572F-BED8-4389-82D6-516F75D012A5}" = protocol=6 | dir=in | app=f:\installierte spiele\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | 
"{C8D3189D-67AD-4001-BC6E-17ADC0C4A514}" = protocol=17 | dir=in | app=f:\installierte spiele\max payne 3\playmaxpayne3.exe | 
"{C9ACEBE1-7C7C-457D-B71A-A64854C49D76}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{C9F8E0BE-E42D-4E2E-9E5D-1B7F81237028}" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe | 
"{CEB5A2E6-A5F6-4564-B16C-AF7A5E9D6372}" = protocol=6 | dir=in | app=f:\installierte spiele\steam\steamapps\common\payday the heist\payday_win32_release.exe | 
"{CF861C7C-3C50-4A75-9285-E1ED8B14847D}" = protocol=17 | dir=in | app=f:\installierte spiele\steam\steamapps\common\trine 2\trine2_launcher.exe | 
"{D3D2E828-521B-4B18-B976-FC2F4750A6E4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{D3F98075-EB2F-426F-A4DE-F969CE896D3D}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{D7263E55-B44B-4C87-955A-65C6DB849F6B}" = protocol=6 | dir=in | app=f:\installierte spiele\steam\steamapps\common\trine\trine_launcher.exe | 
"{DF371607-AAD2-40BA-A000-11C45865062B}" = protocol=17 | dir=in | app=f:\installierte spiele\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | 
"{E9E91FAB-8AA9-4970-8DB5-CA0361B34669}" = protocol=6 | dir=in | app=f:\installierte spiele\steam\steamapps\common\amnesia the dark descent\launcher.exe | 
"{EAC86018-9E30-4095-B368-DC1DEE92949B}" = protocol=17 | dir=in | app=f:\installierte spiele\steam\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe | 
"{EF2FE695-C7D4-446F-8388-B87232CAF940}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{F0576261-7FAF-4F55-B949-CA2B5C59C601}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\movie\powerdvd cinema\powerdvdcinema12.exe | 
"{F1EDEF90-C57E-4ADC-B2BE-B25D10DE539F}" = protocol=6 | dir=in | app=f:\installierte spiele\steam\steamapps\common\killingfloor\system\killingfloor.exe | 
"{F2C7645B-A22D-4ADE-8BD6-E98A91FD4252}" = protocol=17 | dir=in | app=f:\installierte spiele\steam\steamapps\common\gotham city impostors f2p\impostors.exe | 
"{F866EC00-05F8-4BD1-A8EF-86962874A6FC}" = protocol=6 | dir=in | app=f:\installierte spiele\steam\steamapps\common\trine 2\trine2_launcher.exe | 
"{F93EDE10-7B2E-4AB6-9AF1-860C61D71F9E}" = protocol=6 | dir=in | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe | 
"{FFA9D52E-F5CD-4C65-B148-B6E01F73008F}" = protocol=17 | dir=in | app=f:\installierte spiele\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"TCP Query User{29EC51A4-EFE8-433A-AB88-F48314A22250}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{AF2A78F7-3C95-449B-81DD-5C61624E6E32}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=6 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe | 
"UDP Query User{44CB89A5-6444-459C-8E60-B3F88632BA9E}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=17 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe | 
"UDP Query User{9D05C5B4-1377-4BE6-ABF8-C6E00E84E6C7}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{BDBFAC49-8877-472F-876B-75ADB7DBC955}" = CorelDRAW Graphics Suite X6 (64-Bit)
"_{EBDC2D0D-1E26-4EF2-BB48-C7E18F7800C6}" = Corel Graphics - Windows Shell Extension
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{10762393-1B90-4AC2-AF1A-4C0C04AE303F}" = CorelDRAW Graphics Suite X6 - VBA (x64)
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{1967EF95-E00B-4669-8B1C-A589BE8BF24F}" = CorelDRAW Graphics Suite X6 - Capture (x64)
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1E3A578C-0A7D-4820-990F-B7545C0B2303}" = CorelDRAW Graphics Suite X6 - VSTA (x64)
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{27AE72A4-B217-4CDC-B82B-3311E9D7460E}" = CorelDRAW Graphics Suite X6 - Draw (x64)
"{2C72B5E4-AA34-4F1A-8C7E-468530F9F6A3}" = CorelDRAW Graphics Suite X6 - Photozoom Plugin (x64)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{35869A6C-BA31-4F23-B52D-BC1B1E41EC1B}" = CorelDRAW Graphics Suite X6 - Common (x64)
"{389D85F6-D005-095E-3C49-3675754B41F8}" = AMD Drag and Drop Transcoding
"{3933C06C-8239-432B-87FC-F2BDC5B49A10}" = CorelDRAW Graphics Suite X6 - FontNav (x64)
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Überwachungstool für die Intel® Turbo-Boost-Technik
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4BC310C4-B898-46E2-B5FB-B85A30AA7142}" = iCloud
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6099F026-0A98-4D40-9B3D-ED2123A8CBD0}" = CorelDRAW Graphics Suite X6 - Redist (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7386B5FA-8715-481D-821F-7785110506DF}" = CorelDRAW Graphics Suite X6 - Custom Data (x64)
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{79899C6B-E315-4A3F-8904-02DEAB8D660D}" = Corel Graphics - Windows Shell Extension 32 Bit
"{7B79AE44-9B76-4815-84E5-ACAC3F0F0278}" = CorelDRAW Graphics Suite X6 - VideoBrowser (x64)
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120064-0070-0000-0000-4000000FF1CE}" = Microsoft Visual Basic for Applications 7.1 (x64)
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{90F60407-7000-11D3-8CFE-0150048383C9}" = Microsoft Visual Basic for Applications 7.1 (x64) German
"{90F60409-7000-11D3-8CFE-0150048383C9}" = Microsoft Visual Basic for Applications 7.1 (x64) English
"{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}" = ASUS Power4Gear Hybrid
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AAAB95-AEBE-437A-B7CA-37C7BE13FFE9}" = CorelDRAW Graphics Suite X6 - Connect (x64)
"{AC2AAFF8-6719-A420-AB9F-7E5F5E6CA46A}" = AMD Catalyst Install Manager
"{B6DF7031-2843-44FD-9CAB-DECAB4257456}" = CorelDRAW Graphics Suite X6 - IPM
"{BDBFAC49-8877-472F-876B-75ADB7DBC955}" = CorelDRAW Graphics Suite X6 - Setup Files (x64)
"{CCE7423E-1D84-4CD3-9E32-220EC9358D97}" = CorelDRAW Graphics Suite X6 (x64)
"{CDFFDDCC-B74E-4AEE-A97F-12E31BAFF3FF}" = CorelDRAW Graphics Suite X6 - DE (x64)
"{D7C2687D-924E-4485-B367-C7D95CBF8DDD}" = CorelDRAW Graphics Suite X6 - PHOTO-PAINT (x64)
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DDE82E3D-20C4-48E1-AE1D-B1F10E42CA44}" = CorelDRAW Graphics Suite X6 - Writing Tools (x64)
"{E699230D-4B5E-411E-9F45-FF50789B18DD}" = CorelDRAW Graphics Suite X6 - Filters (x64)
"{EBDC2D0D-1E26-4EF2-BB48-C7E18F7800C6}" = Corel Graphics - Windows Shell Extension
"{F4F0546E-E0F2-5D87-A502-B0B2FBFDD7CD}" = AMD Accelerated Video Transcoding
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FF0E1F56-A1FE-56EC-C33D-578F3E5C5C15}" = ccc-utility64
"{FFA1864E-ADC4-66F6-CC60-877E06EE47E3}" = AMD Media Foundation Decoders
"CCleaner" = CCleaner
"ffdshow64_is1" = ffdshow x64 v1.1.4257 [2012-01-15]
"GIMP-2_is1" = GIMP 2.6.12
"Lexmark Pro800-Pro900 Series" = Lexmark Pro800-Pro900 Series
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.00 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1170D24F-42B7-40CF-AA1B-6395CE562354}" = Gears of War
"{12F4B10F-2B95-0D9B-ED71-296DA3C20F09}" = CCC Help Czech
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1AA94747-3BF6-4237-9E1A-7B3067738FE1}" = Max Payne 3
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1F7424F8-F992-48BC-90EF-7C4DB0405E3F}" = Alcor Micro USB Card Reader
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Blu-ray Disc Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A0582C-03C1-BB0A-EC77-22BC17A4A601}" = Catalyst Control Center Graphics Previews Common
"{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java(TM) 6 Update 27
"{29157928-F504-238C-47C7-5389C0F3D6BF}" = CCC Help Swedish
"{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime
"{2B512D86-0BEE-1F51-FDB7-D414C0D6A40E}" = CCC Help Portuguese
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3A5D79AA-13D7-74FD-1850-E356528DE1A0}" = CCC Help Japanese
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}" = Hi-Rez Studios Authenticate and Update Service
"{4082C4D2-9299-AECE-0116-B894D3898F2F}" = Catalyst Control Center
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Security Suite CBE 12
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D87DC92-C328-46EC-A7B4-9C88129DC696}" = Dead Space™
"{6179550A-3E7C-499E-BCC9-9E8113E0A285}" = LG Tool Kit
"{62952508-8C6F-4D31-9802-099FC67B41C3}" = I Am Alive
"{63738E95-2626-0C13-B682-DCA526B3B3B8}" = CCC Help French
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{648B59AA-B9BF-CBB9-3123-DCEDF669534B}" = CCC Help Turkish
"{663E92C0-0141-0307-6F04-4465EE0002B2}" = CCC Help Italian
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6879F7F5-E63B-3DCC-DF23-30C4703547D6}" = CCC Help Finnish
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6EB88C92-7828-A799-7A87-AEAA798055FA}" = CCC Help Dutch
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76DAEC83-AF7B-333C-8A53-83D7C7D39199}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7CFC3EF7-41DB-10A6-C7FC-92AD2778043F}" = CCC Help Chinese Traditional
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{88F0F4FF-B514-4E32-9C17-CAF96D60EAFC}" = Razer Game Booster
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BCD7AE7-F713-4D50-BAB9-7839B9386870}" = ImageShack Uploader 2.2.0
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E87B944-4815-3C5E-947F-5035C9F64362}" = Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90287FB1-220B-C54D-9374-070F6BCEFF7C}" = CCC Help Norwegian
"{907F9C22-CD5B-2864-2FBB-6B1DFCEE0787}" = CCC Help Russian
"{92858613-6C37-1DBB-1DF6-2D2832FD5F2D}" = Catalyst Control Center Localization All
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{942641F2-705E-3E66-5D39-BC3AFB476B3A}" = CCC Help Chinese Standard
"{95B90127-0B66-CE91-BFB7-CBA49AC39C0E}" = CCC Help Korean
"{96D06FDD-6AF4-4309-BC1B-1C9588B0575E}" = Dead Space™ 2
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FF01926-E64F-EBCB-CAB8-F8C005BE0A8B}" = CCC Help Polish
"{A1974D99-9FF0-9075-CBF4-F579D0717E84}" = CCC Help Thai
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AE683B25-6D74-AE98-F9A9-E07FB9EF5B62}" = CCC Help English
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B46BEA36-0B71-4A4E-AE41-87241643FA0A}" = CyberLink PowerDVD 12
"{B51C71F3-FA38-627E-1BDD-57831EB4F259}" = CCC Help German
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B8ABD8C7-991E-4A70-B5A3-20C6FC680680}" = LogMeIn Hamachi
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{CB606F47-7D0E-40DF-95BB-0E5413A1295F}" = MP3 Skype Recorder
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF45E5AA-4F5D-1188-CAA6-C2DE5ABBB389}" = Catalyst Control Center InstallProxy
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D56B4299-B2B4-4822-ED77-945B0CCF2192}" = CCC Help Greek
"{D6930099-BDDA-A5BA-16E0-291C0A6899C9}" = CCC Help Danish
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E09D83E8-40D2-5E4E-2138-77B6022F6049}" = CCC Help Spanish
"{E2F7EB9D-B814-1474-86AB-69BA1872CE1A}" = CCC Help Hungarian
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{E72F1051-B87E-4EF4-AE9F-8FDD229CC438}" = Catalyst Control Center - Branding
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F1100000-0011-0000-0001-074957833700}" = ABBYY FineReader 11
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"0630-0716-3135-7887" = JDownloader 2
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"BitComet_x64" = BitComet 1.28 64-bit
"Borderlands 2_is1" = Borderlands 2
"Cheat Engine 6.1_is1" = Cheat Engine 6.1
"CSS Config .NET 0.6" = CSS Config .NET 0.6
"DAEMON Tools Lite" = DAEMON Tools Lite
"Doom 3 BFG Edition_is1" = «Doom 3 BFG Edition»  1.1400.34.1428
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.50
"Free Audio CD Burner_is1" = Free Audio CD Burner version 2.0.20.1005
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 4.3.3.908
"Freez FLV to MP3 Converter v1.5_is1" = Freez FLV to MP3 Converter
"GeoGebra" = GeoGebra
"ImgBurn" = ImgBurn
"InstallShield_{1170D24F-42B7-40CF-AA1B-6395CE562354}" = Gears of War
"InstallShield_{1F7424F8-F992-48BC-90EF-7C4DB0405E3F}" = Alcor Micro USB Card Reader
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Blu-ray Disc Suite
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{62952508-8C6F-4D31-9802-099FC67B41C3}" = I Am Alive
"InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}" = CyberLink PowerDVD 12
"InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Security Suite CBE 12
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 8.1.0
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"MozBackup" = MozBackup 1.5.1
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
"Office14.SingleImage" = Microsoft Office Professional 2010
"OpenAL" = OpenAL
"Passbild-Generator_is1" = Bewerbungsfoto-/Passbild-Generator v3.5a
"Rockstar Games Social Club" = Rockstar Games Social Club
"ScreenshotCaptor_is1" = Screenshot Captor 2.102.01
"Security Task Manager" = Security Task Manager 1.8d
"Steam App 218" = Source SDK Base 2007
"Steam App 220" = Half-Life 2
"Steam App 380" = Half-Life 2: Episode One
"Steam App 420" = Half-Life 2: Episode Two
"TeamViewer 7" = TeamViewer 7
"VLC media player" = VLC media player 2.0.2
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.10 (32-bit)
"xp-AntiSpy" = xp-AntiSpy 3.98-2
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-526365458-2449696219-1328568343-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"Spotify" = Spotify
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 18.10.2012 05:56:39 | Computer Name = Slava-Laptop | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: MaxPayne3.exe, Version: 1.0.0.22,
 Zeitstempel: 0x4fce8ed7  Name des fehlerhaften Moduls: MaxPayne3.exe, Version: 1.0.0.22,
 Zeitstempel: 0x4fce8ed7  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0098dfbf  ID des fehlerhaften
 Prozesses: 0xdf0  Startzeit der fehlerhaften Anwendung: 0x01cdad16b524cd94  Pfad der
 fehlerhaften Anwendung: F:\Installierte Spiele\Max Payne 3\MaxPayne3.exe  Pfad des
 fehlerhaften Moduls: F:\Installierte Spiele\Max Payne 3\MaxPayne3.exe  Berichtskennung:
 1bd398a5-190a-11e2-9eb1-74f06da847bd
 
