| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Skriptfehler beim anschließen der externen FestplatteWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
27.10.2012, 18:35
| #1 |
 |  Skriptfehler beim anschließen der externen Festplatte Hallo zusammen, Ich bin langsam am verzweifeln und hoffe ihr könnt mir bei folgendem Problem helfen.  Mein Laptop läuft eigentlich recht rund. Wenn ich allerdings nun die externe Festplatte anmache und anhänge hängt plötzlich der Rechner extrem und wird sehr langsam (als würde man im Hintergrund jede Menge Daten verschieben und hat 99% Auslastung). Nach 15-30min kommt dann irgendwann eine oder mehrere Skript-Fehlermeldungen. Sobald ich dort dann "Skript stoppen" klicke, läuft der Laptop wieder normal. Die Skriptmeldungen scheinen mir willkürlich und immer unterschiedlich zu sein, ich habe noch keine Meldung doppelt gesehen. Die letzte lautete: "Skript: resource://gre/modules/XPCOMUtils.jsm:328" Aber wie gesagt, sind immer andere, manchmal steht auch "chrome://...". Wenn ich andere Geräte anschließe (USB-Stick, Maus,..) hängt sich der Laptop nicht auf, allerdings tritt bei meiner 2. externen Platte das selbe Problem auf. Ich habe mit Malware-Bytes den Rechner komplett durchgecheckt (auch die externe HDD) und es wurde nichts gefunden. Selbes mit Antivir und CCleaner. Google konnte mir hier leider bisher nicht weiterhelfen. Ich hatte in den letzten Monaten schon ab und an ein Virus oder Trojaner (u.a. BKA), die ich alle entfernen konnte (allerdings ohne Laptop zu formatieren, was ich auch nur im äußersten Notfall machen möchte). Ich habe AntiVir 2012 als Schutzprogramm und dachte das schützt mich eigentlich genug. DIe Jahre davor hatte ich auch nie Probleme. Stecke ich die Platte übrigens direkt mit dem Start an, ist der Rechner auch extrem langsam bis die Meldung kommt. Ich wüsste auch nicht, wie der Fehler sich eingeschlichen haben soll. Ein Programm habe ich der Zeit (meines Wissens nach) nicht installiert. Flash, Firefox usw. sind alle auf dem neusten Stand. Nutze Win7. Ich hoffe ihr könnt mir irgendwie helfen, ist echt nervig  Danke vorab. |
|
28.10.2012, 12:45
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Skriptfehler beim anschließen der externen Festplatte Systemscan mit OTL
__________________Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ |
|
28.10.2012, 17:51
| #3 |
| | Skriptfehler beim anschließen der externen Festplatte Durchlaufen lassen mit angeschlossener HDD
__________________OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 28.10.2012 16:21:06 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Patrick\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 0,84 Gb Available Physical Memory | 41,85% Memory free
4,00 Gb Paging File | 2,31 Gb Available in Paging File | 57,67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 69,77 Gb Total Space | 6,47 Gb Free Space | 9,27% Space Free | Partition Type: NTFS
Drive D: | 66,27 Gb Total Space | 4,66 Gb Free Space | 7,03% Space Free | Partition Type: NTFS
Computer Name: PATRICK-PC | User Name: Patrick | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- Reg Error: Key error. File not found
[HKEY_USERS\S-1-5-21-1868758852-272549566-3515360311-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Scan with Trojan Remover] -- C:\Program Files (x86)\Trojan Remover\rmvtrjan.exe /d "%1" (Simply Super Software)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Scan with Trojan Remover] -- C:\Program Files (x86)\Trojan Remover\rmvtrjan.exe /d "%1" (Simply Super Software)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03EB30F8-AD46-4092-9E6E-0A985BCD6FCB}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{11A1F708-76AC-48B1-8F69-1139539EAA55}" = rport=445 | protocol=6 | dir=out | app=system |
"{11B99F0F-0E0E-47DF-BCC3-5C23D5C00ACE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{162C5ED5-D21D-4ABC-A1EE-F69E81A60D0E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1AB8146E-9786-4EBF-A185-87ED411421CE}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1ADB3FAF-5270-4503-9234-546C3E5C2FEA}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{1F0C0977-138A-4371-B1DF-A30B35B0C964}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{22801022-8FBA-4279-AB20-54D7D2BBFE04}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{2B3412F2-9C2A-40ED-A8D1-39E4C9AC4397}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{3AE00163-7536-4653-9F57-8851320C3278}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{41D74EE5-A602-4640-807C-396344C9E05F}" = rport=138 | protocol=17 | dir=out | app=system |
"{49B29166-8656-45BA-B934-98B2E64EE8B4}" = lport=10243 | protocol=6 | dir=in | app=system |
"{4E36F714-9831-4F07-A6B3-11357698BC2D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{547C8A6C-0426-43E2-8522-DB03153DE6D3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{681B6BE4-CFA9-484C-9651-23307F96DCFA}" = rport=137 | protocol=17 | dir=out | app=system |
"{6C985CE9-18C8-45BD-9D07-E41B9080F567}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{71862BEF-B41C-45F8-8C30-C20167528B94}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{73AD9FC4-5FB5-40E2-8D0E-DA7F5382E3CF}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7413A831-64DA-43AC-A5B2-E365BECC7B74}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{76AACBA0-EE18-4535-BDFB-D44E8F28D46D}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{7BFA5111-6693-4EEC-AEC2-0D77C26BA53F}" = lport=445 | protocol=6 | dir=in | app=system |
"{7F588160-1416-44A2-B18A-25835E87602A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7FFD51B1-DAEA-45FF-81D7-00CDE70DAE94}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8237A448-20EC-426E-B2BE-547D22C5EE39}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{90E15454-B627-4FD7-B3F3-E2E8C50EACC7}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{9F398DFB-57D4-46A5-A573-E1EEA8DCCA50}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{ADFBA3C0-BBA1-474D-9B16-839E18494477}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B382831B-5078-4CA3-933B-B7EE57DD439B}" = rport=139 | protocol=6 | dir=out | app=system |
"{BB150597-66C9-42F9-936D-F787CD0AE808}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BDF0D9AC-9546-42C9-B84B-721D60028573}" = lport=138 | protocol=17 | dir=in | app=system |
"{C7F302B0-6737-4B01-9DEA-15C95A100A6B}" = lport=137 | protocol=17 | dir=in | app=system |
"{CBF1A499-8973-42A8-8C82-8D2B9F01ACCA}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CE969408-F17F-4221-BF58-DDBD51DA5AFB}" = lport=139 | protocol=6 | dir=in | app=system |
"{D6C38C3B-4B07-42B4-B26B-8CB57F1323CA}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{D7725879-39D8-40B5-B8BC-B4FCE745581D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DB453F79-574E-4B2B-BF98-69C6C594BDAD}" = rport=10243 | protocol=6 | dir=out | app=system |
"{F0A671C7-F39D-4E42-ACA4-E07241783F78}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{FA23027A-C97F-4D9B-AC72-0BC87780B4BA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0125CAD5-0ECA-46D0-995A-F46C3B950061}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{0663D714-C9FF-4F12-A5C5-41D6FB46337B}" = protocol=6 | dir=in | app=c:\program files (x86)\nero\nero mediahome 4\nmmediaserverservice.exe |
"{1479CD9E-3E57-40FB-BE1C-F2CB37A177D0}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{16B3A333-F81A-4B5E-BE7D-18FEB35A7346}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{17AA88B8-5AB5-4F09-8108-FA05B33D9CA1}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{196B6466-A1FF-4042-B61B-C09F7BAC10CD}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{1EB0EF9A-5FE8-4308-B898-340FE8EC3ABD}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1F3E07C4-726B-4A37-8EE0-BA711A05F4AA}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{230D4C47-78D3-40A7-BD58-211A05D2DC50}" = protocol=17 | dir=in | app=c:\program files (x86)\nero\nero mediahome 4\nmmediaserverservice.exe |
"{2613A6B6-5014-4E69-A36E-AEE30244B919}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{32CEFAD1-8AB6-495F-9731-EF95C1DD08FE}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{44C04459-B9BA-457E-8150-321D28BCFBCA}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4BDC2DE3-CAEE-4AC9-A2C0-99054CCE4754}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{50BFEA93-C231-4922-90E1-1FB13A1E13EE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{52A079D7-51C5-4081-86A2-C2BE6EAFF082}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{58F6D40C-FFA9-48EC-B351-1CEFB0ED8F34}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5C753BA3-2C83-4625-A73B-B221459BB792}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{63C17F46-D187-4FC2-8A6D-23E786F6F7DB}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{6C852836-536E-4D25-91B9-A8F5A028155E}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{6E473326-DF97-49BD-A9A2-D72EF59F2B9F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{752A9D35-A93C-44B9-ABBF-B5D73A18AF76}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{76CE2FA9-3417-4884-95D5-B7B0297C3BC4}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7CCB6012-4767-47AB-A773-D57EB0DE94BF}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{87739BEC-B1A2-425E-99D9-9A3B3A526E85}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8CD04EF6-5D6C-4E3E-ABDF-394BCBB0E41B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{972669FD-3351-4CAF-84A2-CBA2AF95C5D7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9E86F005-6E8C-40FA-9A2B-6ED6368A155F}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{A3F23792-D049-447D-9C16-0C9A575BD3DF}" = protocol=6 | dir=out | app=system |
"{A6F8CA4A-0EFA-4E19-8298-B08F586432C5}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{A7E119E1-C804-45BE-9175-C8DA0ECE1D0A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{ABDE602B-6BB2-4C0B-9665-6A5BA9CE48B1}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{B9B5E48F-CFC7-456F-A6E2-DD8B1F552170}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{BADC4F15-AB83-481C-ACF6-FBEA0C2C6334}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BB067151-6636-4D06-AB3C-A42B7A9B502A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BC0BA7F7-31DB-4ACE-B886-7585DA729284}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{BE145AC7-4761-4CF5-A5CF-AB09017FCD0A}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{C09BD9BE-023E-4DA8-B830-D43A39D6751E}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{CBF1D10C-5D5C-489E-92FB-283D6F48391B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D631F297-0D85-4A83-B3D8-D5148ED9E88E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E487D0F0-E224-465F-9776-568EAD502ADF}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E4EC2018-4B20-48CA-BE49-53934803BFFF}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E70D7310-A046-4A2D-B9B9-A25086EC0E87}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E9F92316-1134-41D9-A603-5A8CF80E3A89}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{F125FE56-D9C9-4477-8545-6B5BB05B0BC0}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{FB49A3B8-F95A-4F40-AA9F-9F650D90812C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{FEAFFA10-353F-48B3-9824-65FB90F53BEC}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"TCP Query User{089B3F02-EBF5-4311-9FE8-9D2117B9976B}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{4F43416A-EEDE-4D34-9853-51AF8DAD70FB}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{6118D1E6-E9E1-4712-AF94-DE4DA51C4031}C:\program files (x86)\sft loader\leecher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sft loader\leecher.exe |
"TCP Query User{8E7D6A46-2D2E-41E4-8F3E-927F075E1E38}C:\program files (x86)\sft loader\leecher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sft loader\leecher.exe |
"TCP Query User{A010F836-8DF9-405B-AF4D-978BC91ABD91}C:\program files (x86)\trillian astra\trillian.exe" = protocol=6 | dir=in | app=c:\program files (x86)\trillian astra\trillian.exe |
"TCP Query User{CAC220C0-5113-48DD-B211-BB28C2D8B731}C:\program files (x86)\trillian astra\trillian.exe" = protocol=6 | dir=in | app=c:\program files (x86)\trillian astra\trillian.exe |
"TCP Query User{EB332A29-209A-4350-94ED-867BFF69B08C}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{064642A2-5655-48AD-A0F6-2BC46D91E14B}C:\program files (x86)\trillian astra\trillian.exe" = protocol=17 | dir=in | app=c:\program files (x86)\trillian astra\trillian.exe |
"UDP Query User{18F3F4C5-EE9C-49C4-B5B2-42EAAFDECB4B}C:\program files (x86)\trillian astra\trillian.exe" = protocol=17 | dir=in | app=c:\program files (x86)\trillian astra\trillian.exe |
"UDP Query User{1F986D86-8EF8-4C3D-B2BA-DAA6BC712622}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{A0971D2B-A8CC-4CE5-9514-EFD629115582}C:\program files (x86)\sft loader\leecher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sft loader\leecher.exe |
"UDP Query User{C2631072-17DA-437F-A266-179775DA81A7}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{D41EB15C-67CA-4F95-B825-EAFEA04D5921}C:\program files (x86)\sft loader\leecher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sft loader\leecher.exe |
"UDP Query User{ECAF6C6E-49A2-47B6-A3E7-3C47636509A8}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00CA3E0C-0771-4EA0-9C7E-4AB57132225C}" = Microsoft SQL Server 2008 Integration Services
"{09782D89-1CA6-4B7D-82C5-2DE01AF5601B}" = Microsoft SQL Server 2008 Common Files
"{0ADF605D-2D94-4467-91F7-D75C71CF328D}" = Microsoft SQL Server 2008 Database Engine Shared
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{108C8C1D-DA02-4A6C-94CD-5603F6A6FC72}" = Microsoft SQL Server 2008 Management Studio
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{216765D5-8796-42D2-BED3-CEDFE0336841}" = Microsoft SQL Server 2008 Analysis Services
"{236286C4-3C28-4275-9756-0013EB4D3423}" = Microsoft SQL Server 2008 Reporting Services
"{2453DBC8-ACC4-4711-BD03-0C15353AA3D8}" = Microsoft SQL Server 2008 Reporting Services
"{28A45A6F-7142-4C28-BD49-0D3E8DB8D235}" = Microsoft SQL Server 2008 BI Development Studio
"{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}" = Sql Server Customer Experience Improvement Program
"{37CCB557-35B5-4A20-A304-6DCBA6C976C3}" = CLR-Typen des SQL Server-Systems
"{38B1233D-8170-407A-ACE0-C68892D9ACB5}" = Microsoft SQL Server 2008 Management Studio
"{440668AA-7524-40DB-966A-60BE535E1B3F}" = Microsoft SQL Server 2008 Database Engine Services
"{5340A3B5-3853-4745-BED2-DD9FF5371331}" = Microsoft SQL Server 2008 Common Files
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter
"{6E2EE862-FEF9-408A-90BB-F5B4EC129C8E}" = Microsoft SQL Server 2008 Analysis Services
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98282010-1B1A-4621-B62C-305A74C42DD5}" = Microsoft SQL Server 2008 Client Tools
"{9DFA5914-C275-42E0-810E-C88E46A7F9EA}" = Microsoft SQL Server 2008 Full text search
"{AE479CE0-753F-49C0-B8E6-79A37403999F}" = Microsoft SQL Server 2008 BI Development Studio
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B702C53B-D809-4DD3-8C77-23EC0C948959}" = Microsoft SQL Server 2008 Integration Services
"{BAACB61F-43E0-4E70-BDC9-F81CC3B22970}" = Microsoft SQL Server 2008 Client Tools
"{CC8BA866-16A7-4667-BA0C-C494A1E7B2BF}" = Microsoft SQL Server 2008 Database Engine Shared
"{E35C24C7-231F-4AAB-8B22-A59F9A00BED3}" = Microsoft SQL Server 2008 RsFx Driver
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = Microsoft SQL Server 2008 Database Engine Services
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{1173A73A-A1BF-494D-AD21-AD1E72ED4AA3}" = FDRTools Basic 2.3.2
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{29F05234-DCBB-4FE0-88DC-5160C9250312}" = Adobe Photoshop CS3
"{32E4F0D2-C135-475E-A841-1D59A0D22989}" = Sid Meier's Civilization 4 - Beyond the Sword
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{69FC3B9A-4149-43DB-A557-6ED0C8D8BA44}" = Nero MediaHome 4 Help
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}_PRJPRO_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_PRJPRO_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_PRJPRO_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}_PRJPRO_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_PRJPRO_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_PRJPRO_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2007
"{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{8446EB22-A746-46DC-B1BD-E0DFA1F3CDDA}" = Microsoft Office Project 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}_PRJPRO_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A4-0407-0000-0000000FF1CE}" = Microsoft Office 2003 Web Components
"{90120000-00B4-0407-0000-0000000FF1CE}" = Microsoft Office Project MUI (German) 2007
"{90120000-00B4-0407-0000-0000000FF1CE}_PRJPRO_{C8D442F2-CF33-486E-8079-A704A2E80A39}" = Microsoft Office Project 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{99EF387E-633E-4CFB-BFA3-AB961B685DDF}" = Nero MediaHome 4
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.1 - Deutsch
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{d9463136-0930-414b-8186-faafbfa4add5}" = Nero MediaHome 4 Essentials
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F01F79AD-1F47-4685-AE4E-CCFA4EA9FF7C}" = Adobe Setup
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FB3BE405-6BF0-490A-84B3-00611385EA0D}" = Common-Use Signing Interface
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_5f143314a5d434c8511097393d17397" = Adobe Photoshop CS3
"AFPL Ghostscript 8.54" = AFPL Ghostscript 8.54
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira Free Antivirus
"Common-Use Signing Interface" = Common-Use Signing Interface
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup" = DivX-Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free Video Flip and Rotate_is1" = Free Video Flip and Rotate version 2.0.3.403
"Free Video to iPhone Converter_is1" = Free Video to iPhone Converter version 5.0.17.903
"Free YouTube Download_is1" = Free YouTube Download 2.9
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.22.508
"InstallShield_{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"JDownloader" = JDownloader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"ManyCam" = ManyCam 2.6.1 (remove only)
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PDF Verkleinerer 1" = PDF Verkleinerer 1
"Picasa 3" = Picasa 3
"PRJPRO" = Microsoft Office Project Professional 2007
"SystemRequirementsLab" = System Requirements Lab
"Trillian" = Trillian
"Trojan Remover_is1" = Trojan Remover 6.8.4
"TuneUp Utilities" = TuneUp Utilities
"Uninstall_is1" = Uninstall 1.0.0.1
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"VLC media player" = VLC media player 2.0.1
"WinRAR archiver" = WinRAR
"XMedia Recode" = XMedia Recode 2.1.8.0
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1868758852-272549566-3515360311-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FoxTab PDF Converter" = FoxTab PDF Converter
"Mozilla Firefox 16.0.1 (x86 de)" = Mozilla Firefox 16.0.1 (x86 de)
"pdfsam" = pdfsam
"UnityWebPlayer" = Unity Web Player
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 28.10.2012 11:19:19 | Computer Name = Patrick-PC | Source = Report Server Windows Service (TEST) | ID = 107
Description = Report Server Windows Service (TEST) kann nicht mit der Berichtsserver-Datenbank
verbunden werden.
Error - 28.10.2012 11:19:19 | Computer Name = Patrick-PC | Source = Report Server Windows Service (TEST) | ID = 139
Description =
Error - 28.10.2012 11:20:38 | Computer Name = Patrick-PC | Source = Report Server Windows Service (TEST) | ID = 107
Description = Report Server Windows Service (TEST) kann nicht mit der Berichtsserver-Datenbank
verbunden werden.
Error - 28.10.2012 11:20:38 | Computer Name = Patrick-PC | Source = Report Server Windows Service (TEST) | ID = 139
Description =
Error - 28.10.2012 11:21:57 | Computer Name = Patrick-PC | Source = Report Server Windows Service (TEST) | ID = 107
Description = Report Server Windows Service (TEST) kann nicht mit der Berichtsserver-Datenbank
verbunden werden.
Error - 28.10.2012 11:21:58 | Computer Name = Patrick-PC | Source = Report Server Windows Service (TEST) | ID = 139
Description =
Error - 28.10.2012 11:23:21 | Computer Name = Patrick-PC | Source = Report Server Windows Service (TEST) | ID = 107
Description = Report Server Windows Service (TEST) kann nicht mit der Berichtsserver-Datenbank
verbunden werden.
Error - 28.10.2012 11:23:22 | Computer Name = Patrick-PC | Source = Report Server Windows Service (TEST) | ID = 139
Description =
Error - 28.10.2012 11:24:44 | Computer Name = Patrick-PC | Source = Report Server Windows Service (TEST) | ID = 107
Description = Report Server Windows Service (TEST) kann nicht mit der Berichtsserver-Datenbank
verbunden werden.
Error - 28.10.2012 11:24:48 | Computer Name = Patrick-PC | Source = Report Server Windows Service (TEST) | ID = 139
Description =
[ OSession Events ]
Error - 01.11.2010 04:16:44 | Computer Name = Patrick-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6425.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 159
seconds with 120 seconds of active time. This session ended with a crash.
Error - 26.04.2011 23:15:56 | Computer Name = Patrick-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6425.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 18
seconds with 0 seconds of active time. This session ended with a crash.
Error - 02.09.2011 01:31:18 | Computer Name = Patrick-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6425.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 902
seconds with 780 seconds of active time. This session ended with a crash.
