BDS/ZeroAccess.Gen - System Progressive Protection gefunden

weh · 14.11.2012, 09:08

Hallo erst mal,

ich habe mir gestern beim Besuch einer "harmlosen" Webseite (jQuery Plugin) einen was eingefangen.

Avira war aktuell und das System wurde wöchentlich gescannt. Im Avira Eventlog wird zwar angezeigt dass BDS/ZeroAccess.Gen gefunden wurde, die installation konnte wohl trotzdem nicht verhindert werden (Logfile 1).

System Progressive Protection ist gestartet und hat alle Virenscans etc. geblockt.
Als ich bemerkt habe was passiert ist, habe ich Windows (etwas unsanft) sofort beendet, das Netzwerkkabel gezogen und im Safe Mode gebootet.

Ein kurzer Scanversuch mit Avira hat nichts angezeigt, deshalb habe ich weitergesucht und habe mir die hier vorhandenen Beiträge über BDS/ZeroAccess.Gen angesehen.

Als erstes habe ich einen Fullscan mit Malwarebytes Anti Malware gestartet. Dieser hat auch was gefunden (Logfile 2).

Nach dem Neustart (nicht mehr im Safe Mode) habe ich einen Quickscan mit Malwarebytes Anti Malware gemacht, der nichts mehr angezeigt hat (Logfile 3).

Danach habe ich über Nacht einen Scan mit ESET gemacht. Die gefundenen 2 Tools sind mir bekannt, und sollten kein Problem sein (Logfile 4).

Ich weiss nicht ob ich Glück hatte und das Sch...ding wieder entfernt wurde, oder ob es sich geschickt verschleiert im System installiert hat. Kann sich jemand die Logfiles mal ansehen und mir weiterhelfen.

Vielen Dank im voraus
Patrik

Logfile 1: Avira entdeckt BDS/ZeroAccess.Gen

Code:

ATTFilter


Avira Professional Security
Report file date: Dienstag, 13. November 2012  17:59

Scanning for 4489061 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available.

Licensee        : ***
Serial number   : 2212564331-ADJIE-0000001
Platform        : Windows 7 Professional
Windows version : (Service Pack 1)  [6.1.7601]
Boot mode       : Normally booted
Username        : SYSTEM
Computer name   : WEHBOOK

Version information:
BUILD.DAT       : 12.1.9.1577    46763 Bytes  11.10.2012 15:36:00
AVSCAN.EXE      : 12.3.0.48     468256 Bytes  07.11.2012 12:16:50
AVSCAN.DLL      : 12.3.0.15      54736 Bytes  14.05.2012 12:44:15
LUKE.DLL        : 12.3.0.15      68304 Bytes  14.05.2012 12:44:15
AVSCPLR.DLL     : 12.3.0.14      97032 Bytes  08.05.2012 07:42:53
AVREG.DLL       : 12.3.0.17     232200 Bytes  10.05.2012 14:10:17
VBASE000.VDF    : 7.10.0.0    19875328 Bytes  06.11.2009 18:18:34
VBASE001.VDF    : 7.11.0.0    13342208 Bytes  14.12.2010 09:07:39
VBASE002.VDF    : 7.11.19.170 14374912 Bytes  20.12.2011 15:42:00
VBASE003.VDF    : 7.11.21.238  4472832 Bytes  01.02.2012 11:22:27
VBASE004.VDF    : 7.11.26.44   4329472 Bytes  28.03.2012 12:18:31
VBASE005.VDF    : 7.11.34.116  4034048 Bytes  29.06.2012 12:19:46
VBASE006.VDF    : 7.11.41.250  4902400 Bytes  06.09.2012 10:26:26
VBASE007.VDF    : 7.11.45.207  2363904 Bytes  11.10.2012 06:40:52
VBASE008.VDF    : 7.11.45.208     2048 Bytes  11.10.2012 06:40:53
VBASE009.VDF    : 7.11.45.209     2048 Bytes  11.10.2012 06:40:53
VBASE010.VDF    : 7.11.45.210     2048 Bytes  11.10.2012 06:40:53
VBASE011.VDF    : 7.11.45.211     2048 Bytes  11.10.2012 06:40:53
VBASE012.VDF    : 7.11.45.212     2048 Bytes  11.10.2012 06:40:53
VBASE013.VDF    : 7.11.45.213     2048 Bytes  11.10.2012 06:40:54
VBASE014.VDF    : 7.11.46.65    220160 Bytes  16.10.2012 07:13:54
VBASE015.VDF    : 7.11.46.153   173568 Bytes  18.10.2012 09:00:41
VBASE016.VDF    : 7.11.46.223   162304 Bytes  19.10.2012 07:23:56
VBASE017.VDF    : 7.11.47.35    126464 Bytes  22.10.2012 21:24:23
VBASE018.VDF    : 7.11.47.95    175616 Bytes  24.10.2012 10:12:08
VBASE019.VDF    : 7.11.47.177   164352 Bytes  26.10.2012 12:14:08
VBASE020.VDF    : 7.11.47.229   143360 Bytes  28.10.2012 07:04:25
VBASE021.VDF    : 7.11.48.47    138240 Bytes  30.10.2012 13:11:53
VBASE022.VDF    : 7.11.48.135   122880 Bytes  01.11.2012 07:35:50
VBASE023.VDF    : 7.11.48.209   142848 Bytes  05.11.2012 12:37:58
VBASE024.VDF    : 7.11.48.243   119296 Bytes  05.11.2012 12:37:58
VBASE025.VDF    : 7.11.49.47    136704 Bytes  07.11.2012 07:16:41
VBASE026.VDF    : 7.11.49.135   194560 Bytes  09.11.2012 12:34:31
VBASE027.VDF    : 7.11.49.209   188416 Bytes  12.11.2012 19:07:43
VBASE028.VDF    : 7.11.49.210     2048 Bytes  12.11.2012 19:07:43
VBASE029.VDF    : 7.11.49.211     2048 Bytes  12.11.2012 19:07:43
VBASE030.VDF    : 7.11.49.212     2048 Bytes  12.11.2012 19:07:43
VBASE031.VDF    : 7.11.49.250   109056 Bytes  13.11.2012 16:08:00
Engine version  : 8.2.10.198
AEVDF.DLL       : 8.1.2.10      102772 Bytes  10.07.2012 10:30:17
AESCRIPT.DLL    : 8.1.4.66      463227 Bytes  12.11.2012 10:08:05
AESCN.DLL       : 8.1.9.2       131444 Bytes  26.09.2012 12:01:21
AESBX.DLL       : 8.2.5.12      606578 Bytes  14.06.2012 12:17:00
AERDL.DLL       : 8.2.0.74      643445 Bytes  07.11.2012 10:16:47
AEPACK.DLL      : 8.3.0.40      815479 Bytes  12.11.2012 10:08:05
AEOFFICE.DLL    : 8.1.2.50      201084 Bytes  06.11.2012 12:38:02
AEHEUR.DLL      : 8.1.4.132    5489016 Bytes  12.11.2012 10:08:03
AEHELP.DLL      : 8.1.25.2      258423 Bytes  11.10.2012 14:25:52
AEGEN.DLL       : 8.1.6.8       434548 Bytes  07.11.2012 10:16:41
AEEXP.DLL       : 8.2.0.10      119158 Bytes  06.11.2012 12:38:02
AEEMU.DLL       : 8.1.3.2       393587 Bytes  10.07.2012 10:30:16
AECORE.DLL      : 8.1.29.2      201079 Bytes  07.11.2012 10:16:41
AEBB.DLL        : 8.1.1.4        53619 Bytes  06.11.2012 12:37:59
AVWINLL.DLL     : 12.3.0.15      27344 Bytes  14.05.2012 12:44:14
AVPREF.DLL      : 12.3.0.32      50720 Bytes  07.11.2012 12:16:50
AVREP.DLL       : 12.3.0.15     179208 Bytes  08.05.2012 07:42:53
AVARKT.DLL      : 12.3.0.33     209696 Bytes  07.11.2012 12:16:49
AVEVTLOG.DLL    : 12.3.0.15     169168 Bytes  14.05.2012 12:44:15
SQLITE3.DLL     : 3.7.0.1       398288 Bytes  14.05.2012 12:44:15
AVSMTP.DLL      : 12.3.0.32      63480 Bytes  09.08.2012 10:26:31
NETNT.DLL       : 12.3.0.15      17104 Bytes  14.05.2012 12:44:15
RCIMAGE.DLL     : 12.3.0.31    4715768 Bytes  09.08.2012 10:26:29
RCTEXT.DLL      : 12.3.0.32      96544 Bytes  07.11.2012 12:16:49

Configuration settings for the scan:
Jobname.............................: AVGuardAsyncScan
Configuration file..................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_50a20588\guard_slideup.avp
Logging.............................: default
Primary action......................: Interactive
Secondary action....................: Quarantine
Scan master boot sector.............: on
Scan boot sector....................: off
Process scan........................: on
Scan registry.......................: off
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: Complete
Deviating risk categories...........: +SPR,

Start of the scan: Dienstag, 13. November 2012  17:59

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'eja73ojyrpissv.exe' - '1' Module(s) have been scanned
Scan process 'java.exe' - '1' Module(s) have been scanned
Scan process 'jp2launcher.exe' - '1' Module(s) have been scanned
Scan process 'DllHost.exe' - '1' Module(s) have been scanned
Scan process 'php-cgi.exe' - '1' Module(s) have been scanned
Scan process 'php-cgi.exe' - '1' Module(s) have been scanned
Scan process 'httpd.exe' - '1' Module(s) have been scanned
Scan process 'httpd.exe' - '1' Module(s) have been scanned
Scan process 'hpqToaster.exe' - '1' Module(s) have been scanned
Scan process 'vlc.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'KoffBackend.exe' - '1' Module(s) have been scanned
Scan process 'UNS.exe' - '1' Module(s) have been scanned
Scan process 'Com4QLBEx.exe' - '1' Module(s) have been scanned
Scan process 'OUTLOOK.EXE' - '1' Module(s) have been scanned
Scan process 'SbHpAuthenticatorService.exe' - '1' Module(s) have been scanned
Scan process 'hpqWmiEx.exe' - '1' Module(s) have been scanned
Scan process 'VolCtrl.exe' - '1' Module(s) have been scanned
Scan process 'soffice.bin' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'soffice.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'TrueImageMonitor.exe' - '1' Module(s) have been scanned
Scan process 'Launchy.exe' - '1' Module(s) have been scanned
Scan process 'nusb3mon.exe' - '1' Module(s) have been scanned
Scan process 'QLBCtrl.exe' - '1' Module(s) have been scanned
Scan process 'Dropbox.exe' - '1' Module(s) have been scanned
Scan process 'ApacheMonitor.exe' - '1' Module(s) have been scanned
Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned
Scan process 'Skype.exe' - '1' Module(s) have been scanned
Scan process 'schedhlp.exe' - '1' Module(s) have been scanned
Scan process 'IAAnotif.exe' - '1' Module(s) have been scanned
Scan process 'AVWEBGRD.EXE' - '1' Module(s) have been scanned
Scan process 'avmailc.exe' - '1' Module(s) have been scanned
Scan process 'DPAgent.exe' - '1' Module(s) have been scanned
Scan process 'IAANTMon.exe' - '1' Module(s) have been scanned
Scan process 'TeamViewer_Service.exe' - '1' Module(s) have been scanned
Scan process 'TeamViewer_Service.exe' - '1' Module(s) have been scanned
Scan process 'LMS.exe' - '1' Module(s) have been scanned
Scan process 'ktupdaterservice.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'HPDrvMntSvc.exe' - '1' Module(s) have been scanned
Scan process 'PTChangeFilterService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'afcdpsrv.exe' - '1' Module(s) have been scanned
Scan process 'armsvc.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'HpFkCrypt.exe' - '1' Module(s) have been scanned

Starting the file scan:

Begin scan in 'C:\$Recycle.Bin\S-1-5-21-3629986181-1509596615-2328272075-1000\$927d5344adb0f1659c13d77b24a97d2e\n'
C:\$Recycle.Bin\S-1-5-21-3629986181-1509596615-2328272075-1000\$927d5344adb0f1659c13d77b24a97d2e\n
  [DETECTION] Contains a recognition pattern of the (harmful) BDS/ZeroAccess.Gen back-door program

Beginning disinfection:
C:\$Recycle.Bin\S-1-5-21-3629986181-1509596615-2328272075-1000\$927d5344adb0f1659c13d77b24a97d2e\n
  [DETECTION] Contains a recognition pattern of the (harmful) BDS/ZeroAccess.Gen back-door program
  [NOTE]      The file was moved to the quarantine directory under the name '57f2d270.qua'.


End of the scan: Dienstag, 13. November 2012  18:05
Used time: 00:25 Minute(s)

The scan has been done completely.

      0 Scanned directories
    797 Files were scanned
      1 Viruses and/or unwanted programs were found
      0 Files were classified as suspicious
      0 Files were deleted
      0 Viruses and unwanted programs were repaired
      1 Files were moved to quarantine
      0 Files were renamed
      0 Files cannot be scanned
    796 Files not concerned
      4 Archives were scanned
      0 Warnings
      1 Notes


The scan results will be transferred to the Guard.

Logfile 2: Malwarebytes Anti Malware Full Scan

Code:

ATTFilter

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.13.07

Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
weh :: WEHBOOK [administrator]

13.11.2012 19:04:21
mbam-log-2012-11-13 (19-04-21).txt

Scan type: Full scan (C:\|F:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 1225030
Time elapsed: 2 hour(s), 51 minute(s), 8 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 3
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 1
C:\Users\weh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Progressive Protection (Rogue.SystemProgressiveProtection) -> Quarantined and deleted successfully.

Files Detected: 7
C:\$Recycle.Bin\S-1-5-18\$927d5344adb0f1659c13d77b24a97d2e\n (Trojan.0Access) -> Delete on reboot.
C:\$Recycle.Bin\S-1-5-18\$927d5344adb0f1659c13d77b24a97d2e\U\00000001.@ (Trojan.0Access) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-18\$927d5344adb0f1659c13d77b24a97d2e\U\80000000.@ (Trojan.0Access) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-18\$927d5344adb0f1659c13d77b24a97d2e\U\800000cb.@ (Trojan.0Access) -> Quarantined and deleted successfully.
C:\Users\weh\AppData\Local\Google\Chrome\Application\21.0.1180.83\chrome_frame_helper.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\weh\Desktop\System Progressive Protection.lnk (Rogue.SystemProgressiveProtection) -> Quarantined and deleted successfully.
C:\Users\weh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Progressive Protection\System Progressive Protection.lnk (Rogue.SystemProgressiveProtection) -> Quarantined and deleted successfully.

(end)

Logfile 3: Malwarebytes Anti Malware Quickscan nach Reboot

Code:

ATTFilter

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.13.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
weh :: WEHBOOK [administrator]

13.11.2012 22:05:37
mbam-log-2012-11-13 (22-05-37).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 246438
Time elapsed: 15 minute(s), 19 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Logfile 4: ESET Scan

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=376d22ed850e51448c6759c58c9e58ac
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-11-14 03:52:28
# local_time=2012-11-14 04:52:28 (+0100, W. Europe Standard Time)
# country="Switzerland"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1792 16777215 100 0 33917652 33917652 0 0
# compatibility_mode=5893 16776574 66 94 64956 104472105 0 0
# compatibility_mode=8192 67108863 100 0 3773 3773 0 0
# scanned=1024778
# found=2
# cleaned=0
# scan_time=22892
C:\Program Files (x86)\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe	Win32/Toolbar.Widgi application (unable to clean)	00000000000000000000000000000000	I
C:\Users\weh\Downloads\Unlocker1.9.1-x64.exe	Win32/Adware.ADON application (unable to clean)	00000000000000000000000000000000	I

Psychotic · 14.11.2012, 12:54

Mein Name ist Marius und ich werde dir bei deinem Problem helfen.

Eines vorneweg:

Hinweis: Wir können hier nie dafür garantieren, dass wir sämtliche Reste von Schadsoftware gefunden haben. Eine Formatierung ist meist der schnellste und immer der sicherste Weg.

Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass dein Rechner clean ist.

Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden.

Bitte arbeite alle Schritte der Reihe nach ab.
Lese die Anleitungen sorgfältig. Solltest du irgendwo nicht weiterkommen, stoppe an diesem Punkt und beschreibe dein Problem hier!
Nur Scans durchführen, zu denen du von einem Helfer aufgefordert wirst.
Bitte kein Crossposting (posten in mehreren Foren) - wenn du die Anweisungen mehrere Helfer ausführst, kann das schwere Probleme nach sich ziehen!.
Installiere oder Deinstalliere während der Bereinigung keine Software (ausser, du wurdest dazu aufgefordert).
Wenn etwas unklar ist: Frage, bevor du etwas "blind" machst!

...und ganz wichtig:
Poste die Logfiles mit code-tags (das #-Symbol oben im Antwortfenster) in deinen Thread! Nicht anhängen, außer, ich fordere dich dazu auf. (Erschwert mir nämlich das Auswerten).

Vista und Win7 User
Alle Tools mit Rechtsklick --> "als Administrator ausführen" starten.

Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop.

Starte das Tool mit Doppelklick.
Vista und Win7 User mit Rechtsklick "als Administrator starten".
Klicke nun auf den Disable Button um die Treiber gewisser Emulatoren zu deaktivieren.
Wenn der Scan beendet wurde ( Finished ), klicke auf OK.
Defogger fordert gegebenfalls zum Neustart auf. Bestätige dies mit OK.

Sollte Defogger eine Fehlermeldung ausgeben, poste bitte die defogger_disable Log von deinem Desktop.
Klicke den Re-enable Button nicht ohne Anweisung.

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)

Doppelklick auf die OTL.exe
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in den Thread.

Schritt 3: aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung) Vista und Win7 User mit Rechtsklick "als Admininstartor starten"
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. ( Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen ) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Schritt 4: Scan mit TDSS-Killer

Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen.

Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und speichere das Logfile. TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern ( Meistens C:\ ) Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt

Poste den Inhalt bitte hier in deinen Thread.

weh · 14.11.2012, 16:32

Hi Marius,

hier die gewünschten Logfiles:

defogger:

Code:

ATTFilter

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 13:46 on 14/11/2012 (weh)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

OTL:

Code:

ATTFilter

OTL logfile created on: 11/14/2012 1:50:59 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\weh\Desktop\Trojan\Tools
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Switzerland | Language: DES | Date Format: dd.MM.yyyy
 
3.86 Gb Total Physical Memory | 1.65 Gb Available Physical Memory | 42.75% Memory free
7.72 Gb Paging File | 4.96 Gb Available in Paging File | 64.30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 280.79 Gb Total Space | 68.26 Gb Free Space | 24.31% Space Free | Partition Type: NTFS
Drive F: | 1.99 Gb Total Space | 1.98 Gb Free Space | 99.56% Space Free | Partition Type: FAT32
Drive S: | 149.04 Gb Total Space | 47.17 Gb Free Space | 31.65% Space Free | Partition Type: NTFS
 