Error - 18.10.2012 07:15:50 | Computer Name = Slava-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 18.10.2012 07:15:50 | Computer Name = Slava-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1014
 
Error - 18.10.2012 07:15:50 | Computer Name = Slava-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1014
 
Error - 18.10.2012 07:15:51 | Computer Name = Slava-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 18.10.2012 07:15:51 | Computer Name = Slava-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2012
 
Error - 18.10.2012 07:15:51 | Computer Name = Slava-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2012
 
Error - 18.10.2012 07:15:52 | Computer Name = Slava-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 18.10.2012 07:15:52 | Computer Name = Slava-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3011
 
Error - 18.10.2012 07:15:52 | Computer Name = Slava-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3011
 
[ System Events ]
Error - 18.10.2012 09:19:43 | Computer Name = Slava-Laptop | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 18.10.2012 09:19:43 | Computer Name = Slava-Laptop | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 18.10.2012 09:19:43 | Computer Name = Slava-Laptop | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 18.10.2012 09:19:43 | Computer Name = Slava-Laptop | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 18.10.2012 09:19:43 | Computer Name = Slava-Laptop | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 18.10.2012 09:19:43 | Computer Name = Slava-Laptop | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 18.10.2012 09:19:56 | Computer Name = Slava-Laptop | Source = DCOM | ID = 10005
Description = 
 
Error - 18.10.2012 09:19:56 | Computer Name = Slava-Laptop | Source = DCOM | ID = 10005
Description = 
 
Error - 18.10.2012 09:19:56 | Computer Name = Slava-Laptop | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 18.10.2012 09:21:33 | Computer Name = Slava-Laptop | Source = Service Control Manager | ID = 7001
Description = Der Dienst "PnP-X-IP-Busenumerator" ist vom Dienst "Funktionssuchanbieter-Host"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
 
< End of report >

Ich hoffe auf schnelle und kompetente Hilfe und bedanke mich im Voraus!

Liebe Grüße
Slava105

cosinus · 19.10.2012, 12:53

Funktioniert noch der abgesicherte Modus mit Netzwerktreibern? Mit Internetverbindung?

Abgesicherter Modus zur Bereinigung

Windows mit F8-Taste beim Start in den abgesicherten Modus bringen.
Starte den Rechner in den abgesicherten Modus mit Netzwerktreibern:

Slava105 · 19.10.2012, 14:08

Ja, habe ja im abgesicherten Modus den OTL-Scan auch gemacht.

Mittlerweile habe ich den Virus irgendwie wegbekommen!
Zumindest erscheint er beim Start nicht mehr, auch kann ich den PC wieder normal nutzen. Allerdings startet der PC viel langsamer, genauer gesagt, die Programme nach dem Start.
Ich habe ja eine SSD verbaut und war es gewohnt, dass ich nach dem Start gleich ein Programm öffnen konnte, was auch sofort funktionierte. Jetzt dauert es aber ca. 20-30 Sekunden, bis ich ein Programm anklicken kann, davor ist das "Ladesymbol" zu sehen.
Deswegen habe ich auch noch die Vermutung, dass der Virus sich noch irgendwo "versteckt" und bloß nicht mehr startet.

Einen vollständigen Scan mit Kaspersky Security Suite CBE 12 und Malwarebytes habe ich schon gemacht, es wurde aber nichts gefunden...

cosinus · 19.10.2012, 15:19

Zitat:

Mittlerweile habe ich den Virus irgendwie wegbekommen!

Was heißt irgendwie, was hast du gemacht?
Bitte trotzdem auch alle Logs von Malwarebytes posten

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

Slava105 · 19.10.2012, 16:30

So genau weiß ich das auch nicht

Habe vieles ausprobiert, unter anderem den Kaspersky Windows Unlocker, das hat aber nichts gebracht.
Dann habe ich im abgesicherten Modus OTL, adwcleaner, gmer und aswMBR durchlaufen lassen und bei infizierten Funden alles entfernt. Hat aber auch alles nicht funktioniert, sobald ich Windows normal gestartet habe, kam der Virus wieder.

Ich wollte das ganze schon aufgeben und Windows neu aufsetzen, da ich den PC kurzfristig gebraucht habe und auf eine Antwort hier im Forum nicht warten konnte.

Habe dann aber doch noch etwas gefunden, was ich ausprobieren wollte. Nämlich mit Hilfe von dem cmd-Befehl "msconfig" den Autostart zu bereinigen. Das habe ich dann auch gemacht und alle mir unbekannten Sachen deaktiviert. Anschließend den Rechner neugestartet und siehe da - es ging wieder. Der Virus startete nicht mehr. Also habe ich CCleaner angemacht und dann auch wirklich die deaktivierten, mir unbekannten Autostart Anwendungen entfernt.

Ob das jetzt die eigentliche Lösung des Problems oder es die Kombination der oben aufgelisteten Programme und das Entfernen der unbekannten Autostart-Komponenten war, kann ich nicht sagen

Hier ein neuer OTL-Log:

Code:

ATTFilter

OTL logfile created on: 19.10.2012 17:11:56 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Slava\Desktop\Security
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,93 Gb Total Physical Memory | 4,86 Gb Available Physical Memory | 61,28% Memory free
15,85 Gb Paging File | 12,19 Gb Available in Paging File | 76,89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,14 Gb Total Space | 31,37 Gb Free Space | 26,33% Space Free | Partition Type: NTFS
Drive D: | 100,00 Mb Total Space | 71,61 Mb Free Space | 71,61% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive F: | 465,76 Gb Total Space | 205,87 Gb Free Space | 44,20% Space Free | Partition Type: NTFS
 
Computer Name: SLAVA-LAPTOP | User Name: Slava | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.10.19 15:13:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Slava\Desktop\Security\OTL.exe
PRC - [2012.10.12 14:43:21 | 000,531,792 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2012.10.09 17:22:43 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
PRC - [2012.09.07 16:40:43 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.09.02 15:35:52 | 001,353,080 | ---- | M] (Valve Corporation) -- F:\Installierte Spiele\Steam\Steam.exe
PRC - [2012.09.01 11:27:48 | 000,055,184 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\ATH.exe
PRC - [2012.08.27 21:32:54 | 000,059,280 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2012.08.09 23:12:18 | 000,055,184 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.04.17 17:19:40 | 003,671,872 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2012.01.19 13:47:20 | 003,027,840 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012.01.12 15:52:57 | 000,296,232 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
PRC - [2012.01.12 15:52:55 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
PRC - [2012.01.12 15:52:55 | 000,075,048 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
PRC - [2012.01.12 14:58:47 | 000,371,256 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
PRC - [2012.01.02 04:21:22 | 000,501,544 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
PRC - [2011.12.22 20:11:20 | 000,818,952 | ---- | M] (ABBYY) -- C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe
PRC - [2011.07.21 16:49:10 | 005,716,608 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2011.07.18 16:11:42 | 000,166,528 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
PRC - [2010.10.07 15:05:14 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
PRC - [2009.12.15 11:39:38 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
PRC - [2009.06.19 11:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
PRC - [2009.06.19 11:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
PRC - [2009.06.15 18:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008.12.22 18:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
PRC - [2008.08.13 22:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
PRC - [2007.11.30 11:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.10.15 13:33:42 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012.10.14 21:19:44 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012.10.14 21:19:37 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012.10.14 21:19:36 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012.10.14 21:19:08 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012.10.14 21:19:03 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012.10.14 21:19:03 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\2ec98ab0193d64e95b7d09d094deed97\Accessibility.ni.dll
MOD - [2012.10.12 14:43:21 | 020,319,568 | ---- | M] () -- F:\Installierte Spiele\Steam\bin\libcef.dll
MOD - [2012.10.12 14:43:21 | 001,099,616 | ---- | M] () -- F:\Installierte Spiele\Steam\bin\avcodec-53.dll
MOD - [2012.10.12 14:43:21 | 000,964,432 | ---- | M] () -- F:\Installierte Spiele\Steam\bin\chromehtml.dll
MOD - [2012.10.12 14:43:21 | 000,190,816 | ---- | M] () -- F:\Installierte Spiele\Steam\bin\avformat-53.dll
MOD - [2012.10.12 14:43:21 | 000,123,232 | ---- | M] () -- F:\Installierte Spiele\Steam\bin\avutil-51.dll
MOD - [2012.10.09 17:22:42 | 009,814,968 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
MOD - [2012.09.07 16:40:43 | 002,244,064 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012.01.12 14:55:29 | 000,075,048 | ---- | M] () -- C:\Program Files (x86)\CyberLink\PowerDVD12\subsys\DLNA\DMS\_PyDMSCtrl.pyd
MOD - [2012.01.02 04:21:17 | 000,374,056 | ---- | M] () -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\CLNetMediaDMA.dll
MOD - [2011.09.27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.09.27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.08.24 04:39:11 | 000,655,360 | ---- | M] () -- C:\Program Files (x86)\CyberLink\PowerDVD12\Common\Koan\_ssl.pyd
MOD - [2011.08.24 04:39:11 | 000,081,920 | ---- | M] () -- C:\Program Files (x86)\CyberLink\PowerDVD12\Common\koan\_ctypes.pyd
MOD - [2011.08.24 04:39:11 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\CyberLink\PowerDVD12\Common\Koan\_socket.pyd
MOD - [2010.07.01 11:21:42 | 000,204,800 | ---- | M] () -- C:\Program Files (x86)\asus\VirtualCamera\virtualCamera.ax
MOD - [2007.11.30 11:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012.06.11 19:19:14 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010.04.14 22:08:30 | 001,052,328 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxeccoms.exe -- (lxec_device)
SRV:64bit: - [2010.04.14 22:08:23 | 000,045,736 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxecserv.exe -- (lxecCATSCustConnectService)
SRV - [2012.10.12 14:43:21 | 000,531,792 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.10.09 17:22:43 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.09.07 16:40:43 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.08.29 12:03:36 | 002,369,960 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.12 21:16:55 | 000,008,704 | ---- | M] (Hi-Rez Studios) [Auto | Paused] -- F:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService)
SRV - [2012.06.07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.04.10 19:21:22 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Stopped] -- C:\Program Files (x86)\Kaspersky Security Suite CBE 12\avp.exe -- (AVP)
SRV - [2012.01.19 13:47:20 | 003,027,840 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012.01.12 15:52:57 | 000,296,232 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe -- (CyberLink PowerDVD 12 Media Server Service)
SRV - [2012.01.12 15:52:55 | 000,087,336 | ---- | M] (CyberLink Corp.) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe -- (CLHNServiceForPowerDVD12)
SRV - [2012.01.12 15:52:55 | 000,075,048 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe -- (CyberLink PowerDVD 12 Media Server Monitor Service)
SRV - [2011.12.22 20:11:20 | 000,818,952 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Professional.11.0)
SRV - [2011.03.28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.12.28 10:00:34 | 001,296,728 | ---- | M] (www.BitComet.com) [On_Demand | Stopped] -- C:\Programme\BitComet\tools\BitCometService.exe -- (BITCOMET_HELPER_SERVICE)
SRV - [2010.11.30 13:27:58 | 000,336,824 | ---- | M] (arvato digital services llc) [Auto | Running] -- c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2_x64)
SRV - [2010.04.14 22:08:23 | 000,045,736 | ---- | M] () [Auto | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\\lxecserv.exe -- (lxecCATSCustConnectService)
SRV - [2010.04.14 22:08:12 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxeccoms.exe -- (lxec_device)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.12.15 11:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2009.11.02 12:48:18 | 000,126,352 | ---- | M] (Intel(R) Corporation) [On_Demand | Running] -- C:\Programme\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV - [2009.06.15 18:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.07.09 13:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.06.24 16:13:00 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012.06.11 20:59:38 | 010,248,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.06.11 18:26:14 | 000,367,616 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.06.02 20:16:15 | 000,615,728 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2012.05.14 08:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.10 18:36:24 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2011.03.04 13:23:28 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2)
DRV:64bit: - [2011.03.04 13:23:24 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.05.03 11:46:04 | 000,044,032 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2010.04.21 15:47:50 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010.03.05 11:19:46 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010.03.02 16:45:24 | 001,594,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010.01.25 07:09:36 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandgps64.sys -- (AndGps)
DRV:64bit: - [2010.01.25 07:09:34 | 000,027,648 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lganddiag64.sys -- (AndDiag)
DRV:64bit: - [2010.01.25 07:09:24 | 000,033,792 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandmodem64.sys -- (ANDModem)
DRV:64bit: - [2010.01.25 07:09:22 | 000,019,456 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandbus64.sys -- (Andbus)
DRV:64bit: - [2009.11.02 20:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009.11.02 12:48:02 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009.09.17 20:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009.08.13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009.08.07 05:24:14 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.07.20 17:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.13 09:07:20 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)
DRV:64bit: - [2009.04.29 17:28:30 | 000,030,208 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV:64bit: - [2009.03.18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2012.09.17 17:00:04 | 000,014,544 | ---- | M] (OpenLibSys.org) [File_System | On_Demand | Stopped] -- C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys -- (WinRing0_1_2_0)
DRV - [2012.01.11 22:57:42 | 000,146,928 | ---- | M] (CyberLink Corp.) [2012/06/02 20:49:37] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl -- ({329F96B6-DF1E-4328-BFDA-39EA953C1312})
DRV - [2011.10.27 08:18:45 | 000,082,928 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys -- (ntk_PowerDVD12)
DRV - [2009.08.28 18:36:26 | 000,146,928 | ---- | M] (CyberLink Corp.) [2011/10/15 20:34:06] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl -- ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054})
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009.07.02 18:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = 
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-526365458-2449696219-1328568343-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
IE - HKU\S-1-5-21-526365458-2449696219-1328568343-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-526365458-2449696219-1328568343-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-526365458-2449696219-1328568343-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 33 14 87 BF C0 8A CC 01  [binary data]
IE - HKU\S-1-5-21-526365458-2449696219-1328568343-1001\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-526365458-2449696219-1328568343-1001\..\SearchScopes\{9E6DB2CB-496F-4EB9-9EAB-3804730EEF11}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-526365458-2449696219-1328568343-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-526365458-2449696219-1328568343-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..extensions.enabledAddons: firefox-extension@shareaholic.com:3.0.1
FF - prefs.js..extensions.enabledAddons: stealthyextension@gmail.com:2.3.3
FF - prefs.js..extensions.enabledAddons: tabscope@xuldev.org:1.1.7
FF - prefs.js..extensions.enabledAddons: tineye@ideeinc.com:1.1
FF - prefs.js..extensions.enabledAddons: wotstats@mywot.com:2.11.7
FF - prefs.js..extensions.enabledAddons: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.4.6
FF - prefs.js..extensions.enabledAddons: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.2
FF - prefs.js..extensions.enabledAddons: {76C80A11-FAD4-406c-8246-F5ED4F9367B5}:0.1.7
FF - prefs.js..extensions.enabledAddons: {987311C6-B504-4aa2-90BF-60CC49808D42}:2.2
FF - prefs.js..extensions.enabledAddons: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.68
FF - prefs.js..extensions.enabledAddons: {bb6bc1bb-f824-4702-90cd-35e2fb24f25d}:1.5.1.1
FF - prefs.js..extensions.enabledAddons: smarterwiki@wikiatic.com:5.0.2
FF - prefs.js..extensions.enabledAddons: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.15
FF - prefs.js..extensions.enabledAddons: ich@maltegoetz.de:1.4.3
FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.10
FF - prefs.js..extensions.enabledAddons: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.2.2
FF - prefs.js..network.proxy.http: "proxyuk1.stealthy.co"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Slava\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Slava\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Security Suite CBE 12\FFExt\virtualKeyboard@kaspersky.ru [2012.06.09 10:41:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Security Suite CBE 12\FFExt\linkfilter@kaspersky.ru [2012.06.09 10:41:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Security Suite CBE 12\FFExt\KavAntiBanner@Kaspersky.ru [2012.06.09 10:41:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012.10.10 16:58:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.07 16:40:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.10 16:52:34 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.07 16:40:43 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.10 16:52:34 | 000,000,000 | ---D | M]
 