Error - 27.02.2012 13:02:14 | Computer Name = Patrick-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6425.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 407
seconds with 240 seconds of active time. This session ended with a crash.
Error - 27.02.2012 13:02:28 | Computer Name = Patrick-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6425.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.
Error - 27.02.2012 13:02:42 | Computer Name = Patrick-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6425.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6
seconds with 0 seconds of active time. This session ended with a crash.
Error - 13.04.2012 17:40:33 | Computer Name = Patrick-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 469
seconds with 0 seconds of active time. This session ended with a crash.
Error - 28.05.2012 14:49:59 | Computer Name = Patrick-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3458
seconds with 60 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 28.10.2012 11:16:39 | Computer Name = Patrick-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "SQL Server Reporting Services (TEST)" wurde unerwartet
beendet. Dies ist bereits 8 Mal vorgekommen. Folgende Korrekturmaßnahmen werden
in 60000 Millisekunden durchgeführt: Neustart des Diensts.
Error - 28.10.2012 11:17:59 | Computer Name = Patrick-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "SQL Server Reporting Services (TEST)" wurde unerwartet
beendet. Dies ist bereits 9 Mal vorgekommen. Folgende Korrekturmaßnahmen werden
in 60000 Millisekunden durchgeführt: Neustart des Diensts.
Error - 28.10.2012 11:19:19 | Computer Name = Patrick-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "SQL Server Reporting Services (TEST)" wurde unerwartet
beendet. Dies ist bereits 10 Mal vorgekommen. Folgende Korrekturmaßnahmen werden
in 60000 Millisekunden durchgeführt: Neustart des Diensts.
Error - 28.10.2012 11:20:38 | Computer Name = Patrick-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "SQL Server Reporting Services (TEST)" wurde unerwartet
beendet. Dies ist bereits 11 Mal vorgekommen. Folgende Korrekturmaßnahmen werden
in 60000 Millisekunden durchgeführt: Neustart des Diensts.
Error - 28.10.2012 11:21:58 | Computer Name = Patrick-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "SQL Server Reporting Services (TEST)" wurde unerwartet
beendet. Dies ist bereits 12 Mal vorgekommen. Folgende Korrekturmaßnahmen werden
in 60000 Millisekunden durchgeführt: Neustart des Diensts.
Error - 28.10.2012 11:23:22 | Computer Name = Patrick-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "SQL Server Reporting Services (TEST)" wurde unerwartet
beendet. Dies ist bereits 13 Mal vorgekommen. Folgende Korrekturmaßnahmen werden
in 60000 Millisekunden durchgeführt: Neustart des Diensts.
Error - 28.10.2012 11:24:48 | Computer Name = Patrick-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "SQL Server Reporting Services (TEST)" wurde unerwartet
beendet. Dies ist bereits 14 Mal vorgekommen. Folgende Korrekturmaßnahmen werden
in 60000 Millisekunden durchgeführt: Neustart des Diensts.
Error - 28.10.2012 11:26:18 | Computer Name = Patrick-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
SQL Server Reporting Services (TEST) erreicht.
Error - 28.10.2012 11:26:18 | Computer Name = Patrick-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SQL Server Reporting Services (TEST)" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1053
Error - 28.10.2012 11:32:20 | Computer Name = Patrick-PC | Source = BROWSER | ID = 8032
Description =
< End of report >
[/code] OTL Logfile: Code:
ATTFilter OTL logfile created on: 28.10.2012 16:21:06 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Patrick\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 0,84 Gb Available Physical Memory | 41,85% Memory free 4,00 Gb Paging File | 2,31 Gb Available in Paging File | 57,67% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 69,77 Gb Total Space | 6,47 Gb Free Space | 9,27% Space Free | Partition Type: NTFS Drive D: | 66,27 Gb Total Space | 4,66 Gb Free Space | 7,03% Space Free | Partition Type: NTFS Computer Name: PATRICK-PC | User Name: Patrick | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Patrick\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe (Adobe Systems, Inc.) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Trillian Astra\trillian.exe (Cerulean Studios) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe (Nero AG) PRC - C:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero AG) PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll () MOD - C:\Program Files (x86)\Trillian Astra\libspeex.dll () MOD - C:\Program Files (x86)\Trillian Astra\libungif.dll () MOD - C:\Program Files (x86)\Trillian Astra\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL () MOD - C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll () MOD - C:\Program Files (x86)\Microsoft Office\Office12\OUTLCTL.DLL () MOD - c:\users\patrick\appdata\roaming\trillian\languages\de\buddy.dll () MOD - c:\users\patrick\appdata\roaming\trillian\languages\de\talk.dll () MOD - c:\users\patrick\appdata\roaming\trillian\languages\de\events.dll () MOD - c:\users\patrick\appdata\roaming\trillian\languages\de\toolkit.dll () MOD - c:\users\patrick\appdata\roaming\trillian\languages\de\trillian.dll () MOD - C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\ColleagueImport.dll () ========== Services (SafeList) ========== SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (NeroMediaHomeService.4) -- C:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero AG) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (TuneUp.Defrag) -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software) SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe (TuneUp Software) SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (MSSQL$TEST) -- C:\Programme\Microsoft SQL Server\MSSQL10.TEST\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) SRV - (SQLAgent$TEST) -- C:\Programme\Microsoft SQL Server\MSSQL10.TEST\MSSQL\Binn\SQLAGENT.EXE (Microsoft Corporation) SRV - (MSSQLServerADHelper100) -- C:\Programme\Microsoft SQL Server\100\Shared\sqladhlp.exe (Microsoft Corporation) SRV - (ReportServer$TEST) -- C:\Programme\Microsoft SQL Server\MSRS10.TEST\Reporting Services\ReportServer\bin\ReportingServicesService.exe (Microsoft Corporation) SRV - (MSOLAP$TEST) -- C:\Programme\Microsoft SQL Server\MSAS10.TEST\OLAP\bin\msmdsrv.exe (Microsoft Corporation) SRV - (MsDtsServer100) -- C:\Programme\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe (Microsoft Corporation) SRV - (MSSQLFDLauncher$TEST) -- C:\Programme\Microsoft SQL Server\MSSQL10.TEST\MSSQL\Binn\fdlauncher.exe (Microsoft Corporation) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys () DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys () DRV:64bit: - (sef3x1) -- C:\Windows\SysNative\drivers\sef3x1.sys (Sony Ericsson Mobile Communications) DRV:64bit: - (seehcri) -- C:\Windows\SysNative\drivers\seehcri.sys (Sony Ericsson Mobile Communications) DRV:64bit: - (ggsemc) -- C:\Windows\SysNative\drivers\ggsemc.sys (Sony Ericsson Mobile Communications) DRV:64bit: - (ggflt) -- C:\Windows\SysNative\drivers\ggflt.sys (Sony Ericsson Mobile Communications) DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys.vir (Duplex Secure Ltd.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation) DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.) DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (ZTEusbnet) -- C:\Windows\SysNative\drivers\ZTEusbnet.sys (ZTE Corporation) DRV:64bit: - (ZTEusbvoice) -- C:\Windows\SysNative\drivers\zteusbvoice.sys (ZTE Incorporated) DRV:64bit: - (ZTEusbnmea) -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys (ZTE Incorporated) DRV:64bit: - (ZTEusbser6k) -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys (ZTE Incorporated) DRV:64bit: - (ZTEusbmdm6k) -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys (ZTE Incorporated) DRV:64bit: - (massfilter) -- C:\Windows\SysNative\drivers\massfilter.sys (ZTE Incorporated) DRV:64bit: - (RsFx0102) -- C:\Windows\SysNative\drivers\RsFx0102.sys (Microsoft Corporation) DRV:64bit: - (ManyCam) -- C:\Windows\SysNative\drivers\ManyCam_x64.sys (ManyCam LLC.) DRV:64bit: - (winbondcir) -- C:\Windows\SysNative\drivers\winbondcir.sys (Winbond Electronics Corporation) DRV:64bit: - (rismxdp) -- C:\Windows\SysNative\drivers\rixdpx64.sys (REDC) DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys (TuneUp Software) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1868758852-272549566-3515360311-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.claro-search.com/?affID=114164&tt=3012_7&babsrc=HP_iclro&mntrId=5ef67d920000000000000013e8671f4b IE - HKU\S-1-5-21-1868758852-272549566-3515360311-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = IE - HKU\S-1-5-21-1868758852-272549566-3515360311-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = IE - HKU\S-1-5-21-1868758852-272549566-3515360311-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = IE - HKU\S-1-5-21-1868758852-272549566-3515360311-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1868758852-272549566-3515360311-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://isearch.claro-search.com/?q={searchTerms}&affID=114164&tt=3012_7&babsrc=SP_iclro&mntrId=5ef67d920000000000000013e8671f4b IE - HKU\S-1-5-21-1868758852-272549566-3515360311-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1868758852-272549566-3515360311-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local> IE - HKU\S-1-5-21-1868758852-272549566-3515360311-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=192.168.1.1:80 IE - HKU\S-1-5-21-1868758852-272549566-3515360311-1028\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@csi.business.gov.au/CsiPlugin: C:\Users\Patrick\Desktop\Steuer\bin\npCsiPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Patrick\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.02.24 22:35:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.20 12:04:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.20 12:04:19 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.20 12:04:23 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.20 12:04:19 | 000,000,000 | ---D | M] [2012.07.26 19:59:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Patrick\AppData\Roaming\mozilla\Extensions [2012.10.23 17:20:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Patrick\AppData\Roaming\mozilla\Firefox\Profiles\0tp2n5vx.default\extensions [2012.10.20 12:04:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012.10.20 12:04:16 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2012.10.20 12:04:23 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.04.08 12:50:05 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2012.07.14 01:45:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.07.25 17:33:12 | 000,006,531 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2012.09.12 14:23:13 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.07.14 01:45:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.07.14 01:45:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.07.14 01:45:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.07.14 01:45:07 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe (Simply Super Software) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1868758852-272549566-3515360311-1000..\Run: [Nero MediaHome 4] C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe (Nero AG) O4 - HKU\S-1-5-21-1868758852-272549566-3515360311-1026..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1868758852-272549566-3515360311-1028..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-1868758852-272549566-3515360311-1026..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-1868758852-272549566-3515360311-1028..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk = C:\Program Files (x86)\Trillian Astra\trillian.exe (Cerulean Studios) O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Patrick\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm () O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Patrick\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Free YouTube Download - C:\Users\Patrick\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Patrick\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4E695855-2B15-4CB6-9367-3F229F89FBCC}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7214F34D-7061-44F5-8167-C7914734108D}: DhcpNameServer = 139.7.30.125 139.7.30.126 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A630EB59-0995-44A8-B0BE-02C3808B2787}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.10.28 16:19:47 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Patrick\Desktop\OTL.exe [2012.10.27 20:00:55 | 000,000,000 | ---D | C] -- C:\Users\Patrick\Desktop\Paranormal Activity 3 [2012.10.20 18:01:59 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012.10.20 12:04:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012.10.18 22:04:13 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\Macromedia [2012.10.18 21:57:22 | 000,696,760 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.10.18 21:57:16 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed [2012.10.14 20:56:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero [2012.10.14 20:45:23 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess [2012.10.14 20:45:22 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\Plex Media Server [2012.10.09 19:29:37 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2012.10.09 19:29:37 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2012.10.09 19:29:37 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2012.10.09 19:29:37 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2012.10.09 19:29:36 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2012.10.09 19:29:35 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2012.10.09 19:29:35 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2012.10.09 19:29:35 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2012.10.09 19:29:35 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2012.10.09 19:29:34 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2012.10.09 19:29:34 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2012.10.09 19:29:34 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2012.10.09 19:29:34 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2012.10.09 19:29:34 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2012.10.09 19:29:34 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2012.10.09 19:29:34 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2012.10.09 19:29:34 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2012.10.09 19:29:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2012.10.09 19:29:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2012.10.09 19:29:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2012.10.09 19:29:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2012.10.09 19:29:33 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2012.10.09 19:29:33 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2012.10.09 19:29:33 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2012.10.09 19:29:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2012.10.09 19:29:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2012.10.09 19:29:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2012.10.09 19:29:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2012.10.09 19:29:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2012.10.09 19:29:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2012.10.09 19:29:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2012.10.09 19:29:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2012.10.09 19:29:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2012.10.09 19:29:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2012.10.09 19:29:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2012.10.09 19:29:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2012.10.09 19:29:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2012.10.09 19:29:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2012.10.09 19:29:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2012.10.09 19:29:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2012.10.09 19:29:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2012.10.09 19:29:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2012.10.09 19:29:32 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2012.10.09 19:29:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2012.10.09 19:29:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2012.10.09 19:29:30 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2012.10.09 19:29:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2012.10.09 19:29:29 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2012.10.09 19:29:29 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2012.10.09 19:29:29 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2012.10.09 19:29:29 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2012.10.09 19:29:29 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2012.10.09 19:29:29 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2012.10.09 19:29:29 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2012.10.09 19:29:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2012.10.09 19:29:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2012.10.09 19:29:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2012.10.09 19:29:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2012.10.09 19:29:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2012.10.09 19:29:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2012.10.09 19:29:28 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2012.10.09 19:29:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2012.10.09 19:29:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2012.10.09 19:29:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2012.10.09 19:29:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2012.10.09 19:29:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2012.10.09 19:29:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2012.10.09 19:29:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2012.10.09 19:29:27 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2012.10.09 19:27:18 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll [2012.10.09 19:27:14 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2012.10.09 19:27:09 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2012.10.09 19:27:08 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2012.10.09 19:26:38 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll [2012.10.09 19:26:37 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll [2012.10.07 12:34:15 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Roaming\Nero [2012.10.07 12:34:05 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\Nero [2012.10.07 12:19:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero [2012.10.07 12:19:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero [2012.10.07 12:05:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nero MediaHome 4 Essentials [2009.09.04 18:01:10 | 000,525,656 | ---- | C] (Microsoft Corporation) -- C:\Users\Patrick\DXSETUP.exe [2009.09.04 18:01:08 | 001,691,464 | ---- | C] (Microsoft Corporation) -- C:\Users\Patrick\dsetup32.dll [2009.09.04 18:01:08 | 000,094,024 | ---- | C] (Microsoft Corporation) -- C:\Users\Patrick\DSETUP.dll [2009.09.04 17:36:30 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Users\Patrick\dxupdate.dll [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Users\Patrick\Desktop\*.tmp files -> C:\Users\Patrick\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.10.28 16:41:55 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.10.28 16:26:42 | 000,767,604 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.10.28 16:26:42 | 000,721,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.10.28 16:26:42 | 000,176,748 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.10.28 16:26:42 | 000,148,518 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.10.28 16:26:39 | 001,813,592 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.10.28 16:19:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Patrick\Desktop\OTL.exe [2012.10.28 16:18:27 | 000,013,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.10.28 16:18:27 | 000,013,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.10.28 12:57:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.10.28 12:57:16 | 1609,363,456 | -HS- | M] () -- C:\hiberfil.sys [2012.10.20 18:12:39 | 000,016,782 | ---- | M] () -- C:\Users\Patrick\Documents\cc_20121020_191228.reg [2012.10.18 22:41:47 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.10.18 22:41:47 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.09.29 18:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Users\Patrick\Desktop\*.tmp files -> C:\Users\Patrick\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.10.20 18:12:34 | 000,016,782 | ---- | C] () -- C:\Users\Patrick\Documents\cc_20121020_191228.reg [2012.10.18 21:57:26 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.07.28 11:09:14 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\UNRAR3.dll [2012.07.28 11:09:14 | 000,075,264 | ---- | C] () -- C:\Windows\SysWow64\unacev2.dll [2011.10.21 06:08:22 | 000,080,896 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe [2011.10.21 05:44:59 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll [2011.04.27 05:42:06 | 000,000,533 | ---- | C] () -- C:\Windows\eReg.dat [2011.03.22 00:47:59 | 000,187,700 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat [2010.12.24 02:51:22 | 000,099,328 | ---- | C] () -- C:\Users\Patrick\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.11.04 12:04:36 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll [2010.11.04 12:04:20 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini [2009.11.23 11:53:01 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.09.04 18:01:08 | 013,264,168 | ---- | C] () -- C:\Users\Patrick\dxnt.cab [2009.09.04 18:01:08 | 000,095,637 | ---- | C] () -- C:\Users\Patrick\dxupdate.cab [2009.09.04 18:01:08 | 000,044,440 | ---- | C] () -- C:\Users\Patrick\dxdllreg_x86.cab [2009.09.04 18:01:04 | 001,155,483 | ---- | C] () -- C:\Users\Patrick\BDANT.cab [2009.09.04 18:01:04 | 000,975,148 | ---- | C] () -- C:\Users\Patrick\BDAXP.cab [2009.09.04 17:36:32 | 000,059,486 | ---- | C] () -- C:\Users\Patrick\dxupdate.cif [2009.09.02 16:42:00 | 000,012,088 | ---- | C] () -- C:\Users\Patrick\dxupdate.inf ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Alternate Data Streams ========== @Alternate Data Stream - 156 bytes -> C:\ProgramData\TEMP:CB0AACC9 < End of report > [/code] |
|
28.10.2012, 17:55
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Skriptfehler beim anschließen der externen Festplatte 1. aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button. 2. TDSS-Killer Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
28.10.2012, 18:36
| #5 |
| | Skriptfehler beim anschließen der externen Festplatte 1) Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-28 16:50:58
-----------------------------
16:50:58.772 OS Version: Windows x64 6.1.7601 Service Pack 1
16:50:58.772 Number of processors: 2 586 0xF0A
16:50:58.774 ComputerName: PATRICK-PC UserName: Patrick
16:51:01.623 Initialize success
16:51:23.943 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
16:51:23.947 Disk 0 Vendor: WDC_WD1600BEVS-22RST0 04.01G04 Size: 152627MB BusType: 11
16:51:23.977 Disk 0 MBR read successfully
16:51:23.982 Disk 0 MBR scan
16:51:23.986 Disk 0 Windows 7 default MBR code
16:51:23.991 Disk 0 Partition 1 00 12 Compaq diag NTFS 9993 MB offset 63
16:51:24.007 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 71448 MB offset 20467712
16:51:24.032 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 67865 MB offset 166793216
16:51:24.063 Disk 0 Partition 4 00 12 Compaq diag NTFS 3319 MB offset 305780736
16:51:24.108 Disk 0 scanning C:\Windows\system32\drivers
16:51:31.809 Service scanning
16:51:56.137 Modules scanning
16:51:56.147 Disk 0 trace - called modules:
16:51:56.152
16:51:56.512 Scan finished successfully
16:56:35.166 Disk 0 MBR has been saved successfully to "C:\Users\Patrick\Desktop\MBR.dat"
16:56:35.171 The log file has been saved successfully to "C:\Users\Patrick\Desktop\aswMBR.txt"
Code:
ATTFilter 00:03:55.0429 3908 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
00:03:55.0766 3908 ============================================================
00:03:55.0766 3908 Current date / time: 2007/03/08 00:03:55.0766