Computer Name: WEHBOOK | User Name: weh | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\weh\Desktop\Trojan\Tools\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Program Files (x86)\Kerio\UpdaterService\ktupdaterservice.exe (Kerio Technologies Inc.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\Notepad++\notepad++.exe (Don HO don.h@free.fr)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files (x86)\Launchy\Launchy.exe ()
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe (DigitalPersona, Inc.)
PRC - C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
PRC - c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe (Hewlett-Packard Development Company, L.P)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe ( Hewlett-Packard Development Company, L.P.)
PRC - c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe (McAfee, Inc.)
PRC - c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe (Hewlett-Packard Company)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\6c59a14a23f734093e80d6093e25302a\Microsoft.VisualBasic.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\2ff4e90c5842525f7a7456639de090d8\System.Runtime.Serialization.Formatters.Soap.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\fa79d708cc3fa75c4672e7647bffa002\System.Runtime.Remoting.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\e51b389e6d470d6920df51e7bbee6977\System.Xml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\97dccc257e6729c8bc2450a5caf030e5\System.Configuration.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Notepad++\plugins\JSLintNpp.dll ()
MOD - C:\Program Files (x86)\Notepad++\plugins\NppFTP.dll ()
MOD - C:\Program Files (x86)\Notepad++\plugins\regrexplace.dll ()
MOD - C:\Program Files (x86)\Notepad++\plugins\nppRegEx.dll ()
MOD - C:\Program Files (x86)\Notepad++\plugins\InsertLoremIpsumNppPlugin.dll ()
MOD - C:\Program Files\TortoiseGit\bin\zlib132.dll ()
MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Program Files (x86)\Launchy\plugins\controly.dll ()
MOD - C:\Program Files (x86)\Launchy\plugins\calcy.dll ()
MOD - C:\Program Files (x86)\Launchy\plugins\gcalc.dll ()
MOD - C:\Program Files (x86)\Launchy\Launchy.exe ()
MOD - C:\Program Files (x86)\Launchy\plugins\runner.dll ()
MOD - C:\Program Files (x86)\Launchy\plugins\weby.dll ()
MOD - C:\Program Files (x86)\Launchy\plugins\verby.dll ()
MOD - C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()
MOD - C:\Program Files (x86)\Notepad++\plugins\ComparePlugin.dll ()
MOD - C:\Program Files (x86)\Launchy\imageformats\qmng4.dll ()
MOD - C:\Program Files (x86)\Launchy\QtGui4.dll ()
MOD - C:\Program Files (x86)\Launchy\QtNetwork4.dll ()
MOD - C:\Program Files (x86)\Launchy\QtCore4.dll ()
MOD - C:\Program Files (x86)\Notepad++\plugins\NppExport.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (DisplayLinkService) -- C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe (DisplayLink Corp.)
SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard Company)
SRV:64bit: - (domain1) -- C:\Program Files\GlassFish\EnterpriseServer 3.0\glassfish\domains\domain1\bin\domain1Service.exe (Sun Microsystems, Inc.)
SRV:64bit: - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV:64bit: - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV:64bit: - (LBTServ) -- C:\Program Files\Common Files\logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV:64bit: - (postgresql-x64-9.0) -- C:\Program Files\PostgreSQL\9.0\bin\pg_ctl.exe (PostgreSQL Global Development Group)
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (DpHost) -- c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe (DigitalPersona, Inc.)
SRV:64bit: - (HP Power Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe (Hewlett-Packard)
SRV:64bit: - (HP Wireless Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Hewlett-Packard)
SRV:64bit: - (HpFkCryptService) -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe (McAfee, Inc.)
SRV:64bit: - (DEBridge) -- c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe (McAfee, Inc.)
SRV:64bit: - (vcsFPService) -- C:\Windows\SysNative\vcsFPService.exe (Validity Sensors, Inc.)
SRV:64bit: - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV:64bit: - (AgereModemAudio) -- C:\Program Files\LSI SoftModem\agr64svc.exe (LSI Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\AESTSr64.exe (Andrea Electronics Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (ktupdaterservice) -- C:\Program Files (x86)\Kerio\UpdaterService\ktupdaterservice.exe (Kerio Technologies Inc.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirMailService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
SRV - (TeamViewer6) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (MySQL) -- C:\Software\Mysql5.5\bin\mysqld.exe ()
SRV - (Apache CouchDB01cbce7481a03700) -- C:\Software\ApacheSoftwareFoundation\CouchDB\erts-5.8\bin\erlsrv.exe ()
SRV - (CableAssociation) -- C:\Program Files (x86)\devolo Vianect AIR Manager\Components\Association\CableAssociation.exe (Wisair Ltd.)
SRV - (rpcapd) -- C:\Program Files (x86)\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (IAANTMON) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (STacSV) -- C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\STacSV64.exe (IDT, Inc.)
SRV - (HP ProtectTools Service) -- c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe (Hewlett-Packard Development Company, L.P)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (vcsFPService) -- C:\Windows\SysWOW64\vcsFPService.exe (Validity Sensors, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (AESTFilters) -- C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\AESTSr64.exe (Andrea Electronics Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (DisplayLinkUsbPort) -- C:\Windows\SysNative\drivers\DisplayLinkUsbPort_6.1.32700.0.sys (hxxp://libusb-win32.sourceforge.net)
DRV:64bit: - (dlkmd) -- C:\Windows\SysNative\drivers\dlkmd.sys (DisplayLink Corp.)
DRV:64bit: - (dlkmdldr) -- C:\Windows\SysNative\drivers\dlkmdldr.sys (DisplayLink Corp.)
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (e1kexpress) -- C:\Windows\SysNative\drivers\e1k62x64.sys (Intel Corporation)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (BazisVirtualCDBus) -- C:\Windows\SysNative\drivers\BazisVirtualCDBus.sys (SysProgs.org)
DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard Company)
DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard Company)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys (Oracle Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidEqd) -- C:\Windows\SysNative\drivers\LHidEqd.sys (Logitech, Inc.)
DRV:64bit: - (LEqdUsb) -- C:\Windows\SysNative\drivers\LEqdUsb.sys (Logitech, Inc.)
DRV:64bit: - (SaiNtBus) -- C:\Windows\SysNative\drivers\SaiBus.sys (Saitek)
DRV:64bit: - (SaiMini) -- C:\Windows\SysNative\drivers\SaiMini.sys (Saitek)
DRV:64bit: - (SaiK0CCB) -- C:\Windows\SysNative\drivers\SaiK0CCB.sys (Saitek)
DRV:64bit: - (SaiU0CCB) -- C:\Windows\SysNative\drivers\SaiU0CCB.sys (Saitek)
DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (HWARadio) -- C:\Windows\SysNative\drivers\WSR_RCI.SYS ()
DRV:64bit: - (DWA) -- C:\Windows\SysNative\drivers\WSR_DWA.SYS ()
DRV:64bit: - (hwa) -- C:\Windows\SysNative\drivers\WSR_HWA.SYS ()
DRV:64bit: - (WSR_USF) -- C:\Windows\SysNative\drivers\WSR_USF.sys ()
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (DLCopyFilter) -- C:\Windows\SysNative\drivers\WSR_TBF.sys ()
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (NETw5s64) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation)
DRV:64bit: - (SNP2UVC) -- C:\Windows\SysNative\drivers\snp2uvc.sys ()
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (NEC Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (NEC Electronics Corporation)
DRV:64bit: - (SbFsLock) -- C:\windows\SysNative\drivers\SbFsLock.sys (McAfee, Inc.)
DRV:64bit: - (RsvLock) -- C:\windows\SysNative\drivers\RsvLock.sys (McAfee, Inc.)
DRV:64bit: - (SafeBoot) -- C:\windows\SysNative\drivers\SafeBoot.sys ()
DRV:64bit: - (risdpcie) -- C:\Windows\SysNative\drivers\risdpe64.sys (REDC)
DRV:64bit: - (rimspci) -- C:\Windows\SysNative\drivers\rimspe64.sys (REDC)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (rixdpcie) -- C:\Windows\SysNative\drivers\rixdpe64.sys (REDC)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corporation)
DRV:64bit: - (rismcx64) -- C:\Windows\SysNative\drivers\rismcx64.sys (RICOH Company, Ltd.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (rimmptsk) -- C:\Windows\SysNative\drivers\rimmpx64.sys (REDC)
DRV:64bit: - (rismxdp) -- C:\Windows\SysNative\drivers\rixdpx64.sys (REDC)
DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\drivers\rimspx64.sys (REDC)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (SbAlg) -- C:\windows\SysNative\drivers\SbAlg.sys (McAfee, Inc.)
DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV:64bit: - (LVUSBS64) -- C:\Windows\SysNative\drivers\LVUSBS64.sys (Logitech Inc.)
DRV:64bit: - (CamDrL64) -- C:\Windows\SysNative\drivers\CamDrL64.sys (Logitech Inc.)
DRV - (kqemu) -- C:\Windows\SysWOW64\drivers\kqemu.sys ()
DRV - (SbAlg) -- C:\windows\SysWow64\drivers\SbAlg.sys (McAfee, Inc.)
DRV - (SbFsLock) -- C:\windows\SysWow64\drivers\SbFsLock.sys (McAfee, Inc.)
DRV - (RsvLock) -- C:\windows\SysWow64\drivers\rsvlock.sys (McAfee, Inc.)
DRV - (SafeBoot) -- C:\windows\SysWow64\drivers\SafeBoot.sys (McAfee, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {E8E96765-A1D3-44EA-9102-639084622E71}
IE:64bit: - HKLM\..\SearchScopes\{E8E96765-A1D3-44EA-9102-639084622E71}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com
IE - HKLM\..\SearchScopes,DefaultScope = {E8E96765-A1D3-44EA-9102-639084622E71}
IE - HKLM\..\SearchScopes\{E8E96765-A1D3-44EA-9102-639084622E71}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://local.kueng-automobile.ch/
IE - HKCU\..\SearchScopes,DefaultScope = {56A5D131-8A06-4305-B524-F456A810B422}
IE - HKCU\..\SearchScopes\{56A5D131-8A06-4305-B524-F456A810B422}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKCU\..\SearchScopes\{E8E96765-A1D3-44EA-9102-639084622E71}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "hxxp://localhost:8080/mastertool-proto/"
FF - prefs.js..extensions.enabledAddons: info@elime.be:1.5
FF - prefs.js..extensions.enabledAddons: SQLiteManager@mrinalkant.blogspot.com:0.7.7
FF - prefs.js..extensions.enabledAddons: {6AC85730-7D0F-4de0-B3FA-21142DD85326}:2.8
FF - prefs.js..extensions.enabledAddons: {75CEEE46-9B64-46f8-94BF-54012DE155F0}:0.4.10
FF - prefs.js..extensions.enabledAddons: {8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}:0.17
FF - prefs.js..extensions.enabledAddons: {9c51bd27-6ed8-4000-a2bf-36cb95c0c947}:11.0.1
FF - prefs.js..extensions.enabledAddons: {ad0d925d-88f8-47f1-85ea-8463569e756e}:2.0.3
FF - prefs.js..extensions.enabledAddons: {b749fc7c-e949-447f-926c-3f4eed6accfe}:0.7.1.1
FF - prefs.js..extensions.enabledAddons: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.2.2
FF - prefs.js..extensions.enabledAddons: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.89
FF - prefs.js..extensions.enabledAddons: firefox@ghostery.com:2.8.3
FF - prefs.js..extensions.enabledAddons: jsonview@brh.numbera.com:0.7
FF - prefs.js..extensions.enabledAddons: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:6.3.0.11079
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\weh\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\weh\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ [2010/09/10 23:53:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/11/08 08:10:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/11/08 08:10:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.20\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/11/08 08:10:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.20\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2011/08/11 14:31:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\weh\AppData\Roaming\Mozilla\Extensions
[2011/02/09 12:39:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\weh\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/02/04 09:44:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\weh\AppData\Roaming\Mozilla\Extensions\pencil@evolus.vn
[2011/08/11 14:31:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\weh\AppData\Roaming\Mozilla\Firefox\Profiles\nvxzih3d.default\extensions
[2011/08/11 14:31:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\weh\AppData\Roaming\Mozilla\Firefox\Profiles\nvxzih3d.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
[2012/11/01 09:08:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\weh\AppData\Roaming\Mozilla\Firefox\Profiles\pfaihdbd.default\extensions
[2011/08/12 11:51:06 | 000,000,000 | ---D | M] (Delicious Bookmarks) -- C:\Users\weh\AppData\Roaming\Mozilla\Firefox\Profiles\pfaihdbd.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
[2012/09/20 14:15:44 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\weh\AppData\Roaming\Mozilla\Firefox\Profiles\pfaihdbd.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2012/08/06 09:19:53 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\weh\AppData\Roaming\Mozilla\Firefox\Profiles\pfaihdbd.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2011/08/11 14:34:23 | 000,000,000 | ---D | M] (Live HTTP Headers) -- C:\Users\weh\AppData\Roaming\Mozilla\Firefox\Profiles\pfaihdbd.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
[2012/09/20 14:15:43 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\weh\AppData\Roaming\Mozilla\Firefox\Profiles\pfaihdbd.default\extensions\firefox@ghostery.com
[2012/11/01 09:08:10 | 002,042,908 | ---- | M] () (No name found) -- C:\Users\weh\AppData\Roaming\Mozilla\Firefox\Profiles\pfaihdbd.default\extensions\firebug@software.joehewitt.com.xpi
[2012/04/11 13:06:48 | 000,084,034 | ---- | M] () (No name found) -- C:\Users\weh\AppData\Roaming\Mozilla\Firefox\Profiles\pfaihdbd.default\extensions\FirePHPExtension-Build@firephp.org.xpi
[2011/11/07 16:38:02 | 000,013,136 | ---- | M] () (No name found) -- C:\Users\weh\AppData\Roaming\Mozilla\Firefox\Profiles\pfaihdbd.default\extensions\info@elime.be.xpi
[2012/10/22 15:32:01 | 000,026,234 | ---- | M] () (No name found) -- C:\Users\weh\AppData\Roaming\Mozilla\Firefox\Profiles\pfaihdbd.default\extensions\jsonview@brh.numbera.com.xpi
[2011/11/25 10:12:23 | 000,255,318 | ---- | M] () (No name found) -- C:\Users\weh\AppData\Roaming\Mozilla\Firefox\Profiles\pfaihdbd.default\extensions\SQLiteManager@mrinalkant.blogspot.com.xpi
[2011/08/24 18:34:34 | 000,028,993 | ---- | M] () (No name found) -- C:\Users\weh\AppData\Roaming\Mozilla\Firefox\Profiles\pfaihdbd.default\extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}.xpi
[2011/11/23 09:48:18 | 000,080,872 | ---- | M] () (No name found) -- C:\Users\weh\AppData\Roaming\Mozilla\Firefox\Profiles\pfaihdbd.default\extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}.xpi
[2012/06/04 09:11:14 | 000,261,871 | ---- | M] () (No name found) -- C:\Users\weh\AppData\Roaming\Mozilla\Firefox\Profiles\pfaihdbd.default\extensions\{ad0d925d-88f8-47f1-85ea-8463569e756e}.xpi
[2011/12/08 14:07:22 | 000,061,705 | ---- | M] () (No name found) -- C:\Users\weh\AppData\Roaming\Mozilla\Firefox\Profiles\pfaihdbd.default\extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}.xpi
[2012/09/05 12:25:27 | 001,268,546 | ---- | M] () (No name found) -- C:\Users\weh\AppData\Roaming\Mozilla\Firefox\Profiles\pfaihdbd.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi
[2012/07/31 16:48:36 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\weh\AppData\Roaming\Mozilla\Firefox\Profiles\pfaihdbd.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/10/11 09:05:58 | 000,252,340 | ---- | M] () (No name found) -- C:\Users\weh\AppData\Roaming\Mozilla\Firefox\Profiles\pfaihdbd.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2012/10/16 09:22:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/11/14 10:46:40 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/10/16 09:22:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012/10/29 15:40:56 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/09/12 16:31:37 | 000,218,192 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files (x86)\mozilla firefox\plugins\npatgpc.dll
[2012/06/20 09:00:01 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/08/29 09:04:39 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/20 09:00:01 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012/06/20 09:00:01 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/06/20 09:00:01 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/06/20 09:00:01 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\weh\AppData\Local\Google\Chrome\Application\23.0.1271.64\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\weh\AppData\Local\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\weh\AppData\Local\Google\Chrome\Application\23.0.1271.64\pdf.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Users\weh\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Adblock Plus = C:\Users\weh\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.3.1_0\
CHR - Extension: Tampermonkey = C:\Users\weh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo\2.7.2820_0\
CHR - Extension: Postman - REST Client = C:\Users\weh\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdmmgilgnpjigdojojpjoooidkmcomcm\0.7.3_0\
CHR - Extension: Postman - REST Client = C:\Users\weh\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdmmgilgnpjigdojojpjoooidkmcomcm\0.7.5_0\
CHR - Extension: Stylish = C:\Users\weh\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe\0.10_0\
CHR - Extension: Edit This Cookie = C:\Users\weh\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg\1.1.24_0\
CHR - Extension: Window Resizer = C:\Users\weh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkelicaakdanhinjdeammmilcgefonfh\1.7.0_0\
CHR - Extension: Ghostery = C:\Users\weh\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\4.0.0_0\
CHR - Extension: Google Mail = C:\Users\weh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2012/10/30 14:28:31 | 000,001,760 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 192.168.10.200 NPI7F2D31
O1 - Hosts: 192.168.10.7 siebenhengst
O2:64bit: - BHO: (HP ProtectTools Security Manager Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP ProtectTools Security Manager Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (IE Developer Toolbar BHO) - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files (x86)\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [HP Color LaserJet CM2320 MFP Series Fax] C:\Program Files (x86)\HP\HP Color LaserJet CM2320 MFP Series\hppfaxprintersrv.exe (Hewlett-Packard Company)
O4:64bit: - HKLM..\Run: [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4:64bit: - HKLM..\Run: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe (Saitek)
O4:64bit: - HKLM..\Run: [SaiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe (Saitek)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HPUsageTracking] C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe ()
O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)
O4 - HKLM..\Run: [LogitechVideoCallServer(E)] C:\Program Files (x86)\ETH Zürich\ETH Zürich PolyPhone\LogitechVideoCallServer.exe /automation File not found
O4 - HKLM..\Run: [NUSB3MON] c:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [WirelessUSBManager] C:\Program Files (x86)\devolo Vianect AIR Manager\Components\WirelessUSBManager\WirelessUSBManager.exe (Wisair Ltd.)
O4 - HKCU..\Run: [VeodinKeyRocket] "C:\Users\weh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Veodin\KeyRocket.appref-ms" File not found
O4 - Startup: C:\Users\weh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\weh\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\weh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Launchy.lnk = C:\Program Files (x86)\Launchy\Launchy.exe ()
O4 - Startup: C:\Users\weh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\network.bat ()
O4 - Startup: C:\Users\weh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - C:\Program Files (x86)\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000016 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\windows\SysWow64\RSLSP.dll (Ratajik Software)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\windows\SysWow64\RSLSP.dll (Ratajik Software)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\windows\SysWow64\RSLSP.dll (Ratajik Software)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\windows\SysWow64\RSLSP.dll (Ratajik Software)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\windows\SysWow64\RSLSP.dll (Ratajik Software)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Reg Error: Value error.)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 10.7.2)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 10.7.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{22E969A9-1727-48F8-BD63-EE822EE53033}: DhcpNameServer = 192.168.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{22E969A9-1727-48F8-BD63-EE822EE53033}: NameServer = 192.168.10.1,82.237.169.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F54ACD9A-BA6E-432A-98EF-28A5BC5BB78A}: DhcpNameServer = 172.16.0.4 172.16.0.6
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe) - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe (DigitalPersona, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 0
O33 - MountPoints2\{161e6f57-c89e-11e0-9a0d-68b599e6ebab}\Shell - "" = AutoRun
O33 - MountPoints2\{161e6f57-c89e-11e0-9a0d-68b599e6ebab}\Shell\AutoRun\command - "" = X:\Autoplay.exe -auto
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.14 11:10:20 | 000,741,184 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\easyupdatusapiu64.dll
[2012.11.14 11:09:56 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2012.11.13 22:28:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.11.13 21:57:48 | 000,000,000 | ---D | C] -- C:\Users\weh\Desktop\Trojan
[2012.11.13 19:02:14 | 000,000,000 | ---D | C] -- C:\Users\weh\AppData\Roaming\Malwarebytes
[2012.11.13 19:01:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.11.13 19:01:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.11.13 19:01:54 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2012.11.13 17:16:40 | 000,000,000 | ---D | C] -- C:\Users\weh\Documents\Sublime
[2012.11.09 20:48:52 | 000,000,000 | ---D | C] -- C:\Users\weh\.openshift
[2012.11.09 19:46:00 | 000,000,000 | ---D | C] -- C:\Users\weh\AppData\Roaming\LibreOffice
[2012.11.09 19:45:38 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 3.6
[2012.11.08 09:46:14 | 000,000,000 | ---D | C] -- C:\Users\weh\AppData\Roaming\NetBeans
[2012.11.08 09:46:14 | 000,000,000 | ---D | C] -- C:\Users\weh\AppData\Local\NetBeans
[2012.11.08 08:49:32 | 000,000,000 | ---D | C] -- C:\Program Files\NetBeans 7.2.1
[2012.11.08 08:10:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012.11.05 15:38:57 | 000,000,000 | ---D | C] -- C:\Program Files\sges-v3
[2012.11.05 15:37:05 | 000,000,000 | ---D | C] -- C:\Program Files\NetBeans 6.8
[2012.11.05 11:49:24 | 000,000,000 | ---D | C] -- C:\Users\weh\Desktop\CJB-00412
[2012.11.01 13:33:25 | 000,000,000 | ---D | C] -- C:\Users\weh\Documents\Calibre Bibliothek
[2012.11.01 13:33:18 | 000,000,000 | ---D | C] -- C:\Users\weh\AppData\Roaming\calibre
[2012.11.01 13:32:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
[2012.11.01 08:41:03 | 000,000,000 | ---D | C] -- C:\Users\weh\AppData\Roaming\Veodin
[2012.10.25 03:12:26 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\windows\SysWow64\QuickTimeVR.qtx
[2012.10.25 03:12:26 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\windows\SysWow64\QuickTime.qts
[2012.10.23 09:50:10 | 000,000,000 | ---D | C] -- C:\Users\weh\hpremote
[2012.10.18 15:43:24 | 000,000,000 | ---D | C] -- C:\Users\weh\target
[2012.10.16 09:22:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[1 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.14 13:56:02 | 000,001,112 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3629986181-1509596615-2328272075-1000UA.job
[2012.11.14 13:54:40 | 000,020,944 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.14 13:54:40 | 000,020,944 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.14 13:51:34 | 000,783,374 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012.11.14 13:51:34 | 000,655,280 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012.11.14 13:51:34 | 000,122,152 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012.11.14 13:43:16 | 000,001,100 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.11.14 13:42:55 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012.11.14 13:42:45 | 3107,487,744 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.14 13:34:05 | 000,001,104 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.11.14 13:13:05 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012.11.14 11:53:37 | 000,000,153 | ---- | M] () -- C:\windows\SysWow64\assist.err
[2012.11.14 10:56:09 | 000,001,060 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3629986181-1509596615-2328272075-1000Core.job
[2012.11.14 09:53:24 | 000,041,696 | ---- | M] () -- C:\windows\sess_gq6280i5vcd41n05la62tdsdn7
[2012.11.14 09:36:52 | 000,041,696 | ---- | M] () -- C:\windows\sess_thcnfg8v2gveb1lcdh26tknob3
[2012.11.14 09:25:30 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\kerio-connect-koff-7.4.2-7694-win32.properties
[2012.11.13 22:21:34 | 000,000,000 | ---- | M] () -- C:\Users\weh\defogger_reenable
[2012.11.13 20:19:02 | 000,000,079 | ---- | M] () -- C:\Users\weh\AppData\Roaming\mbam.context.scan
[2012.11.13 17:57:26 | 000,055,734 | ---- | M] () -- C:\windows\sess_9tu987fm4hcn27ni6sag6m76p0
[2012.11.13 17:41:15 | 000,008,109 | ---- | M] () -- C:\Users\weh\AppData\Local\recently-used.xbel
[2012.11.13 17:21:59 | 000,055,730 | ---- | M] () -- C:\windows\sess_lvdmkq4qo7uoeu0luggma50vu2
[2012.11.13 17:21:59 | 000,055,730 | ---- | M] () -- C:\windows\sess_huhqi5nf4p3eboo3knds16qju0
[2012.11.13 17:21:58 | 000,055,729 | ---- | M] () -- C:\windows\sess_oao0jadssfb5agj7hmekr17fm6
[2012.11.13 17:06:14 | 000,000,600 | ---- | M] () -- C:\Users\weh\AppData\Roaming\winscp.rnd
[2012.11.13 10:43:47 | 000,000,600 | ---- | M] () -- C:\Users\weh\AppData\Local\PUTTY.RND
[2012.11.12 18:12:41 | 000,055,992 | ---- | M] () -- C:\windows\sess_ji29oqrt9huntmklq78ggo0bk5
[2012.11.12 11:02:09 | 000,052,802 | ---- | M] () -- C:\windows\sess_asu56gesboattdncig0gqug6j1
[2012.11.12 11:01:38 | 000,054,216 | ---- | M] () -- C:\windows\sess_nb4ot5pb7hs2snjabn46pjp9k6
[2012.11.12 10:56:59 | 000,052,862 | ---- | M] () -- C:\windows\sess_r6mhsfuv5uordl8apdvqjism67
[2012.11.12 10:50:36 | 000,052,845 | ---- | M] () -- C:\windows\sess_pckn5i8ha6dga3s3h7r67qjom7
[2012.11.12 10:50:36 | 000,052,840 | ---- | M] () -- C:\windows\sess_qubak97vfdur7nspfk92dpd0i1
[2012.11.12 10:50:36 | 000,052,840 | ---- | M] () -- C:\windows\sess_nbqhuufsaf5tr5hbppfukbvaf6
[2012.11.12 10:50:36 | 000,052,840 | ---- | M] () -- C:\windows\sess_n3gqemksbvio7btlp44sclkb53
[2012.11.12 10:22:56 | 000,002,020 | -H-- | M] () -- C:\Users\weh\Documents\Default.rdp
[2012.11.12 09:02:07 | 002,444,288 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012.11.07 13:16:53 | 000,140,936 | ---- | M] (Avira GmbH) -- C:\windows\SysNative\drivers\avfwot.sys
[2012.11.07 13:16:53 | 000,114,168 | ---- | M] (Avira GmbH) -- C:\windows\SysNative\drivers\avfwim.sys
[2012.11.06 13:53:09 | 000,000,096 | ---- | M] () -- C:\Users\weh\.asadminpass
[2012.11.02 13:18:16 | 000,000,446 | ---- | M] () -- C:\windows\tasks\SyncBack weh-data.job
[2012.11.01 08:41:11 | 000,000,192 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2012.11.01 08:30:33 | 000,000,324 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleForweh.job
[2012.10.31 10:40:43 | 000,055,734 | ---- | M] () -- C:\windows\sess_bq3ft83me4bkvqjl50roco4vt1
[2012.10.31 10:40:40 | 000,055,730 | ---- | M] () -- C:\windows\sess_u4ag8hh90qo752dkhbgq9e6e82
[2012.10.31 10:40:40 | 000,055,730 | ---- | M] () -- C:\windows\sess_4s4j4256h1s9mu5pao5hvr8b56
[2012.10.31 10:40:40 | 000,055,729 | ---- | M] () -- C:\windows\sess_o3po215620bqp6rssrrqkfl5q3
[2012.10.30 18:46:47 | 000,055,730 | ---- | M] () -- C:\windows\sess_97g5ndv6n5o25ci5etdreb4h02
[2012.10.30 18:36:34 | 000,055,730 | ---- | M] () -- C:\windows\sess_tktolkoofr7u3crek1cifj2om6
[2012.10.30 18:36:34 | 000,055,730 | ---- | M] () -- C:\windows\sess_gs7qglktm7em1ob32tqpclpid0
[2012.10.30 18:36:34 | 000,055,729 | ---- | M] () -- C:\windows\sess_ck6e78o57orm6m3v0fsnsmkrs6
[2012.10.30 18:26:10 | 000,055,734 | ---- | M] () -- C:\windows\sess_g1tcgje7g0tie17cssiukruqi6
[2012.10.30 16:00:06 | 000,055,730 | ---- | M] () -- C:\windows\sess_ackbcevao4ig9084nbraq9qnh4
[2012.10.30 16:00:06 | 000,055,729 | ---- | M] () -- C:\windows\sess_i43imlcd2pd6ht0ubu4vv5c4i5
[2012.10.30 16:00:05 | 000,055,730 | ---- | M] () -- C:\windows\sess_uvqhk201to9k2tkc6imefa2d15
[2012.10.30 14:28:31 | 000,001,760 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2012.10.30 13:24:55 | 000,055,730 | ---- | M] () -- C:\windows\sess_f15i3h1cj0fjh60tqnb5ajbvt2
[2012.10.30 13:24:51 | 000,055,734 | ---- | M] () -- C:\windows\sess_hov3ermjgs1ur3841b47lph4f4
[2012.10.30 13:24:50 | 000,055,731 | ---- | M] () -- C:\windows\sess_shkkuv5aqhlp1s7m430l5k7fs3
[2012.10.30 13:24:50 | 000,055,731 | ---- | M] () -- C:\windows\sess_rhrl77qni5rk1stoskms2kqbo3
[2012.10.30 13:24:50 | 000,055,731 | ---- | M] () -- C:\windows\sess_gd1rqlnjm9e4j9hefpm1vksqb2
[2012.10.30 13:24:49 | 000,055,731 | ---- | M] () -- C:\windows\sess_o24j3kvdfc09r6dag3pnri5bi0
[2012.10.30 13:24:49 | 000,055,731 | ---- | M] () -- C:\windows\sess_m3rgr8db3uuqt0ojmmlhra5g32
[2012.10.30 13:24:48 | 000,055,731 | ---- | M] () -- C:\windows\sess_aorbrupfupovpp6tr7dtca3p26
[2012.10.30 13:24:48 | 000,055,731 | ---- | M] () -- C:\windows\sess_13mmfq3o9r5ubc2r9eitbec7v6
[2012.10.30 13:24:47 | 000,055,731 | ---- | M] () -- C:\windows\sess_tihdchg92788a5tt2h5gfl29n2
[2012.10.30 13:24:47 | 000,055,731 | ---- | M] () -- C:\windows\sess_ji6jlu4bco9s36sdudfafrak95
[2012.10.30 13:24:46 | 000,055,731 | ---- | M] () -- C:\windows\sess_lmgics2ip5502cjhldkkqe2qu7
[2012.10.30 13:24:46 | 000,055,731 | ---- | M] () -- C:\windows\sess_8te5urvfeompimvtssndfagi84
[2012.10.30 13:24:45 | 000,055,731 | ---- | M] () -- C:\windows\sess_vta7v900oq9pcbpcg28uu7dh81
[2012.10.30 13:24:45 | 000,055,731 | ---- | M] () -- C:\windows\sess_rvmpobnojji97b2n64b8n1agl2
[2012.10.30 13:24:44 | 000,055,731 | ---- | M] () -- C:\windows\sess_i6s745qlsldc9u5b5gsmhl6vd3
[2012.10.30 13:24:43 | 000,055,731 | ---- | M] () -- C:\windows\sess_sdakhk1u8d7cgvve2orq8fo187
[2012.10.30 13:24:43 | 000,055,731 | ---- | M] () -- C:\windows\sess_9tnks1fnjlss99ocghdvafv5b3
[2012.10.30 13:24:41 | 000,055,731 | ---- | M] () -- C:\windows\sess_6mj1b5cvm0259qt0litdq5s5s1
[2012.10.30 13:24:39 | 000,055,731 | ---- | M] () -- C:\windows\sess_cv2fr793jsvscuuifetdiit6s5
[2012.10.30 13:24:38 | 000,055,731 | ---- | M] () -- C:\windows\sess_8a3a7oq9fbf6mh5ctt0bsvrb40
[2012.10.30 13:24:38 | 000,055,731 | ---- | M] () -- C:\windows\sess_808hnu32uct2qnoafud9fg3875
[2012.10.30 13:24:37 | 000,055,737 | ---- | M] () -- C:\windows\sess_lqtc2glsll58gkmnimvfrgokk1
[2012.10.30 12:59:22 | 000,056,998 | ---- | M] () -- C:\windows\sess_mr42h249sfc361jognvd4n0ed5
[2012.10.30 11:07:37 | 000,055,755 | ---- | M] () -- C:\windows\sess_ngsvm19ab9mj25vn38u3792gq2
[2012.10.30 11:07:29 | 000,055,730 | ---- | M] () -- C:\windows\sess_udha87qccf1agmojk1g7u7nha1
[2012.10.30 11:07:29 | 000,055,730 | ---- | M] () -- C:\windows\sess_6ke4qfdea2slffai9dom9ohba7
[2012.10.30 11:07:29 | 000,055,729 | ---- | M] () -- C:\windows\sess_hrs3582avmtrivu1q1ktuts220
[2012.10.30 10:45:13 | 000,056,998 | ---- | M] () -- C:\windows\sess_jr6m113onblrsq6ijiud2vn5e3
[2012.10.30 10:43:30 | 000,055,713 | ---- | M] () -- C:\windows\sess_90dkcda0b7rqu0q0h6sa0dpbj5
[2012.10.30 10:35:52 | 000,055,755 | ---- | M] () -- C:\windows\sess_53d2sgamtrsu5tg7i2e80jojc5
[2012.10.30 10:34:43 | 000,017,207 | ---- | M] () -- C:\windows\sess_5g79d29snkoa34eagq8qn5vtk6
[2012.10.30 10:31:09 | 000,055,734 | ---- | M] () -- C:\windows\sess_fkbct4t16nvbgt96tfjqmiuu97
[2012.10.30 10:30:58 | 000,055,730 | ---- | M] () -- C:\windows\sess_g24u7htafegheojc00372ga214
[2012.10.30 10:30:57 | 000,055,730 | ---- | M] () -- C:\windows\sess_e8s1evn067dacp3d6uqh8l0et3
[2012.10.30 10:30:57 | 000,055,729 | ---- | M] () -- C:\windows\sess_8oc2suk2jl2mfieju3afriodv6
[2012.10.30 10:30:32 | 000,045,283 | ---- | M] () -- C:\windows\sess_uaubatcuej9sccitroqgbrdtg2