[2011.10.15 00:32:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Slava\AppData\Roaming\mozilla\Extensions
[2012.10.18 12:30:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Slava\AppData\Roaming\mozilla\Firefox\Profiles\bz8joakp.default\extensions
[2012.10.09 19:50:45 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Slava\AppData\Roaming\mozilla\Firefox\Profiles\bz8joakp.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2012.05.22 19:25:32 | 000,000,000 | ---D | M] (BitComet Video Downloader) -- C:\Users\Slava\AppData\Roaming\mozilla\Firefox\Profiles\bz8joakp.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[2012.09.16 15:07:41 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Slava\AppData\Roaming\mozilla\Firefox\Profiles\bz8joakp.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.09.01 19:56:45 | 000,000,000 | ---D | M] (Cookies Manager+) -- C:\Users\Slava\AppData\Roaming\mozilla\Firefox\Profiles\bz8joakp.default\extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d}
[2012.09.15 22:47:23 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Slava\AppData\Roaming\mozilla\Firefox\Profiles\bz8joakp.default\extensions\ich@maltegoetz.de
[2012.01.16 03:23:31 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Slava\AppData\Roaming\mozilla\Firefox\Profiles\bz8joakp.default\extensions\wotstats@mywot.com
[2012.10.18 12:30:34 | 000,005,413 | ---- | M] () (No name found) -- C:\Users\Slava\AppData\Roaming\mozilla\firefox\profiles\bz8joakp.default\extensions\507fdc0921b2e@507fdc0921b67.com.xpi
[2011.10.15 02:27:23 | 000,161,864 | ---- | M] () (No name found) -- C:\Users\Slava\AppData\Roaming\mozilla\firefox\profiles\bz8joakp.default\extensions\firefox-extension@shareaholic.com.xpi
[2012.09.08 19:54:12 | 000,371,729 | ---- | M] () (No name found) -- C:\Users\Slava\AppData\Roaming\mozilla\firefox\profiles\bz8joakp.default\extensions\smarterwiki@wikiatic.com.xpi
[2012.07.27 12:01:09 | 000,184,864 | ---- | M] () (No name found) -- C:\Users\Slava\AppData\Roaming\mozilla\firefox\profiles\bz8joakp.default\extensions\stealthyextension@gmail.com.xpi
[2012.07.27 12:01:09 | 000,057,698 | ---- | M] () (No name found) -- C:\Users\Slava\AppData\Roaming\mozilla\firefox\profiles\bz8joakp.default\extensions\tabscope@xuldev.org.xpi
[2011.10.15 02:27:24 | 000,008,001 | ---- | M] () (No name found) -- C:\Users\Slava\AppData\Roaming\mozilla\firefox\profiles\bz8joakp.default\extensions\tineye@ideeinc.com.xpi
[2011.10.15 02:27:24 | 000,079,135 | ---- | M] () (No name found) -- C:\Users\Slava\AppData\Roaming\mozilla\firefox\profiles\bz8joakp.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}.xpi
[2012.08.12 02:02:20 | 000,379,698 | ---- | M] () (No name found) -- C:\Users\Slava\AppData\Roaming\mozilla\firefox\profiles\bz8joakp.default\extensions\{1BFCBDFC-41DB-11E1-9FC4-D3C94824019B}.xpi
[2011.10.15 02:27:24 | 000,164,858 | ---- | M] () (No name found) -- C:\Users\Slava\AppData\Roaming\mozilla\firefox\profiles\bz8joakp.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}.xpi
[2012.06.22 16:13:04 | 000,009,664 | ---- | M] () (No name found) -- C:\Users\Slava\AppData\Roaming\mozilla\firefox\profiles\bz8joakp.default\extensions\{76C80A11-FAD4-406c-8246-F5ED4F9367B5}.xpi
[2011.10.15 02:27:24 | 000,022,573 | ---- | M] () (No name found) -- C:\Users\Slava\AppData\Roaming\mozilla\firefox\profiles\bz8joakp.default\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}.xpi
[2012.08.13 22:38:30 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Slava\AppData\Roaming\mozilla\firefox\profiles\bz8joakp.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.01.22 23:54:36 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\Slava\AppData\Roaming\mozilla\firefox\profiles\bz8joakp.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
[2012.09.13 19:10:49 | 000,698,867 | ---- | M] () (No name found) -- C:\Users\Slava\AppData\Roaming\mozilla\firefox\profiles\bz8joakp.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2012.09.07 16:40:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.09.07 16:40:41 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.09.07 16:40:41 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files (x86)\mozilla firefox\extensions\KavAntiBanner@kaspersky.ru_bak2
[2012.09.07 16:40:41 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Program Files (x86)\mozilla firefox\extensions\linkfilter@kaspersky.ru_bak2
[2012.09.07 16:40:43 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.04.15 14:20:18 | 001,034,544 | ---- | M] (BitComet) -- C:\Program Files (x86)\mozilla firefox\plugins\npBitCometAgent.dll
[2012.06.23 09:38:10 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.29 14:11:06 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.23 09:38:10 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.23 09:38:10 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.23 09:38:10 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.23 09:38:10 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Slava\AppData\Local\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Slava\AppData\Local\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Slava\AppData\Local\Google\Chrome\Application\22.0.1229.94\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Slava\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.486_0\plugin/npVKPlugin.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Slava\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.486_0\plugin/npUrlAdvisor.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.270.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U27 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: BitCometAgent (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npBitCometAgent.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Slava\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - Extension: Modul zur Link-Untersuchung = C:\Users\Slava\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.486_0\
CHR - Extension: Virtuelle Tastatur = C:\Users\Slava\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.486_0\
CHR - Extension: WOT = C:\Users\Slava\AppData\Local\Google\Chrome\User Data\Default\Extensions\nphjeokkkbngjpiofnfpnafjeofjomfb\2.11.7_0\
 