00:03:55.0766 3908 SystemInfo:
00:03:55.0766 3908
00:03:55.0766 3908 OS Version: 6.1.7601 ServicePack: 1.0
00:03:55.0766 3908 Product type: Workstation
00:03:55.0766 3908 ComputerName: PATRICK-PC
00:03:55.0766 3908 UserName: Patrick
00:03:55.0766 3908 Windows directory: C:\Windows
00:03:55.0766 3908 System windows directory: C:\Windows
00:03:55.0766 3908 Running under WOW64
00:03:55.0766 3908 Processor architecture: Intel x64
00:03:55.0766 3908 Number of processors: 2
00:03:55.0766 3908 Page size: 0x1000
00:03:55.0766 3908 Boot type: Normal boot
00:03:55.0766 3908 ============================================================
00:04:26.0665 3908 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
00:04:26.0837 3908 Drive \Device\Harddisk1\DR1 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
00:04:26.0868 3908 ============================================================
00:04:26.0868 3908 \Device\Harddisk0\DR0:
00:04:26.0993 3908 MBR partitions:
00:04:26.0993 3908 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1385000, BlocksNum 0x8B8C000
00:04:26.0993 3908 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x9F11000, BlocksNum 0x848C800
00:04:26.0993 3908 \Device\Harddisk1\DR1:
00:04:26.0993 3908 MBR partitions:
00:04:26.0993 3908 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xAEA86702
00:04:26.0993 3908 ============================================================
00:04:27.0679 3908 C: <-> \Device\Harddisk0\DR0\Partition1
00:04:28.0366 3908 D: <-> \Device\Harddisk0\DR0\Partition2
00:04:28.0412 3908 G: <-> \Device\Harddisk1\DR1\Partition1
00:04:28.0412 3908 ============================================================
00:04:28.0412 3908 Initialize success
00:04:28.0412 3908 ============================================================
00:04:58.0607 0748 ============================================================
00:04:58.0607 0748 Scan started
00:04:58.0607 0748 Mode: Manual; SigCheck; TDLFS;
00:04:58.0607 0748 ============================================================
00:05:16.0938 0748 ================ Scan system memory ========================
00:05:16.0938 0748 System memory - ok
00:05:16.0939 0748 ================ Scan services =============================
00:05:23.0050 0748 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
00:05:23.0736 0748 1394ohci - ok
00:05:24.0220 0748 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
00:05:24.0423 0748 ACPI - ok
00:05:24.0922 0748 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
00:05:26.0873 0748 AcpiPmi - ok
00:05:30.0274 0748 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
00:05:31.0147 0748 AdobeFlashPlayerUpdateSvc - ok
00:05:31.0818 0748 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
00:05:31.0958 0748 adp94xx - ok
00:05:32.0270 0748 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
00:05:32.0302 0748 adpahci - ok
00:05:32.0785 0748 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
00:05:32.0832 0748 adpu320 - ok
00:05:33.0097 0748 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
00:05:35.0546 0748 AeLookupSvc - ok
00:05:35.0968 0748 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
00:05:36.0623 0748 AFD - ok
00:05:36.0997 0748 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
00:05:37.0028 0748 agp440 - ok
00:05:37.0309 0748 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
00:05:37.0855 0748 ALG - ok
00:05:38.0120 0748 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
00:05:38.0152 0748 aliide - ok
00:05:38.0261 0748 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
00:05:38.0308 0748 amdide - ok
00:05:38.0682 0748 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
00:05:39.0103 0748 AmdK8 - ok
00:05:39.0306 0748 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
00:05:39.0478 0748 AmdPPM - ok
00:05:39.0696 0748 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
00:05:39.0727 0748 amdsata - ok
00:05:40.0039 0748 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
00:05:40.0070 0748 amdsbs - ok
00:05:40.0554 0748 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
00:05:40.0585 0748 amdxata - ok
00:05:42.0895 0748 [ 0A1CC583E8147004E4AD4625D7FBF88C ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
00:05:43.0192 0748 AntiVirSchedulerService - ok
00:05:43.0472 0748 [ C9A36EF935ACED86AEDF93E97E606911 ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
00:05:43.0504 0748 AntiVirService - ok
00:05:44.0096 0748 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
00:05:51.0444 0748 AppID - ok
00:05:51.0959 0748 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
00:05:52.0333 0748 AppIDSvc - ok
00:05:52.0957 0748 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
00:05:53.0129 0748 Appinfo - ok
00:05:53.0956 0748 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
00:05:54.0034 0748 Apple Mobile Device - ok
00:05:54.0564 0748 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
00:05:54.0829 0748 AppMgmt - ok
00:05:55.0204 0748 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
00:05:55.0235 0748 arc - ok
00:05:55.0282 0748 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
00:05:55.0297 0748 arcsas - ok
00:05:55.0547 0748 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
00:05:55.0750 0748 AsyncMac - ok
00:05:55.0968 0748 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
00:05:55.0999 0748 atapi - ok
00:05:56.0779 0748 [ FC0E8778C000291CAF60EB88C011E931 ] atksgt C:\Windows\system32\DRIVERS\atksgt.sys
00:05:58.0526 0748 atksgt - ok
00:05:59.0291 0748 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
00:05:59.0899 0748 AudioEndpointBuilder - ok
00:06:00.0242 0748 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
00:06:00.0305 0748 AudioSrv - ok
00:06:01.0085 0748 [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
00:06:01.0194 0748 avgntflt - ok
00:06:01.0896 0748 [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
00:06:02.0005 0748 avipbb - ok
00:06:02.0723 0748 [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
00:06:02.0832 0748 avkmgr - ok
00:06:03.0160 0748 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
00:06:05.0203 0748 AxInstSV - ok
00:06:05.0656 0748 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
00:06:06.0092 0748 b06bdrv - ok
00:06:06.0810 0748 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
00:06:07.0169 0748 b57nd60a - ok
00:06:07.0559 0748 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
00:06:07.0933 0748 BDESVC - ok
00:06:08.0276 0748 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
00:06:08.0635 0748 Beep - ok
00:06:09.0540 0748 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
00:06:09.0712 0748 BFE - ok
00:06:10.0242 0748 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
00:06:10.0897 0748 BITS - ok
00:06:11.0147 0748 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
00:06:11.0303 0748 blbdrive - ok
00:06:12.0348 0748 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
00:06:12.0442 0748 Bonjour Service - ok
00:06:12.0800 0748 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
00:06:13.0144 0748 bowser - ok
00:06:13.0627 0748 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
00:06:14.0532 0748 BrFiltLo - ok
00:06:14.0594 0748 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
00:06:14.0626 0748 BrFiltUp - ok
00:06:15.0250 0748 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
00:06:15.0718 0748 Browser - ok
00:06:16.0170 0748 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
00:06:16.0950 0748 Brserid - ok
00:06:17.0402 0748 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
00:06:17.0652 0748 BrSerWdm - ok
00:06:17.0933 0748 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
00:06:18.0338 0748 BrUsbMdm - ok
00:06:18.0751 0748 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
00:06:19.0117 0748 BrUsbSer - ok
00:06:19.0799 0748 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
00:06:20.0893 0748 BthEnum - ok
00:06:21.0284 0748 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
00:06:21.0414 0748 BTHMODEM - ok
00:06:21.0844 0748 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
00:06:22.0038 0748 BthPan - ok
00:06:23.0138 0748 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
00:06:23.0694 0748 BTHPORT - ok
00:06:24.0317 0748 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
00:06:24.0668 0748 bthserv - ok
00:06:25.0242 0748 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
00:06:25.0332 0748 BTHUSB - ok
00:06:25.0450 0748 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
00:06:25.0680 0748 cdfs - ok
00:06:26.0183 0748 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
00:06:26.0403 0748 cdrom - ok
00:06:26.0623 0748 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
00:06:27.0069 0748 CertPropSvc - ok
00:06:27.0498 0748 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
00:06:27.0714 0748 circlass - ok
00:06:27.0988 0748 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
00:06:28.0200 0748 CLFS - ok
00:06:29.0789 0748 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:06:30.0337 0748 clr_optimization_v2.0.50727_32 - ok
00:06:31.0721 0748 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
00:06:32.0197 0748 clr_optimization_v2.0.50727_64 - ok
00:06:34.0831 0748 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:06:35.0331 0748 clr_optimization_v4.0.30319_32 - ok
00:06:36.0824 0748 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
00:06:37.0006 0748 clr_optimization_v4.0.30319_64 - ok
00:06:37.0485 0748 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
00:06:37.0700 0748 CmBatt - ok
00:06:38.0046 0748 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
00:06:38.0060 0748 cmdide - ok
00:06:38.0382 0748 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
00:06:38.0570 0748 CNG - ok
00:06:38.0983 0748 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
00:06:38.0999 0748 Compbatt - ok
00:06:39.0451 0748 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
00:06:39.0779 0748 CompositeBus - ok
00:06:39.0904 0748 COMSysApp - ok
00:06:40.0262 0748 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
00:06:40.0294 0748 crcdisk - ok
00:06:41.0136 0748 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
00:06:41.0994 0748 CryptSvc - ok
00:06:42.0415 0748 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
00:06:43.0242 0748 CSC - ok
00:06:44.0162 0748 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
00:06:44.0412 0748 CscService - ok
00:06:45.0192 0748 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
00:06:45.0566 0748 DcomLaunch - ok
00:06:45.0956 0748 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
00:06:46.0284 0748 defragsvc - ok
00:06:47.0017 0748 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
00:06:47.0142 0748 DfsC - ok
00:06:47.0626 0748 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
00:06:48.0218 0748 Dhcp - ok
00:06:48.0780 0748 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
00:06:49.0139 0748 discache - ok
00:06:49.0435 0748 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
00:06:49.0466 0748 Disk - ok
00:06:49.0872 0748 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
00:06:50.0309 0748 Dnscache - ok
00:06:50.0730 0748 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
00:06:50.0933 0748 dot3svc - ok
00:06:51.0354 0748 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
00:06:51.0619 0748 DPS - ok
00:06:51.0931 0748 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
00:06:52.0290 0748 drmkaud - ok
00:06:53.0132 0748 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
00:06:53.0179 0748 DXGKrnl - ok
00:06:53.0632 0748 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
00:06:53.0944 0748 EapHost - ok
00:06:55.0426 0748 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
00:06:55.0738 0748 ebdrv - ok
00:06:55.0909 0748 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
00:06:56.0549 0748 EFS - ok
00:06:57.0235 0748 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
00:06:57.0797 0748 ehRecvr - ok
00:06:58.0093 0748 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
00:06:58.0655 0748 ehSched - ok
00:06:58.0951 0748 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
00:06:59.0138 0748 elxstor - ok
00:06:59.0310 0748 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
00:06:59.0544 0748 ErrDev - ok
00:06:59.0794 0748 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
00:07:00.0262 0748 EventSystem - ok
00:07:00.0714 0748 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
00:07:01.0213 0748 exfat - ok
00:07:01.0354 0748 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
00:07:01.0541 0748 fastfat - ok
00:07:02.0165 0748 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
00:07:02.0586 0748 Fax - ok
00:07:02.0851 0748 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
00:07:03.0007 0748 fdc - ok
00:07:03.0460 0748 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
00:07:03.0756 0748 fdPHost - ok
00:07:03.0896 0748 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
00:07:04.0130 0748 FDResPub - ok
00:07:04.0271 0748 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
00:07:04.0302 0748 FileInfo - ok
00:07:04.0349 0748 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
00:07:04.0396 0748 Filetrace - ok
00:07:05.0066 0748 [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
00:07:05.0238 0748 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
00:07:05.0238 0748 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
00:07:05.0612 0748 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
00:07:05.0831 0748 flpydisk - ok
00:07:06.0456 0748 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
00:07:06.0627 0748 FltMgr - ok
00:07:07.0376 0748 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
00:07:07.0782 0748 FontCache - ok
00:07:08.0250 0748 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
00:07:08.0390 0748 FontCache3.0.0.0 - ok
00:07:08.0718 0748 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
00:07:08.0749 0748 FsDepends - ok
00:07:08.0936 0748 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
00:07:08.0967 0748 Fs_Rec - ok
00:07:09.0498 0748 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
00:07:09.0607 0748 fvevol - ok
00:07:09.0841 0748 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
00:07:09.0981 0748 gagp30kx - ok
00:07:10.0418 0748 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
00:07:10.0434 0748 GEARAspiWDM - ok
00:07:10.0980 0748 [ A4198F2BD8AA592CB90476277A81B5E1 ] ggflt C:\Windows\system32\DRIVERS\ggflt.sys
00:07:11.0214 0748 ggflt - ok
00:07:11.0651 0748 [ D266350BDAAB9EB6C1AEC370EEAAFF3A ] ggsemc C:\Windows\system32\DRIVERS\ggsemc.sys
00:07:11.0760 0748 ggsemc - ok
00:07:12.0103 0748 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
00:07:12.0384 0748 gpsvc - ok
00:07:13.0133 0748 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
00:07:13.0164 0748 gusvc - ok
00:07:13.0367 0748 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
00:07:13.0803 0748 hcw85cir - ok
00:07:14.0443 0748 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
00:07:14.0615 0748 HdAudAddService - ok
00:07:15.0005 0748 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
00:07:15.0083 0748 HDAudBus - ok
00:07:15.0379 0748 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
00:07:15.0597 0748 HidBatt - ok
00:07:15.0925 0748 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
00:07:16.0019 0748 HidBth - ok
00:07:16.0362 0748 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
00:07:16.0799 0748 HidIr - ok
00:07:17.0001 0748 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
00:07:17.0173 0748 hidserv - ok
00:07:17.0610 0748 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
00:07:17.0657 0748 HidUsb - ok
00:07:17.0937 0748 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
00:07:18.0421 0748 hkmsvc - ok
00:07:18.0842 0748 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
00:07:19.0310 0748 HomeGroupListener - ok
00:07:19.0560 0748 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
00:07:19.0763 0748 HomeGroupProvider - ok
00:07:19.0934 0748 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
00:07:20.0075 0748 HpSAMD - ok
00:07:20.0667 0748 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
00:07:20.0901 0748 HTTP - ok
00:07:21.0026 0748 hwdatacard - ok
00:07:21.0276 0748 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
00:07:21.0369 0748 hwpolicy - ok
00:07:21.0869 0748 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
00:07:21.0900 0748 i8042prt - ok
00:07:22.0305 0748 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
00:07:22.0352 0748 iaStorV - ok
00:07:23.0124 0748 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
00:07:23.0327 0748 idsvc - ok
00:07:23.0576 0748 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
00:07:23.0607 0748 iirsp - ok
00:07:24.0200 0748 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
00:07:24.0824 0748 IKEEXT - ok
00:07:25.0027 0748 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
00:07:25.0058 0748 intelide - ok
00:07:25.0386 0748 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
00:07:25.0573 0748 intelppm - ok
00:07:25.0823 0748 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
00:07:25.0979 0748 IPBusEnum - ok
00:07:26.0306 0748 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:07:26.0478 0748 IpFilterDriver - ok
00:07:26.0805 0748 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
00:07:26.0977 0748 iphlpsvc - ok
00:07:27.0289 0748 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
00:07:27.0398 0748 IPMIDRV - ok
00:07:27.0492 0748 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
00:07:27.0819 0748 IPNAT - ok
00:07:29.0365 0748 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
00:07:30.0239 0748 iPod Service - ok
00:07:30.0691 0748 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
00:07:31.0830 0748 IRENUM - ok
00:07:32.0095 0748 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
00:07:32.0111 0748 isapnp - ok
00:07:32.0454 0748 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
00:07:32.0485 0748 iScsiPrt - ok
00:07:32.0953 0748 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
00:07:32.0969 0748 kbdclass - ok
00:07:33.0312 0748 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
00:07:33.0499 0748 kbdhid - ok
00:07:33.0608 0748 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
00:07:33.0655 0748 KeyIso - ok
00:07:34.0029 0748 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
00:07:34.0061 0748 KSecDD - ok
00:07:34.0373 0748 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
00:07:34.0419 0748 KSecPkg - ok
00:07:34.0794 0748 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
00:07:35.0028 0748 ksthunk - ok
00:07:35.0371 0748 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
00:07:35.0761 0748 KtmRm - ok
00:07:36.0479 0748 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
00:07:36.0822 0748 LanmanServer - ok
00:07:37.0118 0748 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
00:07:37.0368 0748 LanmanWorkstation - ok
00:07:37.0914 0748 [ 156AB2E56DC3CA0B582E3362E07CDED7 ] lirsgt C:\Windows\system32\DRIVERS\lirsgt.sys
00:07:54.0500 0748 lirsgt - ok
00:07:55.0214 0748 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
00:07:55.0473 0748 lltdio - ok
00:07:55.0719 0748 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
00:07:55.0778 0748 lltdsvc - ok
00:07:55.0880 0748 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
00:07:56.0027 0748 lmhosts - ok
00:07:56.0211 0748 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
00:07:56.0232 0748 LSI_FC - ok
00:07:56.0663 0748 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
00:07:56.0678 0748 LSI_SAS - ok
00:07:56.0874 0748 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
00:07:56.0889 0748 LSI_SAS2 - ok
00:07:57.0063 0748 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
00:07:57.0078 0748 LSI_SCSI - ok
00:07:57.0340 0748 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
00:07:57.0485 0748 luafv - ok
00:07:57.0971 0748 [ D33E2B74CF8B3A652BF0A9FBD068E87A ] ManyCam C:\Windows\system32\DRIVERS\ManyCam_x64.sys
00:07:58.0247 0748 ManyCam - ok
00:07:58.0897 0748 [ B5E86524918EF32B32D1032E0C8E92A3 ] massfilter C:\Windows\system32\DRIVERS\massfilter.sys
00:07:59.0059 0748 massfilter - ok
00:07:59.0158 0748 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
00:07:59.0343 0748 Mcx2Svc - ok
00:07:59.0555 0748 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
00:07:59.0583 0748 megasas - ok
00:07:59.0817 0748 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
00:07:59.0923 0748 MegaSR - ok
00:08:00.0777 0748 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
00:08:00.0794 0748 Microsoft Office Groove Audit Service - ok
00:08:00.0979 0748 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
00:08:01.0247 0748 MMCSS - ok
00:08:01.0418 0748 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
00:08:01.0543 0748 Modem - ok
00:08:01.0754 0748 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
00:08:02.0328 0748 monitor - ok
00:08:02.0875 0748 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
00:08:02.0909 0748 mouclass - ok
00:08:03.0125 0748 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
00:08:03.0273 0748 mouhid - ok
00:08:03.0374 0748 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
00:08:03.0480 0748 mountmgr - ok
00:08:04.0177 0748 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
00:08:04.0190 0748 MozillaMaintenance - ok
00:08:04.0530 0748 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
00:08:04.0562 0748 mpio - ok
00:08:04.0808 0748 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
00:08:04.0864 0748 mpsdrv - ok
00:08:05.0114 0748 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
00:08:05.0242 0748 MpsSvc - ok
00:08:05.0515 0748 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
00:08:05.0555 0748 MRxDAV - ok
00:08:05.0903 0748 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
00:08:06.0115 0748 mrxsmb - ok
00:08:06.0432 0748 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:08:06.0763 0748 mrxsmb10 - ok
00:08:07.0023 0748 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:08:07.0053 0748 mrxsmb20 - ok
00:08:07.0248 0748 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
00:08:07.0262 0748 msahci - ok
00:08:07.0436 0748 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
00:08:07.0471 0748 msdsm - ok
00:08:07.0624 0748 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
00:08:07.0850 0748 MSDTC - ok
00:08:08.0808 0748 [ 0C02096E686E9EB2A3D37DFF9B42D946 ] MsDtsServer100 C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe
00:08:08.0824 0748 MsDtsServer100 - ok
00:08:09.0079 0748 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
00:08:09.0124 0748 Msfs - ok
00:08:09.0152 0748 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
00:08:09.0313 0748 mshidkmdf - ok
00:08:09.0424 0748 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
00:08:09.0452 0748 msisadrv - ok
00:08:09.0820 0748 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
00:08:09.0989 0748 MSiSCSI - ok
00:08:09.0997 0748 msiserver - ok
00:08:10.0181 0748 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
00:08:10.0442 0748 MSKSSRV - ok
00:08:11.0134 0748 MSOLAP$TEST - ok
00:08:11.0300 0748 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
00:08:11.0512 0748 MSPCLOCK - ok
00:08:11.0749 0748 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
00:08:11.0897 0748 MSPQM - ok
00:08:12.0148 0748 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
00:08:12.0267 0748 MsRPC - ok
00:08:12.0649 0748 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
00:08:12.0663 0748 mssmbios - ok
00:08:13.0994 0748 MSSQL$TEST - ok
00:08:14.0228 0748 [ 6286605FE7C87DDC628E3CE41A15FFA6 ] MSSQLFDLauncher$TEST C:\Program Files\Microsoft SQL Server\MSSQL10.TEST\MSSQL\Binn\fdlauncher.exe
00:08:14.0322 0748 MSSQLFDLauncher$TEST - ok
00:08:15.0008 0748 [ 7A2A8C975356858EB38466A6B1592E8D ] MSSQLServerADHelper100 C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
00:08:15.0149 0748 MSSQLServerADHelper100 - ok
00:08:15.0445 0748 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
00:08:15.0695 0748 MSTEE - ok
00:08:15.0742 0748 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
00:08:15.0866 0748 MTConfig - ok
00:08:16.0054 0748 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
00:08:16.0069 0748 Mup - ok
00:08:16.0490 0748 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
00:08:16.0709 0748 napagent - ok
00:08:17.0286 0748 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
00:08:17.0489 0748 NativeWifiP - ok
00:08:17.0910 0748 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
00:08:17.0957 0748 NDIS - ok