[2012.10.29 18:28:45 | 000,055,355 | ---- | M] () -- C:\windows\sess_p9u03qr02m5er9s5r8qscejs82
[2012.10.29 16:58:56 | 000,017,180 | ---- | M] () -- C:\windows\sess_ckg5krd4al0kmeb6v7ea95av30
[2012.10.29 16:32:15 | 000,055,334 | ---- | M] () -- C:\windows\sess_9gu4eaaeg471uam8tc922b2de5
[2012.10.29 16:32:05 | 000,055,330 | ---- | M] () -- C:\windows\sess_54l46ldslo0486iqagsemqtu60
[2012.10.29 16:32:02 | 000,055,330 | ---- | M] () -- C:\windows\sess_oo8e57s72jli2gmkit9ckk1lo6
[2012.10.29 15:36:07 | 000,055,331 | ---- | M] () -- C:\windows\sess_nf9dktvoqpat9ngg7d55mmj081
[2012.10.29 15:36:06 | 000,055,334 | ---- | M] () -- C:\windows\sess_vr1p8694sg1oj73kfr9tnl4391
[2012.10.29 15:36:01 | 000,055,331 | ---- | M] () -- C:\windows\sess_ceoamnsfguhlfj7omrlhjur5h3
[2012.10.29 15:36:00 | 000,055,334 | ---- | M] () -- C:\windows\sess_uqeibbekcgelidagl0efp370b4
[2012.10.29 15:04:54 | 000,055,331 | ---- | M] () -- C:\windows\sess_e48gsn7b30649srbsdd5v2jad2
[2012.10.29 15:04:53 | 000,055,334 | ---- | M] () -- C:\windows\sess_m0eff5cro6cmecll7ta423f7m3
[2012.10.29 15:04:49 | 000,055,331 | ---- | M] () -- C:\windows\sess_80qqdd7vcugmqcprg7m0mrdc63
[2012.10.29 15:04:48 | 000,055,334 | ---- | M] () -- C:\windows\sess_e1hek2huu5in47umqhisq2qts3
[2012.10.29 14:22:03 | 000,020,945 | ---- | M] () -- C:\Users\weh\_viminfo
[2012.10.29 13:34:14 | 000,055,337 | ---- | M] () -- C:\windows\sess_79fdpon8qand25v3e948b4qbc2
[2012.10.29 13:22:26 | 000,056,549 | ---- | M] () -- C:\windows\sess_or5ti5vc0huujf3amhdp6ktgr7
[2012.10.29 12:44:26 | 000,056,018 | ---- | M] () -- C:\windows\sess_3g8v3hdrf5h8pfm3hoa0c7v810
[2012.10.29 12:43:59 | 000,056,018 | ---- | M] () -- C:\windows\sess_hptd0jobar5v9rg5lh5banu106
[2012.10.29 12:42:04 | 000,055,331 | ---- | M] () -- C:\windows\sess_jl1hm965gj4arq1bj12f6h36s2
[2012.10.29 12:42:03 | 000,055,334 | ---- | M] () -- C:\windows\sess_3dvkc4cn7gmeiqsdmp1n0kd604
[2012.10.29 12:41:54 | 000,055,334 | ---- | M] () -- C:\windows\sess_uk1138urs57j7ttqucr63cvm64
[2012.10.29 12:41:54 | 000,055,331 | ---- | M] () -- C:\windows\sess_a27e56h9km988m32t56noav4e5
[2012.10.29 12:41:54 | 000,055,331 | ---- | M] () -- C:\windows\sess_9jgs504p6p70ljkjopt4goj604
[2012.10.29 12:41:54 | 000,055,331 | ---- | M] () -- C:\windows\sess_9dshatt5b3btt5p40jgu94dn86
[2012.10.29 12:41:53 | 000,055,331 | ---- | M] () -- C:\windows\sess_sfc2m3gigflvlfeptsgqp8qd31
[2012.10.29 12:41:53 | 000,055,331 | ---- | M] () -- C:\windows\sess_rh2u220939aj3s2hhapeq7aa92
[2012.10.29 12:41:53 | 000,055,331 | ---- | M] () -- C:\windows\sess_ko5k1i7r82ggrp3lqp1ks6el53
[2012.10.29 12:41:53 | 000,055,331 | ---- | M] () -- C:\windows\sess_dpa68cs7bpne1jh70ctf4uvvn7
[2012.10.29 12:41:52 | 000,055,331 | ---- | M] () -- C:\windows\sess_uo6iktgako59la171ejqrtp2d7
[2012.10.29 12:41:52 | 000,055,331 | ---- | M] () -- C:\windows\sess_qlkgj6c37uqfo3mrfsi96ekvb3
[2012.10.29 12:41:52 | 000,055,331 | ---- | M] () -- C:\windows\sess_hfd3ep695kf6o746d36vekcdr7
[2012.10.29 12:41:52 | 000,055,331 | ---- | M] () -- C:\windows\sess_6mtp4dvm2bn31akdfc20i1c992
[2012.10.29 12:41:51 | 000,055,331 | ---- | M] () -- C:\windows\sess_di3br0qgoqhb4kabbjq5hv9da6
[2012.10.29 12:41:51 | 000,055,331 | ---- | M] () -- C:\windows\sess_8h140ng9m69cc58mnm9ehtkuo7
[2012.10.29 12:41:50 | 000,055,331 | ---- | M] () -- C:\windows\sess_h18pqh6dqbf3vcerlp0fm45q25
[2012.10.29 12:41:49 | 000,055,331 | ---- | M] () -- C:\windows\sess_uct1u8q8ksh0h4v678siujstm0
[2012.10.29 12:41:49 | 000,055,331 | ---- | M] () -- C:\windows\sess_k9clsss02l2m8kun3f1p20kma6
[2012.10.29 12:41:46 | 000,055,331 | ---- | M] () -- C:\windows\sess_ai0013ue12ol6b8f8jb3ebuub1
[2012.10.29 12:41:43 | 000,055,331 | ---- | M] () -- C:\windows\sess_dj4ds0m76l3j28i14lau54ul64
[2012.10.29 12:41:42 | 000,055,331 | ---- | M] () -- C:\windows\sess_i95efddtfib87roh9u7s4oife0
[2012.10.29 12:41:41 | 000,055,337 | ---- | M] () -- C:\windows\sess_b0oorbo902kds8ik3euh8n9u36
[2012.10.29 12:41:41 | 000,055,331 | ---- | M] () -- C:\windows\sess_n4rtaj9673lgl1c8paojsadct3
[2012.10.29 11:17:44 | 000,117,914 | ---- | M] () -- C:\windows\sess_r8aqfbre4t9eu7ptb0lk4kp753
[2012.10.29 10:53:36 | 000,055,337 | ---- | M] () -- C:\windows\sess_1b34unhehtj5drqqj002g2c341
[2012.10.29 10:45:19 | 000,055,337 | ---- | M] () -- C:\windows\sess_4ddeobtrm2h933s9tbmdrd1195
[2012.10.29 10:19:10 | 000,055,337 | ---- | M] () -- C:\windows\sess_37rp294k6ngpqghg8slht4js25
[2012.10.29 10:18:58 | 000,056,018 | ---- | M] () -- C:\windows\sess_c2u7mnhd5qli6lkjh7g54jusa4
[2012.10.29 10:18:48 | 000,056,014 | ---- | M] () -- C:\windows\sess_cmqq0pi5vinkd1efgcbodl51k6
[2012.10.29 10:18:48 | 000,056,014 | ---- | M] () -- C:\windows\sess_abgllcvef9pe6erhu8ekq6ggq7
[2012.10.29 09:00:22 | 000,055,337 | ---- | M] () -- C:\windows\sess_mr1cat7qm67s5gcp6tkdjk3cv0
[2012.10.29 08:26:46 | 000,056,014 | ---- | M] () -- C:\windows\sess_jlicsl856i6kpbdk139ehmdmu5
[2012.10.29 08:26:46 | 000,056,014 | ---- | M] () -- C:\windows\sess_b7j2b41nrl3h4knbj1jublks24
[2012.10.29 08:26:46 | 000,056,013 | ---- | M] () -- C:\windows\sess_m47mnj6fnjr6bed2m33s2ovcj1
[2012.10.29 08:26:45 | 000,056,018 | ---- | M] () -- C:\windows\sess_glhj9012kcitku78q76j44kpd1
[2012.10.26 17:38:44 | 000,055,334 | ---- | M] () -- C:\windows\sess_7d0o08b2jvb3o56aqs6jfc9no3
[2012.10.26 17:28:19 | 000,055,334 | ---- | M] () -- C:\windows\sess_9j4qcm8bujgnngn3hnc5459te0
[2012.10.26 17:28:18 | 000,055,330 | ---- | M] () -- C:\windows\sess_80kg347lala241i37juhb2ht33
[2012.10.26 17:28:18 | 000,055,329 | ---- | M] () -- C:\windows\sess_rouoeojkmh2qjg2rin3vohnoo5
[2012.10.26 14:57:03 | 000,055,334 | ---- | M] () -- C:\windows\sess_003f8llqf9juv54l19p34fa2t0
[2012.10.26 14:43:00 | 000,055,334 | ---- | M] () -- C:\windows\sess_2gg91ani31jr2mk1g4oauj7a66
[2012.10.26 14:34:59 | 000,017,197 | ---- | M] () -- C:\windows\sess_oktj28skagalmeu1n49vd5kja1
[2012.10.26 14:20:16 | 000,056,018 | ---- | M] () -- C:\windows\sess_9g3vvudfgeplqafi035mj10pb4
[2012.10.26 14:00:44 | 000,056,018 | ---- | M] () -- C:\windows\sess_iaco566vveo1nk8hh38fk9psh1
[2012.10.26 14:00:35 | 000,056,014 | ---- | M] () -- C:\windows\sess_vu76hmdaq64d03456rdmcqejo3
[2012.10.26 14:00:35 | 000,056,014 | ---- | M] () -- C:\windows\sess_2mtr6rnmg46li3sm6pml8aq922
[2012.10.26 14:00:27 | 000,017,197 | ---- | M] () -- C:\windows\sess_ohl13bigcbtbr1q4utedjbvb63
[2012.10.26 14:00:11 | 000,008,135 | ---- | M] () -- C:\windows\sess_1dd31c0bv81j7fqeq6ijo79t32
[2012.10.26 14:00:06 | 000,008,135 | ---- | M] () -- C:\windows\sess_n4ojdb7vouu7dv4eh3bb7oeas0
[2012.10.26 14:00:06 | 000,008,135 | ---- | M] () -- C:\windows\sess_dfr7j3g68dko7tqlt9a5kk5l71
[2012.10.26 14:00:06 | 000,008,135 | ---- | M] () -- C:\windows\sess_9h9vk071a9lqu6ngerj10327c3
[2012.10.26 13:57:52 | 000,017,744 | ---- | M] () -- C:\windows\sess_hm6rs9vngkei8anekqp7kpj695
[2012.10.26 13:57:44 | 000,056,039 | ---- | M] () -- C:\windows\sess_laso3tial542op3adau0k3u4s4
[2012.10.26 13:56:55 | 000,056,018 | ---- | M] () -- C:\windows\sess_7h4c9p4209n4j7tcistfdsgdf5
[2012.10.26 13:56:43 | 000,056,014 | ---- | M] () -- C:\windows\sess_7d5r342kicj3r8knhlhopaf103
[2012.10.26 13:56:43 | 000,056,013 | ---- | M] () -- C:\windows\sess_d5j44ssniv68iiha5lkdb3ho71
[2012.10.26 13:56:42 | 000,056,014 | ---- | M] () -- C:\windows\sess_dtuns1pog6bnbm3csfss34fae1
[2012.10.26 13:51:01 | 000,117,912 | ---- | M] () -- C:\windows\sess_3t4t9o9bcfktnbudkkfia0ho32
[2012.10.26 13:50:30 | 000,045,473 | ---- | M] () -- C:\windows\sess_o8h8vrob84aootauinbka1kdb7
[2012.10.26 13:46:43 | 000,017,744 | ---- | M] () -- C:\windows\sess_tp5elbhkdj0pd0k28qttd18bf1
[2012.10.26 13:46:28 | 000,017,744 | ---- | M] () -- C:\windows\sess_euiecr1raruhctmvvi276nl8l6
[2012.10.26 09:52:26 | 006,506,496 | ---- | M] () -- C:\Users\weh\Desktop\magento1.5.1-brentford.eap
[2012.10.26 08:38:56 | 000,000,642 | ---- | M] () -- C:\windows\ODBC.INI
[2012.10.26 08:38:10 | 000,000,105 | ---- | M] () -- C:\Users\weh\Documents\brentford_magento.dsn
[2012.10.25 18:01:23 | 000,055,334 | ---- | M] () -- C:\windows\sess_6e531cq1p7s7iassi6v52m1bv4
[2012.10.25 18:00:58 | 000,055,334 | ---- | M] () -- C:\windows\sess_q5bafm61pcrfmlpb7gr38da994
[2012.10.25 18:00:49 | 000,055,330 | ---- | M] () -- C:\windows\sess_6bbkkqldn5dntv14pa1agp9mb5
[2012.10.25 18:00:49 | 000,055,329 | ---- | M] () -- C:\windows\sess_0llk0cipmv6g70rhdpqq8td881
[2012.10.25 14:15:09 | 000,055,355 | ---- | M] () -- C:\windows\sess_jklmtai3q2bv8bl2au34503i31
[2012.10.25 14:05:30 | 000,055,334 | ---- | M] () -- C:\windows\sess_h90983pa344ace3u217utjh6a7
[2012.10.25 14:05:20 | 000,055,330 | ---- | M] () -- C:\windows\sess_l1auaakfkhf7ona7rmftht0hh0
[2012.10.25 14:05:20 | 000,055,330 | ---- | M] () -- C:\windows\sess_1irk55glhtu785oeeefu8q0om6
[2012.10.25 14:05:20 | 000,055,329 | ---- | M] () -- C:\windows\sess_319di38o2l4c20m69q9qpg95c5
[2012.10.25 03:12:26 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\windows\SysWow64\QuickTimeVR.qtx
[2012.10.25 03:12:26 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\windows\SysWow64\QuickTime.qts
[2012.10.24 09:45:34 | 000,007,665 | ---- | M] () -- C:\Users\weh\AppData\Local\Resmon.ResmonCfg
[2012.10.24 08:08:55 | 000,000,022 | ---- | M] () -- C:\windows\SysWow64\devconinfo
[2012.10.24 08:08:55 | 000,000,021 | ---- | M] () -- C:\windows\SysNative\devconinfo
[2012.10.17 09:34:13 | 000,053,989 | ---- | M] () -- C:\windows\sess_lu43omd1jijp04254o8upvou53
[2012.10.17 09:29:56 | 000,055,334 | ---- | M] () -- C:\windows\sess_vq4pa77dgs8bmfet4je9oqr2n5
[2012.10.17 09:29:45 | 000,055,334 | ---- | M] () -- C:\windows\sess_li9m6gajg2gt3mj0km03a3bda4
[2012.10.17 09:29:42 | 000,055,330 | ---- | M] () -- C:\windows\sess_arn2psussqhgdu9u5c3e1gmdg6
[2012.10.17 09:29:41 | 000,055,330 | ---- | M] () -- C:\windows\sess_fiestfqdrk3elset0epm6vbqu6
[2012.10.17 09:29:41 | 000,055,329 | ---- | M] () -- C:\windows\sess_0q4rp9ekmb6hrubjdb0milis13
[2012.10.17 09:29:32 | 000,055,330 | ---- | M] () -- C:\windows\sess_hqhe0m60dmtpe5s9v279jnmba6
[2012.10.17 09:29:32 | 000,055,330 | ---- | M] () -- C:\windows\sess_1tquf8v4rek4o28hqi5va5l890
[2012.10.17 09:29:31 | 000,055,329 | ---- | M] () -- C:\windows\sess_8aq6fm6cdqimhd0jb9qhfqcg80
[2012.10.16 15:48:06 | 000,055,340 | ---- | M] () -- C:\windows\sess_lo7ubcqd4547gnmiqvugct6tl2
[2012.10.16 15:36:45 | 000,055,334 | ---- | M] () -- C:\windows\sess_210d12007katu43nc58jiv9gv0
[2012.10.16 15:02:33 | 000,055,337 | ---- | M] () -- C:\windows\sess_ojpd9jnu8itdde4v59utfrp2g7
[2012.10.16 15:01:31 | 000,052,764 | ---- | M] () -- C:\windows\sess_1aru2t09vrhnvj4jiupcptdq35
[2012.10.16 12:52:01 | 000,055,335 | ---- | M] () -- C:\windows\sess_gmntlm6kmaseratfn59q5ju450
[2012.10.16 12:50:19 | 000,052,764 | ---- | M] () -- C:\windows\sess_m3prje56a0st38hnas035gjv26
[2012.10.16 12:49:41 | 000,055,340 | ---- | M] () -- C:\windows\sess_7bq1n0hda1dn5g7bbno2n0lpn2
[2012.10.16 12:07:28 | 000,055,334 | ---- | M] () -- C:\windows\sess_bj84k794pf96fatnl849j1fvh6
[2012.10.16 09:47:52 | 000,055,330 | ---- | M] () -- C:\windows\sess_k7nb3fmcokbq3a1qgk41uvcg32
[2012.10.16 09:47:39 | 000,055,329 | ---- | M] () -- C:\windows\sess_3uiog0ict2ucahlfacraqn68d1
[2012.10.16 09:47:38 | 000,055,330 | ---- | M] () -- C:\windows\sess_c5a4k5hgs6spd25kkm4jlchj45
[2012.10.16 09:25:24 | 000,055,334 | ---- | M] () -- C:\windows\sess_c10abusut5riv65218sar2kmo1
[2012.10.16 09:25:14 | 000,055,330 | ---- | M] () -- C:\windows\sess_mpge223eh12rqa7p5jr4ds0dv0
[2012.10.16 09:25:14 | 000,055,330 | ---- | M] () -- C:\windows\sess_ighqjinscm7nd6c9tf8ceh06r6
[2012.10.16 09:25:13 | 000,055,329 | ---- | M] () -- C:\windows\sess_h7613nknljg8ngjrr5ti1pi6d7
[1 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.11.14 09:53:23 | 000,041,696 | ---- | C] () -- C:\windows\sess_gq6280i5vcd41n05la62tdsdn7
[2012.11.14 09:36:40 | 000,041,696 | ---- | C] () -- C:\windows\sess_thcnfg8v2gveb1lcdh26tknob3
[2012.11.14 09:25:30 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\kerio-connect-koff-7.4.2-7694-win32.properties
[2012.11.13 22:21:34 | 000,000,000 | ---- | C] () -- C:\Users\weh\defogger_reenable
[2012.11.13 20:19:02 | 000,000,079 | ---- | C] () -- C:\Users\weh\AppData\Roaming\mbam.context.scan
[2012.11.13 17:41:15 | 000,008,109 | ---- | C] () -- C:\Users\weh\AppData\Local\recently-used.xbel
[2012.11.13 17:21:50 | 000,055,734 | ---- | C] () -- C:\windows\sess_9tu987fm4hcn27ni6sag6m76p0
[2012.11.13 17:21:50 | 000,055,730 | ---- | C] () -- C:\windows\sess_lvdmkq4qo7uoeu0luggma50vu2
[2012.11.13 17:21:50 | 000,055,729 | ---- | C] () -- C:\windows\sess_oao0jadssfb5agj7hmekr17fm6
[2012.11.13 17:21:47 | 000,055,730 | ---- | C] () -- C:\windows\sess_huhqi5nf4p3eboo3knds16qju0
[2012.11.12 11:04:07 | 000,055,992 | ---- | C] () -- C:\windows\sess_ji29oqrt9huntmklq78ggo0bk5
[2012.11.12 11:02:01 | 000,052,802 | ---- | C] () -- C:\windows\sess_asu56gesboattdncig0gqug6j1
[2012.11.12 10:50:32 | 000,052,862 | ---- | C] () -- C:\windows\sess_r6mhsfuv5uordl8apdvqjism67
[2012.11.12 10:50:32 | 000,052,845 | ---- | C] () -- C:\windows\sess_pckn5i8ha6dga3s3h7r67qjom7
[2012.11.12 10:50:32 | 000,052,840 | ---- | C] () -- C:\windows\sess_qubak97vfdur7nspfk92dpd0i1
[2012.11.12 10:50:32 | 000,052,840 | ---- | C] () -- C:\windows\sess_nbqhuufsaf5tr5hbppfukbvaf6
[2012.11.12 10:50:32 | 000,052,840 | ---- | C] () -- C:\windows\sess_n3gqemksbvio7btlp44sclkb53
[2012.11.12 10:23:57 | 000,054,216 | ---- | C] () -- C:\windows\sess_nb4ot5pb7hs2snjabn46pjp9k6
[2012.11.01 08:41:11 | 000,000,192 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2012.10.31 10:40:37 | 000,055,734 | ---- | C] () -- C:\windows\sess_bq3ft83me4bkvqjl50roco4vt1
[2012.10.31 10:40:37 | 000,055,730 | ---- | C] () -- C:\windows\sess_4s4j4256h1s9mu5pao5hvr8b56
[2012.10.31 10:40:37 | 000,055,729 | ---- | C] () -- C:\windows\sess_o3po215620bqp6rssrrqkfl5q3
[2012.10.31 10:40:35 | 000,055,730 | ---- | C] () -- C:\windows\sess_u4ag8hh90qo752dkhbgq9e6e82
[2012.10.30 18:36:35 | 000,055,730 | ---- | C] () -- C:\windows\sess_97g5ndv6n5o25ci5etdreb4h02
[2012.10.30 18:36:32 | 000,055,730 | ---- | C] () -- C:\windows\sess_tktolkoofr7u3crek1cifj2om6
[2012.10.30 18:36:32 | 000,055,730 | ---- | C] () -- C:\windows\sess_gs7qglktm7em1ob32tqpclpid0
[2012.10.30 18:36:32 | 000,055,729 | ---- | C] () -- C:\windows\sess_ck6e78o57orm6m3v0fsnsmkrs6
[2012.10.30 16:00:04 | 000,055,734 | ---- | C] () -- C:\windows\sess_g1tcgje7g0tie17cssiukruqi6
[2012.10.30 16:00:04 | 000,055,730 | ---- | C] () -- C:\windows\sess_ackbcevao4ig9084nbraq9qnh4
[2012.10.30 16:00:04 | 000,055,729 | ---- | C] () -- C:\windows\sess_i43imlcd2pd6ht0ubu4vv5c4i5
[2012.10.30 16:00:02 | 000,055,730 | ---- | C] () -- C:\windows\sess_uvqhk201to9k2tkc6imefa2d15
[2012.10.30 13:24:50 | 000,055,734 | ---- | C] () -- C:\windows\sess_hov3ermjgs1ur3841b47lph4f4
[2012.10.30 13:24:50 | 000,055,731 | ---- | C] () -- C:\windows\sess_shkkuv5aqhlp1s7m430l5k7fs3
[2012.10.30 13:24:50 | 000,055,731 | ---- | C] () -- C:\windows\sess_rhrl77qni5rk1stoskms2kqbo3
[2012.10.30 13:24:49 | 000,055,731 | ---- | C] () -- C:\windows\sess_o24j3kvdfc09r6dag3pnri5bi0
[2012.10.30 13:24:49 | 000,055,731 | ---- | C] () -- C:\windows\sess_gd1rqlnjm9e4j9hefpm1vksqb2
[2012.10.30 13:24:48 | 000,055,731 | ---- | C] () -- C:\windows\sess_m3rgr8db3uuqt0ojmmlhra5g32
[2012.10.30 13:24:48 | 000,055,731 | ---- | C] () -- C:\windows\sess_aorbrupfupovpp6tr7dtca3p26
[2012.10.30 13:24:47 | 000,055,731 | ---- | C] () -- C:\windows\sess_ji6jlu4bco9s36sdudfafrak95
[2012.10.30 13:24:47 | 000,055,731 | ---- | C] () -- C:\windows\sess_13mmfq3o9r5ubc2r9eitbec7v6
[2012.10.30 13:24:46 | 000,055,731 | ---- | C] () -- C:\windows\sess_tihdchg92788a5tt2h5gfl29n2
[2012.10.30 13:24:46 | 000,055,731 | ---- | C] () -- C:\windows\sess_8te5urvfeompimvtssndfagi84
[2012.10.30 13:24:45 | 000,055,731 | ---- | C] () -- C:\windows\sess_vta7v900oq9pcbpcg28uu7dh81
[2012.10.30 13:24:45 | 000,055,731 | ---- | C] () -- C:\windows\sess_lmgics2ip5502cjhldkkqe2qu7
[2012.10.30 13:24:44 | 000,055,731 | ---- | C] () -- C:\windows\sess_rvmpobnojji97b2n64b8n1agl2
[2012.10.30 13:24:43 | 000,055,731 | ---- | C] () -- C:\windows\sess_sdakhk1u8d7cgvve2orq8fo187
[2012.10.30 13:24:43 | 000,055,731 | ---- | C] () -- C:\windows\sess_i6s745qlsldc9u5b5gsmhl6vd3
[2012.10.30 13:24:41 | 000,055,731 | ---- | C] () -- C:\windows\sess_9tnks1fnjlss99ocghdvafv5b3
[2012.10.30 13:24:39 | 000,055,731 | ---- | C] () -- C:\windows\sess_6mj1b5cvm0259qt0litdq5s5s1
[2012.10.30 13:24:38 | 000,055,731 | ---- | C] () -- C:\windows\sess_cv2fr793jsvscuuifetdiit6s5
[2012.10.30 13:24:38 | 000,055,731 | ---- | C] () -- C:\windows\sess_8a3a7oq9fbf6mh5ctt0bsvrb40
[2012.10.30 13:24:37 | 000,055,731 | ---- | C] () -- C:\windows\sess_808hnu32uct2qnoafud9fg3875
[2012.10.30 13:24:36 | 000,055,737 | ---- | C] () -- C:\windows\sess_lqtc2glsll58gkmnimvfrgokk1
[2012.10.30 11:07:30 | 000,055,730 | ---- | C] () -- C:\windows\sess_f15i3h1cj0fjh60tqnb5ajbvt2
[2012.10.30 11:07:29 | 000,055,755 | ---- | C] () -- C:\windows\sess_ngsvm19ab9mj25vn38u3792gq2
[2012.10.30 11:07:28 | 000,055,730 | ---- | C] () -- C:\windows\sess_udha87qccf1agmojk1g7u7nha1
[2012.10.30 11:07:28 | 000,055,730 | ---- | C] () -- C:\windows\sess_6ke4qfdea2slffai9dom9ohba7
[2012.10.30 11:07:28 | 000,055,729 | ---- | C] () -- C:\windows\sess_hrs3582avmtrivu1q1ktuts220
[2012.10.30 10:45:32 | 000,056,998 | ---- | C] () -- C:\windows\sess_mr42h249sfc361jognvd4n0ed5
[2012.10.30 10:41:46 | 000,056,998 | ---- | C] () -- C:\windows\sess_jr6m113onblrsq6ijiud2vn5e3
[2012.10.30 10:40:50 | 000,055,713 | ---- | C] () -- C:\windows\sess_90dkcda0b7rqu0q0h6sa0dpbj5
[2012.10.30 10:30:55 | 000,055,755 | ---- | C] () -- C:\windows\sess_53d2sgamtrsu5tg7i2e80jojc5
[2012.10.30 10:30:51 | 000,055,734 | ---- | C] () -- C:\windows\sess_fkbct4t16nvbgt96tfjqmiuu97
[2012.10.30 10:30:51 | 000,055,730 | ---- | C] () -- C:\windows\sess_e8s1evn067dacp3d6uqh8l0et3
[2012.10.30 10:30:51 | 000,055,729 | ---- | C] () -- C:\windows\sess_8oc2suk2jl2mfieju3afriodv6
[2012.10.30 10:30:49 | 000,055,730 | ---- | C] () -- C:\windows\sess_g24u7htafegheojc00372ga214
[2012.10.30 10:28:45 | 000,017,207 | ---- | C] () -- C:\windows\sess_5g79d29snkoa34eagq8qn5vtk6
[2012.10.30 10:19:05 | 000,045,283 | ---- | C] () -- C:\windows\sess_uaubatcuej9sccitroqgbrdtg2
[2012.10.29 16:58:48 | 000,017,180 | ---- | C] () -- C:\windows\sess_ckg5krd4al0kmeb6v7ea95av30
[2012.10.29 16:32:04 | 000,055,334 | ---- | C] () -- C:\windows\sess_9gu4eaaeg471uam8tc922b2de5
[2012.10.29 16:32:04 | 000,055,330 | ---- | C] () -- C:\windows\sess_54l46ldslo0486iqagsemqtu60
[2012.10.29 16:32:02 | 000,055,355 | ---- | C] () -- C:\windows\sess_p9u03qr02m5er9s5r8qscejs82
[2012.10.29 16:32:01 | 000,055,330 | ---- | C] () -- C:\windows\sess_oo8e57s72jli2gmkit9ckk1lo6
[2012.10.29 15:36:07 | 000,055,331 | ---- | C] () -- C:\windows\sess_nf9dktvoqpat9ngg7d55mmj081
[2012.10.29 15:36:06 | 000,055,334 | ---- | C] () -- C:\windows\sess_vr1p8694sg1oj73kfr9tnl4391
[2012.10.29 15:36:01 | 000,055,331 | ---- | C] () -- C:\windows\sess_ceoamnsfguhlfj7omrlhjur5h3
[2012.10.29 15:36:00 | 000,055,334 | ---- | C] () -- C:\windows\sess_uqeibbekcgelidagl0efp370b4
[2012.10.29 15:04:54 | 000,055,331 | ---- | C] () -- C:\windows\sess_e48gsn7b30649srbsdd5v2jad2
[2012.10.29 15:04:53 | 000,055,334 | ---- | C] () -- C:\windows\sess_m0eff5cro6cmecll7ta423f7m3
[2012.10.29 15:04:49 | 000,055,331 | ---- | C] () -- C:\windows\sess_80qqdd7vcugmqcprg7m0mrdc63
[2012.10.29 15:04:48 | 000,055,334 | ---- | C] () -- C:\windows\sess_e1hek2huu5in47umqhisq2qts3
[2012.10.29 13:34:14 | 000,055,337 | ---- | C] () -- C:\windows\sess_79fdpon8qand25v3e948b4qbc2
[2012.10.29 12:42:04 | 000,055,331 | ---- | C] () -- C:\windows\sess_jl1hm965gj4arq1bj12f6h36s2
[2012.10.29 12:42:03 | 000,055,334 | ---- | C] () -- C:\windows\sess_3dvkc4cn7gmeiqsdmp1n0kd604
[2012.10.29 12:41:54 | 000,055,334 | ---- | C] () -- C:\windows\sess_uk1138urs57j7ttqucr63cvm64
[2012.10.29 12:41:54 | 000,055,331 | ---- | C] () -- C:\windows\sess_9jgs504p6p70ljkjopt4goj604
[2012.10.29 12:41:54 | 000,055,331 | ---- | C] () -- C:\windows\sess_9dshatt5b3btt5p40jgu94dn86
[2012.10.29 12:41:53 | 000,055,331 | ---- | C] () -- C:\windows\sess_sfc2m3gigflvlfeptsgqp8qd31
[2012.10.29 12:41:53 | 000,055,331 | ---- | C] () -- C:\windows\sess_ko5k1i7r82ggrp3lqp1ks6el53
[2012.10.29 12:41:53 | 000,055,331 | ---- | C] () -- C:\windows\sess_dpa68cs7bpne1jh70ctf4uvvn7
[2012.10.29 12:41:53 | 000,055,331 | ---- | C] () -- C:\windows\sess_a27e56h9km988m32t56noav4e5
[2012.10.29 12:41:52 | 000,055,331 | ---- | C] () -- C:\windows\sess_uo6iktgako59la171ejqrtp2d7
[2012.10.29 12:41:52 | 000,055,331 | ---- | C] () -- C:\windows\sess_rh2u220939aj3s2hhapeq7aa92
[2012.10.29 12:41:52 | 000,055,331 | ---- | C] () -- C:\windows\sess_qlkgj6c37uqfo3mrfsi96ekvb3
[2012.10.29 12:41:52 | 000,055,331 | ---- | C] () -- C:\windows\sess_6mtp4dvm2bn31akdfc20i1c992
[2012.10.29 12:41:51 | 000,055,331 | ---- | C] () -- C:\windows\sess_hfd3ep695kf6o746d36vekcdr7
[2012.10.29 12:41:51 | 000,055,331 | ---- | C] () -- C:\windows\sess_di3br0qgoqhb4kabbjq5hv9da6
[2012.10.29 12:41:50 | 000,055,331 | ---- | C] () -- C:\windows\sess_8h140ng9m69cc58mnm9ehtkuo7
[2012.10.29 12:41:49 | 000,055,331 | ---- | C] () -- C:\windows\sess_k9clsss02l2m8kun3f1p20kma6
[2012.10.29 12:41:49 | 000,055,331 | ---- | C] () -- C:\windows\sess_h18pqh6dqbf3vcerlp0fm45q25
[2012.10.29 12:41:46 | 000,055,331 | ---- | C] () -- C:\windows\sess_uct1u8q8ksh0h4v678siujstm0
[2012.10.29 12:41:43 | 000,055,331 | ---- | C] () -- C:\windows\sess_ai0013ue12ol6b8f8jb3ebuub1
[2012.10.29 12:41:42 | 000,055,331 | ---- | C] () -- C:\windows\sess_dj4ds0m76l3j28i14lau54ul64
[2012.10.29 12:41:41 | 000,055,337 | ---- | C] () -- C:\windows\sess_b0oorbo902kds8ik3euh8n9u36
[2012.10.29 12:41:41 | 000,055,331 | ---- | C] () -- C:\windows\sess_n4rtaj9673lgl1c8paojsadct3
[2012.10.29 12:41:41 | 000,055,331 | ---- | C] () -- C:\windows\sess_i95efddtfib87roh9u7s4oife0
[2012.10.29 10:53:36 | 000,055,337 | ---- | C] () -- C:\windows\sess_1b34unhehtj5drqqj002g2c341
[2012.10.29 10:45:19 | 000,055,337 | ---- | C] () -- C:\windows\sess_4ddeobtrm2h933s9tbmdrd1195
[2012.10.29 10:44:16 | 000,117,914 | ---- | C] () -- C:\windows\sess_r8aqfbre4t9eu7ptb0lk4kp753
[2012.10.29 10:19:09 | 000,055,337 | ---- | C] () -- C:\windows\sess_37rp294k6ngpqghg8slht4js25
[2012.10.29 10:18:47 | 000,056,018 | ---- | C] () -- C:\windows\sess_c2u7mnhd5qli6lkjh7g54jusa4
[2012.10.29 10:18:47 | 000,056,018 | ---- | C] () -- C:\windows\sess_3g8v3hdrf5h8pfm3hoa0c7v810
[2012.10.29 10:18:47 | 000,056,014 | ---- | C] () -- C:\windows\sess_cmqq0pi5vinkd1efgcbodl51k6
[2012.10.29 10:18:45 | 000,056,014 | ---- | C] () -- C:\windows\sess_abgllcvef9pe6erhu8ekq6ggq7
[2012.10.29 09:04:06 | 000,056,549 | ---- | C] () -- C:\windows\sess_or5ti5vc0huujf3amhdp6ktgr7
[2012.10.29 09:00:21 | 000,055,337 | ---- | C] () -- C:\windows\sess_mr1cat7qm67s5gcp6tkdjk3cv0
[2012.10.29 08:26:46 | 000,056,018 | ---- | C] () -- C:\windows\sess_hptd0jobar5v9rg5lh5banu106
[2012.10.29 08:26:42 | 000,056,018 | ---- | C] () -- C:\windows\sess_glhj9012kcitku78q76j44kpd1
[2012.10.29 08:26:42 | 000,056,014 | ---- | C] () -- C:\windows\sess_b7j2b41nrl3h4knbj1jublks24
[2012.10.29 08:26:42 | 000,056,013 | ---- | C] () -- C:\windows\sess_m47mnj6fnjr6bed2m33s2ovcj1
[2012.10.29 08:26:39 | 000,056,014 | ---- | C] () -- C:\windows\sess_jlicsl856i6kpbdk139ehmdmu5
[2012.10.26 17:28:19 | 000,055,334 | ---- | C] () -- C:\windows\sess_9j4qcm8bujgnngn3hnc5459te0
[2012.10.26 17:28:19 | 000,055,334 | ---- | C] () -- C:\windows\sess_7d0o08b2jvb3o56aqs6jfc9no3
[2012.10.26 17:28:18 | 000,055,330 | ---- | C] () -- C:\windows\sess_80kg347lala241i37juhb2ht33
[2012.10.26 17:28:18 | 000,055,329 | ---- | C] () -- C:\windows\sess_rouoeojkmh2qjg2rin3vohnoo5
[2012.10.26 14:42:27 | 000,055,334 | ---- | C] () -- C:\windows\sess_2gg91ani31jr2mk1g4oauj7a66
[2012.10.26 14:41:22 | 000,055,334 | ---- | C] () -- C:\windows\sess_003f8llqf9juv54l19p34fa2t0
[2012.10.26 14:34:59 | 000,017,197 | ---- | C] () -- C:\windows\sess_oktj28skagalmeu1n49vd5kja1
[2012.10.26 14:00:34 | 000,056,018 | ---- | C] () -- C:\windows\sess_iaco566vveo1nk8hh38fk9psh1
[2012.10.26 14:00:34 | 000,056,018 | ---- | C] () -- C:\windows\sess_9g3vvudfgeplqafi035mj10pb4
[2012.10.26 14:00:34 | 000,056,014 | ---- | C] () -- C:\windows\sess_vu76hmdaq64d03456rdmcqejo3
[2012.10.26 14:00:34 | 000,056,014 | ---- | C] () -- C:\windows\sess_2mtr6rnmg46li3sm6pml8aq922
[2012.10.26 14:00:26 | 000,017,197 | ---- | C] () -- C:\windows\sess_ohl13bigcbtbr1q4utedjbvb63
[2012.10.26 14:00:05 | 000,008,135 | ---- | C] () -- C:\windows\sess_n4ojdb7vouu7dv4eh3bb7oeas0
[2012.10.26 14:00:05 | 000,008,135 | ---- | C] () -- C:\windows\sess_dfr7j3g68dko7tqlt9a5kk5l71
[2012.10.26 14:00:05 | 000,008,135 | ---- | C] () -- C:\windows\sess_9h9vk071a9lqu6ngerj10327c3
[2012.10.26 14:00:05 | 000,008,135 | ---- | C] () -- C:\windows\sess_1dd31c0bv81j7fqeq6ijo79t32
[2012.10.26 13:56:42 | 000,056,039 | ---- | C] () -- C:\windows\sess_laso3tial542op3adau0k3u4s4
[2012.10.26 13:56:41 | 000,056,018 | ---- | C] () -- C:\windows\sess_7h4c9p4209n4j7tcistfdsgdf5
[2012.10.26 13:56:41 | 000,056,014 | ---- | C] () -- C:\windows\sess_7d5r342kicj3r8knhlhopaf103
[2012.10.26 13:56:40 | 000,056,013 | ---- | C] () -- C:\windows\sess_d5j44ssniv68iiha5lkdb3ho71
[2012.10.26 13:56:38 | 000,056,014 | ---- | C] () -- C:\windows\sess_dtuns1pog6bnbm3csfss34fae1
[2012.10.26 13:50:46 | 000,117,912 | ---- | C] () -- C:\windows\sess_3t4t9o9bcfktnbudkkfia0ho32
[2012.10.26 13:47:34 | 000,045,473 | ---- | C] () -- C:\windows\sess_o8h8vrob84aootauinbka1kdb7
[2012.10.26 13:46:43 | 000,017,744 | ---- | C] () -- C:\windows\sess_tp5elbhkdj0pd0k28qttd18bf1
[2012.10.26 13:46:01 | 000,017,744 | ---- | C] () -- C:\windows\sess_euiecr1raruhctmvvi276nl8l6
[2012.10.26 13:39:07 | 000,017,744 | ---- | C] () -- C:\windows\sess_hm6rs9vngkei8anekqp7kpj695
[2012.10.26 08:38:10 | 000,000,105 | ---- | C] () -- C:\Users\weh\Documents\brentford_magento.dsn
[2012.10.26 08:35:54 | 006,506,496 | ---- | C] () -- C:\Users\weh\Desktop\magento1.5.1-brentford.eap
[2012.10.25 18:00:48 | 000,055,334 | ---- | C] () -- C:\windows\sess_q5bafm61pcrfmlpb7gr38da994
[2012.10.25 18:00:48 | 000,055,330 | ---- | C] () -- C:\windows\sess_6bbkkqldn5dntv14pa1agp9mb5
[2012.10.25 18:00:48 | 000,055,329 | ---- | C] () -- C:\windows\sess_0llk0cipmv6g70rhdpqq8td881
[2012.10.25 18:00:46 | 000,055,334 | ---- | C] () -- C:\windows\sess_6e531cq1p7s7iassi6v52m1bv4
[2012.10.25 14:05:20 | 000,055,355 | ---- | C] () -- C:\windows\sess_jklmtai3q2bv8bl2au34503i31
[2012.10.25 14:05:11 | 000,055,334 | ---- | C] () -- C:\windows\sess_h90983pa344ace3u217utjh6a7
[2012.10.25 14:05:11 | 000,055,330 | ---- | C] () -- C:\windows\sess_1irk55glhtu785oeeefu8q0om6
[2012.10.25 14:05:11 | 000,055,329 | ---- | C] () -- C:\windows\sess_319di38o2l4c20m69q9qpg95c5
[2012.10.25 14:05:09 | 000,055,330 | ---- | C] () -- C:\windows\sess_l1auaakfkhf7ona7rmftht0hh0
[2012.10.24 08:08:54 | 000,000,022 | ---- | C] () -- C:\windows\SysWow64\devconinfo
[2012.10.24 08:08:54 | 000,000,021 | ---- | C] () -- C:\windows\SysNative\devconinfo
[2012.10.17 09:32:39 | 000,053,989 | ---- | C] () -- C:\windows\sess_lu43omd1jijp04254o8upvou53
[2012.10.17 09:29:42 | 000,055,334 | ---- | C] () -- C:\windows\sess_vq4pa77dgs8bmfet4je9oqr2n5
[2012.10.17 09:29:40 | 000,055,330 | ---- | C] () -- C:\windows\sess_fiestfqdrk3elset0epm6vbqu6
[2012.10.17 09:29:40 | 000,055,330 | ---- | C] () -- C:\windows\sess_arn2psussqhgdu9u5c3e1gmdg6
[2012.10.17 09:29:40 | 000,055,329 | ---- | C] () -- C:\windows\sess_0q4rp9ekmb6hrubjdb0milis13
[2012.10.17 09:29:27 | 000,055,334 | ---- | C] () -- C:\windows\sess_li9m6gajg2gt3mj0km03a3bda4
[2012.10.17 09:29:27 | 000,055,330 | ---- | C] () -- C:\windows\sess_hqhe0m60dmtpe5s9v279jnmba6
[2012.10.17 09:29:27 | 000,055,329 | ---- | C] () -- C:\windows\sess_8aq6fm6cdqimhd0jb9qhfqcg80
[2012.10.17 09:29:24 | 000,055,330 | ---- | C] () -- C:\windows\sess_1tquf8v4rek4o28hqi5va5l890
[2012.10.16 15:36:22 | 000,055,334 | ---- | C] () -- C:\windows\sess_210d12007katu43nc58jiv9gv0
[2012.10.16 15:02:33 | 000,055,337 | ---- | C] () -- C:\windows\sess_ojpd9jnu8itdde4v59utfrp2g7
[2012.10.16 15:01:27 | 000,052,764 | ---- | C] () -- C:\windows\sess_1aru2t09vrhnvj4jiupcptdq35
[2012.10.16 12:50:14 | 000,055,335 | ---- | C] () -- C:\windows\sess_gmntlm6kmaseratfn59q5ju450
[2012.10.16 12:50:09 | 000,052,764 | ---- | C] () -- C:\windows\sess_m3prje56a0st38hnas035gjv26
[2012.10.16 12:49:36 | 000,055,340 | ---- | C] () -- C:\windows\sess_7bq1n0hda1dn5g7bbno2n0lpn2
[2012.10.16 09:47:51 | 000,055,330 | ---- | C] () -- C:\windows\sess_k7nb3fmcokbq3a1qgk41uvcg32
[2012.10.16 09:47:40 | 000,055,340 | ---- | C] () -- C:\windows\sess_lo7ubcqd4547gnmiqvugct6tl2
[2012.10.16 09:47:38 | 000,055,329 | ---- | C] () -- C:\windows\sess_3uiog0ict2ucahlfacraqn68d1
[2012.10.16 09:47:37 | 000,055,330 | ---- | C] () -- C:\windows\sess_c5a4k5hgs6spd25kkm4jlchj45
[2012.10.16 09:25:09 | 000,055,334 | ---- | C] () -- C:\windows\sess_bj84k794pf96fatnl849j1fvh6
[2012.10.16 09:25:07 | 000,055,334 | ---- | C] () -- C:\windows\sess_c10abusut5riv65218sar2kmo1
[2012.10.16 09:25:07 | 000,055,330 | ---- | C] () -- C:\windows\sess_ighqjinscm7nd6c9tf8ceh06r6
[2012.10.16 09:25:07 | 000,055,329 | ---- | C] () -- C:\windows\sess_h7613nknljg8ngjrr5ti1pi6d7
[2012.10.16 09:25:05 | 000,055,330 | ---- | C] () -- C:\windows\sess_mpge223eh12rqa7p5jr4ds0dv0
[2012.08.14 14:08:40 | 000,000,152 | ---- | C] () -- C:\windows\SysWow64\RSLSP.ini
[2012.08.14 12:34:03 | 000,000,236 | ---- | C] () -- C:\windows\sripper.ini
[2012.08.14 12:34:03 | 000,000,052 | ---- | C] () -- C:\windows\StreamRipper32.INI
[2012.07.20 19:05:53 | 000,000,424 | ---- | C] () -- C:\Users\weh\AppData\Roaming\.ptbt1
[2012.07.17 10:22:56 | 000,001,484 | ---- | C] () -- C:\Users\weh\.h2.server.properties
[2012.07.09 09:44:01 | 000,000,158 | ---- | C] () -- C:\Users\weh\.gtkrc-2.0
[2012.05.08 11:52:20 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\dlumd9.dll
[2012.05.08 11:52:20 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\dlumd11.dll
[2012.05.08 11:52:20 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\dlumd10.dll
[2012.03.30 10:08:41 | 000,040,757 | ---- | C] () -- C:\Users\weh\AppData\Local\recently-used.xbel.I07BCW
[2012.02.27 15:16:43 | 000,000,017 | ---- | C] () -- C:\Users\weh\_pentadactylrc
[2011.11.11 19:15:41 | 000,003,190 | ---- | C] () -- C:\Users\weh\.ganttproject
[2011.11.04 10:11:00 | 000,000,335 | ---- | C] () -- C:\Users\weh\.gitconfig
[2011.11.04 10:00:01 | 000,000,189 | ---- | C] () -- C:\Users\weh\.gitignore
[2011.08.22 20:11:16 | 000,007,665 | ---- | C] () -- C:\Users\weh\AppData\Local\Resmon.ResmonCfg
[2011.08.17 12:50:33 | 002,463,976 | ---- | C] () -- C:\windows\SysWow64\NPSWF32.dll
[2011.06.22 09:13:36 | 000,000,067 | ---- | C] () -- C:\windows\Emu48.ini
[2011.06.01 12:04:19 | 000,001,117 | ---- | C] () -- C:\Users\weh\.scala_history
[2011.05.06 10:34:16 | 000,167,784 | -H-- | C] () -- C:\windows\SysWow64\mlfcache.dat
[2011.04.28 07:52:27 | 000,001,854 | ---- | C] () -- C:\Users\weh\AppData\Roaming\GhostObjGAFix.xml
[2011.04.11 16:18:46 | 000,695,642 | ---- | C] () -- C:\windows\unins000.exe
[2011.04.11 16:18:46 | 000,001,729 | ---- | C] () -- C:\windows\unins000.dat
[2011.03.30 12:26:16 | 000,000,012 | ---- | C] () -- C:\windows\dirsaver.ini
[2011.03.30 12:26:09 | 000,028,672 | ---- | C] () -- C:\windows\gscr.dll
[2011.03.18 09:35:26 | 000,000,017 | ---- | C] () -- C:\Users\weh\.javafx_ping_sent
[2011.03.01 18:15:28 | 000,000,642 | ---- | C] () -- C:\windows\ODBC.INI
[2011.03.01 18:13:58 | 000,000,232 | ---- | C] () -- C:\windows\ODBCINST.INI
[2011.03.01 10:59:10 | 000,000,920 | -H-- | C] () -- C:\Users\weh\.gitk
[2011.03.01 09:11:02 | 000,020,945 | ---- | C] () -- C:\Users\weh\_viminfo
[2011.02.21 10:20:08 | 000,000,255 | ---- | C] () -- C:\Users\weh\AppData\Roaming\sqlite3Explorer.xml
[2011.02.17 17:54:46 | 000,144,622 | ---- | C] () -- C:\windows\SysWow64\drivers\kqemu.sys
[2011.02.17 15:02:37 | 000,000,600 | ---- | C] () -- C:\Users\weh\AppData\Local\PUTTY.RND
[2011.02.09 12:39:32 | 000,000,000 | ---- | C] () -- C:\windows\nsreg.dat
[2011.02.03 10:46:23 | 000,000,182 | ---- | C] () -- C:\Users\weh\.zf.ini
[2011.02.02 09:00:04 | 000,000,600 | ---- | C] () -- C:\Users\weh\AppData\Roaming\winscp.rnd
[2011.02.01 15:50:39 | 000,000,727 | ---- | C] () -- C:\windows\hpntwksetup.ini
[2011.02.01 15:49:34 | 000,176,788 | ---- | C] () -- C:\windows\hppins12.dat
[2011.02.01 15:49:34 | 000,007,855 | ---- | C] () -- C:\windows\hppmdl12.dat
[2011.02.01 15:30:41 | 000,769,286 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011.02.01 14:27:11 | 000,000,056 | -H-- | C] () -- C:\windows\SysWow64\ezsidmv.dat
[2011.02.01 11:03:03 | 000,000,096 | ---- | C] () -- C:\Users\weh\.asadminpass
 