O1 HOSTS File: ([2012.10.10 22:52:56 | 000,000,854 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Programme\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-526365458-2449696219-1328568343-1001\..\Toolbar\WebBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [avp] C:\Program Files (x86)\Kaspersky Security Suite CBE 12\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-526365458-2449696219-1328568343-1001..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-526365458-2449696219-1328568343-1001..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: &Alles mit BitComet herunterladen - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Mit BitComet herunter&laden - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: &Alles mit BitComet herunterladen - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Mit BitComet herunter&laden - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\x64\ievkbd.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0530377B-4FF1-48E5-AF07-6FF7DC8F38D8}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\MP3 Skype Recorder\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0cb2f596-142d-11e1-88cf-74f06da847bd}\Shell - "" = AutoRun
O33 - MountPoints2\{0cb2f596-142d-11e1-88cf-74f06da847bd}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O33 - MountPoints2\{276e7baa-be04-11e1-aaf5-74f06da847bd}\Shell - "" = AutoRun
O33 - MountPoints2\{276e7baa-be04-11e1-aaf5-74f06da847bd}\Shell\AutoRun\command - "" = G:\I_am_Alive_Setup.exe
O33 - MountPoints2\{e3f74625-f6bd-11e0-933f-74f06da847bd}\Shell - "" = AutoRun
O33 - MountPoints2\{e3f74625-f6bd-11e0-933f-74f06da847bd}\Shell\AutoRun\command - "" = G:\setup_alan_wake_american_nightmare_1.0.0.13.exe
O33 - MountPoints2\{f33c3d28-0178-11e1-8ccd-74f06da847bd}\Shell - "" = AutoRun
O33 - MountPoints2\{f33c3d28-0178-11e1-8ccd-74f06da847bd}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.19 14:45:35 | 000,000,000 | ---D | C] -- C:\Users\Slava\AppData\Local\MediaShow
[2012.10.19 14:33:09 | 000,000,000 | ---D | C] -- C:\Users\Slava\AppData\Local\{A3037869-4A93-4C3D-B5F1-493D0B0D33AD}
[2012.10.18 23:14:38 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2012.10.18 22:05:49 | 000,000,000 | ---D | C] -- C:\Users\Slava\AppData\Local\{6A404EF0-802A-4B8A-9EC7-5F14C7CB053D}
[2012.10.18 22:00:18 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012.10.18 14:17:00 | 000,000,000 | ---D | C] -- C:\ProgramData\thlbrefixwmbmvy
[2012.10.18 12:57:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Catalyst
[2012.10.18 11:12:28 | 000,000,000 | ---D | C] -- C:\Users\Slava\AppData\Local\{08CF7B2D-9DE1-4D2B-B72B-B1C49A036798}
[2012.10.17 23:11:43 | 000,000,000 | ---D | C] -- C:\Users\Slava\AppData\Local\{1C04DBC3-2528-4C2E-AB00-3FDC96A524F5}
[2012.10.17 11:10:58 | 000,000,000 | ---D | C] -- C:\Users\Slava\AppData\Local\{77F1743E-7A47-46CF-9110-68D05A8DE7BD}
[2012.10.16 14:05:30 | 000,000,000 | ---D | C] -- C:\Users\Slava\AppData\Local\{5AFBFCA7-77A0-46A8-8143-16D37B72DC4F}
[2012.10.15 14:33:22 | 000,000,000 | ---D | C] -- C:\Users\Slava\AppData\Local\{DC5C5F92-B1AF-4910-8047-2F26BFB17819}
[2012.10.15 08:43:23 | 000,000,000 | ---D | C] -- C:\Users\Slava\AppData\Local\{FCFD6560-0450-4042-8496-7E4E37BE7AFC}
[2012.10.14 20:11:55 | 000,000,000 | ---D | C] -- C:\Users\Slava\AppData\Local\{5D040916-23A5-46B6-A440-E94C9B061993}
[2012.10.13 13:33:26 | 000,000,000 | ---D | C] -- C:\Users\Slava\AppData\Local\{C2CCD009-8780-4F51-A91D-C30C3AE51C98}
[2012.10.12 23:53:55 | 000,000,000 | ---D | C] -- C:\Users\Slava\Documents\IAmAlive
[2012.10.12 23:20:21 | 000,000,000 | R--D | C] -- C:\Users\Slava\Desktop\Spiele
[2012.10.12 14:42:55 | 000,000,000 | ---D | C] -- C:\Users\Slava\AppData\Local\{4ADA3074-95D5-4CD1-8350-4206E2F7F03D}
[2012.10.11 17:09:17 | 000,000,000 | ---D | C] -- C:\Users\Slava\Documents\Meine Paletten
[2012.10.11 17:04:32 | 000,000,000 | ---D | C] -- C:\Users\Slava\AppData\Roaming\Corel
[2012.10.11 17:04:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Protexis64
[2012.10.11 17:02:38 | 000,000,000 | ---D | C] -- C:\Users\Slava\Documents\Corel
[2012.10.11 17:02:22 | 000,000,000 | ---D | C] -- C:\Users\Slava\Documents\Visual Studio 2008
[2012.10.11 17:00:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SDKs
[2012.10.11 17:00:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 9.0
[2012.10.11 17:00:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Corel
[2012.10.11 16:59:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Protexis
[2012.10.11 16:59:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Corel
[2012.10.11 16:58:27 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Corel
[2012.10.11 16:58:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X6 (64-Bit)
[2012.10.11 16:57:56 | 000,000,000 | ---D | C] -- C:\Program Files\Corel
[2012.10.11 16:56:29 | 000,000,000 | ---D | C] -- C:\ProgramData\CorelDRAW Graphics Suite X6
[2012.10.11 13:46:43 | 000,000,000 | ---D | C] -- C:\Users\Slava\AppData\Local\{BF1794A5-6A92-402F-935C-E86A8D0B8C46}
[2012.10.10 19:03:15 | 000,000,000 | ---D | C] -- C:\Users\Slava\AppData\Local\{D1023244-A572-401B-B951-920921E58C7F}
[2012.10.10 18:53:05 | 000,000,000 | ---D | C] -- C:\Users\Slava\AppData\Roaming\ABBYY
[2012.10.10 18:18:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABBYY FineReader 11
[2012.10.10 18:18:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ABBYY FineReader 11
[2012.10.10 18:18:10 | 000,000,000 | ---D | C] -- C:\ProgramData\ABBYY
[2012.10.10 16:54:44 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2012.10.10 16:52:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe LiveCycle ES2
[2012.10.10 16:51:41 | 000,000,000 | ---D | C] -- C:\Users\Slava\AppData\Local\FLT
[2012.10.10 13:12:32 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012.10.10 13:12:29 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.10.10 13:12:28 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012.10.10 13:12:27 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012.10.10 13:12:17 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012.10.10 13:12:16 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012.10.10 13:12:07 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012.10.10 13:12:07 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012.10.10 13:12:07 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012.10.10 13:12:07 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012.10.10 13:12:06 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012.10.10 13:12:06 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012.10.10 13:12:06 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012.10.10 13:12:06 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012.10.10 13:12:06 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012.10.10 13:12:06 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012.10.10 13:12:06 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012.10.10 13:12:06 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012.10.10 13:12:06 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012.10.10 13:12:06 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012.10.10 13:12:06 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012.10.10 13:12:06 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012.10.10 13:12:06 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012.10.10 13:12:06 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012.10.10 13:12:06 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.10.10 13:12:06 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.10.10 13:12:06 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012.10.10 13:12:06 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012.10.10 13:12:06 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012.10.10 13:12:06 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012.10.10 13:12:06 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012.10.10 13:12:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.10.10 13:12:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.10.10 13:12:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.10.10 13:12:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.10.10 13:12:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.10.10 13:12:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012.10.10 13:12:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012.10.10 13:12:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012.10.10 13:12:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.10 13:12:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.10 13:12:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012.10.10 13:12:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012.10.10 13:12:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012.10.10 13:12:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012.10.10 13:12:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012.10.10 13:12:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012.10.10 13:12:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012.10.10 13:12:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.10.10 13:12:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012.10.10 13:12:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012.10.10 13:12:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012.10.10 13:12:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012.10.10 13:12:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012.10.10 13:12:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012.10.10 13:12:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012.10.10 13:12:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012.10.10 13:12:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012.10.10 13:12:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.10.10 13:12:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.10.10 13:12:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012.10.10 13:12:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012.10.10 13:12:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012.10.10 13:12:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012.10.10 13:12:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012.10.10 13:12:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012.10.10 13:12:05 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012.10.10 13:12:05 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012.10.10 13:12:05 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012.10.10 13:12:05 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012.10.10 13:12:05 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012.10.10 13:12:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012.10.10 13:12:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012.10.10 13:12:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012.10.10 13:12:05 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012.10.10 07:02:53 | 000,000,000 | ---D | C] -- C:\Users\Slava\AppData\Local\{D3CB2BD7-33D4-4085-B834-C5450DF80915}
[2012.10.09 18:32:16 | 000,000,000 | ---D | C] -- C:\Users\Slava\AppData\Local\Razer
[2012.10.09 18:32:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
[2012.10.09 18:32:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Razer
[2012.10.09 18:32:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Razer
[2012.10.09 14:03:07 | 000,000,000 | ---D | C] -- C:\Users\Slava\AppData\Local\{23EE2857-F1E6-499F-9FEF-F8719ECADB00}
[2012.10.08 15:04:40 | 000,000,000 | ---D | C] -- C:\Users\Slava\AppData\Local\{1DED12CE-1DD9-4D67-B743-0F1779923987}
[2012.10.07 15:52:34 | 000,000,000 | ---D | C] -- C:\Users\Slava\AppData\Local\{FA60350D-3347-4F7C-BB47-0E3BCB8C7CE4}
[2012.10.06 14:36:09 | 000,000,000 | ---D | C] -- C:\Users\Slava\AppData\Local\{E7CEF87B-6A38-468E-BCEA-CABB1E1245B4}
[2012.10.05 14:22:31 | 000,000,000 | ---D | C] -- C:\Users\Slava\AppData\Local\{901E236F-A620-4B33-85AC-61C476F0AA17}
[2012.10.04 14:05:19 | 000,000,000 | ---D | C] -- C:\Users\Slava\AppData\Local\{5CE54690-B05F-48B0-AC7E-D0B318099FF9}
[2012.10.04 00:41:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\2K Games
[2012.10.03 15:52:57 | 000,000,000 | ---D | C] -- C:\Users\Slava\AppData\Local\{0D7559BE-F291-4978-9C33-A3CA5E92E160}
[2012.10.02 11:34:07 | 000,000,000 | ---D | C] -- C:\Users\Slava\AppData\Local\{38D8ED99-BD95-40B8-A87D-C194EB328A4D}
[2012.10.01 15:06:35 | 000,000,000 | ---D | C] -- C:\Users\Slava\AppData\Local\{58FA4CEB-BC32-4CB3-BBC2-A96B3B2A60C6}
[2012.09.30 15:25:31 | 000,000,000 | ---D | C] -- C:\Users\Slava\AppData\Local\{4F77C135-0197-4A2A-A3B1-CE7B9223147D}
[2012.09.29 17:50:17 | 000,000,000 | ---D | C] -- C:\Users\Slava\AppData\Local\{F1FAD53D-8594-498F-B3FF-B48761E3B277}
[2012.09.28 07:12:19 | 000,000,000 | ---D | C] -- C:\Users\Slava\AppData\Local\{F0640A90-A733-442D-968E-2645D8FA5D87}
[2012.09.27 13:30:47 | 000,000,000 | ---D | C] -- C:\Users\Slava\AppData\Local\{4DC2895F-8D8D-4E14-9559-B1473397466F}
[2012.09.26 12:06:48 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OxpsConverter.exe
[2012.09.25 09:17:54 | 000,000,000 | ---D | C] -- C:\Users\Slava\AppData\Local\{5316AF5C-5909-444A-991E-10368FC8B319}
[2012.09.24 15:16:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
[2012.09.24 12:29:11 | 000,000,000 | ---D | C] -- C:\Users\Slava\AppData\Local\{E1C7F705-E763-440B-98D4-7FCEAB39AE33}
[2012.09.23 14:14:35 | 000,000,000 | ---D | C] -- C:\Users\Slava\AppData\Local\{363DAB50-53EA-424F-A0AA-D554B6FC50BB}
[2012.09.23 14:14:27 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.09.23 14:14:27 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.09.23 14:14:26 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.09.23 14:14:26 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.09.23 14:14:26 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.09.23 14:14:26 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.09.23 14:14:25 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.09.23 14:14:25 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.09.23 14:14:25 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.09.23 14:14:25 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.09.23 14:14:25 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.09.23 14:14:24 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.09.23 14:14:23 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.09.23 14:14:23 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012.09.23 14:14:22 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.09.22 13:21:30 | 000,000,000 | ---D | C] -- C:\Users\Slava\AppData\Local\{1D0B1036-4EEC-4CD0-A4CC-97ED5C60D457}
[2012.09.21 14:46:41 | 000,000,000 | ---D | C] -- C:\Users\Slava\AppData\Local\{4FF046D4-37DD-4F27-A7CE-3AF4FD0EC3E9}
[2012.09.20 20:46:06 | 000,000,000 | ---D | C] -- C:\Users\Slava\AppData\Local\{B3A65837-66BA-457A-B806-2F36ED1153C5}
[1 C:\Users\Slava\Desktop\*.tmp files -> C:\Users\Slava\Desktop\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.19 16:42:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-526365458-2449696219-1328568343-1001UA.job
[2012.10.19 16:31:49 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe
[2012.10.19 16:31:49 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.19 16:31:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.19 14:35:38 | 000,023,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.19 14:35:38 | 000,023,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.19 14:30:38 | 000,000,266 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2012.10.19 14:28:48 | 000,494,664 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.10.19 14:28:37 | 2088,144,895 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.18 21:34:02 | 001,613,412 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.10.18 21:34:02 | 000,697,098 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.10.18 21:34:02 | 000,652,376 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.10.18 21:34:02 | 000,148,362 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.10.18 21:34:02 | 000,121,308 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.10.18 14:17:00 | 000,076,361 | ---- | M] () -- C:\ProgramData\wrhikbxvpflmpwg
[2012.10.17 18:50:55 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-526365458-2449696219-1328568343-1001Core.job
[2012.10.13 01:33:42 | 001,591,306 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.10.12 15:05:46 | 000,000,058 | ---- | M] () -- C:\Users\Slava\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
[2012.10.11 22:39:03 | 002,010,599 | ---- | M] () -- C:\Users\Slava\Desktop\polizei_schulung.pdf
[2012.10.10 07:28:24 | 000,005,629 | ---- | M] () -- C:\Users\Slava\Desktop\Lebenslauf.odt
[2012.10.09 18:32:04 | 000,002,150 | ---- | M] () -- C:\Users\Public\Desktop\Razer Game Booster.lnk
[2012.10.09 18:06:48 | 000,224,244 | ---- | M] () -- C:\Users\Slava\Desktop\Synästhesie.pdf
[2012.10.09 17:22:43 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.10.09 17:22:42 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.09.29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[1 C:\Users\Slava\Desktop\*.tmp files -> C:\Users\Slava\Desktop\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.10.19 14:28:40 | 000,494,664 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.10.18 14:16:41 | 000,076,361 | ---- | C] () -- C:\ProgramData\wrhikbxvpflmpwg
[2012.10.11 22:39:02 | 002,010,599 | ---- | C] () -- C:\Users\Slava\Desktop\polizei_schulung.pdf
[2012.10.10 16:52:35 | 000,002,465 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller X.lnk
[2012.10.10 16:52:35 | 000,002,453 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat X Pro.lnk
[2012.10.10 07:28:24 | 000,005,629 | ---- | C] () -- C:\Users\Slava\Desktop\Lebenslauf.odt
[2012.10.09 18:32:04 | 000,002,150 | ---- | C] () -- C:\Users\Public\Desktop\Razer Game Booster.lnk
[2012.10.09 18:29:48 | 001,591,306 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.10.09 18:06:47 | 000,224,244 | ---- | C] () -- C:\Users\Slava\Desktop\Synästhesie.pdf
[2012.07.21 21:07:33 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012.07.21 21:07:33 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2012.06.02 20:18:55 | 000,017,408 | ---- | C] () -- C:\Users\Slava\AppData\Local\WebpageIcons.db
[2012.05.20 19:38:21 | 000,000,890 | ---- | C] () -- C:\Users\Slava\AppData\Local\recently-used.xbel
[2012.05.09 14:15:50 | 000,001,536 | ---- | C] () -- C:\Users\Slava\Spiele.lnk
[2012.04.06 03:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.04.06 03:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.03.16 17:03:31 | 000,000,663 | ---- | C] () -- C:\Users\Slava\Downloads.lnk
[2012.03.09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.01.12 23:49:26 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2012.01.12 23:49:23 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll
[2012.01.12 23:49:22 | 004,078,592 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll
[2012.01.12 23:49:22 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012.01.12 23:49:22 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012.01.12 23:49:22 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012.01.12 05:39:22 | 002,392,064 | ---- | C] () -- C:\Windows\SysWow64\videotrans.dll
[2012.01.12 05:39:22 | 000,215,040 | ---- | C] () -- C:\Windows\SysWow64\videoformat.dll
[2012.01.12 05:39:22 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\imgscaler.dll
[2012.01.12 05:39:22 | 000,022,016 | ---- | C] () -- C:\Windows\SysWow64\img_utils.dll
[2012.01.12 05:39:22 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\videocore.dll
[2012.01.12 05:39:20 | 000,128,512 | ---- | C] () -- C:\Windows\SysWow64\xvid.dll
[2012.01.12 05:32:35 | 000,004,608 | ---- | C] () -- C:\Users\Slava\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.12.21 01:01:09 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2011.11.15 12:40:40 | 000,000,058 | ---- | C] () -- C:\Users\Slava\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
[2011.10.18 23:24:39 | 008,676,883 | ---- | C] () -- C:\Windows\SysWow64\mp3Media2.dll
[2011.10.15 21:17:17 | 000,344,064 | ---- | C] () -- C:\Windows\SysWow64\lxeccomx.dll
[2011.10.15 21:17:17 | 000,331,776 | ---- | C] () -- C:\Windows\SysWow64\LXECinst.dll
[2011.10.15 21:17:16 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxecpmui.dll
[2011.10.15 21:17:16 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxecinpa.dll
[2011.10.15 21:17:16 | 000,344,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeciesc.dll
[2011.10.15 21:17:16 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\lxecinsr.dll
[2011.10.15 21:17:16 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\lxecjswr.dll
[2011.10.15 21:17:16 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\lxeccur.dll
[2011.10.15 21:17:15 | 001,048,576 | ---- | C] ( ) -- C:\Windows\SysWow64\lxecserv.dll
[2011.10.15 21:17:15 | 000,847,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxecusb1.dll
[2011.10.15 21:17:15 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\lxecins.dll
[2011.10.15 21:17:15 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\lxecinsb.dll
[2011.10.15 21:17:15 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\lxeccu.dll
[2011.10.15 21:17:15 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\lxeccub.dll
[2011.10.15 21:17:14 | 000,688,128 | ---- | C] ( ) -- C:\Windows\SysWow64\lxechbn3.dll
[2011.10.15 21:17:14 | 000,598,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeccoms.exe
[2011.10.15 21:17:14 | 000,577,536 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeclmpm.dll
[2011.10.15 21:17:14 | 000,372,736 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeccomm.dll
[2011.10.15 21:17:14 | 000,324,264 | ---- | C] ( ) -- C:\Windows\SysWow64\lxecih.exe
[2011.10.15 21:17:13 | 000,802,816 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeccomc.dll
[2011.10.15 21:17:13 | 000,373,416 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeccfg.exe
[2011.10.15 21:16:22 | 000,299,008 | ---- | C] () -- C:\Windows\SysWow64\LXECsm.dll
[2011.10.15 21:16:22 | 000,024,064 | ---- | C] () -- C:\Windows\SysWow64\LXECsmr.dll
[2011.10.15 20:35:00 | 000,000,271 | ---- | C] () -- C:\Windows\lgfwup.ini
[2011.10.15 14:32:38 | 000,001,517 | ---- | C] () -- C:\Users\Slava\Progs.lnk
[2011.10.15 14:32:38 | 000,001,517 | ---- | C] () -- C:\Users\Slava\Dokumente.lnk
[2011.10.15 14:32:38 | 000,001,494 | ---- | C] () -- C:\Users\Slava\Serien.lnk
[2011.10.15 14:32:38 | 000,001,494 | ---- | C] () -- C:\Users\Slava\Bilder.lnk
[2011.10.15 14:32:38 | 000,001,485 | ---- | C] () -- C:\Users\Slava\Musik.lnk
[2011.10.15 14:32:38 | 000,001,485 | ---- | C] () -- C:\Users\Slava\Filme.lnk
[2011.10.15 14:32:38 | 000,000,733 | ---- | C] () -- C:\Users\Slava\Installierte Spiele.lnk
[2011.10.15 14:18:48 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
[2011.10.15 01:40:33 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.10.15 00:38:26 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2011.12.29 09:37:16 | 000,000,000 | ---D | M] -- C:\Users\Slava\AppData\Roaming\AtomZombieData
[2012.04.23 10:41:18 | 000,000,000 | ---D | M] -- C:\Users\Slava\AppData\Roaming\Bioshock
[2012.09.14 23:38:22 | 000,000,000 | ---D | M] -- C:\Users\Slava\AppData\Roaming\BitComet
[2011.12.26 00:34:59 | 000,000,000 | ---D | M] -- C:\Users\Slava\AppData\Roaming\Broken Rules
[2011.10.19 00:31:47 | 000,000,000 | ---D | M] -- C:\Users\Slava\AppData\Roaming\Cool Record Edit Pro
[2012.10.18 22:02:13 | 000,000,000 | ---D | M] -- C:\Users\Slava\AppData\Roaming\DAEMON Tools Lite
[2011.11.15 12:40:40 | 000,000,000 | ---D | M] -- C:\Users\Slava\AppData\Roaming\DonationCoder
[2012.10.13 21:11:58 | 000,000,000 | ---D | M] -- C:\Users\Slava\AppData\Roaming\DVDVideoSoft
[2012.06.24 23:27:24 | 000,000,000 | ---D | M] -- C:\Users\Slava\AppData\Roaming\fltk.org
[2011.10.19 00:29:06 | 000,000,000 | ---D | M] -- C:\Users\Slava\AppData\Roaming\Free Sound Recorder
[2012.05.18 22:35:30 | 000,000,000 | ---D | M] -- C:\Users\Slava\AppData\Roaming\ImgBurn
[2012.09.04 22:43:43 | 000,000,000 | ---D | M] -- C:\Users\Slava\AppData\Roaming\MP3SkypeRecorder
[2011.10.31 17:25:25 | 000,000,000 | ---D | M] -- C:\Users\Slava\AppData\Roaming\Notepad++
[2012.01.13 23:26:03 | 000,000,000 | ---D | M] -- C:\Users\Slava\AppData\Roaming\Software4u
[2012.10.01 20:01:58 | 000,000,000 | ---D | M] -- C:\Users\Slava\AppData\Roaming\Spotify
[2012.01.30 23:10:01 | 000,000,000 | ---D | M] -- C:\Users\Slava\AppData\Roaming\TeamViewer
[2011.10.18 16:50:22 | 000,000,000 | ---D | M] -- C:\Users\Slava\AppData\Roaming\Ubisoft
[2011.10.25 23:08:52 | 000,000,000 | ---D | M] -- C:\Users\Slava\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 