00:08:18.0004 0748 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
00:08:18.0238 0748 NdisCap - ok
00:08:18.0425 0748 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
00:08:18.0721 0748 NdisTapi - ok
00:08:19.0158 0748 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
00:08:19.0470 0748 Ndisuio - ok
00:08:19.0548 0748 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
00:08:19.0860 0748 NdisWan - ok
00:08:19.0969 0748 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
00:08:20.0078 0748 NDProxy - ok
00:08:21.0280 0748 [ 87C61A17E908AEF1C63FBAF915C0B452 ] NeroMediaHomeService.4 C:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe
00:08:21.0358 0748 NeroMediaHomeService.4 - ok
00:08:21.0763 0748 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
00:08:21.0982 0748 NetBIOS - ok
00:08:22.0184 0748 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
00:08:22.0309 0748 NetBT - ok
00:08:22.0356 0748 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
00:08:22.0481 0748 Netlogon - ok
00:08:22.0949 0748 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
00:08:22.0996 0748 Netman - ok
00:08:23.0152 0748 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
00:08:23.0354 0748 netprofm - ok
00:08:23.0542 0748 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
00:08:23.0744 0748 NetTcpPortSharing - ok
00:08:25.0492 0748 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys
00:08:25.0913 0748 netw5v64 - ok
00:08:26.0178 0748 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
00:08:26.0287 0748 nfrd960 - ok
00:08:26.0740 0748 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
00:08:26.0818 0748 NlaSvc - ok
00:08:27.0130 0748 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
00:08:27.0270 0748 Npfs - ok
00:08:27.0473 0748 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
00:08:27.0738 0748 nsi - ok
00:08:27.0832 0748 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
00:08:28.0112 0748 nsiproxy - ok
00:08:28.0970 0748 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
00:08:29.0033 0748 Ntfs - ok
00:08:29.0314 0748 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
00:08:29.0532 0748 Null - ok
00:08:32.0839 0748 [ B15258B1F45F9571758AC6BB2F043B01 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
00:08:33.0557 0748 nvlddmkm - ok
00:08:33.0900 0748 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
00:08:33.0931 0748 nvraid - ok
00:08:34.0196 0748 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
00:08:34.0228 0748 nvstor - ok
00:08:35.0070 0748 [ 2D7092FEC9BD2ACA199673BBA2BA9277 ] nvsvc C:\Windows\system32\nvvsvc.exe
00:08:35.0273 0748 nvsvc - ok
00:08:35.0897 0748 [ 7E22DE30E222BFDFCEC7E77032BAF3CD ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
00:08:36.0100 0748 nvUpdatusService - ok
00:08:36.0365 0748 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
00:08:36.0380 0748 nv_agp - ok
00:08:36.0708 0748 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
00:08:36.0864 0748 odserv - ok
00:08:36.0973 0748 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
00:08:37.0004 0748 ohci1394 - ok
00:08:37.0051 0748 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:08:37.0067 0748 ose - ok
00:08:37.0441 0748 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
00:08:37.0753 0748 p2pimsvc - ok
00:08:38.0112 0748 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
00:08:38.0237 0748 p2psvc - ok
00:08:38.0424 0748 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
00:08:38.0502 0748 Parport - ok
00:08:38.0689 0748 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
00:08:38.0783 0748 partmgr - ok
00:08:39.0048 0748 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
00:08:39.0329 0748 PcaSvc - ok
00:08:39.0578 0748 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
00:08:39.0672 0748 pci - ok
00:08:40.0031 0748 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
00:08:40.0093 0748 pciide - ok
00:08:40.0343 0748 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
00:08:40.0468 0748 pcmcia - ok
00:08:40.0639 0748 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
00:08:40.0748 0748 pcw - ok
00:08:41.0014 0748 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
00:08:41.0201 0748 PEAUTH - ok
00:08:41.0653 0748 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
00:08:41.0996 0748 PeerDistSvc - ok
00:08:43.0790 0748 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
00:08:43.0962 0748 PerfHost - ok
00:08:44.0492 0748 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
00:08:44.0898 0748 pla - ok
00:08:45.0647 0748 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
00:08:45.0818 0748 PlugPlay - ok
00:08:45.0990 0748 PnkBstrA - ok
00:08:46.0193 0748 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
00:08:46.0302 0748 PNRPAutoReg - ok
00:08:46.0505 0748 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
00:08:46.0520 0748 PNRPsvc - ok
00:08:46.0832 0748 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
00:08:47.0004 0748 PolicyAgent - ok
00:08:47.0191 0748 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
00:08:47.0254 0748 Power - ok
00:08:47.0503 0748 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
00:08:47.0722 0748 PptpMiniport - ok
00:08:47.0846 0748 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
00:08:48.0049 0748 Processor - ok
00:08:48.0299 0748 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
00:08:48.0502 0748 ProfSvc - ok
00:08:48.0720 0748 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
00:08:48.0782 0748 ProtectedStorage - ok
00:08:49.0126 0748 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
00:08:49.0172 0748 Psched - ok
00:08:49.0750 0748 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
00:08:49.0843 0748 ql2300 - ok
00:08:50.0093 0748 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
00:08:50.0155 0748 ql40xx - ok
00:08:50.0420 0748 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
00:08:50.0545 0748 QWAVE - ok
00:08:50.0608 0748 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
00:08:50.0670 0748 QWAVEdrv - ok
00:08:51.0232 0748 [ A55E7D0D873B2C97585B3B5926AC6ADE ] RapiMgr C:\Windows\WindowsMobile\rapimgr.dll
00:08:51.0247 0748 RapiMgr - ok
00:08:51.0325 0748 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
00:08:51.0559 0748 RasAcd - ok
00:08:51.0887 0748 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
00:08:51.0980 0748 RasAgileVpn - ok
00:08:52.0214 0748 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
00:08:52.0464 0748 RasAuto - ok
00:08:52.0667 0748 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
00:08:52.0870 0748 Rasl2tp - ok
00:08:53.0228 0748 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
00:08:53.0400 0748 RasMan - ok
00:08:53.0618 0748 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
00:08:53.0868 0748 RasPppoe - ok
00:08:54.0149 0748 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
00:08:54.0320 0748 RasSstp - ok
00:08:54.0835 0748 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
00:08:55.0116 0748 rdbss - ok
00:08:55.0334 0748 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
00:08:55.0522 0748 rdpbus - ok
00:08:55.0600 0748 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
00:08:55.0771 0748 RDPCDD - ok
00:08:56.0114 0748 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
00:08:56.0426 0748 RDPDR - ok
00:08:56.0754 0748 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
00:08:56.0926 0748 RDPENCDD - ok
00:08:56.0941 0748 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
00:08:56.0988 0748 RDPREFMP - ok
00:08:57.0191 0748 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
00:08:57.0284 0748 RDPWD - ok
00:08:57.0596 0748 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
00:08:57.0643 0748 rdyboost - ok
00:08:57.0862 0748 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
00:08:58.0158 0748 RemoteAccess - ok
00:08:58.0439 0748 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
00:08:58.0626 0748 RemoteRegistry - ok
00:08:59.0390 0748 [ 54E230D1E2D0AB724A5402632784539B ] ReportServer$TEST C:\Program Files\Microsoft SQL Server\MSRS10.TEST\Reporting Services\ReportServer\bin\ReportingServicesService.exe
00:08:59.0515 0748 ReportServer$TEST - ok
00:08:59.0999 0748 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
00:09:00.0155 0748 RFCOMM - ok
00:09:00.0420 0748 [ 2A43F9E6DBDE12BC0C104785C3B3F5DF ] rismxdp C:\Windows\system32\DRIVERS\rixdpx64.sys
00:09:00.0592 0748 rismxdp - ok
00:09:00.0732 0748 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
00:09:00.0950 0748 RpcEptMapper - ok
00:09:01.0075 0748 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
00:09:01.0216 0748 RpcLocator - ok
00:09:01.0512 0748 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
00:09:01.0574 0748 RpcSs - ok
00:09:02.0105 0748 [ 21EB2B83702285594DE893734A56B008 ] RsFx0102 C:\Windows\system32\DRIVERS\RsFx0102.sys
00:09:02.0198 0748 RsFx0102 - ok
00:09:02.0495 0748 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
00:09:02.0760 0748 rspndr - ok
00:09:02.0994 0748 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
00:09:03.0306 0748 s3cap - ok
00:09:03.0337 0748 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
00:09:03.0353 0748 SamSs - ok
00:09:03.0602 0748 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
00:09:03.0712 0748 sbp2port - ok
00:09:04.0024 0748 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
00:09:04.0258 0748 SCardSvr - ok
00:09:04.0523 0748 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
00:09:04.0788 0748 scfilter - ok
00:09:05.0287 0748 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
00:09:05.0381 0748 Schedule - ok
00:09:05.0552 0748 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
00:09:05.0693 0748 SCPolicySvc - ok
00:09:05.0880 0748 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
00:09:06.0052 0748 sdbus - ok
00:09:06.0223 0748 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
00:09:06.0691 0748 SDRSVC - ok
00:09:06.0941 0748 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
00:09:07.0097 0748 secdrv - ok
00:09:07.0315 0748 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
00:09:07.0534 0748 seclogon - ok
00:09:08.0314 0748 [ EDE7A1D2715AAC2190D51DC07AFD44E3 ] seehcri C:\Windows\system32\DRIVERS\seehcri.sys
00:09:08.0735 0748 seehcri - ok
00:09:09.0094 0748 [ EBE15FC8524C8AAD53F7C17FD37C5DFE ] sef3x1 C:\Windows\system32\DRIVERS\sef3x1.sys
00:09:09.0281 0748 sef3x1 - ok
00:09:09.0562 0748 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
00:09:09.0889 0748 SENS - ok
00:09:10.0092 0748 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
00:09:10.0326 0748 SensrSvc - ok
00:09:10.0435 0748 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
00:09:10.0577 0748 Serenum - ok
00:09:10.0701 0748 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
00:09:10.0904 0748 Serial - ok
00:09:11.0107 0748 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
00:09:11.0138 0748 sermouse - ok
00:09:11.0435 0748 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
00:09:11.0575 0748 SessionEnv - ok
00:09:11.0731 0748 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
00:09:11.0840 0748 sffdisk - ok
00:09:11.0996 0748 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
00:09:12.0230 0748 sffp_mmc - ok
00:09:12.0573 0748 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
00:09:12.0995 0748 sffp_sd - ok
00:09:13.0322 0748 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
00:09:13.0463 0748 sfloppy - ok
00:09:13.0926 0748 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
00:09:14.0258 0748 SharedAccess - ok
00:09:14.0723 0748 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
00:09:15.0038 0748 ShellHWDetection - ok
00:09:15.0123 0748 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
00:09:15.0192 0748 SiSRaid2 - ok
00:09:15.0234 0748 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
00:09:15.0303 0748 SiSRaid4 - ok
00:09:15.0754 0748 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
00:09:15.0776 0748 SkypeUpdate - ok
00:09:16.0091 0748 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
00:09:16.0399 0748 Smb - ok
00:09:16.0682 0748 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
00:09:17.0103 0748 SNMPTRAP - ok
00:09:17.0247 0748 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
00:09:17.0285 0748 spldr - ok
00:09:17.0630 0748 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
00:09:17.0983 0748 Spooler - ok
00:09:19.0763 0748 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
00:09:20.0176 0748 sppsvc - ok
00:09:20.0378 0748 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
00:09:20.0669 0748 sppuinotify - ok
00:09:20.0756 0748 sptd - ok
00:09:21.0858 0748 [ 95F9538A05857307E73348AEAE00C1E0 ] SQLAgent$TEST C:\Program Files\Microsoft SQL Server\MSSQL10.TEST\MSSQL\Binn\SQLAGENT.EXE
00:09:21.0902 0748 SQLAgent$TEST - ok
00:09:22.0228 0748 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
00:09:22.0497 0748 srv - ok
00:09:22.0696 0748 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
00:09:22.0952 0748 srv2 - ok
00:09:23.0322 0748 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
00:09:23.0477 0748 SrvHsfHDA - ok
00:09:23.0936 0748 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
00:09:24.0187 0748 SrvHsfV92 - ok
00:09:24.0520 0748 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
00:09:24.0633 0748 SrvHsfWinac - ok
00:09:24.0806 0748 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
00:09:24.0867 0748 srvnet - ok
00:09:25.0161 0748 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
00:09:25.0282 0748 SSDPSRV - ok
00:09:25.0305 0748 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
00:09:25.0411 0748 SstpSvc - ok
00:09:25.0756 0748 StarOpen - ok
00:09:25.0908 0748 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
00:09:25.0954 0748 stexstor - ok
00:09:26.0171 0748 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
00:09:26.0429 0748 stisvc - ok
00:09:27.0047 0748 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
00:09:27.0124 0748 storflt - ok
00:09:27.0230 0748 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
00:09:27.0400 0748 StorSvc - ok
00:09:27.0482 0748 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
00:09:27.0610 0748 storvsc - ok
00:09:27.0812 0748 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
00:09:27.0897 0748 swenum - ok
00:09:28.0115 0748 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
00:09:28.0228 0748 swprv - ok
00:09:28.0496 0748 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
00:09:28.0679 0748 SysMain - ok
00:09:28.0773 0748 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
00:09:28.0883 0748 TabletInputService - ok
00:09:29.0091 0748 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
00:09:29.0359 0748 TapiSrv - ok
00:09:29.0540 0748 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
00:09:29.0733 0748 TBS - ok
00:09:30.0690 0748 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
00:09:30.0824 0748 Tcpip - ok
00:09:31.0244 0748 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
00:09:31.0310 0748 TCPIP6 - ok
00:09:31.0484 0748 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
00:09:31.0654 0748 tcpipreg - ok
00:09:31.0884 0748 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
00:09:32.0137 0748 TDPIPE - ok
00:09:32.0370 0748 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
00:09:32.0617 0748 TDTCP - ok
00:09:32.0818 0748 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
00:09:32.0941 0748 tdx - ok
00:09:33.0073 0748 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
00:09:33.0151 0748 TermDD - ok
00:09:33.0486 0748 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
00:09:33.0771 0748 TermService - ok
00:09:33.0903 0748 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
00:09:34.0089 0748 Themes - ok
00:09:34.0190 0748 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
00:09:34.0234 0748 THREADORDER - ok
00:09:34.0487 0748 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
00:09:34.0878 0748 TrkWks - ok
00:09:35.0571 0748 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
00:09:35.0811 0748 TrustedInstaller - ok
00:09:35.0851 0748 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
00:09:35.0951 0748 tssecsrv - ok
00:09:36.0501 0748 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
00:09:36.0753 0748 TsUsbFlt - ok
00:09:37.0525 0748 [ 5002A4407FA278AB2013C587AFB1F23A ] TuneUp.Defrag C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe
00:09:37.0675 0748 TuneUp.Defrag - ok
00:09:38.0157 0748 [ 45E8F5491C212512258A23015A24EE1D ] TuneUp.UtilitiesSvc C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe
00:09:38.0277 0748 TuneUp.UtilitiesSvc - ok
00:09:38.0459 0748 [ DCC94C51D27C7EC0DADECA8F64C94FCF ] TuneUpUtilitiesDrv C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys
00:09:38.0713 0748 TuneUpUtilitiesDrv - ok
00:09:39.0075 0748 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
00:09:39.0265 0748 tunnel - ok
00:09:39.0385 0748 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
00:09:39.0460 0748 uagp35 - ok
00:09:39.0827 0748 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
00:09:39.0991 0748 udfs - ok
00:09:40.0158 0748 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
00:09:40.0383 0748 UI0Detect - ok
00:09:40.0647 0748 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
00:09:40.0727 0748 uliagpkx - ok
00:09:40.0854 0748 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
00:09:40.0983 0748 umbus - ok
00:09:41.0070 0748 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
00:09:41.0175 0748 UmPass - ok
00:09:41.0365 0748 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
00:09:41.0527 0748 UmRdpService - ok
00:09:41.0804 0748 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
00:09:41.0903 0748 upnphost - ok
00:09:42.0117 0748 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
00:09:42.0235 0748 USBAAPL64 - ok
00:09:42.0357 0748 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
00:09:42.0590 0748 usbccgp - ok
00:09:42.0777 0748 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
00:09:42.0891 0748 usbcir - ok
00:09:43.0033 0748 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
00:09:43.0126 0748 usbehci - ok
00:09:43.0383 0748 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\drivers\usbhub.sys
00:09:43.0466 0748 usbhub - ok
00:09:43.0560 0748 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
00:09:43.0612 0748 usbohci - ok
00:09:43.0637 0748 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
00:09:43.0732 0748 usbprint - ok
00:09:43.0862 0748 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
00:09:43.0997 0748 usbscan - ok
00:09:44.0029 0748 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:09:44.0203 0748 USBSTOR - ok
00:09:44.0862 0748 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
00:09:44.0976 0748 usbuhci - ok
00:09:45.0344 0748 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
00:09:45.0435 0748 usbvideo - ok
00:09:45.0664 0748 [ 70D05EE263568A742D14E1876DF80532 ] usb_rndisx C:\Windows\system32\drivers\usb8023x.sys
00:09:45.0795 0748 usb_rndisx - ok
00:09:45.0879 0748 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
00:09:46.0027 0748 UxSms - ok
00:09:46.0226 0748 [ CD3417F526E60B7CF2E77C513F70FEF5 ] UxTuneUp C:\Windows\System32\uxtuneup.dll
00:09:46.0494 0748 UxTuneUp - ok
00:09:46.0525 0748 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
00:09:46.0552 0748 VaultSvc - ok
00:09:46.0759 0748 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
00:09:46.0827 0748 vdrvroot - ok
00:09:46.0983 0748 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
00:09:47.0221 0748 vds - ok
00:09:47.0316 0748 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
00:09:47.0396 0748 vga - ok
00:09:47.0474 0748 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
00:09:47.0613 0748 VgaSave - ok
00:09:47.0835 0748 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
00:09:47.0863 0748 vhdmp - ok
00:09:47.0977 0748 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
00:09:48.0018 0748 viaide - ok
00:09:48.0078 0748 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
00:09:48.0100 0748 vmbus - ok
00:09:48.0180 0748 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
00:09:48.0279 0748 VMBusHID - ok
00:09:48.0389 0748 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
00:09:48.0432 0748 volmgr - ok
00:09:48.0584 0748 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
00:09:48.0642 0748 volmgrx - ok
00:09:48.0793 0748 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
00:09:48.0821 0748 volsnap - ok
00:09:49.0005 0748 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
00:09:49.0026 0748 vsmraid - ok
00:09:49.0418 0748 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
00:09:49.0664 0748 VSS - ok
00:09:49.0748 0748 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
00:09:49.0896 0748 vwifibus - ok
00:09:50.0131 0748 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
00:09:50.0220 0748 W32Time - ok
00:09:50.0429 0748 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
00:09:50.0613 0748 WacomPen - ok
00:09:50.0756 0748 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
00:09:50.0900 0748 WANARP - ok
00:09:50.0933 0748 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
00:09:51.0027 0748 Wanarpv6 - ok
00:09:51.0855 0748 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
00:09:52.0034 0748 WatAdminSvc - ok
00:09:53.0005 0748 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
00:09:53.0366 0748 wbengine - ok
00:09:53.0604 0748 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
00:09:53.0729 0748 WbioSrvc - ok
00:09:54.0018 0748 [ 8BDA6DB43AA54E8BB5E0794541DDC209 ] WcesComm C:\Windows\WindowsMobile\wcescomm.dll
00:09:54.0120 0748 WcesComm - ok
00:09:54.0330 0748 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
00:09:54.0444 0748 wcncsvc - ok
00:09:54.0538 0748 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
00:09:54.0801 0748 WcsPlugInService - ok
00:09:54.0887 0748 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
00:09:54.0985 0748 Wd - ok
00:09:55.0106 0748 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
00:09:55.0169 0748 Wdf01000 - ok
00:09:55.0220 0748 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
00:09:56.0012 0748 WdiServiceHost - ok
00:09:56.0092 0748 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
00:09:56.0149 0748 WdiSystemHost - ok
00:09:56.0310 0748 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
00:09:56.0470 0748 WebClient - ok
00:09:56.0681 0748 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
00:09:56.0880 0748 Wecsvc - ok
00:09:56.0947 0748 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
00:09:57.0066 0748 wercplsupport - ok
00:09:57.0162 0748 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
00:09:57.0425 0748 WerSvc - ok
00:09:57.0521 0748 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
00:09:57.0580 0748 WfpLwf - ok
00:09:57.0636 0748 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
00:09:57.0655 0748 WIMMount - ok
00:09:57.0829 0748 [ 54D68B92DC59FBBA95919C804A7C3E07 ] winbondcir C:\Windows\system32\DRIVERS\winbondcir.sys
00:09:58.0015 0748 winbondcir - ok
00:09:58.0095 0748 WinDefend - ok
00:09:58.0103 0748 WinHttpAutoProxySvc - ok
00:09:58.0425 0748 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
00:09:58.0487 0748 Winmgmt - ok
00:09:59.0037 0748 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
00:09:59.0208 0748 WinRM - ok
00:09:59.0474 0748 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
00:09:59.0550 0748 WinUsb - ok
00:09:59.0930 0748 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
00:10:00.0150 0748 Wlansvc - ok
00:10:00.0459 0748 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
00:10:00.0546 0748 WmiAcpi - ok
00:10:00.0717 0748 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
00:10:00.0867 0748 wmiApSrv - ok
00:10:01.0025 0748 WMPNetworkSvc - ok
00:10:01.0178 0748 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
00:10:01.0233 0748 WPCSvc - ok
00:10:01.0403 0748 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
00:10:01.0465 0748 WPDBusEnum - ok
00:10:01.0601 0748 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
00:10:01.0852 0748 ws2ifsl - ok
00:10:01.0891 0748 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
00:10:02.0052 0748 wscsvc - ok
00:10:02.0057 0748 WSearch - ok
00:10:02.0717 0748 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
00:10:02.0828 0748 wuauserv - ok
00:10:02.0983 0748 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
00:10:03.0389 0748 WudfPf - ok
00:10:03.0742 0748 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
00:10:03.0958 0748 WUDFRd - ok