========== ZeroAccess Check ==========
 
[2012.11.13 17:59:07 | 000,002,048 | -HS- | M] () -- C:\$Recycle.Bin\S-1-5-18\$927d5344adb0f1659c13d77b24a97d2e\@
[2012.11.13 17:59:07 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin\S-1-5-18\$927d5344adb0f1659c13d77b24a97d2e\L
[2012.11.13 22:00:00 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin\S-1-5-18\$927d5344adb0f1659c13d77b24a97d2e\U
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\$Recycle.Bin\S-1-5-21-3629986181-1509596615-2328272075-1000\$927d5344adb0f1659c13d77b24a97d2e\n.
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\$Recycle.Bin\S-1-5-18\$927d5344adb0f1659c13d77b24a97d2e\n.
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

weh · 14.11.2012, 16:35

OTL Extras:

Code:

ATTFilter

OTL Extras logfile created on: 11/14/2012 1:50:59 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\weh\Desktop\Trojan\Tools
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Switzerland | Language: DES | Date Format: dd.MM.yyyy
 
3.86 Gb Total Physical Memory | 1.65 Gb Available Physical Memory | 42.75% Memory free
7.72 Gb Paging File | 4.96 Gb Available in Paging File | 64.30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 280.79 Gb Total Space | 68.26 Gb Free Space | 24.31% Space Free | Partition Type: NTFS
Drive F: | 1.99 Gb Total Space | 1.98 Gb Free Space | 99.56% Space Free | Partition Type: FAT32
Drive S: | 149.04 Gb Total Space | 47.17 Gb Free Space | 31.65% Space Free | Partition Type: NTFS
 
Computer Name: WEHBOOK | User Name: weh | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.js [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [git_shell] -- wscript "C:\Program Files (x86)\Git\Git Bash.vbs" "%1"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [git_shell] -- wscript "C:\Program Files (x86)\Git\Git Bash.vbs" "%1"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallDisableNotify" = 0
"FirewallOverride" = 1
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0611B3CC-B5DB-4B93-ACE4-97B8F938E6B7}" = 64 Bit HP CIO Components Installer
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1111706F-666A-4037-7777-211648764D10}" = JavaFX 2.1.1 (64-bit)
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{2051F4CD-5708-4E26-BB74-00A0A6B06DFC}" = TortoiseGit 1.7.3.0 (64 bit)
"{218BB4A0-250C-4EBF-AE0A-398AF174A794}" = devolo Vianect AIR TV
"{2222706F-666A-4037-7777-211648764D10}" = JavaFX 2.1.1 SDK (64-bit)
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416023FF}" = Java(TM) 6 Update 23 (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86417007FF}" = Java 7 Update 7 (64-bit)
"{290D4DB2-F1B4-4B8E-918D-D71EF29A001B}" = Intel(R) PROSet/Wireless WiFi-Software
"{2917FD4B-9D6C-4012-BB45-DC9722CA78E2}" = HP ProtectTools Security Manager
"{2B7F5983-7076-4D6E-9207-D9D05722502F}" = Smart Technology Programming Software 7.0.2.7
"{2C22EA92-CB30-4932-0052-000001000000}" = InfraRecorder 0.52 (x64 edition)
"{32939827-d8e5-470a-b126-870db3c69fd0}" = Python 2.7.1 (64-bit)
"{3513DD3C-7680-4C7C-BF18-BA375D5F4132}" = Pre-Boot Security for HP ProtectTools
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4E2D1823-C889-4CA9-9BB2-08E962A5E735}" = MySQL Server 5.5
"{51662E6C-5813-46D3-9801-A68ECC9BB6BC}" = DisplayLink Graphics
"{518C838E-A21C-40BE-B844-648040C2491D}" = HP Wireless Assistant
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64A3A4F4-B792-11D6-A78A-00B0D0160230}" = Java(TM) SE Development Kit 6 Update 23 (64-bit)
"{64A3A4F4-B792-11D6-A78A-00B0D0170070}" = Java SE Development Kit 7 Update 7 (64-bit)
"{67C090D6-109A-47D7-8DED-4160C4D96F32}" = HP 3D DriveGuard
"{6D45461F-F0FF-4E32-A16D-C636722FCA12}" = devolo Vianect AIR Manager
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{72A9C5F2-0F2A-48C7-B965-469C418859BF}" = DisplayLink Core Software
"{79CFB0AF-7F21-415D-AF84-B1F3DEE44ED9}" = ActivePerl 5.12.3 Build 1204 (64-bit)
"{818AA386-29D5-4DFF-BBB5-3F16133F1409}" = TortoiseSVN 1.6.12.20536 (64 bit)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{938C9D51-4233-4DCE-A650-96918ACDBF3E}" = HP Power Data
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = HP Integrated Module with Bluetooth wireless technology
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{ADCF7C16-C3AC-4AFB-A738-968C86A5C2CF}" = Oracle VM VirtualBox 4.0.2
"{b2042d5e-986d-44ec-aee3-afe4108ccc94}" = Python 3.2 (64-bit)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 276.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 276.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 136.02
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BD7AB0B9-4491-4642-B6BB-2560648A0A22}" = HP Power Assistant
"{BE9ED4AF-949C-4B95-B2FD-0A2F228A7689}" = Validity Fingerprint Driver
"{C44218B2-EC4D-4EB9-A3E3-F8F4A46927EC}" = MySQL Connector/ODBC 5.1
"{C7AE4EC3-9C13-4213-8457-74D16B353F91}" = HP Web Camera
"{C862EC05-1C15-4327-B15D-C7788D6CFF73}" = Image Resizer Powertoy Clone for Windows (64 bit)
"{D6782B98-BDC0-45F4-A046-9D26C475CBF8}" = Drive Encryption for HP ProtectTools
"{ECF3E482-9188-4e29-9C31-E02FD8DC74C0}" = HP Color LaserJet CM2320 MFP Series 3.1
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800)
"6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1" = Windows Driver Package - Broadcom Bluetooth  (07/30/2009 6.2.0.9405)
"6B8550A319DDC8B17F35F4A89988705E4592349B" = Windows Driver Package - Broadcom Bluetooth  (06/15/2009 6.2.0.9000)
"8973-4025-0853-7287" = DbVisualizer 8.0.8
"GIMP-2_is1" = GIMP 2.8.0-rc1
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"HPProtectTools" = HP ProtectTools Security Manager
"LSI Soft Modem" = LSI HDA Modem
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"nbi-glassfish-mod-3.1.2.23.0" = GlassFish Server Open Source Edition 3.1.2
"nbi-glassfish-mod-3.1.2.23.2" = GlassFish Server Open Source Edition 3.1.2.2
"nbi-glassfish-mod-3.1.43.0.0" = GlassFish Server Open Source Edition 3.1
"nbi-glassfish-mod-sun-3.0.0.74.2" = Sun GlassFish Enterprise Server v3
"nbi-nb-base-6.8.0.0.0" = NetBeans IDE 6.8
"nbi-nb-base-7.0.0.0.0" = NetBeans IDE 7.0
"nbi-nb-base-7.1.1.0.0" = NetBeans IDE 7.1.1
"nbi-nb-base-7.2.1.0.201210100934" = NetBeans IDE 7.2.1
"nbi-tomcat-7.0.22.0.0" = Apache Tomcat 7.0.22
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"PostgreSQL 9.0" = PostgreSQL 9.0 
"ProInst" = Intel PROSet Wireless
"PROSet" = Intel(R) Network Connections Drivers
"RealVNC_is1" = VNC Enterprise Edition E4.6.0
"sp6" = Logitech SetPoint 6.20
"Sublime Text 2_is1" = Sublime Text 2.0.1
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Vim 7.3" = Vim 7.3 (self-installing)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{01E73CF7-3B8E-49F6-B09C-3FB122B3938A}" = HP Software Framework
"{04801E42-B1A6-4C52-9F3D-CADB5A050433}" = HP Software Setup
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{09E46892-D189-410F-AE52-72D620247182}" = calibre
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{1A20BE74-67F7-449D-B66D-6FC37FC4FEF2}" = Subversion
"{1D61E881-43CD-447B-9E6B-D2C6138B2862}" = HP Webcam
"{1E6219D4-027E-47EE-AB83-DD2F26E31A32}" = HP Setup
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{24495227-1B47-4D55-AC27-167B6BC3FF73}" = hppScanToCM2320
"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 35
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{2AF401F8-D652-4F0D-A445-88F149969AB8}" = AirParrot
"{2DA697D7-FED3-4DE2-A174-92A2A12F9688}" = HP SoftPaq Download Manager
"{33C9F24B-1D92-4632-A915-81E3BB1D5D6B}" = Theft Recovery
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = HP Webcam Driver
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C6DEBDB-E980-4C6F-9642-A44F59C70C73}" = LibreOffice 3.6 Help Pack (German)
"{511CA535-9CB1-4128-A30C-5F4C5D4AB848}" = hppFaxUtilityCM2320
"{52937564-8312-4B49-BB13-F7EDBB67EB34}" = MySQL Workbench 5.2 CE
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{549F3C2A-33EF-571C-AF1E-066865E63716}" = Balsamiq Mockups For Desktop
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5BF8E079-D6E2-4323-B794-75152371122A}" = Windows 7 Default Setting
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{62052A1A-0997-4EB1-9DD1-176F2A2A302B}" = Adobe LiveCycle Designer ES3
"{62272D4E-78E9-4BAD-B7AA-63072D06AAA9}" = HP Documentation
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{676CF48E-6847-4C3E-8327-9813BCEBD1A3}" = node.js
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
"{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{77697747-7567-428D-8394-2287586F6974}" = hppusgCM2320
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85262A06-2D8C-4BC1-B6ED-5A705D09CFFC}" = Apache HTTP Server 2.2.17
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8B0CB1FA-6D45-4D41-B7BA-5F13EA6BEC5A}" = Adobe Edge Preview
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.VISIOR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.VISIOR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.VISIOR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.VISIOR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.VISIOR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.VISIOR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2010
"{90140000-0054-0409-0000-0000000FF1CE}_Office14.VISIOR_{CDC4310F-8189-485F-B47D-D972217CE173}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.VISIOR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.VISIOR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.VISIOR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0057-0000-0000-0000000FF1CE}" = Microsoft Office Visio 2010
"{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{01D8AE4B-A04D-47E5-81BF-E3F98B81B8C3}" = Microsoft Visio 2010 Service Pack 1 (SP1)
"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{995F2783-8311-49BF-833E-DB659774B4F6}" = hppFonts
"{99EE30D2-A7EA-486C-9AD4-57C8583375BF}" = hppSendFaxCM2320
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A743BBCC-3438-4BB3-8397-6C9D9AC125A6}" = Timershot Powertoy for Windows XP
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{ABB8337F-50AC-412E-8E7E-279E3716B91C}" = Kerio Outlook Connector (Offline Edition)
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AC76BA86-7AD7-5670-0000-900000000003}" = Korean Fonts Support For Adobe Reader 9
"{AE7C40B6-9C6D-4022-B017-A41A6B7FA4D3}" = hppManualsCM2320
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B226235F-51A4-4090-B5DB-5482A28D1B0F}" = hppFaxDrvCM2320
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C2A9E3FA-1D9D-4BC1-AEED-135AADADEBF9}" = Kerio Updater Service
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{C813DEA0-D8F0-22B5-F372-F5CC329556EA}" = Adobe Community Help
"{CBCF6C86-4738-4A84-9C2C-331804DCEB9B}" = LibreOffice 3.6
"{CC98E8B3-FAAA-4D09-A813-A44C9FA1A3EE}" = Enterprise Architect 8
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CE07BE71-510D-414A-92D4-DFF47631848A}" = Simple Build Tool
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D50B8348-D00C-4208-94D2-76A0E0CD5776}_is1" = Gummi version 0.6.2~beta2
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{DD7D788B-D6C2-4CB1-AACC-8614D6C21D7C}" = hppCLJCM2320
"{DF26C0AE-3520-484F-8BF7-CD061E32F027}" = HP ESU for Microsoft Windows 7
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E7081891-BC7F-43F9-9CE6-B5DD2F497156}" = Internet Explorer Developer Toolbar
"{ED23E382-E5E3-4E21-B616-01FC59A40916}" = OpenOffice.org 3.3
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F173C2B3-296F-458C-98FF-1676A42EBA02}" = HP Wallpaper
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F5CC2EF8-20A4-4366-A681-3FE849E65809}" = RICOH Media Driver
"{FD8234FF-A70D-4632-B146-F41AB37C0B24}" = HP Business Card Reader
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FF841249-0D6B-41D7-8013-953EE3A33263}" = hppQFolderCM2320
"ActiveTouchMeetingClient" = Cisco WebEx Meetings
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Flex Builder 3" = Adobe Flex Builder 3
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"ApacheCouchDB_is1" = Apache CouchDB 1.0.1
"Ashampoo MyAutoplay Menu_is1" = Ashampoo MyAutoplay Menu 1.0.5
"Avira AntiVir Desktop" = Avira Professional Security
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"BalsamiqMockupsForDesktop.EDE15CF69E11F7F7D45B5430C7D37CC6C3545E3C.1" = Balsamiq Mockups For Desktop
"CDex" = CDex - Open Source Digital Audio CD Extractor
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CIH_STXrecordDOO_scr.scr" = CIH_STXrecordDOO_scr ScreenSaver
"CollabNet Subversion Client" = CollabNet Subversion Client 1.6.12
"ESET Online Scanner" = ESET Online Scanner v3
"FileZilla Client" = FileZilla Client 3.5.3
"Flickr.Net Screensaver_is1" = Flickr.Net Screensaver 4
"Git_is1" = Git version 1.7.4-preview20110204
"GPL Ghostscript 9.00" = GPL Ghostscript 9.00
"GTK2-Runtime" = GTK2-Runtime
"GTK2-Themes" = GTK2-Themes
"HandBrake" = HandBrake 0.9.6
"HeidiSQL_is1" = HeidiSQL 7.0.0.4053
"Hugin" = Hugin 2011.4.0
"Inkscape" = Inkscape 0.48.3.1
"InstallShield_{33C9F24B-1D92-4632-A915-81E3BB1D5D6B}" = Theft Recovery
"InstallShield_{6D45461F-F0FF-4E32-A16D-C636722FCA12}" = devolo Vianect AIR Manager
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"KeePassPasswordSafe2_is1" = KeePass Password Safe 2.14
"KQEMU" = KQEMU virtualisation module for QEMU
"Launchy_21344213_is1" = Launchy 2.5
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
"MiKTeX 2.9" = MiKTeX 2.9
"mIRC" = mIRC
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"Mozilla Thunderbird (3.1.20)" = Mozilla Thunderbird (3.1.20)
"Mozilla XULRunner (1.9.0.4)" = Mozilla XULRunner (1.9.0.4)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Office14.VISIOR" = Microsoft Visio Professional 2010
"Opera 11.62.1347" = Opera 11.62
"ownCloud" = ownCloud
"Pencil" = Pencil
"Polipo" = Polipo 1.0.4.1
"PowerCmd_is1" = PowerCmd 2.2
"PuTTY_is1" = PuTTY version 0.60
"RealVNC_is1" = VNC Free Edition 4.1.3
"SyncBack_is1" = SyncBack
"Synergy" = Synergy
"TeamViewer 6" = TeamViewer 6
"TeamViewer 7" = TeamViewer 7
"Tor" = Tor 0.2.2.33
"Vidalia" = Vidalia 0.2.14
"VLC media player" = VLC media player 1.1.11
"WinCDEmu" = WinCDEmu
"WinPcapInst" = WinPcap 4.1.2
"winscp3_is1" = WinSCP 5.1
"Wireshark" = Wireshark 1.6.4
"Xming_is1" = Xming 6.9.0.31
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{BD5F3A9C-22D5-4C1D-AEA0-ED1BE83A1E67}_is1" = Ruby 1.9.2-p180
"BrickBreaker" = BrickBreaker
"Dropbox" = Dropbox
"GanttProject 2.0.10" = GanttProject 2.0.10
"Google Chrome" = Google Chrome
"StationRipper" = StationRipper 2.98.5
"StyleEditor" = StyleEditor
"SwirlingSquares" = SwirlingSquares
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 13.11.2012 17:27:50 | Computer Name = wehbook | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\weh\Downloads\esetsmartinstaller_enu.exe".Error
 in manifest or policy file "" on line .  A component version required by the application
 conflicts with another component version already active.  Conflicting components 
are:.  Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 13.11.2012 17:27:53 | Computer Name = wehbook | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\weh\Desktop\esetsmartinstaller_enu.exe".Error
 in manifest or policy file "" on line .  A component version required by the application
 conflicts with another component version already active.  Conflicting components 
are:.  Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 13.11.2012 17:27:53 | Computer Name = wehbook | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\weh\Desktop\esetsmartinstaller_enu.exe".Error
 in manifest or policy file "" on line .  A component version required by the application
 conflicts with another component version already active.  Conflicting components 
are:.  Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 13.11.2012 17:28:00 | Computer Name = wehbook | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\weh\Desktop\esetsmartinstaller_enu.exe".Error
 in manifest or policy file "" on line .  A component version required by the application
 conflicts with another component version already active.  Conflicting components 
are:.  Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 13.11.2012 17:28:02 | Computer Name = wehbook | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\weh\Desktop\esetsmartinstaller_enu.exe".Error
 in manifest or policy file "" on line .  A component version required by the application
 conflicts with another component version already active.  Conflicting components 
are:.  Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 14.11.2012 00:26:43 | Computer Name = wehbook | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "C:\Program Files (x86)\Sparx
 Systems\EA\SSInvoke.exe".Error in manifest or policy file "C:\Program Files (x86)\Sparx
 Systems\EA\SSInvoke.exe" on line 21.  Invalid Xml syntax.
 
Error - 14.11.2012 00:32:44 | Computer Name = wehbook | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\program files (x86)\ESET\eset
 online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
 .  A component version required by the application conflicts with another component
 version already active.  Conflicting components are:.  Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 14.11.2012 00:32:46 | Computer Name = wehbook | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\program files (x86)\ESET\eset
 online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
 .  A component version required by the application conflicts with another component
 version already active.  Conflicting components are:.  Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 14.11.2012 05:46:32 | Computer Name = wehbook | Source = Microsoft-Windows-RestartManager | ID = 10006
Description = Application or service 'Internet Explorer' could not be shut down.
 
Error - 14.11.2012 08:58:20 | Computer Name = wehbook | Source = Application Error | ID = 1000
Description = Faulting application name: notepad++.exe, version: 5.8.7.0, time stamp:
 0x4d434075  Faulting module name: Explorer.dll_unloaded, version: 0.0.0.0, time stamp:
 0x4a04adee  Exception code: 0xc0000005  Fault offset: 0x027d7626  Faulting process id:
 0x11f8  Faulting application start time: 0x01cdc2660ebfe83f  Faulting application path:
 C:\Program Files (x86)\Notepad++\notepad++.exe  Faulting module path: Explorer.dll
Report
 Id: f68963a1-2e5a-11e2-94f5-68b599e6ebab
 
[ Hewlett-Packard Events ]
Error - 22.10.2012 20:56:53 | Computer Name = wehbook | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 22.10.2012 20:58:26 | Computer Name = wehbook | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 22.10.2012 21:07:38 | Computer Name = wehbook | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 22.10.2012 21:16:46 | Computer Name = wehbook | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 24.10.2012 13:39:36 | Computer Name = wehbook | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261   at HP.SupportAssistant.Common.CustomerExperience.HPSASession.addTempSession()
Message:
 Object reference not set to an instance of an object.  StackTrace:   at HP.SupportAssistant.Common.CustomerExperience.HPSASession.addTempSession()
Source:
 HP.SupportAssistant.Common    Name: HPSF.exe  Version: 06.00.01.01  Path: C:\Program Files
 (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: en-US  RAM: 3951  Ram Utilization:
 50  TargetSite: Void addTempSession()  
 
Error - 24.10.2012 13:39:38 | Computer Name = wehbook | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261HPSF.exe   at HP.SupportAssistant.Common.CustomerExperience.HPSASession.addTempSession()
Message:
 Object reference not set to an instance of an object.  StackTrace:   at HP.SupportAssistant.Common.CustomerExperience.HPSASession.addTempSession()
Source:
 HP.SupportAssistant.Common    Name: HPSF.exe  Version: 06.00.01.01  Path: C:\Program Files
 (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: en-US  RAM: 3951  Ram Utilization:
 50  TargetSite: Void addTempSession()  
 
Error - 31.10.2012 14:03:37 | Computer Name = wehbook | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261   at HP.SupportAssistant.Common.CustomerExperience.HPSASession.addTempSession()
Message:
 Object reference not set to an instance of an object.  StackTrace:   at HP.SupportAssistant.Common.CustomerExperience.HPSASession.addTempSession()
Source:
 HP.SupportAssistant.Common    Name: HPSF.exe  Version: 06.00.01.01  Path: C:\Program Files
 (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: en-US  RAM: 3951  Ram Utilization:
 70  TargetSite: Void addTempSession()  
 
Error - 31.10.2012 14:03:38 | Computer Name = wehbook | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261HPSF.exe   at HP.SupportAssistant.Common.CustomerExperience.HPSASession.addTempSession()
Message:
 Object reference not set to an instance of an object.  StackTrace:   at HP.SupportAssistant.Common.CustomerExperience.HPSASession.addTempSession()
Source:
 HP.SupportAssistant.Common    Name: HPSF.exe  Version: 06.00.01.01  Path: C:\Program Files
 (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: en-US  RAM: 3951  Ram Utilization:
 70  TargetSite: Void addTempSession()  
 
Error - 08.11.2012 02:44:00 | Computer Name = wehbook | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261   at HP.SupportAssistant.Common.CustomerExperience.HPSASession.addTempSession()
Message:
 Object reference not set to an instance of an object.  StackTrace:   at HP.SupportAssistant.Common.CustomerExperience.HPSASession.addTempSession()
Source:
 HP.SupportAssistant.Common    Name: HPSF.exe  Version: 06.00.01.01  Path: C:\Program Files
 (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: en-US  RAM: 3951  Ram Utilization:
 60  TargetSite: Void addTempSession()  
 
Error - 08.11.2012 02:44:01 | Computer Name = wehbook | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261HPSF.exe   at HP.SupportAssistant.Common.CustomerExperience.HPSASession.addTempSession()
Message:
 Object reference not set to an instance of an object.  StackTrace:   at HP.SupportAssistant.Common.CustomerExperience.HPSASession.addTempSession()
Source:
 HP.SupportAssistant.Common    Name: HPSF.exe  Version: 06.00.01.01  Path: C:\Program Files
 (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: en-US  RAM: 3951  Ram Utilization:
 60  TargetSite: Void addTempSession()  
 
[ HP Power Assistant Events ]
Error - 01.03.2012 04:07:54 | Computer Name = wehbook | Source = HP PA Application | ID = 0
Description = Current OS (processorVersion=64, version=6.1, servicePack=1.0) not
 found in the dat file.
 
Error - 01.03.2012 04:07:58 | Computer Name = wehbook | Source = HP PA Application | ID = 0
Description = Aero consumption missing from the power usage node (planName=HP powerSource=AC).
 
Error - 01.03.2012 04:07:58 | Computer Name = wehbook | Source = HP PA Application | ID = 0
Description = HPPA_Main.IncompleteDatFileException Aero consumption missing from 
the power usage node (planName=HP powerSource=AC).    at HPPA_Main.DatFileAccess.LogError(Nullable`1
 throwException, String formatString, Object[] args)     at HPPA_Main.DatFileAccess.EnsureDevicesExist(PowerUsage
 pu)     at HPPA_Main.DatFileAccess.EnsurePowerUsagesExist(Boolean throwOnSystemIdNotFound)

   at HPPA_Main.DatFileAccess.IsValid(Boolean throwOnSystemIdNotFound)
 
Error - 01.03.2012 09:16:08 | Computer Name = wehbook | Source = HP PA Application | ID = 0
Description = Current OS (processorVersion=64, version=6.1, servicePack=1.0) not
 found in the dat file.
 
Error - 01.03.2012 09:16:10 | Computer Name = wehbook | Source = HP PA Application | ID = 0
Description = Aero consumption missing from the power usage node (planName=HP powerSource=AC).
 
Error - 01.03.2012 09:16:10 | Computer Name = wehbook | Source = HP PA Application | ID = 0
Description = HPPA_Main.IncompleteDatFileException Aero consumption missing from 
the power usage node (planName=HP powerSource=AC).    at HPPA_Main.DatFileAccess.LogError(Nullable`1
 throwException, String formatString, Object[] args)     at HPPA_Main.DatFileAccess.EnsureDevicesExist(PowerUsage
 pu)     at HPPA_Main.DatFileAccess.EnsurePowerUsagesExist(Boolean throwOnSystemIdNotFound)

   at HPPA_Main.DatFileAccess.IsValid(Boolean throwOnSystemIdNotFound)
 
Error - 01.03.2012 11:55:59 | Computer Name = wehbook | Source = HP PA Application | ID = 0
Description = Current OS (processorVersion=64, version=6.1, servicePack=1.0) not
 found in the dat file.
 