< End of report >

und hier der Malwarebytes-Log:

Code:

ATTFilter

byMalwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.10.19.10

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Slava :: SLAVA-LAPTOP [Administrator]

19.10.2012 17:09:07
mbam-log-2012-10-19 (17-09-07).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM | P2P
Deaktivierte Suchlaufeinstellungen: 
Durchsuchte Objekte: 202318
Laufzeit: 1 Minute(n), 1 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

cosinus · 21.10.2012, 10:28

Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

Slava105 · 21.10.2012, 18:36

Ok, habe alles so weit gemacht, hier die Scans:

Malwarebytes Fullscan-Log:

Code:

ATTFilter

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.10.21.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Slava :: SLAVA-LAPTOP [Administrator]

21.10.2012 15:58:37
mbam-log-2012-10-21 (15-58-37).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM | P2P
Deaktivierte Suchlaufeinstellungen: 
Durchsuchte Objekte: 515948
Laufzeit: 1 Stunde(n), 3 Minute(n), 13 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Slava\AppData\Local\Temp\{EFFCB5B3-F4D6-C757-25BC-BCF4341F9745}\Addons\downloadsave_setup.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

ESET-Log:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=0e41c72b6ef4d84b8ef6fb331ee38058
# end=stopped
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-10-21 03:27:46
# local_time=2012-10-21 05:27:46 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1280 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776573 100 94 3045 102463110 0 0
# compatibility_mode=8192 67108863 100 0 1893 1893 0 0
# scanned=394
# found=1
# cleaned=0
# scan_time=6
C:\$Recycle.Bin\S-1-5-21-526365458-2449696219-1328568343-1001\$R2IQVX0.49-RELOADED\gsrld.dll	a variant of Win32/Packed.VMProtect.AAH trojan (unable to clean)	00000000000000000000000000000000	I
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=0e41c72b6ef4d84b8ef6fb331ee38058
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-10-21 05:29:19
# local_time=2012-10-21 07:29:19 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1280 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776573 100 94 257 102465938 0 0
# compatibility_mode=8192 67108863 100 0 4721 4721 0 0
# scanned=336434
# found=7
# cleaned=0
# scan_time=4471
C:\$Recycle.Bin\S-1-5-21-526365458-2449696219-1328568343-1001\$R2IQVX0.49-RELOADED\gsrld.dll	a variant of Win32/Packed.VMProtect.AAH trojan (unable to clean)	00000000000000000000000000000000	I
C:\ProgramData\Download and Sa\5082c6626cd14.ocx	Win32/Adware.MultiPlug.D application (unable to clean)	00000000000000000000000000000000	I
C:\ProgramData\thlbrefixwmbmvy\main.html	HTML/Ransom.B trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\All Users\Download and Sa\5082c6626cd14.ocx	Win32/Adware.MultiPlug.D application (unable to clean)	00000000000000000000000000000000	I
C:\Users\All Users\thlbrefixwmbmvy\main.html	HTML/Ransom.B trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Slava\AppData\Local\Temp\{EFFCB5B3-F4D6-C757-25BC-BCF4341F9745}\Addons\OptimizerProInstaller.exe	a variant of Win32/Adware.SpeedingUpMyPC.A application (unable to clean)	00000000000000000000000000000000	I
F:\Programme\CRC-Killer.exe	Win32/Packed.Autoit.C.Gen application (unable to clean)	00000000000000000000000000000000	I

cosinus · 21.10.2012, 20:52

Code:

ATTFilter

F:\Programme\CRC-Killer.exe	Win32/Packed.Autoit.C.Gen application

Was macht man denn damit?

Slava105 · 21.10.2012, 20:57

WinRar-Archive trotz CRC-Fehler entpacken

Der ESET-Scanner hat ja insgesamt 7 infizierte Einträge gefunden. Was soll ich damit machen? Nochmal den Scan durchlaufen lassen und diesmal auch entfernen lassen?

cosinus · 22.10.2012, 10:23

Zitat:

Zitat von Slava105

WinRar-Archive trotz CRC-Fehler entpacken

Und was willst du mit den fehlerhaften Daten anfangen?

Slava105 · 01.11.2012, 23:54

Sry, war die letzte Woche im Urlaub und habe danach total vergessen hier zu antworten, glaube aber, dass alles so wie beim Alten ist und wieder normal funktioniert. Die Verzögerung beim Start ist zumindest nicht mehr da.

Aber um auf deine Frage zurückzukommen, manchmal ist es (bei mir zumindest) so, dass die Dateien trotz CRC-Fehler vollständig sind, sich mithilfe des Programms auch entpacken und nutzen lassen

cosinus · 03.11.2012, 15:05

Zitat:

Dann habe ich im abgesicherten Modus OTL, adwcleaner, gmer und aswMBR durchlaufen lassen und bei infizierten Funden alles entfernt.

Wo bitte sind eigentlich die Logs davon, du hast nicht alle gepostet!

Slava105 · 03.11.2012, 19:14

Die Logs habe ich nicht gespeichert. Ich ging auch davon aus, dass der PC sowieso clean ist

cosinus · 03.11.2012, 19:53

Die werden automatisch gespeichert!
adwcleaner und tdss direkt auf c

Slava105 · 03.11.2012, 23:10

Ohh ok, sry, das wusste ich nicht. Also hier dann die Logs, habe insgesamt drei von adwcleaner und einen von tdss:

Adw #1:

Code:

ATTFilter

# AdwCleaner v2.005 - Datei am 19/10/2012 um 00:29:42 erstellt
# Aktualisiert am 14/10/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Slava - SLAVA-LAPTOP
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Slava\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v15.0 (de)

Profilname : default 
Datei : C:\Users\Slava\AppData\Roaming\Mozilla\Firefox\Profiles\bz8joakp.default\prefs.js

Gefunden : user_pref("extensions.507fdc0921be3.scode", "(function(){try{if('aol.com,mail.google.com,mystart.inc[...]

-\\ Google Chrome v22.0.1229.94

Datei : C:\Users\Slava\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S2].txt - [3340 octets] - [18/10/2012 21:41:53]
AdwCleaner[R1].txt - [1047 octets] - [19/10/2012 00:29:42]

########## EOF - C:\AdwCleaner[R1].txt - [1107 octets] ##########

Adw #2:

Code:

ATTFilter

# AdwCleaner v2.005 - Datei am 19/10/2012 um 16:42:10 erstellt
# Aktualisiert am 14/10/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Slava - SLAVA-LAPTOP
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Slava\Desktop\Security\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v15.0 (de)

Profilname : default 
Datei : C:\Users\Slava\AppData\Roaming\Mozilla\Firefox\Profiles\bz8joakp.default\prefs.js

Gefunden : user_pref("extensions.507fdc0921be3.scode", "(function(){try{if('aol.com,mail.google.com,mystart.inc[...]

-\\ Google Chrome v22.0.1229.94

Datei : C:\Users\Slava\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S2].txt - [3340 octets] - [18/10/2012 21:41:53]
AdwCleaner[R1].txt - [1176 octets] - [19/10/2012 00:29:42]
AdwCleaner[R2].txt - [1116 octets] - [19/10/2012 16:42:10]

########## EOF - C:\AdwCleaner[R2].txt - [1176 octets] ##########

Adw #3:

Code:

ATTFilter

# AdwCleaner v2.005 - Datei am 18/10/2012 um 21:41:53 erstellt
# Aktualisiert am 14/10/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Slava - SLAVA-LAPTOP
# Bootmodus : Abgesicherter Modus mit Netzwerkunterstützung
# Ausgeführt unter : C:\Users\Slava\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\fcmdSrch.xml
Ordner Gelöscht : C:\Users\Slava\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Slava\AppData\LocalLow\Conduit

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2704262
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4 --> hxxp://www.google.com

-\\ Mozilla Firefox v15.0 (de)

Profilname : default 
Datei : C:\Users\Slava\AppData\Roaming\Mozilla\Firefox\Profiles\bz8joakp.default\prefs.js

Gelöscht : user_pref("extensions.507fdc0921be3.scode", "(function(){try{if('aol.com,mail.google.com,mystart.inc[...]
Gelöscht : user_pref("extensions.facemoods._xpiupdate", true);
Gelöscht : user_pref("extensions.facemoods.aflt", "_#wbst");
Gelöscht : user_pref("extensions.facemoods.fcmdVrsn", "1.2.7.5.4");
Gelöscht : user_pref("extensions.facemoods.first_time", false);
Gelöscht : user_pref("extensions.facemoods.id", "_#b5b0f6f4e1764e7185404a132d7516b1");
Gelöscht : user_pref("extensions.facemoods.instlDay", "_#15230");
Gelöscht : user_pref("extensions.facemoods.prtnrId", "_#facemoods.com");
Gelöscht : user_pref("extensions.facemoods.sid", "_#b5b0f6f4e1764e7185404a132d7516b1");
Gelöscht : user_pref("extensions.facemoods.uninst", true);
Gelöscht : user_pref("extensions.facemoods.update", "_#v1.4.0");
Gelöscht : user_pref("extensions.facemoods.vrsn", "_#1.4.17.5");
Gelöscht : user_pref("extensions.ffxtlbr@Facemoods.com.install-event-fired", true);
Gelöscht : user_pref("extensions.foxlingo.addit.defaultAddons", "{ \"software\": {\"20\": {\"id\": \"20\",\"tit[...]
Gelöscht : user_pref("extensions.smarterwiki.search_surfcanyon", false);

-\\ Google Chrome v22.0.1229.94

Datei : C:\Users\Slava\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S2].txt - [3217 octets] - [18/10/2012 21:41:53]

########## EOF - C:\AdwCleaner[S2].txt - [3277 octets] ##########

tdss:

Code:

ATTFilter

15:43:41.0329 5856  TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
15:43:41.0385 5856  ============================================================
15:43:41.0385 5856  Current date / time: 2012/10/19 15:43:41.0385
15:43:41.0385 5856  SystemInfo:
15:43:41.0385 5856  
15:43:41.0385 5856  OS Version: 6.1.7601 ServicePack: 1.0
15:43:41.0385 5856  Product type: Workstation
15:43:41.0385 5856  ComputerName: SLAVA-LAPTOP
15:43:41.0385 5856  UserName: Slava
15:43:41.0385 5856  Windows directory: C:\Windows
15:43:41.0385 5856  System windows directory: C:\Windows
15:43:41.0385 5856  Running under WOW64
15:43:41.0385 5856  Processor architecture: Intel x64
15:43:41.0385 5856  Number of processors: 8
15:43:41.0385 5856  Page size: 0x1000
15:43:41.0385 5856  Boot type: Normal boot
15:43:41.0385 5856  ============================================================
15:43:41.0662 5856  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:43:41.0663 5856  Drive \Device\Harddisk1\DR1 - Size: 0x1DCF856000 (119.24 Gb), SectorSize: 0x200, Cylinders: 0x3CCE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:43:41.0671 5856  ============================================================
15:43:41.0671 5856  \Device\Harddisk0\DR0:
15:43:41.0672 5856  MBR partitions:
15:43:41.0672 5856  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A385000
15:43:41.0672 5856  \Device\Harddisk1\DR1:
15:43:41.0672 5856  MBR partitions:
15:43:41.0672 5856  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
15:43:41.0672 5856  \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xEE49000
15:43:41.0672 5856  ============================================================
15:43:41.0674 5856  C: <-> \Device\Harddisk1\DR1\Partition2
15:43:41.0675 5856  D: <-> \Device\Harddisk1\DR1\Partition1
15:43:41.0678 5856  F: <-> \Device\Harddisk0\DR0\Partition1
15:43:41.0678 5856  ============================================================
15:43:41.0678 5856  Initialize success
15:43:41.0678 5856  ============================================================
15:43:45.0261 3028  ============================================================
15:43:45.0262 3028  Scan started
15:43:45.0262 3028  Mode: Manual; 
15:43:45.0262 3028  ============================================================
15:43:45.0469 3028  ================ Scan system memory ========================
15:43:45.0469 3028  System memory - ok
15:43:45.0469 3028  ================ Scan services =============================
15:43:45.0510 3028  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
15:43:45.0512 3028  1394ohci - ok
15:43:45.0530 3028  [ 8912B38E7906BDE9999E4BBDC4E65BDC ] ABBYY.Licensing.FineReader.Professional.11.0 C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe
15:43:45.0540 3028  ABBYY.Licensing.FineReader.Professional.11.0 - ok
15:43:45.0548 3028  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
15:43:45.0552 3028  ACPI - ok
15:43:45.0556 3028  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
15:43:45.0556 3028  AcpiPmi - ok
15:43:45.0561 3028  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:43:45.0563 3028  AdobeARMservice - ok
15:43:45.0600 3028  [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:43:45.0601 3028  AdobeFlashPlayerUpdateSvc - ok
15:43:45.0611 3028  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
15:43:45.0617 3028  adp94xx - ok
15:43:45.0625 3028  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
15:43:45.0628 3028  adpahci - ok
15:43:45.0635 3028  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
15:43:45.0637 3028  adpu320 - ok
15:43:45.0643 3028  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
15:43:45.0645 3028  AeLookupSvc - ok
15:43:45.0655 3028  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
15:43:45.0661 3028  AFD - ok
15:43:45.0665 3028  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
15:43:45.0666 3028  agp440 - ok
15:43:45.0670 3028  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
15:43:45.0672 3028  ALG - ok
15:43:45.0676 3028  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
15:43:45.0676 3028  aliide - ok
15:43:45.0682 3028  [ 9C616BA191B80F5CD1A1B9553E107100 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
15:43:45.0686 3028  AMD External Events Utility - ok
15:43:45.0690 3028  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
15:43:45.0690 3028  amdide - ok
15:43:45.0694 3028  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
15:43:45.0695 3028  AmdK8 - ok
15:43:45.0806 3028  [ 5165E83751B8FF40E5E4925996FCC506 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
15:43:45.0911 3028  amdkmdag - ok
15:43:45.0922 3028  [ 86AB3CF484260C4318F3A6E8B035F422 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
15:43:45.0926 3028  amdkmdap - ok
15:43:45.0930 3028  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
15:43:45.0931 3028  AmdPPM - ok
15:43:45.0936 3028  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
15:43:45.0937 3028  amdsata - ok
15:43:45.0943 3028  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
15:43:45.0945 3028  amdsbs - ok
15:43:45.0949 3028  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
15:43:45.0950 3028  amdxata - ok
15:43:45.0954 3028  [ 9C7F164B49CADC658D1B3C575782F346 ] AmUStor         C:\Windows\system32\drivers\AmUStor.SYS
15:43:45.0955 3028  AmUStor - ok
15:43:45.0958 3028  [ BC3E934AF147211CB5D61AC257371E4A ] Andbus          C:\Windows\system32\DRIVERS\lgandbus64.sys
15:43:45.0959 3028  Andbus - ok
15:43:45.0964 3028  [ AED499431A45810D28BECA2F7CFD2635 ] AndDiag         C:\Windows\system32\DRIVERS\lganddiag64.sys
15:43:45.0965 3028  AndDiag - ok
15:43:45.0969 3028  [ C2C42287F8E8F54081B46D22A413E8D3 ] AndGps          C:\Windows\system32\DRIVERS\lgandgps64.sys
15:43:45.0969 3028  AndGps - ok
15:43:45.0976 3028  [ 75BEFD9D99FD08CA2D697D878EF4F23D ] ANDModem        C:\Windows\system32\DRIVERS\lgandmodem64.sys
15:43:45.0977 3028  ANDModem - ok
15:43:45.0983 3028  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
15:43:45.0984 3028  AppID - ok
15:43:45.0989 3028  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
15:43:45.0990 3028  AppIDSvc - ok
15:43:45.0996 3028  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
15:43:45.0997 3028  Appinfo - ok
15:43:46.0003 3028  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:43:46.0004 3028  Apple Mobile Device - ok
15:43:46.0009 3028  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
15:43:46.0011 3028  arc - ok
15:43:46.0017 3028  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
15:43:46.0018 3028  arcsas - ok
15:43:46.0024 3028  [ 18E5C2F937F9DEB8C282DF66A3761925 ] ASLDRService    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
15:43:46.0025 3028  ASLDRService - ok
15:43:46.0029 3028  [ 4C016FD76ED5C05E84CA8CAB77993961 ] ASMMAP64        C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
15:43:46.0030 3028  ASMMAP64 - ok
15:43:46.0044 3028  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
15:43:46.0046 3028  aspnet_state - ok
15:43:46.0049 3028  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
15:43:46.0050 3028  AsyncMac - ok
15:43:46.0054 3028  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
15:43:46.0055 3028  atapi - ok
15:43:46.0076 3028  [ F8633CDD09647A64EE8DB550630427FF ] athr            C:\Windows\system32\DRIVERS\athrx.sys
15:43:46.0093 3028  athr - ok
15:43:46.0101 3028  [ B0790FF0E25B7A2674296052F2162C1A ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
15:43:46.0102 3028  AtiHDAudioService - ok
15:43:46.0107 3028  [ 7910158929571214A959D5A6D16DD9C0 ] ATKGFNEXSrv     C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
15:43:46.0108 3028  ATKGFNEXSrv - ok
15:43:46.0121 3028  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:43:46.0129 3028  AudioEndpointBuilder - ok
15:43:46.0140 3028  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
15:43:46.0144 3028  AudioSrv - ok
15:43:46.0153 3028  [ 38AE54966E8C0004F20965BBC00F74FB ] AVP             C:\Program Files (x86)\Kaspersky Security Suite CBE 12\avp.exe
15:43:46.0155 3028  AVP - ok
15:43:46.0160 3028  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
15:43:46.0162 3028  AxInstSV - ok
15:43:46.0171 3028  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
15:43:46.0177 3028  b06bdrv - ok
15:43:46.0185 3028  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
15:43:46.0188 3028  b57nd60a - ok
15:43:46.0194 3028  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
15:43:46.0196 3028  BDESVC - ok
15:43:46.0200 3028  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
15:43:46.0201 3028  Beep - ok
15:43:46.0213 3028  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
15:43:46.0222 3028  BFE - ok
15:43:46.0228 3028  BITCOMET_HELPER_SERVICE - ok
15:43:46.0242 3028  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
15:43:46.0254 3028  BITS - ok
15:43:46.0259 3028  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
15:43:46.0259 3028  blbdrive - ok
15:43:46.0270 3028  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
15:43:46.0275 3028  Bonjour Service - ok
15:43:46.0281 3028  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
15:43:46.0282 3028  bowser - ok
15:43:46.0287 3028  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:43:46.0287 3028  BrFiltLo - ok
15:43:46.0291 3028  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:43:46.0292 3028  BrFiltUp - ok
15:43:46.0297 3028  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
15:43:46.0300 3028  Browser - ok
15:43:46.0307 3028  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
15:43:46.0311 3028  Brserid - ok
15:43:46.0315 3028  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
15:43:46.0316 3028  BrSerWdm - ok
15:43:46.0320 3028  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
15:43:46.0320 3028  BrUsbMdm - ok
15:43:46.0326 3028  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
15:43:46.0326 3028  BrUsbSer - ok
15:43:46.0330 3028  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
15:43:46.0331 3028  BthEnum - ok
15:43:46.0335 3028  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
15:43:46.0336 3028  BTHMODEM - ok
15:43:46.0341 3028  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
15:43:46.0343 3028  BthPan - ok
15:43:46.0352 3028  [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
15:43:46.0358 3028  BTHPORT - ok
15:43:46.0363 3028  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
15:43:46.0365 3028  bthserv - ok
15:43:46.0369 3028  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
15:43:46.0370 3028  BTHUSB - ok
15:43:46.0374 3028  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
15:43:46.0375 3028  cdfs - ok
15:43:46.0380 3028  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
15:43:46.0382 3028  cdrom - ok
15:43:46.0387 3028  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
15:43:46.0389 3028  CertPropSvc - ok
15:43:46.0393 3028  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
15:43:46.0394 3028  circlass - ok
15:43:46.0402 3028  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
15:43:46.0406 3028  CLFS - ok
15:43:46.0414 3028  [ 4C6406CF07D4EBB70C5774D55C6688FB ] CLHNServiceForPowerDVD12 C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
15:43:46.0415 3028  CLHNServiceForPowerDVD12 - ok
15:43:46.0422 3028  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:43:46.0423 3028  clr_optimization_v2.0.50727_32 - ok
15:43:46.0429 3028  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:43:46.0431 3028  clr_optimization_v2.0.50727_64 - ok
15:43:46.0439 3028  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:43:46.0440 3028  clr_optimization_v4.0.30319_32 - ok
15:43:46.0445 3028  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:43:46.0446 3028  clr_optimization_v4.0.30319_64 - ok
15:43:46.0450 3028  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
15:43:46.0451 3028  CmBatt - ok
15:43:46.0454 3028  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
15:43:46.0455 3028  cmdide - ok
15:43:46.0464 3028  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
15:43:46.0469 3028  CNG - ok
15:43:46.0472 3028  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
15:43:46.0473 3028  Compbatt - ok
15:43:46.0477 3028  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
15:43:46.0478 3028  CompositeBus - ok
15:43:46.0481 3028  COMSysApp - ok
15:43:46.0486 3028  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
15:43:46.0486 3028  crcdisk - ok
15:43:46.0493 3028  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
15:43:46.0497 3028  CryptSvc - ok
15:43:46.0502 3028  [ EA22BCA708B37B82ADEBC822A171B92E ] CyberLink PowerDVD 12 Media Server Monitor Service C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
15:43:46.0504 3028  CyberLink PowerDVD 12 Media Server Monitor Service - ok
15:43:46.0510 3028  [ 3168D2F171A64590E7A11355CAE60A1E ] CyberLink PowerDVD 12 Media Server Service C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
15:43:46.0512 3028  CyberLink PowerDVD 12 Media Server Service - ok
15:43:46.0523 3028  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
15:43:46.0530 3028  DcomLaunch - ok
15:43:46.0538 3028  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
15:43:46.0542 3028  defragsvc - ok
15:43:46.0547 3028  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
15:43:46.0548 3028  DfsC - ok
15:43:46.0556 3028  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
15:43:46.0561 3028  Dhcp - ok
15:43:46.0565 3028  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
15:43:46.0566 3028  discache - ok
15:43:46.0570 3028  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
15:43:46.0571 3028  Disk - ok
15:43:46.0576 3028  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
15:43:46.0580 3028  Dnscache - ok
15:43:46.0586 3028  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
15:43:46.0590 3028  dot3svc - ok
15:43:46.0596 3028  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
15:43:46.0599 3028  DPS - ok
15:43:46.0603 3028  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
15:43:46.0603 3028  drmkaud - ok
15:43:46.0610 3028  [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01     C:\Windows\system32\DRIVERS\dtsoftbus01.sys
15:43:46.0614 3028  dtsoftbus01 - ok
15:43:46.0628 3028  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
15:43:46.0639 3028  DXGKrnl - ok
15:43:46.0643 3028  EagleX64 - ok
15:43:46.0648 3028  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
15:43:46.0651 3028  EapHost - ok
15:43:46.0689 3028  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
15:43:46.0723 3028  ebdrv - ok
15:43:46.0727 3028  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
15:43:46.0728 3028  EFS - ok
15:43:46.0741 3028  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
15:43:46.0749 3028  ehRecvr - ok
15:43:46.0754 3028  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
15:43:46.0756 3028  ehSched - ok
15:43:46.0765 3028  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
15:43:46.0771 3028  elxstor - ok
15:43:46.0775 3028  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
15:43:46.0776 3028  ErrDev - ok
15:43:46.0787 3028  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
15:43:46.0792 3028  EventSystem - ok
15:43:46.0798 3028  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
15:43:46.0800 3028  exfat - ok
15:43:46.0806 3028  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
15:43:46.0809 3028  fastfat - ok
15:43:46.0820 3028  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
15:43:46.0828 3028  Fax - ok
15:43:46.0832 3028  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
15:43:46.0833 3028  fdc - ok
15:43:46.0836 3028  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
15:43:46.0838 3028  fdPHost - ok
15:43:46.0841 3028  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
15:43:46.0843 3028  FDResPub - ok
15:43:46.0847 3028  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
15:43:46.0848 3028  FileInfo - ok
15:43:46.0851 3028  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
15:43:46.0852 3028  Filetrace - ok
15:43:46.0855 3028  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
15:43:46.0856 3028  flpydisk - ok
15:43:46.0863 3028  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
15:43:46.0866 3028  FltMgr - ok
15:43:46.0881 3028  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
15:43:46.0893 3028  FontCache - ok
15:43:46.0899 3028  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:43:46.0899 3028  FontCache3.0.0.0 - ok
15:43:46.0904 3028  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
15:43:46.0905 3028  FsDepends - ok
15:43:46.0909 3028  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
15:43:46.0909 3028  Fs_Rec - ok
15:43:46.0915 3028  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
15:43:46.0918 3028  fvevol - ok
15:43:46.0922 3028  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
15:43:46.0923 3028  gagp30kx - ok
15:43:46.0927 3028  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:43:46.0927 3028  GEARAspiWDM - ok
15:43:46.0939 3028  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
15:43:46.0948 3028  gpsvc - ok
15:43:46.0952 3028  [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi         C:\Windows\system32\DRIVERS\hamachi.sys
15:43:46.0953 3028  hamachi - ok
15:43:46.0981 3028  [ F10C3F2E002100BF8B797DCF283FEA7D ] Hamachi2Svc     C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
15:43:46.0995 3028  Hamachi2Svc - ok
15:43:47.0000 3028  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
15:43:47.0000 3028  hcw85cir - ok
15:43:47.0008 3028  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:43:47.0012 3028  HdAudAddService - ok
15:43:47.0016 3028  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
15:43:47.0018 3028  HDAudBus - ok
15:43:47.0022 3028  [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64         C:\Windows\system32\DRIVERS\HECIx64.sys
15:43:47.0023 3028  HECIx64 - ok
15:43:47.0027 3028  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
15:43:47.0027 3028  HidBatt - ok
15:43:47.0032 3028  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
15:43:47.0033 3028  HidBth - ok