00:10:04.0141 0748 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
00:10:04.0248 0748 wudfsvc - ok
00:10:04.0378 0748 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
00:10:04.0688 0748 WwanSvc - ok
00:10:04.0942 0748 [ 31DB70A61814E4F33181D48190D46845 ] ZTEusbmdm6k C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
00:10:05.0099 0748 ZTEusbmdm6k - ok
00:10:05.0334 0748 [ 01CBEEA25AA78C0F0272654048D61F34 ] ZTEusbnet C:\Windows\system32\DRIVERS\ZTEusbnet.sys
00:10:05.0445 0748 ZTEusbnet - ok
00:10:05.0840 0748 [ C9ADA887BF326D8413E81FE80B1BE7EB ] ZTEusbnmea C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
00:10:05.0892 0748 ZTEusbnmea - ok
00:10:06.0201 0748 [ 31DB70A61814E4F33181D48190D46845 ] ZTEusbser6k C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
00:10:06.0222 0748 ZTEusbser6k - ok
00:10:06.0328 0748 [ C9ADA887BF326D8413E81FE80B1BE7EB ] ZTEusbvoice C:\Windows\system32\DRIVERS\ZTEusbvoice.sys
00:10:06.0347 0748 ZTEusbvoice - ok
00:10:06.0514 0748 ================ Scan global ===============================
00:10:06.0667 0748 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
00:10:06.0959 0748 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
00:10:07.0059 0748 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
00:10:07.0151 0748 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
00:10:07.0425 0748 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
00:10:07.0436 0748 [Global] - ok
00:10:07.0442 0748 ================ Scan MBR ==================================
00:10:07.0480 0748 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
00:10:35.0164 0748 \Device\Harddisk0\DR0 - ok
00:10:35.0204 0748 [ 671B81004FDD1588FA9ED1331C9CECA9 ] \Device\Harddisk1\DR1
00:10:36.0318 0748 \Device\Harddisk1\DR1 - ok
00:10:36.0319 0748 ================ Scan VBR ==================================
00:10:36.0461 0748 [ 1D381A9291FCEAFAA9DBF818B0F61F5D ] \Device\Harddisk0\DR0\Partition1
00:10:36.0543 0748 \Device\Harddisk0\DR0\Partition1 - ok
00:10:36.0606 0748 [ AFA53FD5AA6795DCF66A0202BB54C86E ] \Device\Harddisk0\DR0\Partition2
00:10:36.0692 0748 \Device\Harddisk0\DR0\Partition2 - ok
00:10:36.0708 0748 [ 7A5C778E7148ED1133C7428C25AD5345 ] \Device\Harddisk1\DR1\Partition1
00:10:36.0730 0748 \Device\Harddisk1\DR1\Partition1 - ok
00:10:36.0730 0748 ============================================================
00:10:36.0730 0748 Scan finished
00:10:36.0730 0748 ============================================================
00:10:36.0767 3624 Detected object count: 1
00:10:36.0767 3624 Actual detected object count: 1
00:11:05.0363 3624 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
00:11:05.0363 3624 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
Fehler Bluescreen) Code:
ATTFilter Problemsignatur:
Problemereignisname: BlueScreen
Betriebsystemversion: 6.1.7601.2.1.0.256.48
Gebietsschema-ID: 1031
Zusatzinformationen zum Problem:
BCCode: 109
BCP1: A3A039D898771773
BCP2: B3B7465EEAF552C9
BCP3: FFFFF80004451080
BCP4: 0000000000000002
OS Version: 6_1_7601
Service Pack: 1_0
Product: 256_1
Dateien, die bei der Beschreibung des Problems hilfreich sind:
C:\Windows\Minidump\030807-22152-01.dmp
C:\Users\Patrick\AppData\Local\Temp\WER-154737-0.sysdata.xml
Lesen Sie unsere Datenschutzbestimmungen online:
hxxp://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0407
Wenn die Onlinedatenschutzbestimmungen nicht verfügbar sind, lesen Sie unsere Datenschutzbestimmungen offline:
C:\Windows\system32\de-DE\erofflps.txt
Update: Seit ich die ganzen Scans durchlaufen lassen habe, startet mein Laptop generell nicht mehr neu (erst nach einmal kurz zuklappen). Uhrzeit ändert sich jetzt immer auf 00:00 und 8.3.2007 wodurch viele Websiten nicht korrekt dargestellt werden (SSL-Zertifikat). Es wird immer schlimmer |
|
29.10.2012, 09:27
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Skriptfehler beim anschließen der externen FestplatteCode:
ATTFilter 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
FLEXnet Licensing Service
__________________ --> Skriptfehler beim anschließen der externen Festplatte |
|
29.10.2012, 17:20
| #7 |
| | Skriptfehler beim anschließen der externen Festplatte nein, ist mein privater laptop. Ich habe jedoch eine Windows-7-Lizenz auf dem Laptop, die ich in der Uni kostenlos erwerben konnte (MSDNAA), damit hängt es evtl. zusammen? |
|
31.10.2012, 14:50
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Skriptfehler beim anschließen der externen Festplatte Ok dann ist das ok, weil wir normalerweise Büro-PCs nicht bereinigen Bist du dir sicher, dass die externe Platte angeschlossen war, als du das OTL-Log angeschlossen hattest? Ich seh da nämlich nur Laufwerke D und E: Code:
ATTFilter Drive C: | 69,77 Gb Total Space | 6,47 Gb Free Space | 9,27% Space Free | Partition Type: NTFS
Drive D: | 66,27 Gb Total Space | 4,66 Gb Free Space | 7,03% Space Free | Partition Type: NTFS
__________________ Logfiles bitte immer in CODE-Tags posten |
|
31.10.2012, 15:31
| #9 |
| | Skriptfehler beim anschließen der externen Festplatte komisch. habe es nochmal ausgeführt, diesmal hat es geklappt: OTL Logfile: Code:
ATTFilter OTL logfile created on: 31.10.2012 15:14:19 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Patrick\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 0,88 Gb Available Physical Memory | 44,27% Memory free 4,00 Gb Paging File | 2,45 Gb Available in Paging File | 61,38% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 69,77 Gb Total Space | 10,92 Gb Free Space | 15,65% Space Free | Partition Type: NTFS Drive D: | 66,27 Gb Total Space | 17,92 Gb Free Space | 27,05% Space Free | Partition Type: NTFS Drive G: | 1397,26 Gb Total Space | 419,99 Gb Free Space | 30,06% Space Free | Partition Type: NTFS Computer Name: PATRICK-PC | User Name: Patrick | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Patrick\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe (Adobe Systems, Inc.) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Trillian Astra\trillian.exe (Cerulean Studios) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero AG) PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll () MOD - C:\Program Files (x86)\Trillian Astra\libspeex.dll () MOD - C:\Program Files (x86)\Trillian Astra\libungif.dll () MOD - C:\Program Files (x86)\Trillian Astra\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL () MOD - C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll () MOD - C:\Program Files (x86)\Microsoft Office\Office12\OUTLCTL.DLL () MOD - c:\users\patrick\appdata\roaming\trillian\languages\de\buddy.dll () MOD - c:\users\patrick\appdata\roaming\trillian\languages\de\talk.dll () MOD - c:\users\patrick\appdata\roaming\trillian\languages\de\events.dll () MOD - c:\users\patrick\appdata\roaming\trillian\languages\de\toolkit.dll () MOD - c:\users\patrick\appdata\roaming\trillian\languages\de\trillian.dll () MOD - C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\ColleagueImport.dll () ========== Services (SafeList) ========== SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (NeroMediaHomeService.4) -- C:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero AG) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (TuneUp.Defrag) -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software) SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe (TuneUp Software) SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (MSSQL$TEST) -- C:\Programme\Microsoft SQL Server\MSSQL10.TEST\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) SRV - (SQLAgent$TEST) -- C:\Programme\Microsoft SQL Server\MSSQL10.TEST\MSSQL\Binn\SQLAGENT.EXE (Microsoft Corporation) SRV - (MSSQLServerADHelper100) -- C:\Programme\Microsoft SQL Server\100\Shared\sqladhlp.exe (Microsoft Corporation) SRV - (ReportServer$TEST) -- C:\Programme\Microsoft SQL Server\MSRS10.TEST\Reporting Services\ReportServer\bin\ReportingServicesService.exe (Microsoft Corporation) SRV - (MSOLAP$TEST) -- C:\Programme\Microsoft SQL Server\MSAS10.TEST\OLAP\bin\msmdsrv.exe (Microsoft Corporation) SRV - (MsDtsServer100) -- C:\Programme\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe (Microsoft Corporation) SRV - (MSSQLFDLauncher$TEST) -- C:\Programme\Microsoft SQL Server\MSSQL10.TEST\MSSQL\Binn\fdlauncher.exe (Microsoft Corporation) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys () DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys () DRV:64bit: - (sef3x1) -- C:\Windows\SysNative\drivers\sef3x1.sys (Sony Ericsson Mobile Communications) DRV:64bit: - (seehcri) -- C:\Windows\SysNative\drivers\seehcri.sys (Sony Ericsson Mobile Communications) DRV:64bit: - (ggsemc) -- C:\Windows\SysNative\drivers\ggsemc.sys (Sony Ericsson Mobile Communications) DRV:64bit: - (ggflt) -- C:\Windows\SysNative\drivers\ggflt.sys (Sony Ericsson Mobile Communications) DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys.vir (Duplex Secure Ltd.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation) DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.) DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (ZTEusbnet) -- C:\Windows\SysNative\drivers\ZTEusbnet.sys (ZTE Corporation) DRV:64bit: - (ZTEusbvoice) -- C:\Windows\SysNative\drivers\zteusbvoice.sys (ZTE Incorporated) DRV:64bit: - (ZTEusbnmea) -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys (ZTE Incorporated) DRV:64bit: - (ZTEusbser6k) -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys (ZTE Incorporated) DRV:64bit: - (ZTEusbmdm6k) -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys (ZTE Incorporated) DRV:64bit: - (massfilter) -- C:\Windows\SysNative\drivers\massfilter.sys (ZTE Incorporated) DRV:64bit: - (RsFx0102) -- C:\Windows\SysNative\drivers\RsFx0102.sys (Microsoft Corporation) DRV:64bit: - (ManyCam) -- C:\Windows\SysNative\drivers\ManyCam_x64.sys (ManyCam LLC.) DRV:64bit: - (winbondcir) -- C:\Windows\SysNative\drivers\winbondcir.sys (Winbond Electronics Corporation) DRV:64bit: - (rismxdp) -- C:\Windows\SysNative\drivers\rixdpx64.sys (REDC) DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys (TuneUp Software) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1868758852-272549566-3515360311-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.claro-search.com/?affID=114164&tt=3012_7&babsrc=HP_iclro&mntrId=5ef67d920000000000000013e8671f4b IE - HKU\S-1-5-21-1868758852-272549566-3515360311-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = IE - HKU\S-1-5-21-1868758852-272549566-3515360311-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = IE - HKU\S-1-5-21-1868758852-272549566-3515360311-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = IE - HKU\S-1-5-21-1868758852-272549566-3515360311-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1868758852-272549566-3515360311-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://isearch.claro-search.com/?q={searchTerms}&affID=114164&tt=3012_7&babsrc=SP_iclro&mntrId=5ef67d920000000000000013e8671f4b IE - HKU\S-1-5-21-1868758852-272549566-3515360311-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1868758852-272549566-3515360311-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local> IE - HKU\S-1-5-21-1868758852-272549566-3515360311-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=192.168.1.1:80 IE - HKU\S-1-5-21-1868758852-272549566-3515360311-1028\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@csi.business.gov.au/CsiPlugin: C:\Users\Patrick\Desktop\Steuer\bin\npCsiPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Patrick\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.02.24 22:35:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.28 17:19:35 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.28 17:19:30 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.28 17:19:35 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.28 17:19:30 | 000,000,000 | ---D | M] [2012.07.26 19:59:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Patrick\AppData\Roaming\mozilla\Extensions [2012.10.23 17:20:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Patrick\AppData\Roaming\mozilla\Firefox\Profiles\0tp2n5vx.default\extensions [2012.10.28 17:19:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012.10.28 17:19:28 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2012.10.28 17:19:34 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.04.08 12:50:05 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2012.07.14 01:45:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.07.25 17:33:12 | 000,006,531 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2012.09.12 14:23:13 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.07.14 01:45:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.07.14 01:45:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.07.14 01:45:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.07.14 01:45:07 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe (Simply Super Software) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1868758852-272549566-3515360311-1026..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1868758852-272549566-3515360311-1028..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-1868758852-272549566-3515360311-1026..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-1868758852-272549566-3515360311-1028..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk = C:\Program Files (x86)\Trillian Astra\trillian.exe (Cerulean Studios) O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Patrick\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm () O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Patrick\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Free YouTube Download - C:\Users\Patrick\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Patrick\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4E695855-2B15-4CB6-9367-3F229F89FBCC}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7214F34D-7061-44F5-8167-C7914734108D}: DhcpNameServer = 139.7.30.125 139.7.30.126 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A630EB59-0995-44A8-B0BE-02C3808B2787}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.10.31 15:08:19 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Patrick\Desktop\OTL.exe [2012.10.28 17:19:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012.10.20 18:01:59 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012.10.18 22:04:13 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\Macromedia [2012.10.18 21:57:22 | 000,696,760 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.10.18 21:57:16 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed [2012.10.14 20:56:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero [2012.10.14 20:45:23 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess [2012.10.14 20:45:22 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\Plex Media Server [2012.10.09 19:29:37 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2012.10.09 19:29:37 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2012.10.09 19:29:37 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2012.10.09 19:29:37 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2012.10.09 19:29:36 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2012.10.09 19:29:35 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2012.10.09 19:29:35 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2012.10.09 19:29:35 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2012.10.09 19:29:35 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2012.10.09 19:29:34 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2012.10.09 19:29:34 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2012.10.09 19:29:34 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2012.10.09 19:29:34 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2012.10.09 19:29:34 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2012.10.09 19:29:34 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2012.10.09 19:29:34 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2012.10.09 19:29:34 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2012.10.09 19:29:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2012.10.09 19:29:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2012.10.09 19:29:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2012.10.09 19:29:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2012.10.09 19:29:33 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2012.10.09 19:29:33 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2012.10.09 19:29:33 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2012.10.09 19:29:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2012.10.09 19:29:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2012.10.09 19:29:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2012.10.09 19:29:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2012.10.09 19:29:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2012.10.09 19:29:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2012.10.09 19:29:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2012.10.09 19:29:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2012.10.09 19:29:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2012.10.09 19:29:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2012.10.09 19:29:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2012.10.09 19:29:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2012.10.09 19:29:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2012.10.09 19:29:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2012.10.09 19:29:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2012.10.09 19:29:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2012.10.09 19:29:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2012.10.09 19:29:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2012.10.09 19:29:32 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2012.10.09 19:29:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2012.10.09 19:29:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2012.10.09 19:29:30 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2012.10.09 19:29:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2012.10.09 19:29:29 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2012.10.09 19:29:29 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2012.10.09 19:29:29 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2012.10.09 19:29:29 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2012.10.09 19:29:29 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2012.10.09 19:29:29 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2012.10.09 19:29:29 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2012.10.09 19:29:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2012.10.09 19:29:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2012.10.09 19:29:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2012.10.09 19:29:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2012.10.09 19:29:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2012.10.09 19:29:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2012.10.09 19:29:28 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2012.10.09 19:29:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2012.10.09 19:29:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2012.10.09 19:29:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2012.10.09 19:29:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2012.10.09 19:29:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2012.10.09 19:29:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2012.10.09 19:29:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2012.10.09 19:29:27 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2012.10.09 19:27:18 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll [2012.10.09 19:27:14 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2012.10.09 19:27:09 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2012.10.09 19:27:08 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2012.10.09 19:26:38 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll [2012.10.09 19:26:37 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll [2012.10.07 12:34:15 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Roaming\Nero [2012.10.07 12:34:05 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\Nero [2012.10.07 12:19:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero [2012.10.07 12:19:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero [2012.10.07 12:05:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nero MediaHome 4 Essentials [2009.09.04 18:01:10 | 000,525,656 | ---- | C] (Microsoft Corporation) -- C:\Users\Patrick\DXSETUP.exe [2009.09.04 18:01:08 | 001,691,464 | ---- | C] (Microsoft Corporation) -- C:\Users\Patrick\dsetup32.dll [2009.09.04 18:01:08 | 000,094,024 | ---- | C] (Microsoft Corporation) -- C:\Users\Patrick\DSETUP.dll [2009.09.04 17:36:30 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Users\Patrick\dxupdate.dll [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Users\Patrick\Desktop\*.tmp files -> C:\Users\Patrick\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.10.31 15:13:35 | 000,013,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.10.31 15:13:35 | 000,013,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.10.31 15:08:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Patrick\Desktop\OTL.exe [2012.10.31 14:58:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.10.31 14:57:12 | 1609,363,456 | -HS- | M] () -- C:\hiberfil.sys [2012.10.31 14:41:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.10.20 18:12:39 | 000,016,782 | ---- | M] () -- C:\Users\Patrick\Documents\cc_20121020_191228.reg [2012.10.18 22:41:47 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.10.18 22:41:47 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Users\Patrick\Desktop\*.tmp files -> C:\Users\Patrick\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.10.31 14:01:16 | 004,493,668 | ---- | C] () -- C:\Users\Patrick\Desktop\DSC_2294.JPG [2012.10.31 14:01:16 | 003,542,472 | ---- | C] () -- C:\Users\Patrick\Desktop\DSC_2293.JPG [2012.10.31 13:55:01 | 003,956,887 | ---- | C] () -- C:\Users\Patrick\Desktop\DSC_0035.JPG [2012.10.31 13:53:50 | 003,589,765 | ---- | C] () -- C:\Users\Patrick\Desktop\DSC_0247.JPG [2012.10.31 13:45:49 | 003,641,520 | ---- | C] () -- C:\Users\Patrick\Desktop\DSC_2207.JPG [2012.10.31 13:44:51 | 007,722,219 | ---- | C] () -- C:\Users\Patrick\Desktop\DSC_2139.JPG [2012.10.31 13:43:49 | 005,878,082 | ---- | C] () -- C:\Users\Patrick\Desktop\DSC_2527.JPG [2012.10.31 13:43:12 | 004,076,057 | ---- | C] () -- C:\Users\Patrick\Desktop\DSC_2482.JPG [2012.10.20 18:12:34 | 000,016,782 | ---- | C] () -- C:\Users\Patrick\Documents\cc_20121020_191228.reg [2012.10.18 21:57:26 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.07.28 11:09:14 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\UNRAR3.dll [2012.07.28 11:09:14 | 000,075,264 | ---- | C] () -- C:\Windows\SysWow64\unacev2.dll [2011.10.21 06:08:22 | 000,080,896 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe [2011.10.21 05:44:59 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll [2011.04.27 05:42:06 | 000,000,533 | ---- | C] () -- C:\Windows\eReg.dat [2011.03.22 00:47:59 | 000,187,700 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat [2010.12.24 02:51:22 | 000,099,328 | ---- | C] () -- C:\Users\Patrick\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.11.04 12:04:36 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll [2010.11.04 12:04:20 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini [2009.11.23 11:53:01 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.09.04 18:01:08 | 013,264,168 | ---- | C] () -- C:\Users\Patrick\dxnt.cab [2009.09.04 18:01:08 | 000,095,637 | ---- | C] () -- C:\Users\Patrick\dxupdate.cab [2009.09.04 18:01:08 | 000,044,440 | ---- | C] () -- C:\Users\Patrick\dxdllreg_x86.cab [2009.09.04 18:01:04 | 001,155,483 | ---- | C] () -- C:\Users\Patrick\BDANT.cab [2009.09.04 18:01:04 | 000,975,148 | ---- | C] () -- C:\Users\Patrick\BDAXP.cab [2009.09.04 17:36:32 | 000,059,486 | ---- | C] () -- C:\Users\Patrick\dxupdate.cif [2009.09.02 16:42:00 | 000,012,088 | ---- | C] () -- C:\Users\Patrick\dxupdate.inf ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Alternate Data Streams ========== @Alternate Data Stream - 156 bytes -> C:\ProgramData\TEMP:CB0AACC9 < End of report > [/code] |
|
31.10.2012, 15:35
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Skriptfehler beim anschließen der externen Festplatte Mach bitte mal einen CustomScan mit OTL mit angeschlossener externe Platte G. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
ATTFilter msconfig
netsvcs
safebootminimal
safebootnetwork
activex
drivers32
G:\*.