Error - 01.03.2012 11:56:01 | Computer Name = wehbook | Source = HP PA Application | ID = 0
Description = Aero consumption missing from the power usage node (planName=HP powerSource=AC).
 
Error - 01.03.2012 11:56:01 | Computer Name = wehbook | Source = HP PA Application | ID = 0
Description = HPPA_Main.IncompleteDatFileException Aero consumption missing from 
the power usage node (planName=HP powerSource=AC).    at HPPA_Main.DatFileAccess.LogError(Nullable`1
 throwException, String formatString, Object[] args)     at HPPA_Main.DatFileAccess.EnsureDevicesExist(PowerUsage
 pu)     at HPPA_Main.DatFileAccess.EnsurePowerUsagesExist(Boolean throwOnSystemIdNotFound)

   at HPPA_Main.DatFileAccess.IsValid(Boolean throwOnSystemIdNotFound)
 
Error - 02.03.2012 04:23:30 | Computer Name = wehbook | Source = HP PA Application | ID = 0
Description = Current OS (processorVersion=64, version=6.1, servicePack=1.0) not
 found in the dat file.
 
[ HP Wireless Assistant Events ]
Error - 24.09.2012 03:40:08 | Computer Name = wehbook | Source = HP WA Application | ID = 0
Description = System.Exception HardwareAccess hasn't been instantiated properly.  
  at PAProgramAccess.Impl.UpdatePowerSchemeInformation(PowerScheme powerScheme)
 
Error - 27.09.2012 08:51:58 | Computer Name = wehbook | Source = HP WA Service | ID = 0
Description = System.Management.ManagementException Not supported     at System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
 errorCode)     at System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()

   at HPPA_Service.CurrentConfiguration.GetPanelBrightnessPercentage()
 
Error - 10.10.2012 03:02:37 | Computer Name = wehbook | Source = HP WA Application | ID = 0
Description = System.Exception HardwareAccess hasn't been instantiated properly.  
  at PAProgramAccess.Impl.UpdatePowerSchemeInformation(PowerScheme powerScheme)
 
Error - 15.10.2012 03:25:12 | Computer Name = wehbook | Source = HP WA Application | ID = 0
Description = System.Exception HardwareAccess hasn't been instantiated properly.  
  at PAProgramAccess.Impl.UpdatePowerSchemeInformation(PowerScheme powerScheme)
 
Error - 23.10.2012 03:44:34 | Computer Name = wehbook | Source = HP WA Application | ID = 0
Description = System.Exception HardwareAccess hasn't been instantiated properly.  
  at PAProgramAccess.Impl.UpdatePowerSchemeInformation(PowerScheme powerScheme)
 
Error - 25.10.2012 10:15:37 | Computer Name = wehbook | Source = HP WA Application | ID = 0
Description = System.Exception HardwareAccess hasn't been instantiated properly.  
  at PAProgramAccess.Impl.UpdatePowerSchemeInformation(PowerScheme powerScheme)
 
Error - 29.10.2012 03:06:30 | Computer Name = wehbook | Source = HP WA Application | ID = 0
Description = HardwareAccess.UnableToConnectException Application.ApplicationStartup;
 failed to create hardware layer Error in the application.    at HardwareAccess.Hardware..ctor(Dispatcher
 dispatcher, ServicePort port, Int32 timeout)     at HardwareAccess.Hardware.Create(Dispatcher
 dispatcher, ServicePort port, Int32 timeout)     at HPWA_Main.App.ApplicationStartup(Object
 sender, StartupEventArgs args)
 
Error - 29.10.2012 03:06:41 | Computer Name = wehbook | Source = HP WA Application | ID = 0
Description = MainWindow.ShowImpl; not initialized, closing application...
 
Error - 05.11.2012 04:55:31 | Computer Name = wehbook | Source = HP WA Application | ID = 0
Description = System.Exception HardwareAccess hasn't been instantiated properly.  
  at PAProgramAccess.Impl.UpdatePowerSchemeInformation(PowerScheme powerScheme)
 
Error - 14.11.2012 05:36:07 | Computer Name = wehbook | Source = HP WA Application | ID = 0
Description = System.Exception HardwareAccess hasn't been instantiated properly.  
  at PAProgramAccess.Impl.UpdatePowerSchemeInformation(PowerScheme powerScheme)
 
[ System Events ]
Error - 14.11.2012 08:43:41 | Computer Name = wehbook | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
 Presentation Foundation Font Cache 3.0.0.0 service to connect.
 
Error - 14.11.2012 08:43:41 | Computer Name = wehbook | Source = Service Control Manager | ID = 7000
Description = The Windows Presentation Foundation Font Cache 3.0.0.0 service failed
 to start due to the following error:   %%1053
 
Error - 14.11.2012 08:43:57 | Computer Name = wehbook | Source = Service Control Manager | ID = 7003
Description = The IKE and AuthIP IPsec Keying Modules service depends the following
 service: BFE. This service might not be installed.
 
Error - 14.11.2012 08:44:05 | Computer Name = wehbook | Source = Service Control Manager | ID = 7003
Description = The IPsec Policy Agent service depends the following service: BFE.
 This service might not be installed.
 
Error - 14.11.2012 08:44:05 | Computer Name = wehbook | Source = Service Control Manager | ID = 7000
Description = The rimspci service failed to start due to the following error:   %%1058
 
Error - 14.11.2012 08:44:05 | Computer Name = wehbook | Source = Service Control Manager | ID = 7000
Description = The risdpcie service failed to start due to the following error:   %%1058
 
Error - 14.11.2012 08:44:05 | Computer Name = wehbook | Source = Service Control Manager | ID = 7000
Description = The rixdpcie service failed to start due to the following error:   %%1058
 
Error - 14.11.2012 08:45:17 | Computer Name = wehbook | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the HP
 Power Assistant Service service to connect.
 
Error - 14.11.2012 08:45:17 | Computer Name = wehbook | Source = Service Control Manager | ID = 7000
Description = The HP Power Assistant Service service failed to start due to the 
following error:   %%1053
 
Error - 14.11.2012 08:47:31 | Computer Name = wehbook | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.
 
 
< End of report >

aswMBR:

Code:

ATTFilter

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-14 14:18:30
-----------------------------
14:18:30.453    OS Version: Windows x64 6.1.7601 Service Pack 1
14:18:30.453    Number of processors: 4 586 0x2505
14:18:30.453    ComputerName: WEHBOOK  UserName: weh
14:18:32.497    Initialize success
14:21:05.646    AVAST engine defs: 12111400
14:22:17.609    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:22:17.609    Disk 0 Vendor: WDC_WD32 12.0 Size: 305245MB BusType: 3
14:22:17.656    Disk 0 MBR read successfully
14:22:17.656    Disk 0 MBR scan
14:22:17.687    Disk 0 Windows 7 default MBR code
14:22:17.703    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          300 MB offset 2048
14:22:17.718    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       287533 MB offset 616448
14:22:17.750    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        15360 MB offset 589484032
14:22:17.765    Disk 0 Partition 4 00     0C    FAT32 LBA MSDOS5.0     2043 MB offset 620941312
14:22:17.843    Disk 0 scanning C:\windows\system32\drivers
14:22:40.323    Service scanning
14:23:20.337    Modules scanning
14:23:20.353    Disk 0 trace - called modules:
14:23:20.883    ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys ACPI.sys iaStor.sys hal.dll 
14:23:20.883    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800587a060]
14:23:20.899    3 CLASSPNP.SYS[fffff880010ff43f] -> nt!IofCallDriver -> [0xfffffa8004fb29d0]
14:23:20.899    5 hpdskflt.sys[fffff88001e15189] -> nt!IofCallDriver -> [0xfffffa8004a7ee40]
14:23:20.914    7 ACPI.sys[fffff88000fb27a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004a7d050]
14:23:22.755    AVAST engine scan C:\windows
14:23:33.004    AVAST engine scan C:\windows\system32
14:28:34.835    AVAST engine scan C:\windows\system32\drivers
14:29:06.503    AVAST engine scan C:\Users\weh
16:08:00.496    AVAST engine scan C:\ProgramData
16:15:16.129    Scan finished successfully
16:15:49.138    Disk 0 MBR has been saved successfully to "C:\Users\weh\Desktop\Trojan\Tools\MBR.dat"
16:15:49.232    The log file has been saved successfully to "C:\Users\weh\Desktop\Trojan\Tools\aswMBR.txt"

weh · 14.11.2012, 16:36

TDSSKiller:

Code:

ATTFilter

16:18:46.0822 6388  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
16:18:47.0071 6388  ============================================================
16:18:47.0071 6388  Current date / time: 2012/11/14 16:18:47.0071
16:18:47.0071 6388  SystemInfo:
16:18:47.0071 6388  
16:18:47.0071 6388  OS Version: 6.1.7601 ServicePack: 1.0
16:18:47.0071 6388  Product type: Workstation
16:18:47.0071 6388  ComputerName: WEHBOOK
16:18:47.0071 6388  UserName: weh
16:18:47.0071 6388  Windows directory: C:\windows
16:18:47.0071 6388  System windows directory: C:\windows
16:18:47.0071 6388  Running under WOW64
16:18:47.0071 6388  Processor architecture: Intel x64
16:18:47.0071 6388  Number of processors: 4
16:18:47.0071 6388  Page size: 0x1000
16:18:47.0071 6388  Boot type: Normal boot
16:18:47.0071 6388  ============================================================
16:18:47.0805 6388  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:18:47.0805 6388  ============================================================
16:18:47.0805 6388  \Device\Harddisk0\DR0:
16:18:47.0820 6388  MBR partitions:
16:18:47.0820 6388  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x96000
16:18:47.0820 6388  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x96800, BlocksNum 0x23196800
16:18:47.0820 6388  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x2322D000, BlocksNum 0x1E00000
16:18:47.0820 6388  \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x2502D000, BlocksNum 0x3FD800
16:18:47.0820 6388  ============================================================
16:18:48.0085 6388  C: <-> \Device\Harddisk0\DR0\Partition2
16:18:48.0101 6388  F: <-> \Device\Harddisk0\DR0\Partition4
16:18:48.0132 6388  ============================================================
16:18:48.0132 6388  Initialize success
16:18:48.0132 6388  ============================================================
16:19:10.0300 7496  ============================================================
16:19:10.0300 7496  Scan started
16:19:10.0300 7496  Mode: Manual; 
16:19:10.0300 7496  ============================================================
16:19:11.0626 7496  ================ Scan system memory ========================
16:19:11.0626 7496  System memory - ok
16:19:11.0626 7496  ================ Scan services =============================
16:19:11.0782 7496  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\windows\system32\drivers\1394ohci.sys
16:19:11.0797 7496  1394ohci - ok
16:19:11.0844 7496  [ 5C368F4B04ED2A923E6AFCA2D37BAFF5 ] Accelerometer   C:\windows\system32\DRIVERS\Accelerometer.sys
16:19:11.0844 7496  Accelerometer - ok
16:19:11.0907 7496  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\windows\system32\drivers\ACPI.sys
16:19:11.0922 7496  ACPI - ok
16:19:11.0969 7496  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\windows\system32\drivers\acpipmi.sys
16:19:11.0969 7496  AcpiPmi - ok
16:19:12.0125 7496  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
16:19:12.0125 7496  AdobeARMservice - ok
16:19:12.0265 7496  [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
16:19:12.0281 7496  AdobeFlashPlayerUpdateSvc - ok
16:19:12.0312 7496  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\windows\system32\DRIVERS\adp94xx.sys
16:19:12.0328 7496  adp94xx - ok
16:19:12.0343 7496  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\windows\system32\DRIVERS\adpahci.sys
16:19:12.0343 7496  adpahci - ok
16:19:12.0359 7496  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\windows\system32\DRIVERS\adpu320.sys
16:19:12.0375 7496  adpu320 - ok
16:19:12.0390 7496  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\windows\System32\aelupsvc.dll
16:19:12.0390 7496  AeLookupSvc - ok
16:19:12.0499 7496  [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters     C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\AESTSr64.exe
16:19:12.0499 7496  AESTFilters - ok
16:19:12.0562 7496  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\windows\system32\drivers\afd.sys
16:19:12.0577 7496  AFD - ok
16:19:12.0624 7496  [ B65F8DBA54F251906BBE8611B5A0E7AB ] AgereModemAudio C:\Program Files\LSI SoftModem\agr64svc.exe
16:19:12.0624 7496  AgereModemAudio - ok
16:19:12.0655 7496  [ C98356D813B581E9C425B42A5D146CE0 ] AgereSoftModem  C:\windows\system32\DRIVERS\agrsm64.sys
16:19:12.0702 7496  AgereSoftModem - ok
16:19:12.0765 7496  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\windows\system32\drivers\agp440.sys
16:19:12.0780 7496  agp440 - ok
16:19:12.0796 7496  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\windows\System32\alg.exe
16:19:12.0796 7496  ALG - ok
16:19:12.0843 7496  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\windows\system32\drivers\aliide.sys
16:19:12.0843 7496  aliide - ok
16:19:12.0843 7496  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\windows\system32\drivers\amdide.sys
16:19:12.0858 7496  amdide - ok
16:19:12.0874 7496  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\windows\system32\DRIVERS\amdk8.sys
16:19:12.0874 7496  AmdK8 - ok
16:19:12.0889 7496  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\windows\system32\DRIVERS\amdppm.sys
16:19:12.0889 7496  AmdPPM - ok
16:19:12.0936 7496  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\windows\system32\drivers\amdsata.sys
16:19:12.0952 7496  amdsata - ok
16:19:12.0967 7496  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\windows\system32\DRIVERS\amdsbs.sys
16:19:12.0967 7496  amdsbs - ok
16:19:12.0983 7496  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\windows\system32\drivers\amdxata.sys
16:19:12.0983 7496  amdxata - ok
16:19:13.0123 7496  [ A36080FC8897BC999B8F11C49F133D4A ] AntiVirMailService C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
16:19:13.0123 7496  AntiVirMailService - ok
16:19:13.0186 7496  [ 7362692A8F1FC327FEBDF61D7082651B ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
16:19:13.0186 7496  AntiVirSchedulerService - ok
16:19:13.0248 7496  [ 73D5ADCB0061240D28F456E577F0250B ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
16:19:13.0248 7496  AntiVirService - ok
16:19:13.0311 7496  [ E08C46635FB2ADB96777D00808D71BEE ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
16:19:13.0311 7496  AntiVirWebService - ok
16:19:13.0404 7496  [ F372F62DA5BCBA0E45AFB19BACC58C67 ] Apache CouchDB01cbce7481a03700 C:\Software\ApacheSoftwareFoundation\CouchDB\erts-5.8\bin\erlsrv.exe
16:19:13.0435 7496  Apache CouchDB01cbce7481a03700 - ok
16:19:13.0529 7496  [ 53EA061ECC67223A430F153C3682AD54 ] Apache2.2       C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe
16:19:13.0529 7496  Apache2.2 - ok
16:19:13.0591 7496  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\windows\system32\drivers\appid.sys
16:19:13.0591 7496  AppID - ok
16:19:13.0607 7496  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\windows\System32\appidsvc.dll
16:19:13.0623 7496  AppIDSvc - ok
16:19:13.0669 7496  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\windows\System32\appinfo.dll
16:19:13.0669 7496  Appinfo - ok
16:19:13.0701 7496  [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt         C:\windows\System32\appmgmts.dll
16:19:13.0701 7496  AppMgmt - ok
16:19:13.0716 7496  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\windows\system32\DRIVERS\arc.sys
16:19:13.0732 7496  arc - ok
16:19:13.0732 7496  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\windows\system32\DRIVERS\arcsas.sys
16:19:13.0747 7496  arcsas - ok
16:19:13.0872 7496  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
16:19:13.0919 7496  aspnet_state - ok
16:19:13.0966 7496  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\windows\system32\DRIVERS\asyncmac.sys
16:19:13.0966 7496  AsyncMac - ok
16:19:14.0013 7496  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\windows\system32\drivers\atapi.sys
16:19:14.0013 7496  atapi - ok
16:19:14.0091 7496  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
16:19:14.0106 7496  AudioEndpointBuilder - ok
16:19:14.0122 7496  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\windows\System32\Audiosrv.dll
16:19:14.0122 7496  AudioSrv - ok
16:19:14.0215 7496  [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt        C:\windows\system32\DRIVERS\avgntflt.sys
16:19:14.0215 7496  avgntflt - ok
16:19:14.0278 7496  [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb          C:\windows\system32\DRIVERS\avipbb.sys
16:19:14.0278 7496  avipbb - ok
16:19:14.0340 7496  [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr          C:\windows\system32\DRIVERS\avkmgr.sys
16:19:14.0340 7496  avkmgr - ok
16:19:14.0403 7496  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\windows\System32\AxInstSV.dll
16:19:14.0403 7496  AxInstSV - ok
16:19:14.0449 7496  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\windows\system32\DRIVERS\bxvbda.sys
16:19:14.0449 7496  b06bdrv - ok
16:19:14.0496 7496  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\windows\system32\DRIVERS\b57nd60a.sys
16:19:14.0512 7496  b57nd60a - ok
16:19:14.0574 7496  [ 326E77EA6E9BF27C7CD2837D65DB96C7 ] BazisVirtualCDBus C:\windows\system32\DRIVERS\BazisVirtualCDBus.sys
16:19:14.0574 7496  BazisVirtualCDBus - ok
16:19:14.0605 7496  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\windows\System32\bdesvc.dll
16:19:14.0605 7496  BDESVC - ok
16:19:14.0637 7496  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\windows\system32\drivers\Beep.sys
16:19:14.0637 7496  Beep - ok
16:19:14.0699 7496  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\windows\System32\qmgr.dll
16:19:14.0730 7496  BITS - ok
16:19:14.0761 7496  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\windows\system32\DRIVERS\blbdrive.sys
16:19:14.0761 7496  blbdrive - ok
16:19:14.0824 7496  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
16:19:14.0824 7496  Bonjour Service - ok
16:19:14.0886 7496  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\windows\system32\DRIVERS\bowser.sys
16:19:14.0886 7496  bowser - ok
16:19:14.0902 7496  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\windows\system32\DRIVERS\BrFiltLo.sys
16:19:14.0902 7496  BrFiltLo - ok
16:19:14.0917 7496  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\windows\system32\DRIVERS\BrFiltUp.sys
16:19:14.0917 7496  BrFiltUp - ok
16:19:14.0964 7496  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\windows\System32\browser.dll
16:19:14.0964 7496  Browser - ok
16:19:14.0995 7496  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\windows\System32\Drivers\Brserid.sys
16:19:14.0995 7496  Brserid - ok
16:19:15.0011 7496  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\windows\System32\Drivers\BrSerWdm.sys
16:19:15.0011 7496  BrSerWdm - ok
16:19:15.0011 7496  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\windows\System32\Drivers\BrUsbMdm.sys
16:19:15.0011 7496  BrUsbMdm - ok
16:19:15.0027 7496  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\windows\System32\Drivers\BrUsbSer.sys
16:19:15.0027 7496  BrUsbSer - ok
16:19:15.0042 7496  BTCFilterService - ok
16:19:15.0105 7496  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\windows\system32\drivers\BthEnum.sys
16:19:15.0105 7496  BthEnum - ok
16:19:15.0120 7496  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\windows\system32\DRIVERS\bthmodem.sys
16:19:15.0120 7496  BTHMODEM - ok
16:19:15.0136 7496  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\windows\system32\DRIVERS\bthpan.sys
16:19:15.0136 7496  BthPan - ok
16:19:15.0151 7496  [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT         C:\windows\System32\Drivers\BTHport.sys
16:19:15.0167 7496  BTHPORT - ok
16:19:15.0245 7496  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\windows\system32\bthserv.dll
16:19:15.0245 7496  bthserv - ok
16:19:15.0261 7496  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\windows\System32\Drivers\BTHUSB.sys
16:19:15.0261 7496  BTHUSB - ok
16:19:15.0307 7496  [ 4BDBDB86ABBA924E029FB2683BE7C505 ] btwaudio        C:\windows\system32\drivers\btwaudio.sys
16:19:15.0307 7496  btwaudio - ok
16:19:15.0323 7496  [ 5C849BD7C78791C5CEE9F4651D7FE38D ] btwavdt         C:\windows\system32\DRIVERS\btwavdt.sys
16:19:15.0323 7496  btwavdt - ok
16:19:15.0385 7496  [ 31DA517946FFE416442E864592548F8A ] btwdins         C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
16:19:15.0417 7496  btwdins - ok
16:19:15.0463 7496  [ 6149301DC3F81D6F9667A3FBAC410975 ] btwl2cap        C:\windows\system32\DRIVERS\btwl2cap.sys
16:19:15.0463 7496  btwl2cap - ok
16:19:15.0463 7496  [ 3E1991AFA851A36DC978B0A1B0535C8B ] btwrchid        C:\windows\system32\DRIVERS\btwrchid.sys
16:19:15.0463 7496  btwrchid - ok
16:19:15.0573 7496  [ 2EBDA2518298421C8D1FD8252F47191F ] CableAssociation C:\Program Files (x86)\devolo Vianect AIR Manager\Components\Association\CableAssociation.exe
16:19:15.0604 7496  CableAssociation - ok
16:19:15.0666 7496  [ 6E1641724439E18CE55ADEE2D347AA19 ] CamDrL64        C:\windows\system32\DRIVERS\CamDrL64.sys
16:19:15.0697 7496  CamDrL64 - ok
16:19:15.0729 7496  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\windows\system32\DRIVERS\cdfs.sys
16:19:15.0729 7496  cdfs - ok
16:19:15.0791 7496  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\windows\system32\DRIVERS\cdrom.sys
16:19:15.0791 7496  cdrom - ok
16:19:15.0838 7496  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\windows\System32\certprop.dll
16:19:15.0838 7496  CertPropSvc - ok
16:19:15.0869 7496  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\windows\system32\DRIVERS\circlass.sys
16:19:15.0869 7496  circlass - ok
16:19:15.0916 7496  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\windows\system32\CLFS.sys
16:19:15.0916 7496  CLFS - ok
16:19:15.0978 7496  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:19:15.0978 7496  clr_optimization_v2.0.50727_32 - ok
16:19:16.0009 7496  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:19:16.0009 7496  clr_optimization_v2.0.50727_64 - ok
16:19:16.0087 7496  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:19:16.0165 7496  clr_optimization_v4.0.30319_32 - ok
16:19:16.0181 7496  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:19:16.0197 7496  clr_optimization_v4.0.30319_64 - ok
16:19:16.0212 7496  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\windows\system32\DRIVERS\CmBatt.sys
16:19:16.0212 7496  CmBatt - ok
16:19:16.0228 7496  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\windows\system32\drivers\cmdide.sys
16:19:16.0228 7496  cmdide - ok
16:19:16.0275 7496  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\windows\system32\Drivers\cng.sys
16:19:16.0290 7496  CNG - ok
16:19:16.0384 7496  [ F9A79C5B27037821112C50A9C8FB367A ] Com4QLBEx       C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
16:19:16.0384 7496  Com4QLBEx - ok
16:19:16.0399 7496  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\windows\system32\DRIVERS\compbatt.sys
16:19:16.0399 7496  Compbatt - ok
16:19:16.0446 7496  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\windows\system32\drivers\CompositeBus.sys
16:19:16.0446 7496  CompositeBus - ok
16:19:16.0462 7496  COMSysApp - ok
16:19:16.0477 7496  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\windows\system32\DRIVERS\crcdisk.sys
16:19:16.0477 7496  crcdisk - ok
16:19:16.0540 7496  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\windows\system32\cryptsvc.dll
16:19:16.0540 7496  CryptSvc - ok
16:19:16.0602 7496  [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC             C:\windows\system32\drivers\csc.sys
16:19:16.0618 7496  CSC - ok
16:19:16.0680 7496  [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService      C:\windows\System32\cscsvc.dll
16:19:16.0696 7496  CscService - ok
16:19:16.0758 7496  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\windows\system32\rpcss.dll
16:19:16.0774 7496  DcomLaunch - ok
16:19:16.0852 7496  [ 2A3D10142495C67B889E3E3FC1222531 ] DEBridge        c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe
16:19:16.0867 7496  DEBridge - ok
16:19:16.0899 7496  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\windows\System32\defragsvc.dll
16:19:16.0914 7496  defragsvc - ok
16:19:16.0961 7496  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\windows\system32\Drivers\dfsc.sys
16:19:16.0961 7496  DfsC - ok
16:19:17.0023 7496  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\windows\system32\dhcpcore.dll
16:19:17.0023 7496  Dhcp - ok
16:19:17.0055 7496  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\windows\system32\drivers\discache.sys
16:19:17.0055 7496  discache - ok
16:19:17.0086 7496  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\windows\system32\DRIVERS\disk.sys
16:19:17.0086 7496  Disk - ok
16:19:17.0320 7496  [ 030BCD5D1D2E5B7C0272C05C5BE801A4 ] DisplayLinkService C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
16:19:17.0507 7496  DisplayLinkService - ok
16:19:17.0538 7496  [ CDE8B5BD143F5717B359801D49CFF706 ] DisplayLinkUsbPort C:\windows\system32\DRIVERS\DisplayLinkUsbPort_6.1.32700.0.sys
16:19:17.0554 7496  DisplayLinkUsbPort - ok
16:19:17.0569 7496  [ B32C082B4BD254BFA2441F357636BC3A ] DLCopyFilter    C:\windows\system32\Drivers\wsr_tbf.sys
16:19:17.0569 7496  DLCopyFilter - ok
16:19:17.0647 7496  [ CB511952D9A01F4562379C02A3127050 ] dlkmd           C:\windows\system32\drivers\dlkmd.sys
16:19:17.0647 7496  dlkmd - ok
16:19:17.0663 7496  [ F7554760301705D99DF3B294B6F51661 ] dlkmdldr        C:\windows\system32\drivers\dlkmdldr.sys
16:19:17.0663 7496  dlkmdldr - ok
16:19:17.0710 7496  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\windows\System32\dnsrslvr.dll
16:19:17.0710 7496  Dnscache - ok
16:19:17.0788 7496  [ DE1FBD2F3A48FCC59B0ACD534DF74052 ] domain1         C:\Program Files\GlassFish\EnterpriseServer 3.0\glassfish\domains\domain1\bin\domain1Service.exe
16:19:17.0788 7496  domain1 - ok
16:19:17.0835 7496  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\windows\System32\dot3svc.dll
16:19:17.0835 7496  dot3svc - ok
16:19:17.0897 7496  [ EF8004B4A9552C77FD0E99AB08841D13 ] DpHost          c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
16:19:17.0913 7496  DpHost - ok
16:19:17.0959 7496  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\windows\system32\dps.dll
16:19:17.0959 7496  DPS - ok
16:19:17.0991 7496  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\windows\system32\drivers\drmkaud.sys
16:19:18.0006 7496  drmkaud - ok
16:19:18.0053 7496  [ C2FB12B47BDE6D2F4B0368E446593E36 ] DWA             C:\windows\system32\DRIVERS\WSR_DWA.SYS
16:19:18.0069 7496  DWA - ok
16:19:18.0131 7496  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\windows\System32\drivers\dxgkrnl.sys
16:19:18.0162 7496  DXGKrnl - ok
16:19:18.0225 7496  [ 324FCD2DD8A4229DDEF3CC954FF12FA5 ] e1kexpress      C:\windows\system32\DRIVERS\e1k62x64.sys
16:19:18.0240 7496  e1kexpress - ok
16:19:18.0271 7496  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\windows\System32\eapsvc.dll
16:19:18.0287 7496  EapHost - ok
16:19:18.0349 7496  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\windows\system32\DRIVERS\evbda.sys
16:19:18.0427 7496  ebdrv - ok
16:19:18.0474 7496  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\windows\System32\lsass.exe
16:19:18.0474 7496  EFS - ok
16:19:18.0537 7496  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\windows\ehome\ehRecvr.exe
16:19:18.0552 7496  ehRecvr - ok
16:19:18.0583 7496  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\windows\ehome\ehsched.exe
16:19:18.0583 7496  ehSched - ok
16:19:18.0615 7496  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\windows\system32\DRIVERS\elxstor.sys
16:19:18.0630 7496  elxstor - ok
16:19:18.0677 7496  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\windows\system32\drivers\errdev.sys
16:19:18.0677 7496  ErrDev - ok
16:19:18.0708 7496  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\windows\system32\es.dll
16:19:18.0724 7496  EventSystem - ok
16:19:18.0864 7496  [ 1DB6BEC3D57C289F0107D7A34D5EF8F9 ] EvtEng          C:\Program Files\Intel\WiFi\bin\EvtEng.exe
16:19:18.0911 7496  EvtEng - ok
16:19:18.0927 7496  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\windows\system32\drivers\exfat.sys
16:19:18.0942 7496  exfat - ok
16:19:18.0958 7496  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\windows\system32\drivers\fastfat.sys
16:19:18.0958 7496  fastfat - ok
16:19:19.0020 7496  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\windows\system32\fxssvc.exe
16:19:19.0036 7496  Fax - ok
16:19:19.0067 7496  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\windows\system32\DRIVERS\fdc.sys
16:19:19.0067 7496  fdc - ok
16:19:19.0083 7496  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\windows\system32\fdPHost.dll
16:19:19.0083 7496  fdPHost - ok
16:19:19.0098 7496  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\windows\system32\fdrespub.dll
16:19:19.0098 7496  FDResPub - ok
16:19:19.0114 7496  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\windows\system32\drivers\fileinfo.sys
16:19:19.0114 7496  FileInfo - ok
16:19:19.0114 7496  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\windows\system32\drivers\filetrace.sys
16:19:19.0114 7496  Filetrace - ok
16:19:19.0145 7496  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\windows\system32\DRIVERS\flpydisk.sys
16:19:19.0145 7496  flpydisk - ok
16:19:19.0192 7496  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\windows\system32\drivers\fltmgr.sys
16:19:19.0207 7496  FltMgr - ok
16:19:19.0285 7496  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\windows\system32\FntCache.dll
16:19:19.0317 7496  FontCache - ok
16:19:19.0395 7496  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:19:19.0395 7496  FontCache3.0.0.0 - ok
16:19:19.0410 7496  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\windows\system32\drivers\FsDepends.sys
16:19:19.0426 7496  FsDepends - ok
16:19:19.0473 7496  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\windows\system32\drivers\Fs_Rec.sys
16:19:19.0473 7496  Fs_Rec - ok
16:19:19.0535 7496  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\windows\system32\DRIVERS\fvevol.sys
16:19:19.0535 7496  fvevol - ok
16:19:19.0566 7496  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\windows\system32\DRIVERS\gagp30kx.sys
16:19:19.0566 7496  gagp30kx - ok
16:19:19.0629 7496  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\windows\system32\DRIVERS\GEARAspiWDM.sys
16:19:19.0629 7496  GEARAspiWDM - ok
16:19:19.0691 7496  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\windows\System32\gpsvc.dll
16:19:19.0722 7496  gpsvc - ok
16:19:19.0816 7496  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:19:19.0816 7496  gupdate - ok
16:19:19.0831 7496  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:19:19.0831 7496  gupdatem - ok
16:19:19.0863 7496  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\windows\system32\drivers\hcw85cir.sys
16:19:19.0863 7496  hcw85cir - ok
16:19:19.0925 7496  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
16:19:19.0925 7496  HdAudAddService - ok
16:19:19.0956 7496  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\windows\system32\drivers\HDAudBus.sys
16:19:19.0956 7496  HDAudBus - ok
16:19:19.0972 7496  [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64         C:\windows\system32\DRIVERS\HECIx64.sys
16:19:19.0972 7496  HECIx64 - ok
16:19:19.0987 7496  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\windows\system32\DRIVERS\HidBatt.sys
16:19:19.0987 7496  HidBatt - ok
16:19:20.0003 7496  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\windows\system32\DRIVERS\hidbth.sys
16:19:20.0019 7496  HidBth - ok
16:19:20.0019 7496  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\windows\system32\DRIVERS\hidir.sys
16:19:20.0019 7496  HidIr - ok
16:19:20.0050 7496  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\windows\system32\hidserv.dll
16:19:20.0050 7496  hidserv - ok
16:19:20.0112 7496  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\windows\system32\DRIVERS\hidusb.sys
16:19:20.0112 7496  HidUsb - ok
16:19:20.0159 7496  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\windows\system32\kmsvc.dll
16:19:20.0159 7496  hkmsvc - ok
16:19:20.0206 7496  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
16:19:20.0206 7496  HomeGroupListener - ok
16:19:20.0268 7496  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
16:19:20.0268 7496  HomeGroupProvider - ok
16:19:20.0299 7496  [ 96D214228969DDB213EF81951E89F699 ] HP Power Assistant Service C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
16:19:20.0299 7496  HP Power Assistant Service - ok
16:19:20.0346 7496  [ AE2A8C80205F06BE5EDC63BE0AE9A756 ] HP ProtectTools Service c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
16:19:20.0346 7496  HP ProtectTools Service - ok
16:19:20.0424 7496  [ 13BB1114451C63BFB41BA7DAA4D70A29 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
16:19:20.0424 7496  HP Support Assistant Service - ok
16:19:20.0455 7496  [ 45C20CEAA37A497AE187D94AFE94DEB8 ] HP Wireless Assistant Service C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
16:19:20.0471 7496  HP Wireless Assistant Service - ok
16:19:20.0518 7496  [ BCC4A8B2E2E902F52E7F2E7D8E125765 ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
16:19:20.0518 7496  HPDrvMntSvc.exe - ok
16:19:20.0549 7496  [ 4E0BEC0F78096FFD6D3314B497FC49D3 ] hpdskflt        C:\windows\system32\DRIVERS\hpdskflt.sys
16:19:20.0549 7496  hpdskflt - ok
16:19:20.0565 7496  [ D36D1B821ED5C5C2D540C6D0802A3476 ] HpFkCryptService c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
16:19:20.0580 7496  HpFkCryptService - ok
16:19:20.0721 7496  [ F50F7984FDD151EDD8A70A8DBD9E2A44 ] hpqcxs08        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
16:19:20.0721 7496  hpqcxs08 - ok
16:19:20.0736 7496  [ DF446BA625CC441617843E87798CE048 ] hpqddsvc        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
16:19:20.0736 7496  hpqddsvc - ok
16:19:20.0767 7496  [ 9AF482D058BE59CC28BCE52E7C4B747C ] HpqKbFiltr      C:\windows\system32\DRIVERS\HpqKbFiltr.sys
16:19:20.0767 7496  HpqKbFiltr - ok
16:19:20.0830 7496  [ EC9739A46F1F83C6E52A7A4697F44A65 ] hpqwmiex        C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
16:19:20.0861 7496  hpqwmiex - ok
16:19:20.0923 7496  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\windows\system32\drivers\HpSAMD.sys
16:19:20.0923 7496  HpSAMD - ok
16:19:20.0970 7496  [ FC7C13B5A9E9BE23B7AE72BBC7FDB278 ] hpsrv           C:\windows\system32\Hpservice.exe
16:19:20.0970 7496  hpsrv - ok
16:19:21.0033 7496  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\windows\system32\drivers\HTTP.sys
16:19:21.0064 7496  HTTP - ok
16:19:21.0111 7496  [ 694D891E248182DFA80F610E690ACF50 ] hwa             C:\windows\system32\DRIVERS\WSR_HWA.SYS
16:19:21.0126 7496  hwa - ok
16:19:21.0204 7496  [ 16F164F1E11370CBF854A8D2576925B5 ] HWARadio        C:\windows\system32\DRIVERS\WSR_RCI.SYS
16:19:21.0204 7496  HWARadio - ok
16:19:21.0251 7496  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\windows\system32\drivers\hwpolicy.sys
16:19:21.0251 7496  hwpolicy - ok
16:19:21.0298 7496  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\windows\system32\drivers\i8042prt.sys
16:19:21.0298 7496  i8042prt - ok
16:19:21.0376 7496  [ 593EF9F904C8497F6D794DC6FCC59DCA ] IAANTMON        C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
16:19:21.0376 7496  IAANTMON - ok
16:19:21.0423 7496  [ C50107C730C9A955F6FD7376733F2D68 ] iaStor          C:\windows\system32\DRIVERS\iaStor.sys
16:19:21.0423 7496  iaStor - ok
16:19:21.0485 7496  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\windows\system32\drivers\iaStorV.sys
16:19:21.0485 7496  iaStorV - ok
16:19:21.0563 7496  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:19:21.0594 7496  idsvc - ok
16:19:21.0610 7496  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\windows\system32\DRIVERS\iirsp.sys
16:19:21.0610 7496  iirsp - ok
16:19:21.0688 7496  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\windows\System32\ikeext.dll
16:19:21.0719 7496  IKEEXT - ok
16:19:21.0750 7496  [ 36FDF367A1DABFF903E2214023D71368 ] Impcd           C:\windows\system32\DRIVERS\Impcd.sys
16:19:21.0766 7496  Impcd - ok
16:19:21.0813 7496  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\windows\system32\drivers\intelide.sys
16:19:21.0813 7496  intelide - ok
16:19:21.0844 7496  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\windows\system32\DRIVERS\intelppm.sys
16:19:21.0844 7496  intelppm - ok
16:19:21.0875 7496  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\windows\system32\ipbusenum.dll
16:19:21.0891 7496  IPBusEnum - ok
16:19:21.0922 7496  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\windows\system32\DRIVERS\ipfltdrv.sys
16:19:21.0922 7496  IpFilterDriver - ok
16:19:21.0984 7496  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\windows\system32\drivers\IPMIDrv.sys
16:19:21.0984 7496  IPMIDRV - ok
16:19:22.0015 7496  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\windows\system32\drivers\ipnat.sys
16:19:22.0015 7496  IPNAT - ok
16:19:22.0109 7496  [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
16:19:22.0140 7496  iPod Service - ok
16:19:22.0156 7496  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\windows\system32\drivers\irenum.sys
16:19:22.0156 7496  IRENUM - ok
16:19:22.0203 7496  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\windows\system32\drivers\isapnp.sys
16:19:22.0203 7496  isapnp - ok
16:19:22.0249 7496  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\windows\system32\drivers\msiscsi.sys
16:19:22.0265 7496  iScsiPrt - ok
16:19:22.0327 7496  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\windows\system32\DRIVERS\kbdclass.sys
16:19:22.0327 7496  kbdclass - ok
16:19:22.0374 7496  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\windows\system32\DRIVERS\kbdhid.sys
16:19:22.0390 7496  kbdhid - ok
16:19:22.0390 7496  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\windows\system32\lsass.exe
16:19:22.0405 7496  KeyIso - ok
16:19:22.0405 7496  kqemu - ok
16:19:22.0468 7496  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\windows\system32\Drivers\ksecdd.sys
16:19:22.0468 7496  KSecDD - ok
16:19:22.0515 7496  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\windows\system32\Drivers\ksecpkg.sys
16:19:22.0515 7496  KSecPkg - ok
16:19:22.0530 7496  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\windows\system32\drivers\ksthunk.sys
16:19:22.0530 7496  ksthunk - ok
16:19:22.0561 7496  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\windows\system32\msdtckrm.dll
16:19:22.0577 7496  KtmRm - ok
16:19:22.0686 7496  [ 23F6976ECFD922932742D5101252A842 ] ktupdaterservice C:\Program Files (x86)\Kerio\UpdaterService\ktupdaterservice.exe
16:19:22.0702 7496  ktupdaterservice - ok
16:19:22.0764 7496  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\windows\system32\srvsvc.dll
16:19:22.0764 7496  LanmanServer - ok
16:19:22.0811 7496  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
16:19:22.0811 7496  LanmanWorkstation - ok
16:19:22.0951 7496  [ 4ADC135F525D38A498F83B089228CC2D ] LBTServ         C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
16:19:22.0951 7496  LBTServ - ok
16:19:22.0983 7496  [ 00BA093A3F316D43A4C3E098A96AE912 ] LEqdUsb         C:\windows\system32\DRIVERS\LEqdUsb.Sys
16:19:22.0983 7496  LEqdUsb - ok
16:19:23.0014 7496  [ 3067CFAD2BAA4A208130CD0AFB130BC9 ] LHidEqd         C:\windows\system32\DRIVERS\LHidEqd.Sys
16:19:23.0014 7496  LHidEqd - ok
16:19:23.0061 7496  [ 24E09882BA51B9830AE029888A3AAF18 ] LHidFilt        C:\windows\system32\DRIVERS\LHidFilt.Sys
16:19:23.0061 7496  LHidFilt - ok
16:19:23.0092 7496  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\windows\system32\DRIVERS\lltdio.sys
16:19:23.0092 7496  lltdio - ok
16:19:23.0123 7496  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\windows\System32\lltdsvc.dll
16:19:23.0139 7496  lltdsvc - ok
16:19:23.0139 7496  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\windows\System32\lmhsvc.dll
16:19:23.0139 7496  lmhosts - ok
16:19:23.0170 7496  [ 2F94325D8C10E2B715F3D753C2422AAC ] LMouFilt        C:\windows\system32\DRIVERS\LMouFilt.Sys
16:19:23.0170 7496  LMouFilt - ok
16:19:23.0232 7496  [ 17A9C5FFA241AAAB275EE5CACEF77686 ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
16:19:23.0232 7496  LMS - ok
16:19:23.0263 7496  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\windows\system32\DRIVERS\lsi_fc.sys
16:19:23.0263 7496  LSI_FC - ok
16:19:23.0295 7496  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\windows\system32\DRIVERS\lsi_sas.sys
16:19:23.0295 7496  LSI_SAS - ok
16:19:23.0295 7496  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\windows\system32\DRIVERS\lsi_sas2.sys
16:19:23.0310 7496  LSI_SAS2 - ok
16:19:23.0326 7496  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\windows\system32\DRIVERS\lsi_scsi.sys
16:19:23.0326 7496  LSI_SCSI - ok
16:19:23.0341 7496  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\windows\system32\drivers\luafv.sys
16:19:23.0341 7496  luafv - ok
16:19:23.0357 7496  [ 9761370FFB533CF6E4A7176F4BAA3BA9 ] LVUSBS64        C:\windows\system32\drivers\LVUSBS64.sys
16:19:23.0357 7496  LVUSBS64 - ok
16:19:23.0404 7496  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\windows\system32\Mcx2Svc.dll
16:19:23.0419 7496  Mcx2Svc - ok
16:19:23.0435 7496  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\windows\system32\DRIVERS\megasas.sys
16:19:23.0435 7496  megasas - ok
16:19:23.0451 7496  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\windows\system32\DRIVERS\MegaSR.sys
16:19:23.0451 7496  MegaSR - ok
16:19:23.0513 7496  Microsoft SharePoint Workspace Audit Service - ok
16:19:23.0560 7496  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\windows\system32\mmcss.dll
16:19:23.0560 7496  MMCSS - ok
16:19:23.0575 7496  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\windows\system32\drivers\modem.sys
16:19:23.0575 7496  Modem - ok
16:19:23.0622 7496  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\windows\system32\DRIVERS\monitor.sys
16:19:23.0622 7496  monitor - ok
16:19:23.0638 7496  motccgp - ok
16:19:23.0638 7496  motccgpfl - ok
16:19:23.0669 7496  MotDev - ok
16:19:23.0669 7496  motmodem - ok
16:19:23.0685 7496  MotoSwitchService - ok
16:19:23.0685 7496  Motousbnet - ok
16:19:23.0700 7496  motusbdevice - ok
16:19:23.0747 7496  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\windows\system32\DRIVERS\mouclass.sys
16:19:23.0747 7496  mouclass - ok
16:19:23.0763 7496  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\windows\system32\DRIVERS\mouhid.sys
16:19:23.0763 7496  mouhid - ok
16:19:23.0825 7496  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\windows\system32\drivers\mountmgr.sys
16:19:23.0825 7496  mountmgr - ok
16:19:23.0887 7496  [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
16:19:23.0903 7496  MozillaMaintenance - ok
16:19:23.0919 7496  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\windows\system32\drivers\mpio.sys
16:19:23.0919 7496  mpio - ok
16:19:23.0934 7496  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\windows\system32\drivers\mpsdrv.sys
16:19:23.0934 7496  mpsdrv - ok
16:19:23.0981 7496  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\windows\system32\drivers\mrxdav.sys
16:19:23.0981 7496  MRxDAV - ok
16:19:24.0028 7496  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\windows\system32\DRIVERS\mrxsmb.sys
16:19:24.0028 7496  mrxsmb - ok
16:19:24.0090 7496  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\windows\system32\DRIVERS\mrxsmb10.sys
16:19:24.0090 7496  mrxsmb10 - ok
16:19:24.0121 7496  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\windows\system32\DRIVERS\mrxsmb20.sys
16:19:24.0121 7496  mrxsmb20 - ok
16:19:24.0168 7496  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\windows\system32\drivers\msahci.sys
16:19:24.0168 7496  msahci - ok
16:19:24.0215 7496  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\windows\system32\drivers\msdsm.sys
16:19:24.0231 7496  msdsm - ok
16:19:24.0262 7496  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\windows\System32\msdtc.exe
16:19:24.0262 7496  MSDTC - ok
16:19:24.0277 7496  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\windows\system32\drivers\Msfs.sys
16:19:24.0277 7496  Msfs - ok
16:19:24.0309 7496  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\windows\System32\drivers\mshidkmdf.sys
16:19:24.0309 7496  mshidkmdf - ok
16:19:24.0355 7496  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\windows\system32\drivers\msisadrv.sys
16:19:24.0355 7496  msisadrv - ok
16:19:24.0371 7496  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\windows\system32\iscsiexe.dll
16:19:24.0387 7496  MSiSCSI - ok
16:19:24.0387 7496  msiserver - ok
16:19:24.0418 7496  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\windows\system32\drivers\MSKSSRV.sys
16:19:24.0418 7496  MSKSSRV - ok
16:19:24.0433 7496  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\windows\system32\drivers\MSPCLOCK.sys
16:19:24.0433 7496  MSPCLOCK - ok
16:19:24.0449 7496  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\windows\system32\drivers\MSPQM.sys
16:19:24.0449 7496  MSPQM - ok
16:19:24.0511 7496  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\windows\system32\drivers\MsRPC.sys
16:19:24.0511 7496  MsRPC - ok
16:19:24.0574 7496  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\windows\system32\drivers\mssmbios.sys
16:19:24.0574 7496  mssmbios - ok
16:19:24.0589 7496  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\windows\system32\drivers\MSTEE.sys
16:19:24.0589 7496  MSTEE - ok
16:19:24.0605 7496  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\windows\system32\DRIVERS\MTConfig.sys
16:19:24.0605 7496  MTConfig - ok
16:19:24.0621 7496  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\windows\system32\Drivers\mup.sys
16:19:24.0621 7496  Mup - ok
16:19:24.0714 7496  MySQL - ok
16:19:24.0761 7496  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\windows\system32\qagentRT.dll