15:43:47.0037 3028  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
15:43:47.0037 3028  HidIr - ok
15:43:47.0041 3028  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
15:43:47.0043 3028  hidserv - ok
15:43:47.0047 3028  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
15:43:47.0047 3028  HidUsb - ok
15:43:47.0052 3028  [ 8D1F00F4254C3EF428B715484940427C ] HiPatchService  F:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
15:43:47.0052 3028  HiPatchService - ok
15:43:47.0056 3028  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
15:43:47.0059 3028  hkmsvc - ok
15:43:47.0065 3028  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:43:47.0069 3028  HomeGroupListener - ok
15:43:47.0075 3028  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:43:47.0079 3028  HomeGroupProvider - ok
15:43:47.0083 3028  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
15:43:47.0084 3028  HpSAMD - ok
15:43:47.0096 3028  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
15:43:47.0104 3028  HTTP - ok
15:43:47.0107 3028  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
15:43:47.0108 3028  hwpolicy - ok
15:43:47.0112 3028  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
15:43:47.0113 3028  i8042prt - ok
15:43:47.0122 3028  [ BBB3B6DF1ABB0FE35802EDE85CC1C011 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
15:43:47.0124 3028  iaStor - ok
15:43:47.0132 3028  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
15:43:47.0136 3028  iaStorV - ok
15:43:47.0148 3028  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:43:47.0158 3028  idsvc - ok
15:43:47.0162 3028  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
15:43:47.0163 3028  iirsp - ok
15:43:47.0175 3028  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
15:43:47.0184 3028  IKEEXT - ok
15:43:47.0213 3028  [ 490947A9AFF7CA31EF2E08F5776105EB ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
15:43:47.0236 3028  IntcAzAudAddService - ok
15:43:47.0240 3028  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
15:43:47.0241 3028  intelide - ok
15:43:47.0245 3028  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
15:43:47.0246 3028  intelppm - ok
15:43:47.0251 3028  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
15:43:47.0253 3028  IPBusEnum - ok
15:43:47.0257 3028  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:43:47.0258 3028  IpFilterDriver - ok
15:43:47.0267 3028  [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
15:43:47.0273 3028  iphlpsvc - ok
15:43:47.0277 3028  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
15:43:47.0278 3028  IPMIDRV - ok
15:43:47.0283 3028  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
15:43:47.0285 3028  IPNAT - ok
15:43:47.0297 3028  [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
15:43:47.0303 3028  iPod Service - ok
15:43:47.0307 3028  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
15:43:47.0308 3028  IRENUM - ok
15:43:47.0311 3028  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
15:43:47.0312 3028  isapnp - ok
15:43:47.0318 3028  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
15:43:47.0321 3028  iScsiPrt - ok
15:43:47.0325 3028  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
15:43:47.0326 3028  kbdclass - ok
15:43:47.0330 3028  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
15:43:47.0330 3028  kbdhid - ok
15:43:47.0334 3028  [ E63EF8C3271D014F14E2469CE75FECB4 ] kbfiltr         C:\Windows\system32\DRIVERS\kbfiltr.sys
15:43:47.0334 3028  kbfiltr - ok
15:43:47.0337 3028  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
15:43:47.0339 3028  KeyIso - ok
15:43:47.0348 3028  [ E656FE10D6D27794AFA08136685A69E8 ] KL1             C:\Windows\system32\DRIVERS\kl1.sys
15:43:47.0353 3028  KL1 - ok
15:43:47.0357 3028  [ D865DD8B0448E3F963D68C04C532858F ] kl2             C:\Windows\system32\DRIVERS\kl2.sys
15:43:47.0358 3028  kl2 - ok
15:43:47.0368 3028  [ C7D4F357C482DD37E2B05F34093B7B0C ] KLIF            C:\Windows\system32\DRIVERS\klif.sys
15:43:47.0374 3028  KLIF - ok
15:43:47.0379 3028  [ 89FB5A33D7171B6D84F5EB721D5055E1 ] KLIM6           C:\Windows\system32\DRIVERS\klim6.sys
15:43:47.0380 3028  KLIM6 - ok
15:43:47.0385 3028  [ 9468D07E91BA136D82415F5DFC1FE168 ] klmouflt        C:\Windows\system32\DRIVERS\klmouflt.sys
15:43:47.0385 3028  klmouflt - ok
15:43:47.0390 3028  [ 07071C1E3CD8F0F9114AAC8B072CA1E5 ] KMWDFILTER      C:\Windows\system32\DRIVERS\KMWDFILTER.sys
15:43:47.0390 3028  KMWDFILTER - ok
15:43:47.0395 3028  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
15:43:47.0396 3028  KSecDD - ok
15:43:47.0401 3028  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
15:43:47.0402 3028  KSecPkg - ok
15:43:47.0406 3028  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
15:43:47.0407 3028  ksthunk - ok
15:43:47.0414 3028  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
15:43:47.0419 3028  KtmRm - ok
15:43:47.0423 3028  [ 9DDC68B87A9B837736A2B193EE14A4A5 ] L1C             C:\Windows\system32\DRIVERS\L1C62x64.sys
15:43:47.0424 3028  L1C - ok
15:43:47.0431 3028  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
15:43:47.0435 3028  LanmanServer - ok
15:43:47.0440 3028  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:43:47.0443 3028  LanmanWorkstation - ok
15:43:47.0448 3028  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
15:43:47.0450 3028  lltdio - ok
15:43:47.0456 3028  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
15:43:47.0461 3028  lltdsvc - ok
15:43:47.0464 3028  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
15:43:47.0466 3028  lmhosts - ok
15:43:47.0472 3028  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
15:43:47.0473 3028  LSI_FC - ok
15:43:47.0478 3028  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
15:43:47.0479 3028  LSI_SAS - ok
15:43:47.0482 3028  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:43:47.0483 3028  LSI_SAS2 - ok
15:43:47.0488 3028  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:43:47.0489 3028  LSI_SCSI - ok
15:43:47.0495 3028  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
15:43:47.0496 3028  luafv - ok
15:43:47.0505 3028  [ 1F02B554DDC4086D786537A3BF6488F1 ] lxecCATSCustConnectService C:\Windows\system32\spool\DRIVERS\x64\3\\lxecserv.exe
15:43:47.0507 3028  lxecCATSCustConnectService - ok
15:43:47.0510 3028  lxec_device - ok
15:43:47.0515 3028  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
15:43:47.0518 3028  Mcx2Svc - ok
15:43:47.0521 3028  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
15:43:47.0522 3028  megasas - ok
15:43:47.0529 3028  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
15:43:47.0532 3028  MegaSR - ok
15:43:47.0536 3028  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
15:43:47.0539 3028  MMCSS - ok
15:43:47.0542 3028  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
15:43:47.0543 3028  Modem - ok
15:43:47.0547 3028  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
15:43:47.0548 3028  monitor - ok
15:43:47.0551 3028  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
15:43:47.0552 3028  mouclass - ok
15:43:47.0556 3028  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
15:43:47.0557 3028  mouhid - ok
15:43:47.0561 3028  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
15:43:47.0562 3028  mountmgr - ok
15:43:47.0567 3028  [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:43:47.0569 3028  MozillaMaintenance - ok
15:43:47.0575 3028  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
15:43:47.0577 3028  mpio - ok
15:43:47.0581 3028  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
15:43:47.0581 3028  mpsdrv - ok
15:43:47.0593 3028  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
15:43:47.0602 3028  MpsSvc - ok
15:43:47.0608 3028  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
15:43:47.0610 3028  MRxDAV - ok
15:43:47.0615 3028  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
15:43:47.0616 3028  mrxsmb - ok
15:43:47.0623 3028  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:43:47.0626 3028  mrxsmb10 - ok
15:43:47.0631 3028  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:43:47.0632 3028  mrxsmb20 - ok
15:43:47.0635 3028  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
15:43:47.0636 3028  msahci - ok
15:43:47.0641 3028  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
15:43:47.0643 3028  msdsm - ok
15:43:47.0647 3028  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
15:43:47.0650 3028  MSDTC - ok
15:43:47.0657 3028  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
15:43:47.0658 3028  Msfs - ok
15:43:47.0661 3028  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
15:43:47.0662 3028  mshidkmdf - ok
15:43:47.0665 3028  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
15:43:47.0666 3028  msisadrv - ok
15:43:47.0672 3028  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
15:43:47.0675 3028  MSiSCSI - ok
15:43:47.0678 3028  msiserver - ok
15:43:47.0682 3028  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
15:43:47.0683 3028  MSKSSRV - ok
15:43:47.0686 3028  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
15:43:47.0686 3028  MSPCLOCK - ok
15:43:47.0690 3028  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
15:43:47.0690 3028  MSPQM - ok
15:43:47.0698 3028  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
15:43:47.0701 3028  MsRPC - ok
15:43:47.0707 3028  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
15:43:47.0707 3028  mssmbios - ok
15:43:47.0712 3028  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
15:43:47.0712 3028  MSTEE - ok
15:43:47.0716 3028  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
15:43:47.0716 3028  MTConfig - ok
15:43:47.0720 3028  [ 032D35C996F21D19A205A7C8F0B76F3C ] MTsensor        C:\Windows\system32\DRIVERS\ATK64AMD.sys
15:43:47.0721 3028  MTsensor - ok
15:43:47.0724 3028  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
15:43:47.0725 3028  Mup - ok
15:43:47.0734 3028  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
15:43:47.0740 3028  napagent - ok
15:43:47.0747 3028  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
15:43:47.0750 3028  NativeWifiP - ok
15:43:47.0764 3028  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
15:43:47.0773 3028  NDIS - ok
15:43:47.0777 3028  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
15:43:47.0778 3028  NdisCap - ok
15:43:47.0782 3028  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
15:43:47.0782 3028  NdisTapi - ok
15:43:47.0786 3028  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
15:43:47.0787 3028  Ndisuio - ok
15:43:47.0793 3028  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
15:43:47.0795 3028  NdisWan - ok
15:43:47.0799 3028  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
15:43:47.0799 3028  NDProxy - ok
15:43:47.0803 3028  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
15:43:47.0804 3028  NetBIOS - ok
15:43:47.0811 3028  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
15:43:47.0814 3028  NetBT - ok
15:43:47.0818 3028  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
15:43:47.0819 3028  Netlogon - ok
15:43:47.0827 3028  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
15:43:47.0833 3028  Netman - ok
15:43:47.0839 3028  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:43:47.0841 3028  NetMsmqActivator - ok
15:43:47.0847 3028  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:43:47.0848 3028  NetPipeActivator - ok
15:43:47.0857 3028  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
15:43:47.0863 3028  netprofm - ok
15:43:47.0868 3028  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:43:47.0869 3028  NetTcpActivator - ok
15:43:47.0873 3028  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:43:47.0875 3028  NetTcpPortSharing - ok
15:43:47.0879 3028  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
15:43:47.0880 3028  nfrd960 - ok
15:43:47.0887 3028  [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc          C:\Windows\System32\nlasvc.dll
15:43:47.0892 3028  NlaSvc - ok
15:43:47.0895 3028  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
15:43:47.0896 3028  Npfs - ok
15:43:47.0900 3028  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
15:43:47.0902 3028  nsi - ok
15:43:47.0905 3028  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
15:43:47.0906 3028  nsiproxy - ok
15:43:47.0927 3028  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
15:43:47.0943 3028  Ntfs - ok
15:43:47.0947 3028  [ EAAC965642EF5F818AED508CADF83E4B ] ntk_PowerDVD12  C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys
15:43:47.0949 3028  ntk_PowerDVD12 - ok
15:43:47.0953 3028  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
15:43:47.0953 3028  Null - ok
15:43:47.0959 3028  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
15:43:47.0960 3028  nvraid - ok
15:43:47.0965 3028  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
15:43:47.0967 3028  nvstor - ok
15:43:47.0972 3028  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
15:43:47.0973 3028  nv_agp - ok
15:43:47.0977 3028  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
15:43:47.0978 3028  ohci1394 - ok
15:43:47.0984 3028  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:43:47.0986 3028  ose - ok
15:43:48.0042 3028  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:43:48.0069 3028  osppsvc - ok
15:43:48.0079 3028  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
15:43:48.0083 3028  p2pimsvc - ok
15:43:48.0092 3028  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
15:43:48.0099 3028  p2psvc - ok
15:43:48.0103 3028  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
15:43:48.0105 3028  Parport - ok
15:43:48.0110 3028  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
15:43:48.0111 3028  partmgr - ok
15:43:48.0119 3028  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
15:43:48.0123 3028  PcaSvc - ok
15:43:48.0128 3028  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
15:43:48.0131 3028  pci - ok
15:43:48.0134 3028  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
15:43:48.0135 3028  pciide - ok
15:43:48.0141 3028  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
15:43:48.0143 3028  pcmcia - ok
15:43:48.0147 3028  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
15:43:48.0148 3028  pcw - ok
15:43:48.0157 3028  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
15:43:48.0163 3028  PEAUTH - ok
15:43:48.0193 3028  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
15:43:48.0195 3028  PerfHost - ok
15:43:48.0217 3028  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
15:43:48.0232 3028  pla - ok
15:43:48.0240 3028  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
15:43:48.0247 3028  PlugPlay - ok
15:43:48.0251 3028  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
15:43:48.0253 3028  PNRPAutoReg - ok
15:43:48.0260 3028  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
15:43:48.0263 3028  PNRPsvc - ok
15:43:48.0272 3028  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
15:43:48.0279 3028  PolicyAgent - ok
15:43:48.0285 3028  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
15:43:48.0289 3028  Power - ok
15:43:48.0294 3028  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
15:43:48.0295 3028  PptpMiniport - ok
15:43:48.0299 3028  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
15:43:48.0299 3028  Processor - ok
15:43:48.0306 3028  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
15:43:48.0310 3028  ProfSvc - ok
15:43:48.0313 3028  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:43:48.0315 3028  ProtectedStorage - ok
15:43:48.0320 3028  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
15:43:48.0322 3028  Psched - ok
15:43:48.0329 3028  [ 788CB65D49D1162C5EE6814AFE5B0A70 ] PSI_SVC_2_x64   c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
15:43:48.0332 3028  PSI_SVC_2_x64 - ok
15:43:48.0352 3028  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
15:43:48.0367 3028  ql2300 - ok
15:43:48.0372 3028  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
15:43:48.0373 3028  ql40xx - ok
15:43:48.0379 3028  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
15:43:48.0383 3028  QWAVE - ok
15:43:48.0387 3028  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
15:43:48.0388 3028  QWAVEdrv - ok
15:43:48.0391 3028  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
15:43:48.0392 3028  RasAcd - ok
15:43:48.0396 3028  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
15:43:48.0397 3028  RasAgileVpn - ok
15:43:48.0401 3028  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
15:43:48.0404 3028  RasAuto - ok
15:43:48.0408 3028  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
15:43:48.0410 3028  Rasl2tp - ok
15:43:48.0417 3028  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
15:43:48.0422 3028  RasMan - ok
15:43:48.0426 3028  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
15:43:48.0427 3028  RasPppoe - ok
15:43:48.0432 3028  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
15:43:48.0433 3028  RasSstp - ok
15:43:48.0440 3028  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
15:43:48.0443 3028  rdbss - ok
15:43:48.0447 3028  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
15:43:48.0447 3028  rdpbus - ok
15:43:48.0451 3028  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
15:43:48.0451 3028  RDPCDD - ok
15:43:48.0457 3028  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
15:43:48.0457 3028  RDPENCDD - ok
15:43:48.0462 3028  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
15:43:48.0462 3028  RDPREFMP - ok
15:43:48.0468 3028  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
15:43:48.0470 3028  RDPWD - ok
15:43:48.0476 3028  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
15:43:48.0478 3028  rdyboost - ok
15:43:48.0483 3028  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
15:43:48.0485 3028  RemoteAccess - ok
15:43:48.0491 3028  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
15:43:48.0494 3028  RemoteRegistry - ok
15:43:48.0500 3028  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
15:43:48.0502 3028  RFCOMM - ok
15:43:48.0506 3028  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
15:43:48.0509 3028  RpcEptMapper - ok