%SYSTEMDRIVE%\*.
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMROOT%\system32\drivers\*.sys /lockedfiles
%SYSTEMROOT%\System32\config\*.sav
%SYSTEMROOT%\*. /mp /s
%SYSTEMROOT%\system32\*.dll /lockedfiles
__________________ Logfiles bitte immer in CODE-Tags posten |
|
31.10.2012, 17:25
| #11 |
| | Skriptfehler beim anschließen der externen Festplatte OTL Logfile: Code:
ATTFilter OTL logfile created on: 31.10.2012 17:14:58 - Run 4 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Patrick\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,15 Gb Available Physical Memory | 57,43% Memory free 4,00 Gb Paging File | 2,65 Gb Available in Paging File | 66,21% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 69,77 Gb Total Space | 10,92 Gb Free Space | 15,65% Space Free | Partition Type: NTFS Drive D: | 66,27 Gb Total Space | 17,92 Gb Free Space | 27,05% Space Free | Partition Type: NTFS Drive G: | 1397,26 Gb Total Space | 419,99 Gb Free Space | 30,06% Space Free | Partition Type: NTFS Computer Name: PATRICK-PC | User Name: Patrick | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Patrick\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Trillian Astra\trillian.exe (Cerulean Studios) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero AG) PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Trillian Astra\libungif.dll () MOD - C:\Program Files (x86)\Trillian Astra\zlib1.dll () MOD - c:\users\patrick\appdata\roaming\trillian\languages\de\buddy.dll () MOD - c:\users\patrick\appdata\roaming\trillian\languages\de\talk.dll () MOD - c:\users\patrick\appdata\roaming\trillian\languages\de\events.dll () MOD - c:\users\patrick\appdata\roaming\trillian\languages\de\toolkit.dll () MOD - c:\users\patrick\appdata\roaming\trillian\languages\de\trillian.dll () ========== Services (SafeList) ========== SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (NeroMediaHomeService.4) -- C:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero AG) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (TuneUp.Defrag) -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software) SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe (TuneUp Software) SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (MSSQL$TEST) -- C:\Programme\Microsoft SQL Server\MSSQL10.TEST\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) SRV - (SQLAgent$TEST) -- C:\Programme\Microsoft SQL Server\MSSQL10.TEST\MSSQL\Binn\SQLAGENT.EXE (Microsoft Corporation) SRV - (MSSQLServerADHelper100) -- C:\Programme\Microsoft SQL Server\100\Shared\sqladhlp.exe (Microsoft Corporation) SRV - (ReportServer$TEST) -- C:\Programme\Microsoft SQL Server\MSRS10.TEST\Reporting Services\ReportServer\bin\ReportingServicesService.exe (Microsoft Corporation) SRV - (MSOLAP$TEST) -- C:\Programme\Microsoft SQL Server\MSAS10.TEST\OLAP\bin\msmdsrv.exe (Microsoft Corporation) SRV - (MsDtsServer100) -- C:\Programme\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe (Microsoft Corporation) SRV - (MSSQLFDLauncher$TEST) -- C:\Programme\Microsoft SQL Server\MSSQL10.TEST\MSSQL\Binn\fdlauncher.exe (Microsoft Corporation) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys () DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys () DRV:64bit: - (sef3x1) -- C:\Windows\SysNative\drivers\sef3x1.sys (Sony Ericsson Mobile Communications) DRV:64bit: - (seehcri) -- C:\Windows\SysNative\drivers\seehcri.sys (Sony Ericsson Mobile Communications) DRV:64bit: - (ggsemc) -- C:\Windows\SysNative\drivers\ggsemc.sys (Sony Ericsson Mobile Communications) DRV:64bit: - (ggflt) -- C:\Windows\SysNative\drivers\ggflt.sys (Sony Ericsson Mobile Communications) DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys.vir (Duplex Secure Ltd.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation) DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.) DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (ZTEusbnet) -- C:\Windows\SysNative\drivers\ZTEusbnet.sys (ZTE Corporation) DRV:64bit: - (ZTEusbvoice) -- C:\Windows\SysNative\drivers\zteusbvoice.sys (ZTE Incorporated) DRV:64bit: - (ZTEusbnmea) -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys (ZTE Incorporated) DRV:64bit: - (ZTEusbser6k) -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys (ZTE Incorporated) DRV:64bit: - (ZTEusbmdm6k) -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys (ZTE Incorporated) DRV:64bit: - (massfilter) -- C:\Windows\SysNative\drivers\massfilter.sys (ZTE Incorporated) DRV:64bit: - (RsFx0102) -- C:\Windows\SysNative\drivers\RsFx0102.sys (Microsoft Corporation) DRV:64bit: - (ManyCam) -- C:\Windows\SysNative\drivers\ManyCam_x64.sys (ManyCam LLC.) DRV:64bit: - (winbondcir) -- C:\Windows\SysNative\drivers\winbondcir.sys (Winbond Electronics Corporation) DRV:64bit: - (rismxdp) -- C:\Windows\SysNative\drivers\rixdpx64.sys (REDC) DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys (TuneUp Software) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1868758852-272549566-3515360311-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.claro-search.com/?affID=114164&tt=3012_7&babsrc=HP_iclro&mntrId=5ef67d920000000000000013e8671f4b IE - HKU\S-1-5-21-1868758852-272549566-3515360311-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = IE - HKU\S-1-5-21-1868758852-272549566-3515360311-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = IE - HKU\S-1-5-21-1868758852-272549566-3515360311-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = IE - HKU\S-1-5-21-1868758852-272549566-3515360311-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1868758852-272549566-3515360311-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://isearch.claro-search.com/?q={searchTerms}&affID=114164&tt=3012_7&babsrc=SP_iclro&mntrId=5ef67d920000000000000013e8671f4b IE - HKU\S-1-5-21-1868758852-272549566-3515360311-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1868758852-272549566-3515360311-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local> IE - HKU\S-1-5-21-1868758852-272549566-3515360311-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=192.168.1.1:80 IE - HKU\S-1-5-21-1868758852-272549566-3515360311-1028\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@csi.business.gov.au/CsiPlugin: C:\Users\Patrick\Desktop\Steuer\bin\npCsiPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Patrick\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.02.24 22:35:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.28 17:19:35 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.28 17:19:30 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.28 17:19:35 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.28 17:19:30 | 000,000,000 | ---D | M] [2012.07.26 19:59:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Patrick\AppData\Roaming\mozilla\Extensions [2012.10.23 17:20:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Patrick\AppData\Roaming\mozilla\Firefox\Profiles\0tp2n5vx.default\extensions [2012.10.28 17:19:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012.10.28 17:19:28 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2012.10.28 17:19:34 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.04.08 12:50:05 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2012.07.14 01:45:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.07.25 17:33:12 | 000,006,531 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2012.09.12 14:23:13 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.07.14 01:45:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.07.14 01:45:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.07.14 01:45:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.07.14 01:45:07 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe (Simply Super Software) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1868758852-272549566-3515360311-1026..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1868758852-272549566-3515360311-1028..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-1868758852-272549566-3515360311-1026..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-1868758852-272549566-3515360311-1028..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk = C:\Program Files (x86)\Trillian Astra\trillian.exe (Cerulean Studios) O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Patrick\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm () O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Patrick\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Free YouTube Download - C:\Users\Patrick\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Patrick\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4E695855-2B15-4CB6-9367-3F229F89FBCC}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7214F34D-7061-44F5-8167-C7914734108D}: DhcpNameServer = 139.7.30.125 139.7.30.126 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A630EB59-0995-44A8-B0BE-02C3808B2787}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.10.31 17:13:28 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Patrick\Desktop\OTL.exe [2012.10.28 17:19:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012.10.20 18:01:59 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012.10.18 22:04:13 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\Macromedia [2012.10.18 21:57:16 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed [2012.10.14 20:56:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero [2012.10.14 20:45:23 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess [2012.10.14 20:45:22 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\Plex Media Server [2012.10.07 12:34:15 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Roaming\Nero [2012.10.07 12:34:05 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\Nero [2012.10.07 12:19:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero [2012.10.07 12:19:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero [2012.10.07 12:05:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nero MediaHome 4 Essentials [2009.09.04 18:01:10 | 000,525,656 | ---- | C] (Microsoft Corporation) -- C:\Users\Patrick\DXSETUP.exe [2009.09.04 18:01:08 | 001,691,464 | ---- | C] (Microsoft Corporation) -- C:\Users\Patrick\dsetup32.dll [2009.09.04 18:01:08 | 000,094,024 | ---- | C] (Microsoft Corporation) -- C:\Users\Patrick\DSETUP.dll [2009.09.04 17:36:30 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Users\Patrick\dxupdate.dll [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Users\Patrick\Desktop\*.tmp files -> C:\Users\Patrick\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.10.31 17:13:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Patrick\Desktop\OTL.exe [2012.10.31 16:41:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.10.31 15:13:35 | 000,013,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.10.31 15:13:35 | 000,013,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.10.31 14:58:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.10.31 14:57:12 | 1609,363,456 | -HS- | M] () -- C:\hiberfil.sys [2012.10.20 18:12:39 | 000,016,782 | ---- | M] () -- C:\Users\Patrick\Documents\cc_20121020_191228.reg [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Users\Patrick\Desktop\*.tmp files -> C:\Users\Patrick\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.10.31 14:01:16 | 004,493,668 | ---- | C] () -- C:\Users\Patrick\Desktop\DSC_2294.JPG [2012.10.31 14:01:16 | 003,542,472 | ---- | C] () -- C:\Users\Patrick\Desktop\DSC_2293.JPG [2012.10.31 13:55:01 | 003,956,887 | ---- | C] () -- C:\Users\Patrick\Desktop\DSC_0035.JPG [2012.10.31 13:53:50 | 003,589,765 | ---- | C] () -- C:\Users\Patrick\Desktop\DSC_0247.JPG [2012.10.31 13:45:49 | 003,641,520 | ---- | C] () -- C:\Users\Patrick\Desktop\DSC_2207.JPG [2012.10.31 13:44:51 | 007,722,219 | ---- | C] () -- C:\Users\Patrick\Desktop\DSC_2139.JPG [2012.10.31 13:43:49 | 005,878,082 | ---- | C] () -- C:\Users\Patrick\Desktop\DSC_2527.JPG [2012.10.31 13:43:12 | 004,076,057 | ---- | C] () -- C:\Users\Patrick\Desktop\DSC_2482.JPG [2012.10.20 18:12:34 | 000,016,782 | ---- | C] () -- C:\Users\Patrick\Documents\cc_20121020_191228.reg [2012.10.18 21:57:26 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.07.28 11:09:14 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\UNRAR3.dll [2012.07.28 11:09:14 | 000,075,264 | ---- | C] () -- C:\Windows\SysWow64\unacev2.dll [2011.10.21 06:08:22 | 000,080,896 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe [2011.10.21 05:44:59 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll [2011.04.27 05:42:06 | 000,000,533 | ---- | C] () -- C:\Windows\eReg.dat [2011.03.22 00:47:59 | 000,187,700 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat [2010.12.24 02:51:22 | 000,099,328 | ---- | C] () -- C:\Users\Patrick\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.11.04 12:04:36 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll [2010.11.04 12:04:20 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini [2009.11.23 11:53:01 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.09.04 18:01:08 | 013,264,168 | ---- | C] () -- C:\Users\Patrick\dxnt.cab [2009.09.04 18:01:08 | 000,095,637 | ---- | C] () -- C:\Users\Patrick\dxupdate.cab [2009.09.04 18:01:08 | 000,044,440 | ---- | C] () -- C:\Users\Patrick\dxdllreg_x86.cab [2009.09.04 18:01:04 | 001,155,483 | ---- | C] () -- C:\Users\Patrick\BDANT.cab [2009.09.04 18:01:04 | 000,975,148 | ---- | C] () -- C:\Users\Patrick\BDAXP.cab [2009.09.04 17:36:32 | 000,059,486 | ---- | C] () -- C:\Users\Patrick\dxupdate.cif [2009.09.02 16:42:00 | 000,012,088 | ---- | C] () -- C:\Users\Patrick\dxupdate.inf ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.08.02 21:08:17 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\.mono [2010.08.03 18:05:15 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Atari [2012.07.25 17:33:09 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Babylon [2010.11.02 15:37:19 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Canneverbe Limited [2012.04.08 12:53:48 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\DAEMON Tools Lite [2012.09.13 14:49:38 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\DVDVideoSoft [2011.04.08 10:03:51 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\DVDVideoSoftIEHelpers [2012.07.26 00:43:19 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Esagb [2012.07.25 17:33:08 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\ExpressFiles [2010.03.06 16:19:41 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\fdrtools.com [2012.04.08 12:53:46 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\FileZilla [2010.10.07 09:50:02 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Leadertech [2011.07.18 10:15:39 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\MAGIX [2010.12.24 00:48:31 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\ManyCam [2010.11.04 00:27:02 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\mresreg [2011.09.26 12:05:32 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\pdfforge [2012.07.28 11:09:12 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Simply Super Software [2010.10.04 13:11:19 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\TERMINAL Studio [2012.01.24 13:55:01 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\tradesignal [2010.03.06 19:04:05 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Trillian [2009.10.31 11:43:23 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\TuneUp Software [2012.06.09 13:24:47 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Ubisoft [2012.08.02 20:00:55 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Unity [2012.07.25 17:00:39 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Visur [2010.03.01 19:46:36 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Vodafone [2012.07.26 21:17:01 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Woit ========== Purity Check ========== ========== Custom Scans ========== < OTL logfile created on: 31.10.2012 15:14:19 - Run 3 > [2009.07.14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2009.07.14 06:08:49 | 000,032,632 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012.10.18 21:57:26 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job < OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Patrick\Desktop > < 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation > < Internet Explorer (Version = 8.0.7601.17514) > < Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy > < > < 2,00 Gb Total Physical Memory | 0,88 Gb Available Physical Memory | 44,27% Memory free > < 4,00 Gb Paging File | 2,45 Gb Available in Paging File | 61,38% Paging File free > < Paging file location(s): ?:\pagefile.sys [binary data] > < > < %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) > < Drive C: | 69,77 Gb Total Space | 10,92 Gb Free Space | 15,65% Space Free | Partition Type: NTFS > < Drive D: | 66,27 Gb Total Space | 17,92 Gb Free Space | 27,05% Space Free | Partition Type: NTFS > < Drive G: | 1397,26 Gb Total Space | 419,99 Gb Free Space | 30,06% Space Free | Partition Type: NTFS > < > < Computer Name: PATRICK-PC | User Name: Patrick | Logged in as Administrator. > < Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans > < Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days > < > < ========== Processes (SafeList) ========== > Invalid Switch: color] < > < PRC - C:\Users\Patrick\Desktop\OTL.exe (OldTimer Tools) > < PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) > < PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe (Adobe Systems, Inc.) > < PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) > < PRC - C:\Program Files (x86)\Trillian Astra\trillian.exe (Cerulean Studios) > < PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) > < PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) > < PRC - C:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero AG) > < PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) > < PRC - C:\Windows\SysWOW64\PnkBstrA.exe () > < > < > < ========== Modules (No Company Name) ========== > Invalid Switch: color] < > < MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () > < MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll () > < MOD - C:\Program Files (x86)\Trillian Astra\libspeex.dll () > < MOD - C:\Program Files (x86)\Trillian Astra\libungif.dll () > < MOD - C:\Program Files (x86)\Trillian Astra\zlib1.dll () > < MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL () > < MOD - C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll () > < MOD - C:\Program Files (x86)\Microsoft Office\Office12\OUTLCTL.DLL () > < MOD - c:\users\patrick\appdata\roaming\trillian\languages\de\buddy.dll () > < MOD - c:\users\patrick\appdata\roaming\trillian\languages\de\talk.dll () > < MOD - c:\users\patrick\appdata\roaming\trillian\languages\de\events.dll () > < MOD - c:\users\patrick\appdata\roaming\trillian\languages\de\toolkit.dll () > < MOD - c:\users\patrick\appdata\roaming\trillian\languages\de\trillian.dll () > < MOD - C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\ColleagueImport.dll () > < > < > < ========== Services (SafeList) ========== > Invalid Switch: color] < > < SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software) > Invalid Switch: b] - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software) < SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) > Invalid Switch: b] - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) < SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) > < SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) > < SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) > < SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) > < SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) > < SRV - (NeroMediaHomeService.4) -- C:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero AG) > < SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) > < SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) > < SRV - (TuneUp.Defrag) -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software) > < SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe (TuneUp Software) > < SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software) > < SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () > < SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) > < SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) > < SRV - (MSSQL$TEST) -- C:\Programme\Microsoft SQL Server\MSSQL10.TEST\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) > < SRV - (SQLAgent$TEST) -- C:\Programme\Microsoft SQL Server\MSSQL10.TEST\MSSQL\Binn\SQLAGENT.EXE (Microsoft Corporation) > < SRV - (MSSQLServerADHelper100) -- C:\Programme\Microsoft SQL Server\100\Shared\sqladhlp.exe (Microsoft Corporation) > < SRV - (ReportServer$TEST) -- C:\Programme\Microsoft SQL Server\MSRS10.TEST\Reporting Services\ReportServer\bin\ReportingServicesService.exe (Microsoft Corporation) > < SRV - (MSOLAP$TEST) -- C:\Programme\Microsoft SQL Server\MSAS10.TEST\OLAP\bin\msmdsrv.exe (Microsoft Corporation) > < SRV - (MsDtsServer100) -- C:\Programme\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe (Microsoft Corporation) > < SRV - (MSSQLFDLauncher$TEST) -- C:\Programme\Microsoft SQL Server\MSSQL10.TEST\MSSQL\Binn\fdlauncher.exe (Microsoft Corporation) > < SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) > < SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) > < > < > < ========== Driver Services (SafeList) ========== > Invalid Switch: color] < > < DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) > Invalid Switch: b] - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) < DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) > Invalid Switch: b] - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) < DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) > Invalid Switch: b] - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) < DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) > Invalid Switch: b] - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) < DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) > Invalid Switch: b] - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) < DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) > Invalid Switch: b] - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) < DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) > Invalid Switch: b] - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) < DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) > Invalid Switch: b] - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) < DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) > Invalid Switch: b] - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) < DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) > Invalid Switch: b] - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) < DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) > Invalid Switch: b] - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) < DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys () > Invalid Switch: b] - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys () < DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys () > Invalid Switch: b] - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys () < DRV:64bit: - (sef3x1) -- C:\Windows\SysNative\drivers\sef3x1.sys (Sony Ericsson Mobile Communications) > Invalid Switch: b] - (sef3x1) -- C:\Windows\SysNative\drivers\sef3x1.sys (Sony Ericsson Mobile Communications) < DRV:64bit: - (seehcri) -- C:\Windows\SysNative\drivers\seehcri.sys (Sony Ericsson Mobile Communications) > Invalid Switch: b] - (seehcri) -- C:\Windows\SysNative\drivers\seehcri.sys (Sony Ericsson Mobile Communications) < DRV:64bit: - (ggsemc) -- C:\Windows\SysNative\drivers\ggsemc.sys (Sony Ericsson Mobile Communications) > Invalid Switch: b] - (ggsemc) -- C:\Windows\SysNative\drivers\ggsemc.sys (Sony Ericsson Mobile Communications) < DRV:64bit: - (ggflt) -- C:\Windows\SysNative\drivers\ggflt.sys (Sony Ericsson Mobile Communications) > Invalid Switch: b] - (ggflt) -- C:\Windows\SysNative\drivers\ggflt.sys (Sony Ericsson Mobile Communications) < DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys.vir (Duplex Secure Ltd.) > Invalid Switch: b] - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys.vir (Duplex Secure Ltd.) < DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) > Invalid Switch: b] - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) < DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) > Invalid Switch: b] - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) < DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) > Invalid Switch: b] - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) < DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation) > Invalid Switch: b] - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation) < DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.) > Invalid Switch: b] - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.) < DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.) > Invalid Switch: b] - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.) < DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.) > Invalid Switch: b] - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.) < DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation) > Invalid Switch: b] - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation) < DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) > Invalid Switch: b] - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) < DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) > Invalid Switch: b] - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) < DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) > Invalid Switch: b] - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) < DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) > Invalid Switch: b] - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) < DRV:64bit: - (ZTEusbnet) -- C:\Windows\SysNative\drivers\ZTEusbnet.sys (ZTE Corporation) > Invalid Switch: b] - (ZTEusbnet) -- C:\Windows\SysNative\drivers\ZTEusbnet.sys (ZTE Corporation) < DRV:64bit: - (ZTEusbvoice) -- C:\Windows\SysNative\drivers\zteusbvoice.sys (ZTE Incorporated) > Invalid Switch: b] - (ZTEusbvoice) -- C:\Windows\SysNative\drivers\zteusbvoice.sys (ZTE Incorporated) < DRV:64bit: - (ZTEusbnmea) -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys (ZTE Incorporated) > Invalid Switch: b] - (ZTEusbnmea) -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys (ZTE Incorporated) < DRV:64bit: - (ZTEusbser6k) -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys (ZTE Incorporated) > Invalid Switch: b] - (ZTEusbser6k) -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys (ZTE Incorporated) < DRV:64bit: - (ZTEusbmdm6k) -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys (ZTE Incorporated) > Invalid Switch: b] - (ZTEusbmdm6k) -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys (ZTE Incorporated) < DRV:64bit: - (massfilter) -- C:\Windows\SysNative\drivers\massfilter.sys (ZTE Incorporated) > Invalid Switch: b] - (massfilter) -- C:\Windows\SysNative\drivers\massfilter.sys (ZTE Incorporated) < DRV:64bit: - (RsFx0102) -- C:\Windows\SysNative\drivers\RsFx0102.sys (Microsoft Corporation) > Invalid Switch: b] - (RsFx0102) -- C:\Windows\SysNative\drivers\RsFx0102.sys (Microsoft Corporation) < DRV:64bit: - (ManyCam) -- C:\Windows\SysNative\drivers\ManyCam_x64.sys (ManyCam LLC.) > Invalid Switch: b] - (ManyCam) -- C:\Windows\SysNative\drivers\ManyCam_x64.sys (ManyCam LLC.) < DRV:64bit: - (winbondcir) -- C:\Windows\SysNative\drivers\winbondcir.sys (Winbond Electronics Corporation) > Invalid Switch: b] - (winbondcir) -- C:\Windows\SysNative\drivers\winbondcir.sys (Winbond Electronics Corporation) < DRV:64bit: - (rismxdp) -- C:\Windows\SysNative\drivers\rixdpx64.sys (REDC) > Invalid Switch: b] - (rismxdp) -- C:\Windows\SysNative\drivers\rixdpx64.sys (REDC) < DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys (TuneUp Software) > < DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) > < > < > < ========== Standard Registry (SafeList) ========== > Invalid Switch: color] < > < > < ========== Internet Explorer ========== > Invalid Switch: color] < > < IE:64bit: - HKLM\..