16:19:24.0777 7496  napagent - ok
16:19:24.0808 7496  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\windows\system32\DRIVERS\nwifi.sys
16:19:24.0808 7496  NativeWifiP - ok
16:19:24.0886 7496  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\windows\system32\drivers\ndis.sys
16:19:24.0917 7496  NDIS - ok
16:19:24.0948 7496  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\windows\system32\DRIVERS\ndiscap.sys
16:19:24.0948 7496  NdisCap - ok
16:19:24.0964 7496  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\windows\system32\DRIVERS\ndistapi.sys
16:19:24.0964 7496  NdisTapi - ok
16:19:25.0011 7496  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\windows\system32\DRIVERS\ndisuio.sys
16:19:25.0011 7496  Ndisuio - ok
16:19:25.0057 7496  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\windows\system32\DRIVERS\ndiswan.sys
16:19:25.0073 7496  NdisWan - ok
16:19:25.0120 7496  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\windows\system32\drivers\NDProxy.sys
16:19:25.0120 7496  NDProxy - ok
16:19:25.0167 7496  [ DC6530A291D4BDF6DF399F1F128E7F8F ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
16:19:25.0167 7496  Net Driver HPZ12 - ok
16:19:25.0182 7496  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\windows\system32\DRIVERS\netbios.sys
16:19:25.0182 7496  NetBIOS - ok
16:19:25.0245 7496  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\windows\system32\DRIVERS\netbt.sys
16:19:25.0245 7496  NetBT - ok
16:19:25.0260 7496  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\windows\system32\lsass.exe
16:19:25.0260 7496  Netlogon - ok
16:19:25.0291 7496  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\windows\System32\netman.dll
16:19:25.0307 7496  Netman - ok
16:19:25.0401 7496  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:19:25.0479 7496  NetMsmqActivator - ok
16:19:25.0510 7496  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:19:25.0510 7496  NetPipeActivator - ok
16:19:25.0541 7496  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\windows\System32\netprofm.dll
16:19:25.0557 7496  netprofm - ok
16:19:25.0572 7496  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:19:25.0572 7496  NetTcpActivator - ok
16:19:25.0572 7496  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:19:25.0572 7496  NetTcpPortSharing - ok
16:19:25.0759 7496  [ 39EDE676D17F37AF4573C2B33EC28ACA ] NETw5s64        C:\windows\system32\DRIVERS\NETw5s64.sys
16:19:25.0915 7496  NETw5s64 - ok
16:19:26.0134 7496  [ 5D262402B0634C998F8CBCEAD7DD8676 ] NETwNs64        C:\windows\system32\DRIVERS\NETwNs64.sys
16:19:26.0290 7496  NETwNs64 - ok
16:19:26.0321 7496  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\windows\system32\DRIVERS\nfrd960.sys
16:19:26.0321 7496  nfrd960 - ok
16:19:26.0383 7496  [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc          C:\windows\System32\nlasvc.dll
16:19:26.0399 7496  NlaSvc - ok
16:19:26.0461 7496  [ 351533ACC2A069B94E80BBFC177E8FDF ] NPF             C:\windows\system32\drivers\npf.sys
16:19:26.0461 7496  NPF - ok
16:19:26.0477 7496  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\windows\system32\drivers\Npfs.sys
16:19:26.0493 7496  Npfs - ok
16:19:26.0508 7496  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\windows\system32\nsisvc.dll
16:19:26.0508 7496  nsi - ok
16:19:26.0524 7496  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\windows\system32\drivers\nsiproxy.sys
16:19:26.0524 7496  nsiproxy - ok
16:19:26.0602 7496  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\windows\system32\drivers\Ntfs.sys
16:19:26.0649 7496  Ntfs - ok
16:19:26.0664 7496  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\windows\system32\drivers\Null.sys
16:19:26.0664 7496  Null - ok
16:19:26.0695 7496  [ 785298579B5F9B4032152DFBB992FDB6 ] nusb3hub        C:\windows\system32\DRIVERS\nusb3hub.sys
16:19:26.0695 7496  nusb3hub - ok
16:19:26.0727 7496  [ DF2750481B4964814467C974F2B0EEF1 ] nusb3xhc        C:\windows\system32\DRIVERS\nusb3xhc.sys
16:19:26.0727 7496  nusb3xhc - ok
16:19:26.0773 7496  [ E20ABD5B229760158F753CA90B97E090 ] NVHDA           C:\windows\system32\drivers\nvhda64v.sys
16:19:26.0789 7496  NVHDA - ok
16:19:27.0070 7496  [ 58486D5FA4273CAE7C14002C27F50CC4 ] nvlddmkm        C:\windows\system32\DRIVERS\nvlddmkm.sys
16:19:27.0320 7496  nvlddmkm - ok
16:19:27.0335 7496  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\windows\system32\drivers\nvraid.sys
16:19:27.0335 7496  nvraid - ok
16:19:27.0398 7496  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\windows\system32\drivers\nvstor.sys
16:19:27.0398 7496  nvstor - ok
16:19:27.0476 7496  [ 2B7FCF9B4EFE56971393E08FE1E48BED ] nvsvc           C:\windows\system32\nvvsvc.exe
16:19:27.0507 7496  nvsvc - ok
16:19:27.0569 7496  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\windows\system32\drivers\nv_agp.sys
16:19:27.0585 7496  nv_agp - ok
16:19:27.0616 7496  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\windows\system32\drivers\ohci1394.sys
16:19:27.0616 7496  ohci1394 - ok
16:19:27.0694 7496  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:19:27.0694 7496  ose - ok
16:19:27.0850 7496  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
16:19:27.0944 7496  osppsvc - ok
16:19:27.0990 7496  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\windows\system32\pnrpsvc.dll
16:19:27.0990 7496  p2pimsvc - ok
16:19:28.0022 7496  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\windows\system32\p2psvc.dll
16:19:28.0022 7496  p2psvc - ok
16:19:28.0068 7496  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\windows\system32\DRIVERS\parport.sys
16:19:28.0068 7496  Parport - ok
16:19:28.0115 7496  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\windows\system32\drivers\partmgr.sys
16:19:28.0131 7496  partmgr - ok
16:19:28.0146 7496  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\windows\System32\pcasvc.dll
16:19:28.0146 7496  PcaSvc - ok
16:19:28.0193 7496  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\windows\system32\drivers\pci.sys
16:19:28.0209 7496  pci - ok
16:19:28.0256 7496  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\windows\system32\drivers\pciide.sys
16:19:28.0256 7496  pciide - ok
16:19:28.0287 7496  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\windows\system32\DRIVERS\pcmcia.sys
16:19:28.0287 7496  pcmcia - ok
16:19:28.0302 7496  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\windows\system32\drivers\pcw.sys
16:19:28.0318 7496  pcw - ok
16:19:28.0334 7496  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\windows\system32\drivers\peauth.sys
16:19:28.0349 7496  PEAUTH - ok
16:19:28.0427 7496  [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc     C:\windows\system32\peerdistsvc.dll
16:19:28.0474 7496  PeerDistSvc - ok
16:19:28.0552 7496  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\windows\SysWow64\perfhost.exe
16:19:28.0552 7496  PerfHost - ok
16:19:28.0646 7496  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\windows\system32\pla.dll
16:19:28.0677 7496  pla - ok
16:19:28.0739 7496  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\windows\system32\umpnpmgr.dll
16:19:28.0755 7496  PlugPlay - ok
16:19:28.0817 7496  [ 71F62C51DFDFBC04C83C5C64B2B8058E ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
16:19:28.0817 7496  Pml Driver HPZ12 - ok
16:19:28.0833 7496  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\windows\system32\pnrpauto.dll
16:19:28.0833 7496  PNRPAutoReg - ok
16:19:28.0880 7496  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\windows\system32\pnrpsvc.dll
16:19:28.0880 7496  PNRPsvc - ok
16:19:28.0926 7496  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\windows\System32\ipsecsvc.dll
16:19:28.0942 7496  PolicyAgent - ok
16:19:29.0004 7496  postgresql-x64-9.0 - ok
16:19:29.0036 7496  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\windows\system32\umpo.dll
16:19:29.0036 7496  Power - ok
16:19:29.0098 7496  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\windows\system32\DRIVERS\raspptp.sys
16:19:29.0098 7496  PptpMiniport - ok
16:19:29.0129 7496  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\windows\system32\DRIVERS\processr.sys
16:19:29.0129 7496  Processor - ok
16:19:29.0176 7496  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\windows\system32\profsvc.dll
16:19:29.0176 7496  ProfSvc - ok
16:19:29.0192 7496  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
16:19:29.0192 7496  ProtectedStorage - ok
16:19:29.0254 7496  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\windows\system32\DRIVERS\pacer.sys
16:19:29.0254 7496  Psched - ok
16:19:29.0316 7496  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\windows\system32\DRIVERS\ql2300.sys
16:19:29.0363 7496  ql2300 - ok
16:19:29.0379 7496  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\windows\system32\DRIVERS\ql40xx.sys
16:19:29.0379 7496  ql40xx - ok
16:19:29.0410 7496  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\windows\system32\qwave.dll
16:19:29.0410 7496  QWAVE - ok
16:19:29.0426 7496  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\windows\system32\drivers\qwavedrv.sys
16:19:29.0441 7496  QWAVEdrv - ok
16:19:29.0457 7496  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\windows\system32\DRIVERS\rasacd.sys
16:19:29.0457 7496  RasAcd - ok
16:19:29.0472 7496  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\windows\system32\DRIVERS\AgileVpn.sys
16:19:29.0488 7496  RasAgileVpn - ok
16:19:29.0488 7496  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\windows\System32\rasauto.dll
16:19:29.0504 7496  RasAuto - ok
16:19:29.0550 7496  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\windows\system32\DRIVERS\rasl2tp.sys
16:19:29.0550 7496  Rasl2tp - ok
16:19:29.0613 7496  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\windows\System32\rasmans.dll
16:19:29.0628 7496  RasMan - ok
16:19:29.0644 7496  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\windows\system32\DRIVERS\raspppoe.sys
16:19:29.0644 7496  RasPppoe - ok
16:19:29.0660 7496  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\windows\system32\DRIVERS\rassstp.sys
16:19:29.0660 7496  RasSstp - ok
16:19:29.0722 7496  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\windows\system32\DRIVERS\rdbss.sys
16:19:29.0722 7496  rdbss - ok
16:19:29.0738 7496  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\windows\system32\DRIVERS\rdpbus.sys
16:19:29.0738 7496  rdpbus - ok
16:19:29.0753 7496  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\windows\system32\DRIVERS\RDPCDD.sys
16:19:29.0753 7496  RDPCDD - ok
16:19:29.0816 7496  [ 1B6163C503398B23FF8B939C67747683 ] RDPDR           C:\windows\system32\drivers\rdpdr.sys
16:19:29.0816 7496  RDPDR - ok
16:19:29.0831 7496  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\windows\system32\drivers\rdpencdd.sys
16:19:29.0831 7496  RDPENCDD - ok
16:19:29.0847 7496  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\windows\system32\drivers\rdprefmp.sys
16:19:29.0847 7496  RDPREFMP - ok
16:19:29.0878 7496  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\windows\system32\drivers\RDPWD.sys
16:19:29.0894 7496  RDPWD - ok
16:19:29.0940 7496  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\windows\system32\drivers\rdyboost.sys
16:19:29.0940 7496  rdyboost - ok
16:19:30.0050 7496  [ C8A442E4DCF89D03C4D7C7616CE293AE ] RegSrvc         C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
16:19:30.0081 7496  RegSrvc - ok
16:19:30.0112 7496  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\windows\System32\mprdim.dll
16:19:30.0112 7496  RemoteAccess - ok
16:19:30.0143 7496  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\windows\system32\regsvc.dll
16:19:30.0143 7496  RemoteRegistry - ok
16:19:30.0174 7496  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\windows\system32\DRIVERS\rfcomm.sys
16:19:30.0190 7496  RFCOMM - ok
16:19:30.0221 7496  [ 6FAF5B04BEDC66D300D9D233B2D222F0 ] rimmptsk        C:\windows\system32\DRIVERS\rimmpx64.sys
16:19:30.0221 7496  rimmptsk - ok
16:19:30.0252 7496  [ 3DCA561AAF776AA2E356FB5B142AA5F8 ] rimspci         C:\windows\system32\DRIVERS\rimspe64.sys
16:19:30.0252 7496  rimspci - ok
16:19:30.0268 7496  [ 67F50C31713106FD1B0F286F86AA2B2E ] rimsptsk        C:\windows\system32\DRIVERS\rimspx64.sys
16:19:30.0268 7496  rimsptsk - ok
16:19:30.0299 7496  [ C4581F04AA130892555B821F1FBAA151 ] risdpcie        C:\windows\system32\DRIVERS\risdpe64.sys
16:19:30.0299 7496  risdpcie - ok
16:19:30.0315 7496  [ D018844DC53D8428410A2FEEEEE9373E ] rismcx64        C:\windows\system32\DRIVERS\rismcx64.sys
16:19:30.0315 7496  rismcx64 - ok
16:19:30.0330 7496  [ 4D7EF3D46346EC4C58784DB964B365DE ] rismxdp         C:\windows\system32\DRIVERS\rixdpx64.sys
16:19:30.0330 7496  rismxdp - ok
16:19:30.0346 7496  [ BE42F817597D3049960A54CE280C2493 ] rixdpcie        C:\windows\system32\DRIVERS\rixdpe64.sys
16:19:30.0346 7496  rixdpcie - ok
16:19:30.0408 7496  [ B60F58F175DE20A6739194E85B035178 ] rpcapd          C:\Program Files (x86)\WinPcap\rpcapd.exe
16:19:30.0424 7496  rpcapd - ok
16:19:30.0440 7496  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\windows\System32\RpcEpMap.dll
16:19:30.0440 7496  RpcEptMapper - ok
16:19:30.0455 7496  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\windows\system32\locator.exe
16:19:30.0471 7496  RpcLocator - ok
16:19:30.0518 7496  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\windows\system32\rpcss.dll
16:19:30.0533 7496  RpcSs - ok
16:19:30.0564 7496  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\windows\system32\DRIVERS\rspndr.sys
16:19:30.0564 7496  rspndr - ok
16:19:30.0596 7496  [ 9D3E92F07A7205F8A94806A3C160B1B4 ] RsvLock         C:\windows\system32\drivers\RsvLock.sys
16:19:30.0596 7496  RsvLock - ok
16:19:30.0658 7496  [ E60C0A09F997826C7627B244195AB581 ] s3cap           C:\windows\system32\drivers\vms3cap.sys
16:19:30.0658 7496  s3cap - ok
16:19:30.0674 7496  [ 1C7004BEECEE9B374F239B5F91204B94 ] SafeBoot        C:\windows\system32\drivers\SafeBoot.sys
16:19:30.0674 7496  Suspicious file (NoAccess): C:\windows\system32\drivers\SafeBoot.sys. md5: 1C7004BEECEE9B374F239B5F91204B94
16:19:30.0674 7496  SafeBoot ( LockedFile.Multi.Generic ) - warning
16:19:30.0674 7496  SafeBoot - detected LockedFile.Multi.Generic (1)
16:19:30.0705 7496  [ F6D3E9793F22C92CEF9B96BF47DA01F1 ] SaiK0CCB        C:\windows\system32\DRIVERS\SaiK0CCB.sys
16:19:30.0705 7496  SaiK0CCB - ok
16:19:30.0736 7496  [ 9E7E53891D1747A01F491AB25B95135D ] SaiMini         C:\windows\system32\DRIVERS\SaiMini.sys
16:19:30.0752 7496  SaiMini - ok
16:19:30.0783 7496  [ B3B86BE19A0CAF025F679C39FD21E735 ] SaiNtBus        C:\windows\system32\drivers\SaiBus.sys
16:19:30.0783 7496  SaiNtBus - ok
16:19:30.0845 7496  [ FF2D7435C79B273752F0912FEAB839C0 ] SaiU0CCB        C:\windows\system32\DRIVERS\SaiU0CCB.sys
16:19:30.0845 7496  SaiU0CCB - ok
16:19:30.0861 7496  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\windows\system32\lsass.exe
16:19:30.0876 7496  SamSs - ok
16:19:30.0876 7496  [ FD8714A36C4646DE22DDC7E36F6D09EF ] SbAlg           C:\windows\system32\drivers\SbAlg.sys
16:19:30.0892 7496  SbAlg - ok
16:19:30.0908 7496  [ 4D4FC3A91655C002B07316A2DD550A2D ] SbFsLock        C:\windows\system32\drivers\SbFsLock.sys
16:19:30.0908 7496  SbFsLock - ok
16:19:30.0954 7496  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\windows\system32\drivers\sbp2port.sys
16:19:30.0954 7496  sbp2port - ok
16:19:30.0986 7496  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\windows\System32\SCardSvr.dll
16:19:30.0986 7496  SCardSvr - ok
16:19:31.0032 7496  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\windows\system32\DRIVERS\scfilter.sys
16:19:31.0032 7496  scfilter - ok
16:19:31.0110 7496  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\windows\system32\schedsvc.dll
16:19:31.0142 7496  Schedule - ok
16:19:31.0204 7496  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\windows\System32\certprop.dll
16:19:31.0204 7496  SCPolicySvc - ok
16:19:31.0235 7496  [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus           C:\windows\system32\drivers\sdbus.sys
16:19:31.0235 7496  sdbus - ok
16:19:31.0282 7496  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\windows\System32\SDRSVC.dll
16:19:31.0282 7496  SDRSVC - ok
16:19:31.0313 7496  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\windows\system32\drivers\secdrv.sys
16:19:31.0313 7496  secdrv - ok
16:19:31.0360 7496  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\windows\system32\seclogon.dll
16:19:31.0360 7496  seclogon - ok
16:19:31.0376 7496  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\windows\System32\sens.dll
16:19:31.0391 7496  SENS - ok
16:19:31.0391 7496  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\windows\system32\sensrsvc.dll
16:19:31.0391 7496  SensrSvc - ok
16:19:31.0422 7496  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\windows\system32\DRIVERS\serenum.sys
16:19:31.0422 7496  Serenum - ok
16:19:31.0438 7496  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\windows\system32\DRIVERS\serial.sys
16:19:31.0438 7496  Serial - ok
16:19:31.0485 7496  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\windows\system32\DRIVERS\sermouse.sys
16:19:31.0485 7496  sermouse - ok
16:19:31.0532 7496  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\windows\system32\sessenv.dll
16:19:31.0532 7496  SessionEnv - ok
16:19:31.0578 7496  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\windows\system32\drivers\sffdisk.sys
16:19:31.0578 7496  sffdisk - ok
16:19:31.0594 7496  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\windows\system32\drivers\sffp_mmc.sys
16:19:31.0594 7496  sffp_mmc - ok
16:19:31.0610 7496  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\windows\system32\drivers\sffp_sd.sys
16:19:31.0610 7496  sffp_sd - ok
16:19:31.0625 7496  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\windows\system32\DRIVERS\sfloppy.sys
16:19:31.0625 7496  sfloppy - ok
16:19:31.0688 7496  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
16:19:31.0703 7496  ShellHWDetection - ok
16:19:31.0719 7496  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\windows\system32\DRIVERS\SiSRaid2.sys
16:19:31.0734 7496  SiSRaid2 - ok
16:19:31.0734 7496  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\windows\system32\DRIVERS\sisraid4.sys
16:19:31.0734 7496  SiSRaid4 - ok
16:19:31.0906 7496  [ 388AE59FE75F1B959DFA0900923C61BB ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
16:19:31.0984 7496  Skype C2C Service - ok
16:19:32.0046 7496  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
16:19:32.0046 7496  SkypeUpdate - ok
16:19:32.0093 7496  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\windows\system32\DRIVERS\smb.sys
16:19:32.0093 7496  Smb - ok
16:19:32.0140 7496  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\windows\System32\snmptrap.exe
16:19:32.0156 7496  SNMPTRAP - ok
16:19:32.0234 7496  [ E77584D1B50E031720FF8DF7C8F96A77 ] SNP2UVC         C:\windows\system32\DRIVERS\snp2uvc.sys
16:19:32.0280 7496  SNP2UVC - ok
16:19:32.0280 7496  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\windows\system32\drivers\spldr.sys
16:19:32.0280 7496  spldr - ok
16:19:32.0343 7496  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\windows\System32\spoolsv.exe
16:19:32.0358 7496  Spooler - ok
16:19:32.0483 7496  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\windows\system32\sppsvc.exe
16:19:32.0561 7496  sppsvc - ok
16:19:32.0577 7496  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\windows\system32\sppuinotify.dll
16:19:32.0577 7496  sppuinotify - ok
16:19:32.0624 7496  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\windows\system32\DRIVERS\srv.sys
16:19:32.0624 7496  srv - ok
16:19:32.0670 7496  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\windows\system32\DRIVERS\srv2.sys
16:19:32.0686 7496  srv2 - ok
16:19:32.0702 7496  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\windows\system32\DRIVERS\srvnet.sys
16:19:32.0702 7496  srvnet - ok
16:19:32.0733 7496  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\windows\System32\ssdpsrv.dll
16:19:32.0733 7496  SSDPSRV - ok
16:19:32.0748 7496  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\windows\system32\sstpsvc.dll
16:19:32.0748 7496  SstpSvc - ok
16:19:32.0826 7496  [ D632AA8F172287C7391FB95889D1C05A ] STacSV          C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\STacSV64.exe
16:19:32.0842 7496  STacSV - ok
16:19:32.0858 7496  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\windows\system32\DRIVERS\stexstor.sys
16:19:32.0858 7496  stexstor - ok
16:19:32.0904 7496  [ C962F5C90BDBEFB6446B5B252C70FE33 ] STHDA           C:\windows\system32\DRIVERS\stwrt64.sys
16:19:32.0920 7496  STHDA - ok
16:19:32.0967 7496  [ DECACB6921DED1A38642642685D77DAC ] StillCam        C:\windows\system32\DRIVERS\serscan.sys
16:19:32.0967 7496  StillCam - ok
16:19:33.0045 7496  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\windows\System32\wiaservc.dll
16:19:33.0060 7496  stisvc - ok
16:19:33.0123 7496  [ 7785DC213270D2FC066538DAF94087E7 ] storflt         C:\windows\system32\drivers\vmstorfl.sys
16:19:33.0123 7496  storflt - ok
16:19:33.0138 7496  [ C40841817EF57D491F22EB103DA587CC ] StorSvc         C:\windows\system32\storsvc.dll
16:19:33.0138 7496  StorSvc - ok
16:19:33.0170 7496  [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc         C:\windows\system32\drivers\storvsc.sys
16:19:33.0170 7496  storvsc - ok
16:19:33.0201 7496  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\windows\system32\drivers\swenum.sys
16:19:33.0201 7496  swenum - ok
16:19:33.0232 7496  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\windows\System32\swprv.dll
16:19:33.0248 7496  swprv - ok
16:19:33.0310 7496  [ D268D2A0DB2A2BBE963E688D0B039267 ] SynTP           C:\windows\system32\DRIVERS\SynTP.sys
16:19:33.0357 7496  SynTP - ok
16:19:33.0435 7496  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\windows\system32\sysmain.dll
16:19:33.0482 7496  SysMain - ok
16:19:33.0544 7496  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
16:19:33.0544 7496  TabletInputService - ok
16:19:33.0591 7496  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\windows\System32\tapisrv.dll
16:19:33.0606 7496  TapiSrv - ok
16:19:33.0622 7496  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\windows\System32\tbssvc.dll
16:19:33.0622 7496  TBS - ok
16:19:33.0716 7496  [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip           C:\windows\system32\drivers\tcpip.sys
16:19:33.0762 7496  Tcpip - ok
16:19:33.0794 7496  [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6          C:\windows\system32\DRIVERS\tcpip.sys
16:19:33.0809 7496  TCPIP6 - ok
16:19:33.0856 7496  [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg        C:\windows\system32\drivers\tcpipreg.sys
16:19:33.0856 7496  tcpipreg - ok
16:19:33.0872 7496  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\windows\system32\drivers\tdpipe.sys
16:19:33.0872 7496  TDPIPE - ok
16:19:33.0918 7496  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\windows\system32\drivers\tdtcp.sys
16:19:33.0918 7496  TDTCP - ok
16:19:33.0965 7496  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\windows\system32\DRIVERS\tdx.sys
16:19:33.0981 7496  tdx - ok
16:19:34.0090 7496  [ 8A9828975A857E477EFEF5A61BA45AC0 ] TeamViewer6     C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
16:19:34.0152 7496  TeamViewer6 - ok
16:19:34.0293 7496  [ 74FC70AE64A7B7DABEC9697CE0A1F4FA ] TeamViewer7     C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
16:19:34.0371 7496  TeamViewer7 - ok
16:19:34.0418 7496  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\windows\system32\drivers\termdd.sys
16:19:34.0418 7496  TermDD - ok
16:19:34.0480 7496  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\windows\System32\termsrv.dll
16:19:34.0496 7496  TermService - ok
16:19:34.0527 7496  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\windows\system32\themeservice.dll
16:19:34.0527 7496  Themes - ok
16:19:34.0558 7496  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\windows\system32\mmcss.dll
16:19:34.0558 7496  THREADORDER - ok
16:19:34.0589 7496  [ DBCC20C02E8A3E43B03C304A4E40A84F ] TPM             C:\windows\system32\drivers\tpm.sys
16:19:34.0589 7496  TPM - ok
16:19:34.0589 7496  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\windows\System32\trkwks.dll
16:19:34.0605 7496  TrkWks - ok
16:19:34.0667 7496  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
16:19:34.0683 7496  TrustedInstaller - ok
16:19:34.0745 7496  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\windows\system32\DRIVERS\tssecsrv.sys
16:19:34.0745 7496  tssecsrv - ok
16:19:34.0808 7496  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\windows\system32\drivers\tsusbflt.sys
16:19:34.0808 7496  TsUsbFlt - ok
16:19:34.0870 7496  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\windows\system32\DRIVERS\tunnel.sys
16:19:34.0870 7496  tunnel - ok
16:19:34.0901 7496  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\windows\system32\DRIVERS\uagp35.sys
16:19:34.0901 7496  uagp35 - ok
16:19:34.0948 7496  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\windows\system32\DRIVERS\udfs.sys
16:19:34.0948 7496  udfs - ok
16:19:34.0979 7496  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\windows\system32\UI0Detect.exe
16:19:34.0979 7496  UI0Detect - ok
16:19:35.0042 7496  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\windows\system32\drivers\uliagpkx.sys
16:19:35.0042 7496  uliagpkx - ok
16:19:35.0104 7496  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\windows\system32\drivers\umbus.sys
16:19:35.0104 7496  umbus - ok
16:19:35.0135 7496  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\windows\system32\DRIVERS\umpass.sys
16:19:35.0135 7496  UmPass - ok
16:19:35.0182 7496  [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService    C:\windows\System32\umrdp.dll
16:19:35.0198 7496  UmRdpService - ok
16:19:35.0307 7496  [ 7953D636309B7F505C70667A7A2437CF ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
16:19:35.0369 7496  UNS - ok
16:19:35.0385 7496  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\windows\System32\upnphost.dll
16:19:35.0385 7496  upnphost - ok
16:19:35.0463 7496  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\windows\system32\drivers\usbaudio.sys
16:19:35.0463 7496  usbaudio - ok
16:19:35.0510 7496  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\windows\system32\DRIVERS\usbccgp.sys
16:19:35.0510 7496  usbccgp - ok
16:19:35.0572 7496  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\windows\system32\drivers\usbcir.sys
16:19:35.0572 7496  usbcir - ok
16:19:35.0619 7496  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\windows\system32\drivers\usbehci.sys
16:19:35.0619 7496  usbehci - ok
16:19:35.0681 7496  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\windows\system32\DRIVERS\usbhub.sys
16:19:35.0681 7496  usbhub - ok
16:19:35.0728 7496  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\windows\system32\drivers\usbohci.sys
16:19:35.0728 7496  usbohci - ok
16:19:35.0759 7496  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\windows\system32\DRIVERS\usbprint.sys
16:19:35.0759 7496  usbprint - ok
16:19:35.0775 7496  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\windows\system32\DRIVERS\USBSTOR.SYS
16:19:35.0775 7496  USBSTOR - ok
16:19:35.0775 7496  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\windows\system32\drivers\usbuhci.sys
16:19:35.0775 7496  usbuhci - ok
16:19:35.0822 7496  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\windows\System32\Drivers\usbvideo.sys
16:19:35.0822 7496  usbvideo - ok
16:19:35.0837 7496  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\windows\System32\uxsms.dll
16:19:35.0837 7496  UxSms - ok
16:19:35.0853 7496  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\windows\system32\lsass.exe
16:19:35.0853 7496  VaultSvc - ok
16:19:35.0900 7496  [ 3C0E800BE1C84F6997CC594E3D08F99D ] VBoxDrv         C:\windows\system32\DRIVERS\VBoxDrv.sys
16:19:35.0900 7496  VBoxDrv - ok
16:19:35.0931 7496  [ E9A2485EA54122837C41B0147EDD3F52 ] VBoxNetAdp      C:\windows\system32\DRIVERS\VBoxNetAdp.sys
16:19:35.0931 7496  VBoxNetAdp - ok
16:19:35.0946 7496  [ EB4178E41627FC64EBB14965A57810AC ] VBoxNetFlt      C:\windows\system32\DRIVERS\VBoxNetFlt.sys
16:19:35.0946 7496  VBoxNetFlt - ok
16:19:35.0978 7496  [ A2EE1CD3B1242F56E560EDDEE3185500 ] VBoxUSBMon      C:\windows\system32\DRIVERS\VBoxUSBMon.sys
16:19:35.0978 7496  VBoxUSBMon - ok
16:19:36.0056 7496  [ F9D6631BACAF7CBD6F40E7847A18CF04 ] vcsFPService    C:\windows\system32\vcsFPService.exe
16:19:36.0087 7496  vcsFPService - ok
16:19:36.0134 7496  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\windows\system32\drivers\vdrvroot.sys
16:19:36.0134 7496  vdrvroot - ok
16:19:36.0165 7496  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\windows\System32\vds.exe
16:19:36.0180 7496  vds - ok
16:19:36.0212 7496  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\windows\system32\DRIVERS\vgapnp.sys
16:19:36.0212 7496  vga - ok
16:19:36.0227 7496  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\windows\System32\drivers\vga.sys
16:19:36.0227 7496  VgaSave - ok
16:19:36.0274 7496  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\windows\system32\drivers\vhdmp.sys
16:19:36.0274 7496  vhdmp - ok
16:19:36.0321 7496  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\windows\system32\drivers\viaide.sys
16:19:36.0321 7496  viaide - ok
16:19:36.0368 7496  [ 86EA3E79AE350FEA5331A1303054005F ] vmbus           C:\windows\system32\drivers\vmbus.sys
16:19:36.0368 7496  vmbus - ok
16:19:36.0414 7496  [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID        C:\windows\system32\drivers\VMBusHID.sys
16:19:36.0414 7496  VMBusHID - ok
16:19:36.0461 7496  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\windows\system32\drivers\volmgr.sys
16:19:36.0477 7496  volmgr - ok
16:19:36.0524 7496  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\windows\system32\drivers\volmgrx.sys
16:19:36.0539 7496  volmgrx - ok
16:19:36.0555 7496  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\windows\system32\drivers\volsnap.sys
16:19:36.0570 7496  volsnap - ok
16:19:36.0586 7496  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\windows\system32\DRIVERS\vsmraid.sys
16:19:36.0586 7496  vsmraid - ok
16:19:36.0664 7496  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\windows\system32\vssvc.exe
16:19:36.0711 7496  VSS - ok
16:19:36.0726 7496  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\windows\system32\DRIVERS\vwifibus.sys
16:19:36.0726 7496  vwifibus - ok
16:19:36.0742 7496  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\windows\system32\DRIVERS\vwififlt.sys
16:19:36.0742 7496  vwififlt - ok
16:19:36.0773 7496  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\windows\system32\DRIVERS\vwifimp.sys
16:19:36.0773 7496  vwifimp - ok
16:19:36.0804 7496  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\windows\system32\w32time.dll
16:19:36.0804 7496  W32Time - ok
16:19:36.0836 7496  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\windows\system32\DRIVERS\wacompen.sys
16:19:36.0836 7496  WacomPen - ok
16:19:36.0867 7496  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\windows\system32\DRIVERS\wanarp.sys
16:19:36.0867 7496  WANARP - ok
16:19:36.0882 7496  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\windows\system32\DRIVERS\wanarp.sys
16:19:36.0882 7496  Wanarpv6 - ok
16:19:36.0976 7496  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\windows\system32\Wat\WatAdminSvc.exe
16:19:37.0023 7496  WatAdminSvc - ok
16:19:37.0085 7496  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\windows\system32\wbengine.exe
16:19:37.0132 7496  wbengine - ok
16:19:37.0163 7496  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\windows\System32\wbiosrvc.dll
16:19:37.0163 7496  WbioSrvc - ok
16:19:37.0226 7496  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\windows\System32\wcncsvc.dll
16:19:37.0241 7496  wcncsvc - ok
16:19:37.0257 7496  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
16:19:37.0257 7496  WcsPlugInService - ok
16:19:37.0272 7496  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\windows\system32\DRIVERS\wd.sys
16:19:37.0272 7496  Wd - ok
16:19:37.0319 7496  [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000        C:\windows\system32\drivers\Wdf01000.sys
16:19:37.0335 7496  Wdf01000 - ok
16:19:37.0335 7496  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\windows\system32\wdi.dll
16:19:37.0335 7496  WdiServiceHost - ok
16:19:37.0350 7496  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\windows\system32\wdi.dll
16:19:37.0350 7496  WdiSystemHost - ok
16:19:37.0397 7496  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\windows\System32\webclnt.dll
16:19:37.0397 7496  WebClient - ok
16:19:37.0428 7496  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\windows\system32\wecsvc.dll
16:19:37.0428 7496  Wecsvc - ok
16:19:37.0444 7496  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\windows\System32\wercplsupport.dll
16:19:37.0444 7496  wercplsupport - ok
16:19:37.0475 7496  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\windows\System32\WerSvc.dll
16:19:37.0475 7496  WerSvc - ok
16:19:37.0491 7496  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\windows\system32\DRIVERS\wfplwf.sys
16:19:37.0491 7496  WfpLwf - ok
16:19:37.0506 7496  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\windows\system32\drivers\wimmount.sys
16:19:37.0506 7496  WIMMount - ok
16:19:37.0522 7496  WinHttpAutoProxySvc - ok
16:19:37.0569 7496  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\windows\system32\wbem\WMIsvc.dll
16:19:37.0569 7496  Winmgmt - ok
16:19:37.0662 7496  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\windows\system32\WsmSvc.dll
16:19:37.0725 7496  WinRM - ok
16:19:37.0787 7496  [ FE88B288356E7B47B74B13372ADD906D ] WinUSB          C:\windows\system32\DRIVERS\WinUSB.sys
16:19:37.0787 7496  WinUSB - ok
16:19:37.0818 7496  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\windows\System32\wlansvc.dll
16:19:37.0850 7496  Wlansvc - ok
16:19:37.0943 7496  [ 98F138897EF4246381D197CB81846D62 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:19:38.0006 7496  wlidsvc - ok
16:19:38.0052 7496  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\windows\system32\drivers\wmiacpi.sys
16:19:38.0052 7496  WmiAcpi - ok
16:19:38.0084 7496  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\windows\system32\wbem\WmiApSrv.exe
16:19:38.0084 7496  wmiApSrv - ok
16:19:38.0115 7496  WMPNetworkSvc - ok
16:19:38.0130 7496  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\windows\System32\wpcsvc.dll
16:19:38.0130 7496  WPCSvc - ok
16:19:38.0177 7496  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\windows\system32\wpdbusenum.dll
16:19:38.0193 7496  WPDBusEnum - ok
16:19:38.0224 7496  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\windows\system32\drivers\ws2ifsl.sys
16:19:38.0224 7496  ws2ifsl - ok
16:19:38.0255 7496  [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice  C:\windows\system32\DRIVERS\WSDPrint.sys
16:19:38.0255 7496  WSDPrintDevice - ok
16:19:38.0271 7496  WSearch - ok
16:19:38.0333 7496  [ 89761942491B266657F9E50BB7840256 ] WSR_USF         C:\windows\system32\Drivers\WSR_USF.sys
16:19:38.0333 7496  WSR_USF - ok
16:19:38.0427 7496  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\windows\system32\wuaueng.dll
16:19:38.0505 7496  wuauserv - ok
16:19:38.0567 7496  [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf          C:\windows\system32\drivers\WudfPf.sys
16:19:38.0583 7496  WudfPf - ok
16:19:38.0598 7496  [ CF8D590BE3373029D57AF80914190682 ] WUDFRd          C:\windows\system32\DRIVERS\WUDFRd.sys
16:19:38.0598 7496  WUDFRd - ok
16:19:38.0645 7496  [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc         C:\windows\System32\WUDFSvc.dll
16:19:38.0645 7496  wudfsvc - ok
16:19:38.0676 7496  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\windows\System32\wwansvc.dll
16:19:38.0676 7496  WwanSvc - ok
16:19:38.0708 7496  ================ Scan global ===============================
16:19:38.0723 7496  [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
16:19:38.0770 7496  [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\windows\system32\winsrv.dll
16:19:38.0801 7496  [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\windows\system32\winsrv.dll
16:19:38.0817 7496  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
16:19:38.0848 7496  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
16:19:38.0848 7496  [Global] - ok
16:19:38.0848 7496  ================ Scan MBR ==================================
16:19:38.0848 7496  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
16:19:39.0207 7496  \Device\Harddisk0\DR0 - ok
16:19:39.0207 7496  ================ Scan VBR ==================================
16:19:39.0222 7496  [ 6E95FBFB59D29677C6876305A6D1CDF6 ] \Device\Harddisk0\DR0\Partition1
16:19:39.0222 7496  \Device\Harddisk0\DR0\Partition1 - ok
16:19:39.0222 7496  [ B40291C115886AB749424BA66F92D9CF ] \Device\Harddisk0\DR0\Partition2
16:19:39.0222 7496  \Device\Harddisk0\DR0\Partition2 - ok
16:19:39.0254 7496  [ 46CF31E1A7B708DA5845B1A343246528 ] \Device\Harddisk0\DR0\Partition3
16:19:39.0254 7496  \Device\Harddisk0\DR0\Partition3 - ok
16:19:39.0269 7496  [ 45D93CEB25DAFE6DC09E70E1292D376F ] \Device\Harddisk0\DR0\Partition4
16:19:39.0269 7496  \Device\Harddisk0\DR0\Partition4 - ok
16:19:39.0269 7496  ============================================================
16:19:39.0269 7496  Scan finished
16:19:39.0269 7496  ============================================================
16:19:39.0300 7696  Detected object count: 1
16:19:39.0300 7696  Actual detected object count: 1
16:20:12.0903 7696  SafeBoot ( LockedFile.Multi.Generic ) - skipped by user
16:20:12.0903 7696  SafeBoot ( LockedFile.Multi.Generic ) - User select action: Skip