15:43:48.0512 3028  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
15:43:48.0514 3028  RpcLocator - ok
15:43:48.0522 3028  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
15:43:48.0526 3028  RpcSs - ok
15:43:48.0531 3028  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
15:43:48.0532 3028  rspndr - ok
15:43:48.0535 3028  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
15:43:48.0536 3028  SamSs - ok
15:43:48.0541 3028  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
15:43:48.0542 3028  sbp2port - ok
15:43:48.0559 3028  [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService  C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
15:43:48.0570 3028  SBSDWSCService - ok
15:43:48.0577 3028  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
15:43:48.0581 3028  SCardSvr - ok
15:43:48.0584 3028  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
15:43:48.0585 3028  scfilter - ok
15:43:48.0599 3028  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
15:43:48.0611 3028  Schedule - ok
15:43:48.0616 3028  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
15:43:48.0617 3028  SCPolicySvc - ok
15:43:48.0623 3028  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
15:43:48.0626 3028  SDRSVC - ok
15:43:48.0630 3028  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
15:43:48.0630 3028  secdrv - ok
15:43:48.0634 3028  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
15:43:48.0637 3028  seclogon - ok
15:43:48.0641 3028  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
15:43:48.0643 3028  SENS - ok
15:43:48.0647 3028  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
15:43:48.0650 3028  SensrSvc - ok
15:43:48.0653 3028  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
15:43:48.0654 3028  Serenum - ok
15:43:48.0658 3028  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
15:43:48.0659 3028  Serial - ok
15:43:48.0663 3028  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
15:43:48.0663 3028  sermouse - ok
15:43:48.0673 3028  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
15:43:48.0676 3028  SessionEnv - ok
15:43:48.0679 3028  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
15:43:48.0680 3028  sffdisk - ok
15:43:48.0683 3028  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
15:43:48.0684 3028  sffp_mmc - ok
15:43:48.0688 3028  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
15:43:48.0689 3028  sffp_sd - ok
15:43:48.0693 3028  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
15:43:48.0694 3028  sfloppy - ok
15:43:48.0702 3028  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
15:43:48.0706 3028  SharedAccess - ok
15:43:48.0714 3028  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:43:48.0720 3028  ShellHWDetection - ok
15:43:48.0724 3028  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:43:48.0725 3028  SiSRaid2 - ok
15:43:48.0729 3028  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
15:43:48.0730 3028  SiSRaid4 - ok
15:43:48.0736 3028  [ DDAA5F4A6B958FC313EBD02DD925752F ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
15:43:48.0738 3028  SkypeUpdate - ok
15:43:48.0742 3028  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
15:43:48.0743 3028  Smb - ok
15:43:48.0750 3028  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
15:43:48.0752 3028  SNMPTRAP - ok
15:43:48.0756 3028  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
15:43:48.0757 3028  spldr - ok
15:43:48.0767 3028  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
15:43:48.0771 3028  Spooler - ok
15:43:48.0812 3028  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
15:43:48.0849 3028  sppsvc - ok
15:43:48.0855 3028  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
15:43:48.0858 3028  sppuinotify - ok
15:43:48.0868 3028  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
15:43:48.0873 3028  srv - ok
15:43:48.0882 3028  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
15:43:48.0886 3028  srv2 - ok
15:43:48.0892 3028  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
15:43:48.0894 3028  srvnet - ok
15:43:48.0900 3028  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
15:43:48.0904 3028  SSDPSRV - ok
15:43:48.0908 3028  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
15:43:48.0911 3028  SstpSvc - ok
15:43:48.0915 3028  Steam Client Service - ok
15:43:48.0919 3028  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
15:43:48.0920 3028  stexstor - ok
15:43:48.0930 3028  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
15:43:48.0938 3028  stisvc - ok
15:43:48.0942 3028  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
15:43:48.0943 3028  swenum - ok
15:43:48.0951 3028  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
15:43:48.0958 3028  swprv - ok
15:43:48.0966 3028  [ 01A658167619075BAAD31C96074C0B38 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
15:43:48.0969 3028  SynTP - ok
15:43:48.0990 3028  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
15:43:49.0009 3028  SysMain - ok
15:43:49.0015 3028  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:43:49.0018 3028  TabletInputService - ok
15:43:49.0025 3028  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
15:43:49.0030 3028  TapiSrv - ok
15:43:49.0034 3028  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
15:43:49.0036 3028  TBS - ok
15:43:49.0059 3028  [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
15:43:49.0077 3028  Tcpip - ok
15:43:49.0099 3028  [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
15:43:49.0110 3028  TCPIP6 - ok
15:43:49.0117 3028  [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
15:43:49.0118 3028  tcpipreg - ok
15:43:49.0124 3028  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
15:43:49.0124 3028  TDPIPE - ok
15:43:49.0128 3028  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
15:43:49.0129 3028  TDTCP - ok
15:43:49.0133 3028  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
15:43:49.0134 3028  tdx - ok
15:43:49.0173 3028  [ 3E85BDD019E3DB66D9471DAD7FD6A887 ] TeamViewer7     C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
15:43:49.0190 3028  TeamViewer7 - ok
15:43:49.0196 3028  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
15:43:49.0197 3028  TermDD - ok
15:43:49.0207 3028  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
15:43:49.0215 3028  TermService - ok
15:43:49.0219 3028  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
15:43:49.0222 3028  Themes - ok
15:43:49.0226 3028  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
15:43:49.0228 3028  THREADORDER - ok
15:43:49.0232 3028  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
15:43:49.0235 3028  TrkWks - ok
15:43:49.0241 3028  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:43:49.0243 3028  TrustedInstaller - ok
15:43:49.0248 3028  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
15:43:49.0249 3028  tssecsrv - ok
15:43:49.0253 3028  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
15:43:49.0254 3028  TsUsbFlt - ok
15:43:49.0259 3028  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
15:43:49.0261 3028  tunnel - ok
15:43:49.0266 3028  [ 825E7A1F48FB8BCFBA27C178AAB4E275 ] TurboB          C:\Windows\system32\DRIVERS\TurboB.sys
15:43:49.0266 3028  TurboB - ok
15:43:49.0272 3028  [ B206BE1174D5964D49A56BB6C4E0524A ] TurboBoost      C:\Program Files\Intel\TurboBoost\TurboBoost.exe
15:43:49.0273 3028  TurboBoost - ok
15:43:49.0277 3028  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
15:43:49.0278 3028  uagp35 - ok
15:43:49.0285 3028  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
15:43:49.0289 3028  udfs - ok
15:43:49.0296 3028  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
15:43:49.0299 3028  UI0Detect - ok
15:43:49.0303 3028  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
15:43:49.0304 3028  uliagpkx - ok
15:43:49.0309 3028  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
15:43:49.0310 3028  umbus - ok
15:43:49.0314 3028  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
15:43:49.0314 3028  UmPass - ok
15:43:49.0322 3028  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
15:43:49.0328 3028  upnphost - ok
15:43:49.0333 3028  [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
15:43:49.0333 3028  USBAAPL64 - ok
15:43:49.0338 3028  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
15:43:49.0339 3028  usbaudio - ok
15:43:49.0344 3028  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
15:43:49.0345 3028  usbccgp - ok
15:43:49.0349 3028  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
15:43:49.0351 3028  usbcir - ok
15:43:49.0355 3028  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
15:43:49.0356 3028  usbehci - ok
15:43:49.0364 3028  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
15:43:49.0368 3028  usbhub - ok
15:43:49.0371 3028  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
15:43:49.0372 3028  usbohci - ok
15:43:49.0376 3028  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
15:43:49.0377 3028  usbprint - ok
15:43:49.0381 3028  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
15:43:49.0382 3028  usbscan - ok
15:43:49.0386 3028  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:43:49.0388 3028  USBSTOR - ok
15:43:49.0391 3028  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
15:43:49.0392 3028  usbuhci - ok
15:43:49.0399 3028  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
15:43:49.0402 3028  usbvideo - ok
15:43:49.0406 3028  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
15:43:49.0409 3028  UxSms - ok
15:43:49.0412 3028  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
15:43:49.0413 3028  VaultSvc - ok
15:43:49.0417 3028  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
15:43:49.0418 3028  vdrvroot - ok
15:43:49.0428 3028  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
15:43:49.0437 3028  vds - ok
15:43:49.0441 3028  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
15:43:49.0442 3028  vga - ok
15:43:49.0445 3028  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
15:43:49.0446 3028  VgaSave - ok
15:43:49.0452 3028  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
15:43:49.0454 3028  vhdmp - ok
15:43:49.0458 3028  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
15:43:49.0459 3028  viaide - ok
15:43:49.0463 3028  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
15:43:49.0464 3028  volmgr - ok
15:43:49.0472 3028  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
15:43:49.0476 3028  volmgrx - ok
15:43:49.0483 3028  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
15:43:49.0488 3028  volsnap - ok
15:43:49.0493 3028  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
15:43:49.0495 3028  vsmraid - ok
15:43:49.0516 3028  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
15:43:49.0535 3028  VSS - ok
15:43:49.0538 3028  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
15:43:49.0540 3028  vwifibus - ok
15:43:49.0544 3028  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
15:43:49.0545 3028  vwififlt - ok
15:43:49.0548 3028  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
15:43:49.0549 3028  vwifimp - ok
15:43:49.0557 3028  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
15:43:49.0563 3028  W32Time - ok
15:43:49.0568 3028  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
15:43:49.0569 3028  WacomPen - ok
15:43:49.0574 3028  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
15:43:49.0575 3028  WANARP - ok
15:43:49.0579 3028  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
15:43:49.0580 3028  Wanarpv6 - ok
15:43:49.0598 3028  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
15:43:49.0615 3028  wbengine - ok
15:43:49.0621 3028  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
15:43:49.0625 3028  WbioSrvc - ok
15:43:49.0633 3028  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
15:43:49.0639 3028  wcncsvc - ok
15:43:49.0643 3028  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:43:49.0646 3028  WcsPlugInService - ok
15:43:49.0650 3028  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
15:43:49.0651 3028  Wd - ok
15:43:49.0661 3028  [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
15:43:49.0668 3028  Wdf01000 - ok
15:43:49.0672 3028  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
15:43:49.0675 3028  WdiServiceHost - ok
15:43:49.0679 3028  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
15:43:49.0682 3028  WdiSystemHost - ok
15:43:49.0688 3028  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
15:43:49.0693 3028  WebClient - ok
15:43:49.0699 3028  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
15:43:49.0704 3028  Wecsvc - ok
15:43:49.0708 3028  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
15:43:49.0712 3028  wercplsupport - ok
15:43:49.0716 3028  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
15:43:49.0719 3028  WerSvc - ok
15:43:49.0723 3028  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
15:43:49.0724 3028  WfpLwf - ok
15:43:49.0727 3028  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
15:43:49.0728 3028  WIMMount - ok
15:43:49.0730 3028  WinDefend - ok
15:43:49.0737 3028  WinHttpAutoProxySvc - ok
15:43:49.0748 3028  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
15:43:49.0751 3028  Winmgmt - ok
15:43:49.0757 3028  [ 0C0195C48B6B8582FA6F6373032118DA ] WinRing0_1_2_0  C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys
15:43:49.0758 3028  WinRing0_1_2_0 - ok
15:43:49.0782 3028  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
15:43:49.0804 3028  WinRM - ok
15:43:49.0812 3028  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
15:43:49.0813 3028  WinUsb - ok
15:43:49.0826 3028  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
15:43:49.0837 3028  Wlansvc - ok
15:43:49.0866 3028  [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:43:49.0879 3028  wlidsvc - ok
15:43:49.0883 3028  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
15:43:49.0884 3028  WmiAcpi - ok
15:43:49.0892 3028  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
15:43:49.0895 3028  wmiApSrv - ok
15:43:49.0899 3028  WMPNetworkSvc - ok
15:43:49.0904 3028  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
15:43:49.0907 3028  WPCSvc - ok
15:43:49.0911 3028  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
15:43:49.0915 3028  WPDBusEnum - ok
15:43:49.0918 3028  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
15:43:49.0919 3028  ws2ifsl - ok
15:43:49.0923 3028  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
15:43:49.0927 3028  wscsvc - ok
15:43:49.0930 3028  [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys
15:43:49.0931 3028  WSDPrintDevice - ok
15:43:49.0934 3028  WSearch - ok
15:43:49.0965 3028  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
15:43:49.0990 3028  wuauserv - ok
15:43:49.0996 3028  [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
15:43:49.0997 3028  WudfPf - ok
15:43:50.0003 3028  [ CF8D590BE3373029D57AF80914190682 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
15:43:50.0005 3028  WUDFRd - ok
15:43:50.0009 3028  [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
15:43:50.0012 3028  wudfsvc - ok
15:43:50.0020 3028  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
15:43:50.0025 3028  WwanSvc - ok
15:43:50.0052 3028  X6va005 - ok
15:43:50.0058 3028  [ 2EE48CFCE7CA8E0DB4C44C7476C0943B ] xusb21          C:\Windows\system32\DRIVERS\xusb21.sys
15:43:50.0059 3028  xusb21 - ok
15:43:50.0072 3028  [ 74983ADDCA2D9618512C088D856D6615 ] {329F96B6-DF1E-4328-BFDA-39EA953C1312} C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl
15:43:50.0074 3028  {329F96B6-DF1E-4328-BFDA-39EA953C1312} - ok
15:43:50.0087 3028  [ 74983ADDCA2D9618512C088D856D6615 ] {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054} C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl
15:43:50.0090 3028  {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054} - ok
15:43:50.0090 3028  ================ Scan global ===============================
15:43:50.0094 3028  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
15:43:50.0101 3028  [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
15:43:50.0110 3028  [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
15:43:50.0116 3028  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
15:43:50.0125 3028  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
15:43:50.0128 3028  [Global] - ok
15:43:50.0128 3028  ================ Scan MBR ==================================
15:43:50.0131 3028  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
15:43:53.0726 3028  \Device\Harddisk0\DR0 - ok
15:43:53.0730 3028  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
15:43:54.0069 3028  \Device\Harddisk1\DR1 - ok
15:43:54.0070 3028  ================ Scan VBR ==================================
15:43:54.0074 3028  [ F7A699CE8357DA108FC3FA6D4575FC67 ] \Device\Harddisk0\DR0\Partition1
15:43:54.0078 3028  \Device\Harddisk0\DR0\Partition1 - ok
15:43:54.0081 3028  [ BA4192383E37E005EFEE173186BF7F42 ] \Device\Harddisk1\DR1\Partition1
15:43:54.0083 3028  \Device\Harddisk1\DR1\Partition1 - ok
15:43:54.0086 3028  [ E59C91173A80195FC20875AC51ADB81B ] \Device\Harddisk1\DR1\Partition2
15:43:54.0087 3028  \Device\Harddisk1\DR1\Partition2 - ok
15:43:54.0088 3028  ============================================================
15:43:54.0088 3028  Scan finished
15:43:54.0088 3028  ============================================================
15:43:54.0097 5880  Detected object count: 0
15:43:54.0097 5880  Actual detected object count: 0
15:44:08.0273 6020  Deinitialize success

21.10.2012, 20:52	#8
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Bundespolizei Virus - Computer gesperrt Code: ATTFilter F:\Programme\CRC-Killer.exe Win32/Packed.Autoit.C.Gen application Was macht man denn damit? __________________ Logfiles bitte immer in CODE-Tags posten

03.11.2012, 19:53	#14
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Bundespolizei Virus - Computer gesperrt Die werden automatisch gespeichert! adwcleaner und tdss direkt auf c __________________ Logfiles bitte immer in CODE-Tags posten

Bundespolizei Virus - Computer gesperrt

Plagegeister aller Art und deren Bekämpfung: Bundespolizei Virus - Computer gesperrt