\SearchScopes,DefaultScope = > Invalid Switch: b] - HKLM\..\SearchScopes,DefaultScope = < IE - HKLM\..\SearchScopes,DefaultScope = > < > < > < IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 > < > < IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 > < > < > < > < IE - HKU\S-1-5-21-1868758852-272549566-3515360311-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.claro-search.com/?affID=114164&tt=3012_7&babsrc=HP_iclro&mntrId=5ef67d920000000000000013e8671f4b > Invalid Switch: ?affID=114164&tt=3012_7&babsrc=HP_iclro&mntrId=5ef67d920000000000000013e8671f4b < IE - HKU\S-1-5-21-1868758852-272549566-3515360311-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = > < IE - HKU\S-1-5-21-1868758852-272549566-3515360311-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = > < IE - HKU\S-1-5-21-1868758852-272549566-3515360311-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = > < IE - HKU\S-1-5-21-1868758852-272549566-3515360311-1000\..\SearchScopes,DefaultScope = > < IE - HKU\S-1-5-21-1868758852-272549566-3515360311-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://isearch.claro-search.com/?q={searchTerms}&affID=114164&tt=3012_7&babsrc=SP_iclro&mntrId=5ef67d920000000000000013e8671f4b > < IE - HKU\S-1-5-21-1868758852-272549566-3515360311-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 > < IE - HKU\S-1-5-21-1868758852-272549566-3515360311-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local> > < IE - HKU\S-1-5-21-1868758852-272549566-3515360311-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=192.168.1.1:80 > < > < > < IE - HKU\S-1-5-21-1868758852-272549566-3515360311-1028\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 > < > < ========== FireFox ========== > Invalid Switch: color] < > < > < > < FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found > Invalid Switch: FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found < FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) > Invalid Switch: DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) < FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found > Invalid Switch: GENUINE: disabled File not found < FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll () > Invalid Switch: FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll () < FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found > Invalid Switch: iTunes,version=: File not found < FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () > Invalid Switch: iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () < FF - HKLM\Software\MozillaPlugins\@csi.business.gov.au/CsiPlugin: C:\Users\Patrick\Desktop\Steuer\bin\npCsiPlugin.dll File not found > Invalid Switch: CsiPlugin: C:\Users\Patrick\Desktop\Steuer\bin\npCsiPlugin.dll File not found < FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) > Invalid Switch: DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) < FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll File not found > Invalid Switch: DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll File not found < FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) > Invalid Switch: DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) < FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) > Invalid Switch: npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) < FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) > Invalid Switch: JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) < FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found > Invalid Switch: GENUINE: disabled File not found < FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) > Invalid Switch: OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) < FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) > < FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Patrick\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) > Invalid Switch: UnityPlayer,version=1.0: C:\Users\Patrick\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) < > < FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.02.24 22:35:22 | 000,000,000 | ---D | M] > < FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.28 17:19:35 | 000,000,000 | ---D | M] > < FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.28 17:19:30 | 000,000,000 | ---D | M] > < FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.28 17:19:35 | 000,000,000 | ---D | M] > < FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.28 17:19:30 | 000,000,000 | ---D | M] > < > < [2012.07.26 19:59:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Patrick\AppData\Roaming\mozilla\Extensions > < [2012.10.23 17:20:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Patrick\AppData\Roaming\mozilla\Firefox\Profiles\0tp2n5vx.default\extensions > < [2012.10.28 17:19:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions > < [2012.10.28 17:19:28 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} > < [2012.10.28 17:19:34 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll > < [2012.04.08 12:50:05 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll > < [2012.07.14 01:45:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml > < [2012.07.25 17:33:12 | 000,006,531 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml > < [2012.09.12 14:23:13 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml > < [2012.07.14 01:45:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml > < [2012.07.14 01:45:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml > < [2012.07.14 01:45:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml > < [2012.07.14 01:45:07 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml > < > < O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts > < O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) > < O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) > < O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) > < O4 - HKLM..\Run: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe (Simply Super Software) > < O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) > < O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) > < O4 - HKU\S-1-5-21-1868758852-272549566-3515360311-1026..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) > < O4 - HKU\S-1-5-21-1868758852-272549566-3515360311-1028..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) > < O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found > < O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found > < O4 - HKU\S-1-5-21-1868758852-272549566-3515360311-1026..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found > < O4 - HKU\S-1-5-21-1868758852-272549566-3515360311-1028..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found > < O4 - Startup: C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk = C:\Program Files (x86)\Trillian Astra\trillian.exe (Cerulean Studios) > < O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found > Invalid Switch: 200 File not found < O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Patrick\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm () > Invalid Switch: b] - Extra context menu item: Free YouTube Download - C:\Users\Patrick\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm () < O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Patrick\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () > Invalid Switch: b] - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Patrick\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () < O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) > < O8 - Extra context menu item: Free YouTube Download - C:\Users\Patrick\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm () > < O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Patrick\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () > < O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) > < O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) > < O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) > Invalid Switch: b] - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) < O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) > < O1364bit: - gopher Prefix: missing > Invalid Switch: b] - gopher Prefix: missing < O13 - gopher Prefix: missing > < O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) > Invalid Switch: jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) < O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) > Invalid Switch: jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) < O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) > Invalid Switch: jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) < O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 > < O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4E695855-2B15-4CB6-9367-3F229F89FBCC}: DhcpNameServer = 192.168.2.1 > < O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7214F34D-7061-44F5-8167-C7914734108D}: DhcpNameServer = 139.7.30.125 139.7.30.126 > < O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A630EB59-0995-44A8-B0BE-02C3808B2787}: DhcpNameServer = 192.168.2.1 > < O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found > Invalid Switch: b] - Protocol\Handler\grooveLocalGWS - No CLSID value found < O18:64bit: - Protocol\Handler\ms-help - No CLSID value found > Invalid Switch: b] - Protocol\Handler\ms-help - No CLSID value found < O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found > Invalid Switch: b] - Protocol\Handler\mso-offdap11 - No CLSID value found < O18:64bit: - Protocol\Handler\skype4com - No CLSID value found > Invalid Switch: b] - Protocol\Handler\skype4com - No CLSID value found < O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) > < O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) > Invalid Switch: xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) < O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) > Invalid Switch: b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) < O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) > Invalid Switch: b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) < O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) > < O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) > < O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. > Invalid Switch: b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. < O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. > < O32 - HKLM CDRom: AutoRun - 1 > < O34 - HKLM BootExecute: (autocheck autochk *) > < O35:64bit: - HKLM\..comfile [open] -- "%1" %* > < O35:64bit: - HKLM\..exefile [open] -- "%1" %* > < O35 - HKLM\..comfile [open] -- "%1" %* > < O35 - HKLM\..exefile [open] -- "%1" %* > < O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* > < O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* > < O37 - HKLM\...com [@ = comfile] -- "%1" %* > < O37 - HKLM\...exe [@ = exefile] -- "%1" %* > < O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) > < O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) > < O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) > < > < ========== Files/Folders - Created Within 30 Days ========== > Invalid Switch: color] < > < [2012.10.31 15:08:19 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Patrick\Desktop\OTL.exe > < [2012.10.28 17:19:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox > < [2012.10.20 18:01:59 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner > < [2012.10.18 22:04:13 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\Macromedia > < [2012.10.18 21:57:22 | 000,696,760 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe > < [2012.10.18 21:57:16 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed > < [2012.10.14 20:56:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero > < [2012.10.14 20:45:23 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess > < [2012.10.14 20:45:22 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\Plex Media Server > < [2012.10.09 19:29:37 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll > < [2012.10.09 19:29:37 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll > < [2012.10.09 19:29:37 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe > < [2012.10.09 19:29:37 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll > < [2012.10.09 19:29:36 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll > < [2012.10.09 19:29:35 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll > < [2012.10.09 19:29:35 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe > < [2012.10.09 19:29:35 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll > < [2012.10.09 19:29:35 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll > < [2012.10.09 19:29:34 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll > < [2012.10.09 19:29:34 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe > < [2012.10.09 19:29:34 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll > < [2012.10.09 19:29:34 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll > < [2012.10.09 19:29:34 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll > < [2012.10.09 19:29:34 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll > < [2012.10.09 19:29:34 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll > < [2012.10.09 19:29:34 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll > < [2012.10.09 19:29:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll > < [2012.10.09 19:29:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll > < [2012.10.09 19:29:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll > < [2012.10.09 19:29:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll > < [2012.10.09 19:29:33 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll > < [2012.10.09 19:29:33 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll > < [2012.10.09 19:29:33 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll > < [2012.10.09 19:29:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll > < [2012.10.09 19:29:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll > < [2012.10.09 19:29:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll > < [2012.10.09 19:29:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll > < [2012.10.09 19:29:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll > < [2012.10.09 19:29:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll > < [2012.10.09 19:29:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll > < [2012.10.09 19:29:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll > < [2012.10.09 19:29:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll > < [2012.10.09 19:29:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll > < [2012.10.09 19:29:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll > < [2012.10.09 19:29:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll > < [2012.10.09 19:29:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll > < [2012.10.09 19:29:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll > < [2012.10.09 19:29:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll > < [2012.10.09 19:29:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll > < [2012.10.09 19:29:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll > < [2012.10.09 19:29:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll > < [2012.10.09 19:29:32 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll > < [2012.10.09 19:29:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll > < [2012.10.09 19:29:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll > < [2012.10.09 19:29:30 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll > < [2012.10.09 19:29:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll > < [2012.10.09 19:29:29 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll > < [2012.10.09 19:29:29 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll > < [2012.10.09 19:29:29 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll > < [2012.10.09 19:29:29 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll > < [2012.10.09 19:29:29 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll > < [2012.10.09 19:29:29 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll > < [2012.10.09 19:29:29 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll > < [2012.10.09 19:29:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll > < [2012.10.09 19:29:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll > < [2012.10.09 19:29:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll > < [2012.10.09 19:29:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll > < [2012.10.09 19:29:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll > < [2012.10.09 19:29:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll > < [2012.10.09 19:29:28 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll > < [2012.10.09 19:29:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll > < [2012.10.09 19:29:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll > < [2012.10.09 19:29:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll > < [2012.10.09 19:29:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll > < [2012.10.09 19:29:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll > < [2012.10.09 19:29:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll > < [2012.10.09 19:29:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll > < [2012.10.09 19:29:27 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe > < [2012.10.09 19:27:18 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll > < [2012.10.09 19:27:14 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe > < [2012.10.09 19:27:09 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe > < [2012.10.09 19:27:08 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe > < [2012.10.09 19:26:38 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll > < [2012.10.09 19:26:37 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll > < [2012.10.07 12:34:15 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Roaming\Nero > < [2012.10.07 12:34:05 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\Nero > < [2012.10.07 12:19:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero > < [2012.10.07 12:19:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero > < [2012.10.07 12:05:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nero MediaHome 4 Essentials > < [2009.09.04 18:01:10 | 000,525,656 | ---- | C] (Microsoft Corporation) -- C:\Users\Patrick\DXSETUP.exe > < [2009.09.04 18:01:08 | 001,691,464 | ---- | C] (Microsoft Corporation) -- C:\Users\Patrick\dsetup32.dll > < [2009.09.04 18:01:08 | 000,094,024 | ---- | C] (Microsoft Corporation) -- C:\Users\Patrick\DSETUP.dll > < [2009.09.04 17:36:30 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Users\Patrick\dxupdate.dll > < [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] > < [1 C:\Users\Patrick\Desktop\*.tmp files -> C:\Users\Patrick\Desktop\*.tmp -> ] > < > < ========== Files - Modified Within 30 Days ========== > Invalid Switch: color] < > < [2012.10.31 15:13:35 | 000,013,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 > < [2012.10.31 15:13:35 | 000,013,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 > < [2012.10.31 15:08:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Patrick\Desktop\OTL.exe > < [2012.10.31 14:58:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat > < [2012.10.31 14:57:12 | 1609,363,456 | -HS- | M] () -- C:\hiberfil.sys > < [2012.10.31 14:41:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job > < [2012.10.20 18:12:39 | 000,016,782 | ---- | M] () -- C:\Users\Patrick\Documents\cc_20121020_191228.reg > < [2012.10.18 22:41:47 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe > < [2012.10.18 22:41:47 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl > < [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] > < [1 C:\Users\Patrick\Desktop\*.tmp files -> C:\Users\Patrick\Desktop\*.tmp -> ] > < > < ========== Files Created - No Company Name ========== > Invalid Switch: color] < > < [2012.10.31 14:01:16 | 004,493,668 | ---- | C] () -- C:\Users\Patrick\Desktop\DSC_2294.JPG > < [2012.10.31 14:01:16 | 003,542,472 | ---- | C] () -- C:\Users\Patrick\Desktop\DSC_2293.JPG > < [2012.10.31 13:55:01 | 003,956,887 | ---- | C] () -- C:\Users\Patrick\Desktop\DSC_0035.JPG > < [2012.10.31 13:53:50 | 003,589,765 | ---- | C] () -- C:\Users\Patrick\Desktop\DSC_0247.JPG > < [2012.10.31 13:45:49 | 003,641,520 | ---- | C] () -- C:\Users\Patrick\Desktop\DSC_2207.JPG > < [2012.10.31 13:44:51 | 007,722,219 | ---- | C] () -- C:\Users\Patrick\Desktop\DSC_2139.JPG > < [2012.10.31 13:43:49 | 005,878,082 | ---- | C] () -- C:\Users\Patrick\Desktop\DSC_2527.JPG > < [2012.10.31 13:43:12 | 004,076,057 | ---- | C] () -- C:\Users\Patrick\Desktop\DSC_2482.JPG > < [2012.10.20 18:12:34 | 000,016,782 | ---- | C] () -- C:\Users\Patrick\Documents\cc_20121020_191228.reg > < [2012.10.18 21:57:26 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job > < [2012.07.28 11:09:14 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\UNRAR3.dll > < [2012.07.28 11:09:14 | 000,075,264 | ---- | C] () -- C:\Windows\SysWow64\unacev2.dll > < [2011.10.21 06:08:22 | 000,080,896 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe > < [2011.10.21 05:44:59 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll > < [2011.04.27 05:42:06 | 000,000,533 | ---- | C] () -- C:\Windows\eReg.dat > < [2011.03.22 00:47:59 | 000,187,700 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat > < [2010.12.24 02:51:22 | 000,099,328 | ---- | C] () -- C:\Users\Patrick\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini > < [2010.11.04 12:04:36 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll > < [2010.11.04 12:04:20 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini > < [2009.11.23 11:53:01 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat > < [2009.09.04 18:01:08 | 013,264,168 | ---- | C] () -- C:\Users\Patrick\dxnt.cab > < [2009.09.04 18:01:08 | 000,095,637 | ---- | C] () -- C:\Users\Patrick\dxupdate.cab > < [2009.09.04 18:01:08 | 000,044,440 | ---- | C] () -- C:\Users\Patrick\dxdllreg_x86.cab > < [2009.09.04 18:01:04 | 001,155,483 | ---- | C] () -- C:\Users\Patrick\BDANT.cab > < [2009.09.04 18:01:04 | 000,975,148 | ---- | C] () -- C:\Users\Patrick\BDAXP.cab > < [2009.09.04 17:36:32 | 000,059,486 | ---- | C] () -- C:\Users\Patrick\dxupdate.cif > < [2009.09.02 16:42:00 | 000,012,088 | ---- | C] () -- C:\Users\Patrick\dxupdate.inf > < > < ========== ZeroAccess Check ========== > Invalid Switch: color] < > < [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini > < > < [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 > < > < [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] > < > < [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 > < > < [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] > < > < [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 > < "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) > < "ThreadingModel" = Apartment > < > < [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] > < "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) > < "ThreadingModel" = Apartment > < > < [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 > < "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) > < "ThreadingModel" = Free > < > < [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] > < "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) > < "ThreadingModel" = Free > < > < [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 > < "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) > < "ThreadingModel" = Both > < > < [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] > < > < ========== Alternate Data Streams ========== > Invalid Switch: color] < > < @Alternate Data Stream - 156 bytes -> C:\ProgramData\TEMP:CB0AACC9 > < > < < End of report > --- --- --- > ========== Alternate Data Streams ========== @Alternate Data Stream - 156 bytes -> C:\ProgramData\TEMP:CB0AACC9 < End of report > [/code] |
|
31.10.2012, 19:35
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Skriptfehler beim anschließen der externen Festplatte Log wurde völlig falsch erstellt Bitte wirklich nur das ins OTL-Fenster kopieren was ich auch angesagt habe, etwas sorgfältiger die Anleitungen lesen und umsetzen bitte
__________________ Logfiles bitte immer in CODE-Tags posten |
|
01.11.2012, 12:23
| #13 |
| | Skriptfehler beim anschließen der externen Festplatte OTL Logfile: Code:
ATTFilter OTL logfile created on: 01.11.2012 11:45:43 - Run 5 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Patrick\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,10 Gb Available Physical Memory | 55,13% Memory free 4,00 Gb Paging File | 2,64 Gb Available in Paging File | 66,04% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 69,77 Gb Total Space | 10,71 Gb Free Space | 15,36% Space Free | Partition Type: NTFS Drive D: | 66,27 Gb Total Space | 17,92 Gb Free Space | 27,05% Space Free | Partition Type: NTFS Drive G: | 1397,26 Gb Total Space | 419,99 Gb Free Space | 30,06% Space Free | Partition Type: NTFS Computer Name: PATRICK-PC | User Name: Patrick | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Patrick\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Trillian Astra\trillian.exe (Cerulean Studios) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero AG) PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Trillian Astra\libungif.dll () MOD - C:\Program Files (x86)\Trillian Astra\zlib1.dll () MOD - c:\users\patrick\appdata\roaming\trillian\languages\de\buddy.dll () MOD - c:\users\patrick\appdata\roaming\trillian\languages\de\talk.dll () MOD - c:\users\patrick\appdata\roaming\trillian\languages\de\events.dll () MOD - c:\users\patrick\appdata\roaming\trillian\languages\de\toolkit.dll () MOD - c:\users\patrick\appdata\roaming\trillian\languages\de\trillian.dll () ========== Services (SafeList) ========== SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (NeroMediaHomeService.4) -- C:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero AG) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (TuneUp.Defrag) -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software) SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe (TuneUp Software) SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (MSSQL$TEST) -- C:\Programme\Microsoft SQL Server\MSSQL10.TEST\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) SRV - (SQLAgent$TEST) -- C:\Programme\Microsoft SQL Server\MSSQL10.TEST\MSSQL\Binn\SQLAGENT.EXE (Microsoft Corporation) SRV - (MSSQLServerADHelper100) -- C:\Programme\Microsoft SQL Server\100\Shared\sqladhlp.exe (Microsoft Corporation) SRV - (ReportServer$TEST) -- C:\Programme\Microsoft SQL Server\MSRS10.TEST\Reporting Services\ReportServer\bin\ReportingServicesService.exe (Microsoft Corporation) SRV - (MSOLAP$TEST) -- C:\Programme\Microsoft SQL Server\MSAS10.TEST\OLAP\bin\msmdsrv.exe (Microsoft Corporation) SRV - (MsDtsServer100) -- C:\Programme\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe (Microsoft Corporation) SRV - (MSSQLFDLauncher$TEST) -- C:\Programme\Microsoft SQL Server\MSSQL10.TEST\MSSQL\Binn\fdlauncher.exe (Microsoft Corporation) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys () DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys () DRV:64bit: - (sef3x1) -- C:\Windows\SysNative\drivers\sef3x1.sys (Sony Ericsson Mobile Communications) DRV:64bit: - (seehcri) -- C:\Windows\SysNative\drivers\seehcri.sys (Sony Ericsson Mobile Communications) DRV:64bit: - (ggsemc) -- C:\Windows\SysNative\drivers\ggsemc.sys (Sony Ericsson Mobile Communications) DRV:64bit: - (ggflt) -- C:\Windows\SysNative\drivers\ggflt.sys (Sony Ericsson Mobile Communications) DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys.vir (Duplex Secure Ltd.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation) DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.) DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (ZTEusbnet) -- C:\Windows\SysNative\drivers\ZTEusbnet.sys (ZTE Corporation) DRV:64bit: - (ZTEusbvoice) -- C:\Windows\SysNative\drivers\zteusbvoice.sys (ZTE Incorporated) DRV:64bit: - (ZTEusbnmea) -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys (ZTE Incorporated) DRV:64bit: - (ZTEusbser6k) -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys (ZTE Incorporated) DRV:64bit: - (ZTEusbmdm6k) -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys (ZTE Incorporated) DRV:64bit: - (massfilter) -- C:\Windows\SysNative\drivers\massfilter.sys (ZTE Incorporated) DRV:64bit: - (RsFx0102) -- C:\Windows\SysNative\drivers\RsFx0102.sys (Microsoft Corporation) DRV:64bit: - (ManyCam) -- C:\Windows\SysNative\drivers\ManyCam_x64.sys (ManyCam LLC.) DRV:64bit: - (winbondcir) -- C:\Windows\SysNative\drivers\winbondcir.sys (Winbond Electronics Corporation) DRV:64bit: - (rismxdp) -- C:\Windows\SysNative\drivers\rixdpx64.sys (REDC) DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys (TuneUp Software) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1868758852-272549566-3515360311-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.claro-search.com/?affID=114164&tt=3012_7&babsrc=HP_iclro&mntrId=5ef67d920000000000000013e8671f4b IE - HKU\S-1-5-21-1868758852-272549566-3515360311-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = IE - HKU\S-1-5-21-1868758852-272549566-3515360311-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = IE - HKU\S-1-5-21-1868758852-272549566-3515360311-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = IE - HKU\S-1-5-21-1868758852-272549566-3515360311-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1868758852-272549566-3515360311-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://isearch.claro-search.com/?q={searchTerms}&affID=114164&tt=3012_7&babsrc=SP_iclro&mntrId=5ef67d920000000000000013e8671f4b IE - HKU\S-1-5-21-1868758852-272549566-3515360311-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1868758852-272549566-3515360311-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local> IE - HKU\S-1-5-21-1868758852-272549566-3515360311-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=192.168.1.1:80 IE - HKU\S-1-5-21-1868758852-272549566-3515360311-1028\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@csi.business.gov.au/CsiPlugin: C:\Users\Patrick\Desktop\Steuer\bin\npCsiPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Patrick\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.02.24 22:35:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.28 17:19:35 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.28 17:19:30 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.28 17:19:35 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.28 17:19:30 | 000,000,000 | ---D | M] [2012.07.26 19:59:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Patrick\AppData\Roaming\mozilla\Extensions [2012.10.23 17:20:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Patrick\AppData\Roaming\mozilla\Firefox\Profiles\0tp2n5vx.default\extensions [2012.10.28 17:19:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012.10.28 17:19:28 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2012.10.28 17:19:34 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.04.08 12:50:05 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2012.07.14 01:45:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.07.25 17:33:12 | 000,006,531 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2012.09.12 14:23:13 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.07.14 01:45:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.07.14 01:45:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.07.14 01:45:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.07.14 01:45:07 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe (Simply Super Software) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1868758852-272549566-3515360311-1026..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1868758852-272549566-3515360311-1028..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-1868758852-272549566-3515360311-1026..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-1868758852-272549566-3515360311-1028..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk = C:\Program Files (x86)\Trillian Astra\trillian.exe (Cerulean Studios) O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Patrick\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm () O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Patrick\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Free YouTube Download - C:\Users\Patrick\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Patrick\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4E695855-2B15-4CB6-9367-3F229F89FBCC}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7214F34D-7061-44F5-8167-C7914734108D}: DhcpNameServer = 139.7.30.125 139.7.30.126 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A630EB59-0995-44A8-B0BE-02C3808B2787}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) NetSvcs:64bit: UxTuneUp - C:\Windows\SysNative\uxtuneup.dll (TuneUp Software) NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker 2.6 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.iac2 - C:\Windows\SysWOW64\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.) Drivers32: VIDC.IV41 - C:\Windows\SysWow64\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\Windows\SysWow64\ir50_32.dll (Intel Corporation) Drivers32: vidc.VP60 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com) Drivers32: vidc.VP61 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com) Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.) ========== Files/Folders - Created Within 30 Days ========== [2012.10.31 17:13:28 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Patrick\Desktop\OTL.exe [2012.10.28 17:19:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012.10.20 18:01:59 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012.10.18 22:04:13 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\Macromedia [2012.10.18 21:57:16 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed [2012.10.14 20:56:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero [2012.10.14 20:45:23 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess [2012.10.14 20:45:22 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\Plex Media Server [2012.10.07 12:34:15 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Roaming\Nero [2012.10.07 12:34:05 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\Nero [2012.10.07 12:19:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero [2012.10.07 12:19:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero [2012.10.07 12:05:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nero MediaHome 4 Essentials [2009.09.04 18:01:10 | 000,525,656 | ---- | C] (Microsoft Corporation) -- C:\Users\Patrick\DXSETUP.exe [2009.09.04 18:01:08 | 001,691,464 | ---- | C] (Microsoft Corporation) -- C:\Users\Patrick\dsetup32.dll [2009.09.04 18:01:08 | 000,094,024 | ---- | C] (Microsoft Corporation) -- C:\Users\Patrick\DSETUP.dll [2009.09.04 17:36:30 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Users\Patrick\dxupdate.dll [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Users\Patrick\Desktop\*.tmp files -> C:\Users\Patrick\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.11.01 11:41:03 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.11.01 11:06:54 | 000,013,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.01 11:06:54 | 000,013,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.01 10:53:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.01 10:53:48 | 1609,363,456 | -HS- | M] () -- C:\hiberfil.sys [2012.10.31 17:13:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Patrick\Desktop\OTL.exe [2012.10.20 18:12:39 | 000,016,782 | ---- | M] () -- C:\Users\Patrick\Documents\cc_20121020_191228.reg [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Users\Patrick\Desktop\*.tmp files -> C:\Users\Patrick\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.10.31 14:01:16 | 004,493,668 | ---- | C] () -- C:\Users\Patrick\Desktop\DSC_2294.JPG [2012.10.31 14:01:16 | 003,542,472 | ---- | C] () -- C:\Users\Patrick\Desktop\DSC_2293.JPG [2012.10.31 13:55:01 | 003,956,887 | ---- | C] () -- C:\Users\Patrick\Desktop\DSC_0035.JPG [2012.10.31 13:53:50 | 003,589,765 | ---- | C] () -- C:\Users\Patrick\Desktop\DSC_0247.JPG [2012.10.31 13:45:49 | 003,641,520 | ---- | C] () -- C:\Users\Patrick\Desktop\DSC_2207.JPG [2012.10.31 13:44:51 | 007,722,219 | ---- | C] () -- C:\Users\Patrick\Desktop\DSC_2139.JPG [2012.10.31 13:43:49 | 005,878,082 | ---- | C] () -- C:\Users\Patrick\Desktop\DSC_2527.JPG [2012.10.31 13:43:12 | 004,076,057 | ---- | C] () -- C:\Users\Patrick\Desktop\DSC_2482.JPG [2012.10.20 18:12:34 | 000,016,782 | ---- | C] () -- C:\Users\Patrick\Documents\cc_20121020_191228.reg [2012.10.18 21:57:26 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.07.28 11:09:14 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\UNRAR3.dll [2012.07.28 11:09:14 | 000,075,264 | ---- | C] () -- C:\Windows\SysWow64\unacev2.dll [2011.10.21 06:08:22 | 000,080,896 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe [2011.10.21 05:44:59 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll [2011.04.27 05:42:06 | 000,000,533 | ---- | C] () -- C:\Windows\eReg.dat [2011.03.22 00:47:59 | 000,187,700 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat [2010.12.24 02:51:22 | 000,099,328 | ---- | C] () -- C:\Users\Patrick\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.11.04 12:04:36 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll [2010.11.04 12:04:20 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini [2009.11.23 11:53:01 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.09.04 18:01:08 | 013,264,168 | ---- | C] () -- C:\Users\Patrick\dxnt.cab [2009.09.04 18:01:08 | 000,095,637 | ---- | C] () -- C:\Users\Patrick\dxupdate.cab [2009.09.04 18:01:08 | 000,044,440 | ---- | C] () -- C:\Users\Patrick\dxdllreg_x86.cab [2009.09.04 18:01:04 | 001,155,483 | ---- | C] () -- C:\Users\Patrick\BDANT.cab [2009.09.04 18:01:04 | 000,975,148 | ---- | C] () -- C:\Users\Patrick\BDAXP.cab [2009.09.04 17:36:32 | 000,059,486 | ---- | C] () -- C:\Users\Patrick\dxupdate.cif [2009.09.02 16:42:00 | 000,012,088 | ---- | C] () -- C:\Users\Patrick\dxupdate.inf ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.08.02 21:08:17 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\.mono [2010.08.03 18:05:15 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Atari [2012.07.25 17:33:09 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Babylon [2010.11.02 15:37:19 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Canneverbe Limited [2012.04.08 12:53:48 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\DAEMON Tools Lite [2012.09.13 14:49:38 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\DVDVideoSoft [2011.04.08 10:03:51 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\DVDVideoSoftIEHelpers [2012.07.26 00:43:19 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Esagb [2012.07.25 17:33:08 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\ExpressFiles [2010.03.06 16:19:41 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\fdrtools.com [2012.04.08 12:53:46 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\FileZilla [2010.10.07 09:50:02 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Leadertech [2011.07.18 10:15:39 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\MAGIX [2010.12.24 00:48:31 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\ManyCam [2010.11.04 00:27:02 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\mresreg [2011.09.26 12:05:32 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\pdfforge [2012.07.28 11:09:12 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Simply Super Software [2010.10.04 13:11:19 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\TERMINAL Studio [2012.01.24 13:55:01 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\tradesignal [2010.03.06 19:04:05 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Trillian [2009.10.31 11:43:23 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\TuneUp Software [2012.06.09 13:24:47 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Ubisoft [2012.08.02 20:00:55 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Unity [2012.07.25 17:00:39 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Visur [2010.03.01 19:46:36 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Vodafone [2012.07.26 21:17:01 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Woit ========== Purity Check ========== ========== Custom Scans ========== < G:\*. > [2009.12.17 21:32:14 | 000,000,000 | -HSD | M] -- G:\$RECYCLE.BIN [2012.01.22 19:10:20 | 000,000,000 | ---D | M] -- G:\Australien [2012.05.04 17:20:35 | 000,000,000 | ---D | M] -- G:\Bewerbung [2012.09.22 15:36:39 | 000,000,000 | R--D | M] -- G:\Bilderarchiv [2010.10.04 12:51:06 | 000,000,000 | ---D | M] -- G:\Diplomarbeit [2012.10.27 18:41:29 | 000,000,000 | R--D | M] -- G:\Filme [2012.09.14 10:49:45 | 000,000,000 | ---D | M] -- G:\Musik [2012.10.17 19:04:02 | 000,000,000 | ---D | M] -- G:\Programme [2010.11.18 20:22:54 | 000,000,000 | -HSD | M] -- G:\RECYCLER [2012.05.04 17:31:25 | 000,000,000 | ---D | M] -- G:\Schießsachen [2011.12.23 13:32:26 | 000,000,000 | ---D | M] -- G:\Spiele [2012.05.26 10:59:48 | 000,000,000 | ---D | M] -- G:\Studium- BA [2010.01.24 20:50:50 | 000,000,000 | -HSD | M] -- G:\System Volume Information [2009.07.14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2009.07.14 06:08:49 | 000,032,632 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012.10.18 21:57:26 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job < %SYSTEMDRIVE%\*. > [2009.10.30 13:55:43 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2011.04.07 10:15:10 | 000,000,000 | -HSD | M] -- C:\Boot [2010.12.24 02:43:10 | 000,000,000 | ---D | M] -- C:\divx [2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2009.10.30 13:55:16 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2009.10.30 16:44:03 | 000,000,000 | ---D | M] -- C:\Downloads [2012.04.08 10:54:42 | 000,000,000 | -HSD | M] -- C:\found.000 [2009.10.30 17:52:54 | 000,000,000 | RH-D | M] -- C:\MSOCache [2009.10.31 13:16:21 | 000,000,000 | ---D | M] -- C:\NVIDIA [2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2012.10.20 18:01:59 | 000,000,000 | R--D | M] -- C:\Program Files [2007.03.08 00:04:20 | 000,000,000 | ---D | M] -- C:\Program Files (x86) [2012.10.14 20:45:23 | 000,000,000 | -H-D | M] -- C:\ProgramData [2009.10.30 13:55:16 | 000,000,000 | -HSD | M] -- C:\Programme [2009.10.30 13:55:16 | 000,000,000 | -HSD | M] -- C:\Recovery [2012.10.30 17:33:05 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2010.11.02 22:18:57 | 000,000,000 | ---D | M] -- C:\Temp [2012.10.15 16:19:52 | 000,000,000 | R--D | M] -- C:\Users [2007.03.08 00:14:30 | 000,000,000 | ---D | M] -- C:\Windows [2012.04.08 12:26:40 | 000,000,000 | ---D | M] -- C:\_OTL < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2012.08.02 21:08:17 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\.mono [2012.04.06 12:57:18 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Adobe [2011.01.09 08:18:21 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Ahead [2011.11.19 00:12:01 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Apple Computer [2010.08.03 18:05:15 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Atari [2012.03.21 17:59:41 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Avira [2012.07.25 17:33:09 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Babylon [2010.11.02 15:37:19 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Canneverbe Limited [2012.04.08 12:53:48 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\DAEMON Tools Lite [2010.08.03 20:20:11 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\DivX [2012.04.21 11:18:24 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\dvdcss [2012.09.13 14:49:38 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\DVDVideoSoft [2011.04.08 10:03:51 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\DVDVideoSoftIEHelpers [2012.07.26 00:43:19 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Esagb [2012.07.25 17:33:08 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\ExpressFiles [2010.03.06 16:19:41 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\fdrtools.com [2012.04.08 12:53:46 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\FileZilla [2009.10.30 13:55:47 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Identities [2010.10.07 09:50:02 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Leadertech [2009.10.30 15:00:46 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Macromedia [2011.07.18 10:15:39 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\MAGIX [2012.04.07 14:34:40 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Malwarebytes [2010.12.24 00:48:31 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\ManyCam [2009.07.14 19:18:34 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Media Center Programs [2012.10.18 22:04:13 | 000,000,000 | --SD | M] -- C:\Users\Patrick\AppData\Roaming\Microsoft [2012.07.26 19:59:17 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Mozilla [2010.11.04 00:27:02 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\mresreg [2010.01.30 16:05:22 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\NCH Software [2012.10.07 12:34:15 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Nero [2012.09.13 14:52:16 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\NVIDIA [2011.09.26 12:05:32 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\pdfforge [2011.05.25 11:06:17 | 000,000,000 | RH-D | M] -- C:\Users\Patrick\AppData\Roaming\SecuROM [2012.07.28 11:09:12 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Simply Super Software [2012.10.20 18:07:10 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Skype [2011.05.29 08:34:48 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\skypePM [2012.04.08 13:00:30 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\SUPERAntiSpyware.com [2010.10.04 13:11:19 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\TERMINAL Studio [2012.01.24 13:55:01 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\tradesignal [2010.03.06 19:04:05 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Trillian [2009.10.31 11:43:23 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\TuneUp Software [2012.06.09 13:24:47 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Ubisoft [2012.08.02 20:00:55 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Unity [2012.07.25 17:00:39 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Visur [2012.10.30 20:54:52 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\vlc [2010.03.01 19:46:36 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Vodafone [2009.10.30 14:11:13 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\WinRAR [2012.07.26 21:17:01 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Woit < %APPDATA%\*.exe /s > < %SYSTEMROOT%\system32\drivers\*.sys /lockedfiles > < %SYSTEMROOT%\System32\config\*.sav > < %SYSTEMROOT%\*. /mp /s > < %SYSTEMROOT%\system32\*.dll /lockedfiles > [1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] ========== Alternate Data Streams ========== @Alternate Data Stream - 156 bytes -> C:\ProgramData\TEMP:CB0AACC9 < End of report > [/code] |
|
01.11.2012, 15:20
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Skriptfehler beim anschließen der externen Festplatte Ich seh dort so nichts. Die Meldung "Skript: resource://gre/modules/XPCOMUtils.jsm" muss so damit auch nicht unbedingt was zu tun haben oder ist diese Fehlermeldung reproduzierbar, wenn die externe Platte angesteckt wurde? Du hast da aber nervige Adware drauf => isearch.claro-search.com adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren Downloade Dir bitte AdwCleaner auf deinen Desktop. Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
01.11.2012, 15:26
| #15 |
| | Skriptfehler beim anschließen der externen Festplatte Ja, wie gesagt der Fehler tritt immer auf, wenn ich die Platte anschließe. Zunächste ca. 10-30min extrem langsamer Laptop, dann kommen irgendwann 1-3 von den Skript-Fehlermeldungen (immer andere) und danach läuft der Laptop wieder flüssig. Code:
ATTFilter # AdwCleaner v2.006 - Datei am 01/11/2012 um 15:09:26 erstellt
# Aktualisiert am 30/10/2012 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : Patrick - PATRICK-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Patrick\Desktop\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gefunden : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
Datei Gefunden : C:\user.js
Ordner Gefunden : C:\ProgramData\Babylon
Ordner Gefunden : C:\ProgramData\boost_interprocess
Ordner Gefunden : C:\ProgramData\Trymedia
Ordner Gefunden : C:\Users\Patrick\AppData\LocalLow\boost_interprocess
Ordner Gefunden : C:\Users\Patrick\AppData\Roaming\Babylon
Ordner Gefunden : C:\Users\Patrick\AppData\Roaming\pdfforge
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : HKLM\Software\Babylon
Schlüssel Gefunden : HKLM\Software\BabylonToolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Schlüssel Gefunden : HKU\S-1-5-21-1868758852-272549566-3515360311-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.7601.17514
[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://isearch.claro-search.com/?affID=114164&tt=3012_7&babsrc=HP_iclro&mntrId=5ef67d920000000000000013e8671f4b
-\\ Mozilla Firefox v16.0.2 (de)
Profilname : default
Datei : C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\0tp2n5vx.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [1986 octets] - [01/11/2012 15:09:26]
########## EOF - C:\AdwCleaner[R1].txt - [2046 octets] ##########
|
|
| Themen zu Skriptfehler beim anschließen der externen Festplatte |
| auslastung, bccode: 109, entfernen, externe festplatte, festplatte, formatieren, hintergrund, java/exploit.cve-2012-1723.cu, plötzlich, schließen, sehr langsam, trojaner, unsignedfile.multi.generic, unterschiedlich, win32/packed.niceprotect.a, win32/packed.vmprotect, win32/packed.vmprotect.aad, win32/toolbar.widgi |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