Psychotic · 14.11.2012, 16:49

Combofix

Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2

WICHTIG - Speichere Combofix auf deinem Desktop

Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

weh · 14.11.2012, 18:09

Combofix hat gemeldet dass Avira noch läuft, obwohl ich das deaktiviert hatte. Jetzt scheint so einiges nicht mehr zu funktionieren.

Firefox und Chrome können die Domains nicht mehr auflösen, in der Konsole und mit dem IE funktioniert das problemlos.
Ausserdem funktionieren die Avira Services nur noch teilweise.
Realtime Protection läuft, Web Protection und Mail Protection nicht mehr.

Combofix Log:

Code:

ATTFilter

ComboFix 12-11-14.01 - weh 14.11.2012  17:08:39.1.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.41.1033.18.3951.1817 [GMT 1:00]
ausgeführt von:: c:\users\weh\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
C:\Thumbs.db
c:\users\weh\AppData\Local\Microsoft\Windows\Temporary Internet Files\coremeter_v1.5.0.gadget
c:\windows\SysWow64\PowerToyReadme.htm
c:\windows\SysWow64\pt
c:\windows\SysWow64\pt\DPCrProv.dll.mui
c:\windows\SysWow64\pt\DPFPApiUI.dll.mui
c:\windows\SysWow64\pt\DPPassFilter.dll.mui
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-10-14 bis 2012-11-14  ))))))))))))))))))))))))))))))
.
.
2012-11-14 16:25 . 2012-11-14 16:25	--------	d-----w-	c:\users\postgres\AppData\Local\temp
2012-11-14 16:25 . 2012-11-14 16:25	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-11-14 10:10 . 2011-10-18 09:17	741184	----a-w-	c:\windows\system32\easyupdatusapiu64.dll
2012-11-14 10:09 . 2012-11-14 10:10	--------	d-----w-	C:\NVIDIA
2012-11-13 21:28 . 2012-11-13 21:28	--------	d-----w-	c:\program files (x86)\ESET
2012-11-13 18:02 . 2012-11-13 18:02	--------	d-----w-	c:\users\weh\AppData\Roaming\Malwarebytes
2012-11-13 18:01 . 2012-11-13 18:01	--------	d-----w-	c:\programdata\Malwarebytes
2012-11-13 18:01 . 2012-09-29 18:54	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-11-13 04:28 . 2012-11-13 04:28	69000	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{7F37D0E5-17D7-4CA2-AAB0-81FB5DCEEBAB}\offreg.dll
2012-11-09 19:48 . 2012-11-09 19:48	--------	d-----w-	c:\users\weh\.openshift
2012-11-09 18:46 . 2012-11-09 18:46	--------	d-----w-	c:\users\weh\AppData\Roaming\LibreOffice
2012-11-09 12:38 . 2012-10-12 07:19	9291768	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{7F37D0E5-17D7-4CA2-AAB0-81FB5DCEEBAB}\mpengine.dll
2012-11-08 08:46 . 2012-11-08 08:48	--------	d-----w-	c:\users\weh\AppData\Roaming\NetBeans
2012-11-08 08:46 . 2012-11-08 08:46	--------	d-----w-	c:\users\weh\AppData\Local\NetBeans
2012-11-08 07:49 . 2012-11-13 09:46	--------	d-----w-	c:\program files\NetBeans 7.2.1
2012-11-08 07:10 . 2012-11-08 07:10	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-11-08 07:10 . 2012-11-08 07:10	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-11-08 07:10 . 2012-11-08 07:10	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-11-08 07:10 . 2012-11-08 07:10	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-11-08 07:10 . 2012-11-08 07:10	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-11-08 07:10 . 2012-11-08 07:10	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-11-08 07:10 . 2012-11-08 07:10	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-11-05 14:38 . 2012-11-06 12:07	--------	d-----w-	c:\program files\sges-v3
2012-11-05 14:37 . 2012-11-05 14:38	--------	d-----w-	c:\program files\NetBeans 6.8
2012-11-01 12:33 . 2012-11-01 12:44	--------	d-----w-	c:\users\weh\AppData\Roaming\calibre
2012-11-01 07:41 . 2012-11-01 07:41	--------	d-----w-	c:\users\weh\AppData\Roaming\Veodin
2012-10-23 08:50 . 2012-10-23 08:50	--------	d-----w-	c:\users\weh\hpremote
2012-10-18 14:43 . 2012-10-18 14:43	--------	d-----w-	c:\users\weh\target
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-07 12:16 . 2011-10-18 07:56	140936	----a-w-	c:\windows\system32\drivers\avfwot.sys
2012-11-07 12:16 . 2011-10-18 07:56	114168	----a-w-	c:\windows\system32\drivers\avfwim.sys
2012-10-25 02:12 . 2012-10-25 02:12	94208	----a-w-	c:\windows\SysWow64\QuickTimeVR.qtx
2012-10-25 02:12 . 2012-10-25 02:12	69632	----a-w-	c:\windows\SysWow64\QuickTime.qts
2012-10-10 16:57 . 2011-02-03 07:54	65309168	----a-w-	c:\windows\system32\MRT.exe
2012-10-09 08:13 . 2012-03-30 07:26	696760	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-09 08:13 . 2011-05-20 06:28	73656	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-09 08:13 . 2012-08-15 10:13	10220472	----a-w-	c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-09-20 15:02 . 2012-09-20 15:02	1832760	----a-w-	c:\windows\system32\LogiLDA.DLL
2012-09-14 19:19 . 2012-10-10 13:18	2048	----a-w-	c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-10 13:18	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2012-09-06 07:55 . 2012-09-06 07:55	108008	----a-w-	c:\windows\system32\WindowsAccessBridge-64.dll
2012-09-06 07:55 . 2012-06-14 09:06	289768	----a-w-	c:\windows\system32\javaws.exe
2012-09-06 07:55 . 2012-06-14 09:06	1034216	----a-w-	c:\windows\system32\npDeployJava1.dll
2012-09-06 07:55 . 2011-02-01 10:38	916456	----a-w-	c:\windows\system32\deployJava1.dll
2012-09-06 07:55 . 2011-02-01 10:38	189416	----a-w-	c:\windows\system32\javaw.exe
2012-09-06 07:55 . 2011-02-01 10:38	188904	----a-w-	c:\windows\system32\java.exe
2012-09-06 07:38 . 2012-09-06 07:38	95208	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-06 07:38 . 2012-09-05 18:47	821736	----a-w-	c:\windows\SysWow64\npdeployJava1.dll
2012-09-06 07:38 . 2011-02-23 16:21	746984	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-08-31 18:19 . 2012-10-10 13:19	1659760	----a-w-	c:\windows\system32\drivers\ntfs.sys
2012-08-30 18:03 . 2012-10-10 13:19	5559664	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-08-30 17:12 . 2012-10-10 13:19	3968880	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12 . 2012-10-10 13:19	3914096	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2012-08-24 18:05 . 2012-10-10 13:18	220160	----a-w-	c:\windows\system32\wintrust.dll
2012-08-24 16:57 . 2012-10-10 13:18	172544	----a-w-	c:\windows\SysWow64\wintrust.dll
2012-08-24 11:15 . 2012-09-23 01:00	17810944	----a-w-	c:\windows\system32\mshtml.dll
2012-08-24 10:39 . 2012-09-23 01:00	10925568	----a-w-	c:\windows\system32\ieframe.dll
2012-08-24 10:31 . 2012-09-23 01:00	2312704	----a-w-	c:\windows\system32\jscript9.dll
2012-08-24 10:22 . 2012-09-23 01:00	1346048	----a-w-	c:\windows\system32\urlmon.dll
2012-08-24 10:21 . 2012-09-23 01:00	1392128	----a-w-	c:\windows\system32\wininet.dll
2012-08-24 10:20 . 2012-09-23 01:00	1494528	----a-w-	c:\windows\system32\inetcpl.cpl
2012-08-24 10:18 . 2012-09-23 01:00	237056	----a-w-	c:\windows\system32\url.dll
2012-08-24 10:17 . 2012-09-23 01:00	85504	----a-w-	c:\windows\system32\jsproxy.dll
2012-08-24 10:14 . 2012-09-23 01:00	173056	----a-w-	c:\windows\system32\ieUnatt.exe
2012-08-24 10:14 . 2012-09-23 01:00	816640	----a-w-	c:\windows\system32\jscript.dll
2012-08-24 10:13 . 2012-09-23 01:00	599040	----a-w-	c:\windows\system32\vbscript.dll
2012-08-24 10:12 . 2012-09-23 01:00	2144768	----a-w-	c:\windows\system32\iertutil.dll
2012-08-24 10:11 . 2012-09-23 01:00	729088	----a-w-	c:\windows\system32\msfeeds.dll
2012-08-24 10:10 . 2012-09-23 01:00	96768	----a-w-	c:\windows\system32\mshtmled.dll
2012-08-24 10:09 . 2012-09-23 01:00	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2012-08-24 10:04 . 2012-09-23 01:00	248320	----a-w-	c:\windows\system32\ieui.dll
2012-08-24 06:59 . 2012-09-23 01:00	1800704	----a-w-	c:\windows\SysWow64\jscript9.dll
2012-08-24 06:51 . 2012-09-23 01:00	1129472	----a-w-	c:\windows\SysWow64\wininet.dll
2012-08-24 06:51 . 2012-09-23 01:00	1427968	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2012-08-24 06:47 . 2012-09-23 01:00	142848	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2012-08-24 06:47 . 2012-09-23 01:00	420864	----a-w-	c:\windows\SysWow64\vbscript.dll
2012-08-24 06:43 . 2012-09-23 01:00	2382848	----a-w-	c:\windows\SysWow64\mshtml.tlb
2012-08-22 18:12 . 2012-09-12 07:35	1913200	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-12 07:35	950128	----a-w-	c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-12 07:35	376688	----a-w-	c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-12 07:35	288624	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 21:01 . 2012-09-26 09:03	245760	----a-w-	c:\windows\system32\OxpsConverter.exe
2012-08-21 11:01 . 2012-10-10 15:13	33240	----a-w-	c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-21 11:01 . 2012-08-21 11:01	125872	----a-w-	c:\windows\system32\GEARAspi64.dll
2012-08-21 11:01 . 2012-08-21 11:01	106928	----a-w-	c:\windows\SysWow64\GEARAspi.dll
2012-08-20 18:48 . 2012-10-10 13:19	362496	----a-w-	c:\windows\system32\wow64win.dll
2012-08-20 18:48 . 2012-10-10 13:19	243200	----a-w-	c:\windows\system32\wow64.dll
2012-08-20 18:48 . 2012-10-10 13:19	13312	----a-w-	c:\windows\system32\wow64cpu.dll
2012-08-20 18:48 . 2012-10-10 13:19	215040	----a-w-	c:\windows\system32\winsrv.dll
2012-08-20 18:48 . 2012-10-10 13:19	16384	----a-w-	c:\windows\system32\ntvdm64.dll
2012-08-20 18:48 . 2012-10-10 13:19	424448	----a-w-	c:\windows\system32\KernelBase.dll
2012-08-20 18:48 . 2012-10-10 13:19	1162240	----a-w-	c:\windows\system32\kernel32.dll
2012-08-20 18:46 . 2012-10-10 13:19	338432	----a-w-	c:\windows\system32\conhost.exe
2012-08-20 18:38 . 2012-10-10 13:19	4608	---ha-w-	c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 13:19	4608	---ha-w-	c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 13:19	4096	---ha-w-	c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 13:19	4096	---ha-w-	c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 13:19	3584	---ha-w-	c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 13:19	3584	---ha-w-	c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 13:19	3072	---ha-w-	c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 13:19	3072	---ha-w-	c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 13:19	6144	---ha-w-	c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 13:19	4096	---ha-w-	c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 13:19	4096	---ha-w-	c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 13:19	3584	---ha-w-	c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 13:19	3584	---ha-w-	c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 13:19	3584	---ha-w-	c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 13:19	3584	---ha-w-	c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 13:19	3072	---ha-w-	c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 13:19	3072	---ha-w-	c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 13:19	3584	---ha-w-	c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 13:19	3072	---ha-w-	c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 13:19	3072	---ha-w-	c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 13:19	3072	---ha-w-	c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 13:19	5120	---ha-w-	c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 13:19	3072	---ha-w-	c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 13:19	3072	---ha-w-	c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 13:19	3072	---ha-w-	c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 13:19	3072	---ha-w-	c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 13:19	3072	---ha-w-	c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 13:19	3072	---ha-w-	c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-08-20 17:40 . 2012-10-10 13:19	14336	----a-w-	c:\windows\SysWow64\ntvdm64.dll
2012-08-20 17:38 . 2012-10-10 13:19	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2012-08-20 17:38 . 2012-10-10 13:19	25600	----a-w-	c:\windows\SysWow64\setup16.exe
2012-08-20 17:37 . 2012-10-10 13:19	5120	----a-w-	c:\windows\SysWow64\wow32.dll
2012-08-20 17:37 . 2012-10-10 13:19	274944	----a-w-	c:\windows\SysWow64\KernelBase.dll
2012-08-20 17:32 . 2012-10-10 13:19	5120	---ha-w-	c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 13:19	4608	---ha-w-	c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 13:19	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	64792	----a-w-	c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	64792	----a-w-	c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	64792	----a-w-	c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	64792	----a-w-	c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	64792	----a-w-	c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	64792	----a-w-	c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	64792	----a-w-	c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	64792	----a-w-	c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	64792	----a-w-	c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36	94208	----a-w-	c:\users\weh\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36	94208	----a-w-	c:\users\weh\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36	94208	----a-w-	c:\users\weh\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36	94208	----a-w-	c:\users\weh\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-11 287800]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-11-21 106496]
"IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2009-11-04 111640]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"KeePass 2 PreLoad"="c:\program files (x86)\KeePass Password Safe 2\KeePass.exe" [2011-01-02 1670656]
"HPUsageTracking"="c:\program files (x86)\HP\HP UT\bin\hppusg.exe" [2009-05-11 24576]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-09 348664]
"WirelessUSBManager"="c:\program files (x86)\devolo Vianect AIR Manager\Components\WirelessUSBManager\WirelessUSBManager.exe" [2010-07-05 3404624]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
.
c:\users\weh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\weh\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
Launchy.lnk - c:\program files (x86)\Launchy\Launchy.exe [2011-2-1 380928]
network.bat [2011-2-2 111]
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-4 1081632]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
Monitor Apache Servers.lnk - c:\program files (x86)\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe [2010-10-18 41051]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages	REG_MULTI_SZ   	DPPassFilter scecli
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
R2 AntiVirMailService;Avira Mail Protection;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe [2012-05-14 375760]
R2 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2012-05-14 465360]
R2 Apache2.2;Apache2.2;c:\program files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe [2010-10-18 20549]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2009-11-19 102968]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2009-11-19 102968]
R2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [2009-10-26 61952]
R2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys [2009-10-29 79360]
R2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys [2009-09-28 55808]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-06-01 2337144]
R2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-02-23 2886528]
R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-11-04 2320920]
R2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2009-10-22 2019120]
R3 Apache CouchDB01cbce7481a03700;Apache CouchDB;c:\software\ApacheSoftwareFoundation\CouchDB\erts-5.8\bin\erlsrv.exe [2010-08-11 158208]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-09-17 35104]
R3 CamDrL64;Logitech QuickCam Pro 3000(PID_08B0);c:\windows\system32\DRIVERS\CamDrL64.sys [2007-02-03 955680]
R3 DisplayLinkUsbPort;DisplayLink USB Device;c:\windows\system32\DRIVERS\DisplayLinkUsbPort_6.1.32700.0.sys [2012-05-08 17408]
R3 DLCopyFilter;DLCopyFilter;c:\windows\system32\Drivers\wsr_tbf.sys [2010-02-21 51712]
R3 domain1;domain1 GlassFish Server;c:\program files\GlassFish\EnterpriseServer 3.0\glassfish\domains\domain1\bin\domain1Service.exe [2011-02-14 30208]
R3 DWA;Wireless USB Device Adapter;c:\windows\system32\DRIVERS\WSR_DWA.SYS [2010-05-10 543232]
R3 hwa;Wireless USB Host Adapter;c:\windows\system32\DRIVERS\WSR_HWA.SYS [2010-05-10 916480]
R3 HWARadio;Wireless USB Host Radio;c:\windows\system32\DRIVERS\WSR_RCI.SYS [2010-05-10 162304]
R3 kqemu;KQEMU virtualisation module for QEMU;c:\windows\system32\DRIVERS\kqemu.sys [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x]
R3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys [x]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [x]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [x]
R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2010-01-13 7675392]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35344]
R3 postgresql-x64-9.0;postgresql-x64-9.0 - PostgreSQL Server 9.0;C:/Program Files/PostgreSQL/9.0/bin/pg_ctl.exe runservice -N postgresql-x64-9.0 -D C:/Program Files/PostgreSQL/9.0/data -w [x]
R3 SaiK0CCB;SaiK0CCB;c:\windows\system32\DRIVERS\SaiK0CCB.sys [2010-08-10 171016]
R3 SaiU0CCB;SaiU0CCB;c:\windows\system32\DRIVERS\SaiU0CCB.sys [2010-08-10 41096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2011-01-18 154256]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-02 1255736]
R3 WSR_USF;Debug1;c:\windows\system32\Drivers\WSR_USF.sys [2010-05-10 48640]
S0 dlkmdldr;dlkmdldr;c:\windows\system32\drivers\dlkmdldr.sys [2012-04-11 15184]
S0 SafeBoot;SafeBoot; [x]
S0 SbAlg;SbAlg; [x]
S0 SbFsLock;SbFsLock; [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-11 27760]
S1 RsvLock;RsvLock; [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2011-01-18 226448]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2011-01-18 54864]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\AESTSr64.exe [2009-03-03 89600]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-14 86224]
S2 CableAssociation;CableAssociation;c:\program files (x86)\devolo Vianect AIR Manager\Components\Association\CableAssociation.exe [2010-07-05 1454920]
S2 DisplayLinkService;DisplayLinkManager;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe [2012-04-11 8498608]
S2 HP ProtectTools Service;HP ProtectTools Service;c:\program files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [2009-11-18 36864]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2009-11-11 277096]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 30520]
S2 ktupdaterservice;Kerio Updater Service;c:\program files (x86)\Kerio\UpdaterService\ktupdaterservice.exe [2012-08-12 729088]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000]
S3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;c:\windows\system32\DRIVERS\BazisVirtualCDBus.sys [2011-08-08 198480]
S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
S3 DEBridge;DEBridge;c:\program files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe [2009-11-11 704512]
S3 dlkmd;dlkmd;c:\windows\system32\drivers\dlkmd.sys [2012-04-11 301904]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [2012-02-02 509104]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 151936]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [2010-08-24 74320]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [2010-08-24 13392]
S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [2007-02-03 58528]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2009-11-21 75776]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2009-11-21 177152]
S3 rismcx64;RICOH Smart Card Reader;c:\windows\system32\DRIVERS\rismcx64.sys [2009-07-20 59008]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2011-01-18 173840]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-11-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 08:13]
.
2012-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-11 13:43]
.
2012-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-11 13:43]
.
2012-11-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3629986181-1509596615-2328272075-1000Core.job
- c:\users\weh\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-17 12:09]
.
2012-11-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3629986181-1509596615-2328272075-1000UA.job
- c:\users\weh\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-17 12:09]
.
2012-11-01 c:\windows\Tasks\HPCeeScheduleForweh.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 21:15]
.
2012-11-02 c:\windows\Tasks\SyncBack weh-data.job
- c:\program files (x86)\2BrightSparks\SyncBack\SyncBack.exe [2011-02-02 14:42]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	75544	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	75544	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	75544	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	75544	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	75544	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	75544	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	75544	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	75544	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	75544	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36	97792	----a-w-	c:\users\weh\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36	97792	----a-w-	c:\users\weh\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36	97792	----a-w-	c:\users\weh\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36	97792	----a-w-	c:\users\weh\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2010-04-05 186904]
"HPPowerAssistant"="c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe" [2009-11-19 1690680]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe" [2009-11-19 363064]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-01-29 487424]
"HP Color LaserJet CM2320 MFP Series Fax"="c:\program files (x86)\HP\HP Color LaserJet CM2320 MFP Series\hppfaxprintersrv.exe" [2009-09-22 3700736]
"ProfilerU"="c:\program files\Saitek\SD6\Software\ProfilerU.exe" [2010-07-29 310272]
"SaiMfd"="c:\program files\Saitek\SD6\Software\SaiMfd.exe" [2010-07-29 158208]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1680976]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-01-30 446392]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-09-07 1694016]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://local.kueng-automobile.ch/
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://www.bing.com
mStart Page = hxxp://www.bing.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.10.1
TCP: Interfaces\{22E969A9-1727-48F8-BD63-EE822EE53033}: NameServer = 192.168.10.1,82.237.169.10
FF - ProfilePath - c:\users\weh\AppData\Roaming\Mozilla\Firefox\Profiles\pfaihdbd.default\
FF - prefs.js: browser.startup.homepage - hxxp://localhost:8080/mastertool-proto/
FF - ExtSQL: 2012-10-22 16:32; jsonview@brh.numbera.com; c:\users\weh\AppData\Roaming\Mozilla\Firefox\Profiles\pfaihdbd.default\extensions\jsonview@brh.numbera.com.xpi
.
.
------- Dateityp-Verknüpfung -------
.
.txt=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKLM-Run-LogitechVideoCallServer(E) - c:\program files (x86)\ETH Zürich\ETH Zürich PolyPhone\LogitechVideoCallServer.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\postgresql-x64-9.0]
"ImagePath"="C:/Program Files/PostgreSQL/9.0/bin/pg_ctl.exe runservice -N \"postgresql-x64-9.0\" -D \"C:/Program Files/PostgreSQL/9.0/data\" -w"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MySQL]
"ImagePath"="\"c:\software\Mysql5.5\bin\mysqld\" --defaults-file=\"c:\software\Mysql5.5\my.ini\" MySQL"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\postgresql-x64-9.0]
"ImagePath"="C:/Program Files/PostgreSQL/9.0/bin/pg_ctl.exe runservice -N \"postgresql-x64-9.0\" -D \"C:/Program Files/PostgreSQL/9.0/data\" -w"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
   89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{395610AE-C624-4F58-B89E-23733EA00F9A}"=hex:51,66,7a,6c,4c,1d,38,12,c0,13,45,
   3d,16,88,36,0a,c7,88,60,33,3b,fe,4b,8e
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
   76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
   aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
   b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{CC7E636D-39AA-49B6-B511-65413DA137A1}"=hex:51,66,7a,6c,4c,1d,38,12,03,60,6d,
   c8,98,77,d8,0c,ca,07,26,01,38,ff,73,b5
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
   d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
   2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{A202B231-EF71-4A08-BDB9-4CE5AE8BDE0A}"=hex:51,66,7a,6c,4c,1d,38,12,5f,b1,11,
   a6,43,a1,66,0f,c2,af,0f,a5,ab,d5,9a,1e
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:08,24,7e,eb,33,78,cc,01
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.bin
c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-11-14  17:35:02 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-11-14 16:35
.
Vor Suchlauf: 72'413'835'264 bytes free
Nach Suchlauf: 80'602'996'736 bytes free
.
- - End Of File - - 9FD13DA06ED08342E13305360A28FF1A

Psychotic · 15.11.2012, 08:03

Schritt 1: CF-Script

Hinweis für Mitleser:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von einem der folgenden Download-Spiegel neu herunter:

BleepingComputer.com - ForoSpyware.com

und speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!

Drücke die Windows + R Taste --> Notepad (hinein schreiben) --> OK

Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.

Code:

ATTFilter

FOLDER::
C:\$Recycle.Bin\S-1-5-18\$927d5344adb0f1659c13d77b24a97d2e
REGISTRY::
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
""="C:\Windows\SysNative\wbem\fastprox.dll"
"ThreadingModel"="Free"
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
"ThreadingModel"="Both"
""="C:\Windows\SysNative\wbem\fastprox.dll"
CLEARJAVACACHE::

Speichere dies als CFScript.txt auf Deinem Desktop.

Wichtig:

Stelle deine Anti Viren Software temprär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
Danach wieder anstellen nicht vergessen!
Bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein.
Dies kann dazu führen, dass ComboFix sich aufhängt.
Schließe alle laufenden Programme. Gehe sicher das ComboFix ungehindert arbeiten kann.
Mache nichts am PC solange ComboFix läuft.

In Bezug auf obiges Bild, ziehe CFScript.txt in die ComboFix.exe
Wenn ComboFix fertig ist, wird es ein Log erstellen, C:\ComboFix.txt. Bitte füge es hier als Antwort ein.

Falls im Skript die Anweisung Suspect:: oder Collect:: enthalten ist, wird eine Message-Box erscheinen, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen.

Schritt 2: MBAM

Downloade Dir bitte Malwarebytes

Installiere das Programm in den vorgegebenen Pfad.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung
Wenn das Update beendet wurde, aktiviere Quick-Scan durchführen und drücke auf Scannen.
Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
Nachträglich kannst du den Bericht unter "Log Dateien" finden.

weh · 15.11.2012, 09:48

Malwarebytes lässt sich nicht aktualisieren: PROGRAM_ERROR_UPDATING (0,0,Net Exception)

ich habe nach dieser Anleitung die Datenbank via mbam_rules.exe aktualisiert.
http://www.trojaner-board.de/51187-a...i-malware.html

Combofix:

Code:

ATTFilter

ComboFix 12-11-14.01 - weh 15.11.2012   9:13.2.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.41.1033.18.3951.2088 [GMT 1:00]
ausgeführt von:: c:\users\weh\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\weh\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-10-15 bis 2012-11-15  ))))))))))))))))))))))))))))))
.
.
2012-11-15 08:26 . 2012-11-15 08:26	--------	d-----w-	c:\users\postgres\AppData\Local\temp
2012-11-15 08:26 . 2012-11-15 08:26	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-11-14 10:10 . 2011-10-18 09:17	741184	----a-w-	c:\windows\system32\easyupdatusapiu64.dll
2012-11-14 10:09 . 2012-11-14 10:10	--------	d-----w-	C:\NVIDIA
2012-11-13 21:28 . 2012-11-13 21:28	--------	d-----w-	c:\program files (x86)\ESET
2012-11-13 18:02 . 2012-11-13 18:02	--------	d-----w-	c:\users\weh\AppData\Roaming\Malwarebytes
2012-11-13 18:01 . 2012-11-13 18:01	--------	d-----w-	c:\programdata\Malwarebytes
2012-11-13 18:01 . 2012-09-29 18:54	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-11-13 04:28 . 2012-11-13 04:28	69000	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{7F37D0E5-17D7-4CA2-AAB0-81FB5DCEEBAB}\offreg.dll
2012-11-09 19:48 . 2012-11-09 19:48	--------	d-----w-	c:\users\weh\.openshift
2012-11-09 18:46 . 2012-11-09 18:46	--------	d-----w-	c:\users\weh\AppData\Roaming\LibreOffice
2012-11-09 12:38 . 2012-10-12 07:19	9291768	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{7F37D0E5-17D7-4CA2-AAB0-81FB5DCEEBAB}\mpengine.dll
2012-11-08 08:46 . 2012-11-08 08:48	--------	d-----w-	c:\users\weh\AppData\Roaming\NetBeans
2012-11-08 08:46 . 2012-11-08 08:46	--------	d-----w-	c:\users\weh\AppData\Local\NetBeans
2012-11-08 07:49 . 2012-11-13 09:46	--------	d-----w-	c:\program files\NetBeans 7.2.1
2012-11-05 14:38 . 2012-11-06 12:07	--------	d-----w-	c:\program files\sges-v3
2012-11-05 14:37 . 2012-11-05 14:38	--------	d-----w-	c:\program files\NetBeans 6.8
2012-11-01 12:33 . 2012-11-01 12:44	--------	d-----w-	c:\users\weh\AppData\Roaming\calibre
2012-11-01 07:41 . 2012-11-01 07:41	--------	d-----w-	c:\users\weh\AppData\Roaming\Veodin
2012-10-25 02:12 . 2012-10-25 02:12	94208	----a-w-	c:\windows\SysWow64\QuickTimeVR.qtx
2012-10-25 02:12 . 2012-10-25 02:12	69632	----a-w-	c:\windows\SysWow64\QuickTime.qts
2012-10-23 08:50 . 2012-10-23 08:50	--------	d-----w-	c:\users\weh\hpremote
2012-10-18 14:43 . 2012-10-18 14:43	--------	d-----w-	c:\users\weh\target
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-07 12:16 . 2011-10-18 07:56	140936	----a-w-	c:\windows\system32\drivers\avfwot.sys
2012-11-07 12:16 . 2011-10-18 07:56	114168	----a-w-	c:\windows\system32\drivers\avfwim.sys
2012-10-10 16:57 . 2011-02-03 07:54	65309168	----a-w-	c:\windows\system32\MRT.exe
2012-10-09 08:13 . 2012-03-30 07:26	696760	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-09 08:13 . 2011-05-20 06:28	73656	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-09 08:13 . 2012-08-15 10:13	10220472	----a-w-	c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-09-20 15:02 . 2012-09-20 15:02	1832760	----a-w-	c:\windows\system32\LogiLDA.DLL
2012-09-14 19:19 . 2012-10-10 13:18	2048	----a-w-	c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-10 13:18	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2012-09-06 07:55 . 2012-09-06 07:55	108008	----a-w-	c:\windows\system32\WindowsAccessBridge-64.dll
2012-09-06 07:55 . 2012-06-14 09:06	289768	----a-w-	c:\windows\system32\javaws.exe
2012-09-06 07:55 . 2012-06-14 09:06	1034216	----a-w-	c:\windows\system32\npDeployJava1.dll
2012-09-06 07:55 . 2011-02-01 10:38	916456	----a-w-	c:\windows\system32\deployJava1.dll
2012-09-06 07:55 . 2011-02-01 10:38	189416	----a-w-	c:\windows\system32\javaw.exe
2012-09-06 07:55 . 2011-02-01 10:38	188904	----a-w-	c:\windows\system32\java.exe
2012-09-06 07:38 . 2012-09-06 07:38	95208	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-06 07:38 . 2012-09-05 18:47	821736	----a-w-	c:\windows\SysWow64\npdeployJava1.dll
2012-09-06 07:38 . 2011-02-23 16:21	746984	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-08-31 18:19 . 2012-10-10 13:19	1659760	----a-w-	c:\windows\system32\drivers\ntfs.sys
2012-08-30 18:03 . 2012-10-10 13:19	5559664	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-08-30 17:12 . 2012-10-10 13:19	3968880	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12 . 2012-10-10 13:19	3914096	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2012-08-24 18:05 . 2012-10-10 13:18	220160	----a-w-	c:\windows\system32\wintrust.dll
2012-08-24 16:57 . 2012-10-10 13:18	172544	----a-w-	c:\windows\SysWow64\wintrust.dll
2012-08-24 11:15 . 2012-09-23 01:00	17810944	----a-w-	c:\windows\system32\mshtml.dll
2012-08-24 10:39 . 2012-09-23 01:00	10925568	----a-w-	c:\windows\system32\ieframe.dll
2012-08-24 10:31 . 2012-09-23 01:00	2312704	----a-w-	c:\windows\system32\jscript9.dll
2012-08-24 10:22 . 2012-09-23 01:00	1346048	----a-w-	c:\windows\system32\urlmon.dll
2012-08-24 10:21 . 2012-09-23 01:00	1392128	----a-w-	c:\windows\system32\wininet.dll
2012-08-24 10:20 . 2012-09-23 01:00	1494528	----a-w-	c:\windows\system32\inetcpl.cpl
2012-08-24 10:18 . 2012-09-23 01:00	237056	----a-w-	c:\windows\system32\url.dll
2012-08-24 10:17 . 2012-09-23 01:00	85504	----a-w-	c:\windows\system32\jsproxy.dll
2012-08-24 10:14 . 2012-09-23 01:00	173056	----a-w-	c:\windows\system32\ieUnatt.exe
2012-08-24 10:14 . 2012-09-23 01:00	816640	----a-w-	c:\windows\system32\jscript.dll
2012-08-24 10:13 . 2012-09-23 01:00	599040	----a-w-	c:\windows\system32\vbscript.dll
2012-08-24 10:12 . 2012-09-23 01:00	2144768	----a-w-	c:\windows\system32\iertutil.dll
2012-08-24 10:11 . 2012-09-23 01:00	729088	----a-w-	c:\windows\system32\msfeeds.dll
2012-08-24 10:10 . 2012-09-23 01:00	96768	----a-w-	c:\windows\system32\mshtmled.dll
2012-08-24 10:09 . 2012-09-23 01:00	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2012-08-24 10:04 . 2012-09-23 01:00	248320	----a-w-	c:\windows\system32\ieui.dll
2012-08-24 06:59 . 2012-09-23 01:00	1800704	----a-w-	c:\windows\SysWow64\jscript9.dll
2012-08-24 06:51 . 2012-09-23 01:00	1129472	----a-w-	c:\windows\SysWow64\wininet.dll
2012-08-24 06:51 . 2012-09-23 01:00	1427968	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2012-08-24 06:47 . 2012-09-23 01:00	142848	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2012-08-24 06:47 . 2012-09-23 01:00	420864	----a-w-	c:\windows\SysWow64\vbscript.dll
2012-08-24 06:43 . 2012-09-23 01:00	2382848	----a-w-	c:\windows\SysWow64\mshtml.tlb
2012-08-22 18:12 . 2012-09-12 07:35	1913200	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-12 07:35	950128	----a-w-	c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-12 07:35	376688	----a-w-	c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-12 07:35	288624	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 21:01 . 2012-09-26 09:03	245760	----a-w-	c:\windows\system32\OxpsConverter.exe
2012-08-21 11:01 . 2012-10-10 15:13	33240	----a-w-	c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-21 11:01 . 2012-08-21 11:01	125872	----a-w-	c:\windows\system32\GEARAspi64.dll
2012-08-21 11:01 . 2012-08-21 11:01	106928	----a-w-	c:\windows\SysWow64\GEARAspi.dll
2012-08-20 18:48 . 2012-10-10 13:19	362496	----a-w-	c:\windows\system32\wow64win.dll
2012-08-20 18:48 . 2012-10-10 13:19	243200	----a-w-	c:\windows\system32\wow64.dll
2012-08-20 18:48 . 2012-10-10 13:19	13312	----a-w-	c:\windows\system32\wow64cpu.dll
2012-08-20 18:48 . 2012-10-10 13:19	215040	----a-w-	c:\windows\system32\winsrv.dll
2012-08-20 18:48 . 2012-10-10 13:19	16384	----a-w-	c:\windows\system32\ntvdm64.dll
2012-08-20 18:48 . 2012-10-10 13:19	424448	----a-w-	c:\windows\system32\KernelBase.dll
2012-08-20 18:48 . 2012-10-10 13:19	1162240	----a-w-	c:\windows\system32\kernel32.dll
2012-08-20 18:46 . 2012-10-10 13:19	338432	----a-w-	c:\windows\system32\conhost.exe
2012-08-20 18:38 . 2012-10-10 13:19	4608	---ha-w-	c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 13:19	4608	---ha-w-	c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 13:19	4096	---ha-w-	c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 13:19	4096	---ha-w-	c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 13:19	3584	---ha-w-	c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 13:19	3584	---ha-w-	c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 13:19	3072	---ha-w-	c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 13:19	3072	---ha-w-	c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 13:19	6144	---ha-w-	c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 13:19	4096	---ha-w-	c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 13:19	4096	---ha-w-	c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 13:19	3584	---ha-w-	c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 13:19	3584	---ha-w-	c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 13:19	3584	---ha-w-	c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 13:19	3584	---ha-w-	c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 13:19	3072	---ha-w-	c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 13:19	3072	---ha-w-	c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 13:19	3584	---ha-w-	c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 13:19	3072	---ha-w-	c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 13:19	3072	---ha-w-	c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 13:19	3072	---ha-w-	c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 13:19	5120	---ha-w-	c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 13:19	3072	---ha-w-	c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 13:19	3072	---ha-w-	c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 13:19	3072	---ha-w-	c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 13:19	3072	---ha-w-	c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 13:19	3072	---ha-w-	c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 13:19	3072	---ha-w-	c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-08-20 17:40 . 2012-10-10 13:19	14336	----a-w-	c:\windows\SysWow64\ntvdm64.dll
2012-08-20 17:38 . 2012-10-10 13:19	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2012-08-20 17:38 . 2012-10-10 13:19	25600	----a-w-	c:\windows\SysWow64\setup16.exe
2012-08-20 17:37 . 2012-10-10 13:19	5120	----a-w-	c:\windows\SysWow64\wow32.dll
2012-08-20 17:37 . 2012-10-10 13:19	274944	----a-w-	c:\windows\SysWow64\KernelBase.dll
2012-08-20 17:32 . 2012-10-10 13:19	5120	---ha-w-	c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 13:19	4608	---ha-w-	c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 13:19	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 13:19	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 13:19	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	64792	----a-w-	c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	64792	----a-w-	c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	64792	----a-w-	c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	64792	----a-w-	c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	64792	----a-w-	c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	64792	----a-w-	c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	64792	----a-w-	c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	64792	----a-w-	c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	64792	----a-w-	c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36	94208	----a-w-	c:\users\weh\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36	94208	----a-w-	c:\users\weh\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36	94208	----a-w-	c:\users\weh\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36	94208	----a-w-	c:\users\weh\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-11 287800]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-11-21 106496]
"IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2009-11-04 111640]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"KeePass 2 PreLoad"="c:\program files (x86)\KeePass Password Safe 2\KeePass.exe" [2011-01-02 1670656]
"HPUsageTracking"="c:\program files (x86)\HP\HP UT\bin\hppusg.exe" [2009-05-11 24576]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-09 348664]
"WirelessUSBManager"="c:\program files (x86)\devolo Vianect AIR Manager\Components\WirelessUSBManager\WirelessUSBManager.exe" [2010-07-05 3404624]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
.
c:\users\weh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\weh\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
Launchy.lnk - c:\program files (x86)\Launchy\Launchy.exe [2011-2-1 380928]
network.bat [2011-2-2 111]
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-4 1081632]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
Monitor Apache Servers.lnk - c:\program files (x86)\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe [2010-10-18 41051]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages	REG_MULTI_SZ   	DPPassFilter scecli
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
R2 AntiVirMailService;Avira Mail Protection;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe [2012-05-14 375760]
R2 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2012-05-14 465360]
R2 Apache2.2;Apache2.2;c:\program files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe [2010-10-18 20549]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [2009-10-26 61952]
R2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys [2009-10-29 79360]
R2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys [2009-09-28 55808]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-06-01 2337144]
R2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-02-23 2886528]
R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-11-04 2320920]
R2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2009-10-22 2019120]
R3 Apache CouchDB01cbce7481a03700;Apache CouchDB;c:\software\ApacheSoftwareFoundation\CouchDB\erts-5.8\bin\erlsrv.exe [2010-08-11 158208]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-09-17 35104]
R3 CamDrL64;Logitech QuickCam Pro 3000(PID_08B0);c:\windows\system32\DRIVERS\CamDrL64.sys [2007-02-03 955680]
R3 DisplayLinkUsbPort;DisplayLink USB Device;c:\windows\system32\DRIVERS\DisplayLinkUsbPort_6.1.32700.0.sys [2012-05-08 17408]
R3 DLCopyFilter;DLCopyFilter;c:\windows\system32\Drivers\wsr_tbf.sys [2010-02-21 51712]
R3 domain1;domain1 GlassFish Server;c:\program files\GlassFish\EnterpriseServer 3.0\glassfish\domains\domain1\bin\domain1Service.exe [2011-02-14 30208]
R3 DWA;Wireless USB Device Adapter;c:\windows\system32\DRIVERS\WSR_DWA.SYS [2010-05-10 543232]
R3 hwa;Wireless USB Host Adapter;c:\windows\system32\DRIVERS\WSR_HWA.SYS [2010-05-10 916480]
R3 HWARadio;Wireless USB Host Radio;c:\windows\system32\DRIVERS\WSR_RCI.SYS [2010-05-10 162304]
R3 kqemu;KQEMU virtualisation module for QEMU;c:\windows\system32\DRIVERS\kqemu.sys [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x]
R3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys [x]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [x]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [x]
R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2010-01-13 7675392]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35344]
R3 postgresql-x64-9.0;postgresql-x64-9.0 - PostgreSQL Server 9.0;C:/Program Files/PostgreSQL/9.0/bin/pg_ctl.exe runservice -N postgresql-x64-9.0 -D C:/Program Files/PostgreSQL/9.0/data -w [x]
R3 SaiK0CCB;SaiK0CCB;c:\windows\system32\DRIVERS\SaiK0CCB.sys [2010-08-10 171016]
R3 SaiU0CCB;SaiU0CCB;c:\windows\system32\DRIVERS\SaiU0CCB.sys [2010-08-10 41096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2011-01-18 154256]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-02 1255736]
R3 WSR_USF;Debug1;c:\windows\system32\Drivers\WSR_USF.sys [2010-05-10 48640]
S0 dlkmdldr;dlkmdldr;c:\windows\system32\drivers\dlkmdldr.sys [2012-04-11 15184]
S0 SafeBoot;SafeBoot; [x]
S0 SbAlg;SbAlg; [x]
S0 SbFsLock;SbFsLock; [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-11 27760]
S1 RsvLock;RsvLock; [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2011-01-18 226448]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2011-01-18 54864]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\AESTSr64.exe [2009-03-03 89600]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-14 86224]
S2 CableAssociation;CableAssociation;c:\program files (x86)\devolo Vianect AIR Manager\Components\Association\CableAssociation.exe [2010-07-05 1454920]
S2 DisplayLinkService;DisplayLinkManager;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe [2012-04-11 8498608]
S2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2009-11-19 102968]
S2 HP ProtectTools Service;HP ProtectTools Service;c:\program files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [2009-11-18 36864]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2009-11-19 102968]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2009-11-11 277096]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 30520]
S2 ktupdaterservice;Kerio Updater Service;c:\program files (x86)\Kerio\UpdaterService\ktupdaterservice.exe [2012-08-12 729088]
S3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;c:\windows\system32\DRIVERS\BazisVirtualCDBus.sys [2011-08-08 198480]
S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
S3 DEBridge;DEBridge;c:\program files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe [2009-11-11 704512]
S3 dlkmd;dlkmd;c:\windows\system32\drivers\dlkmd.sys [2012-04-11 301904]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [2012-02-02 509104]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 151936]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [2010-08-24 74320]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [2010-08-24 13392]
S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [2007-02-03 58528]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2009-11-21 75776]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2009-11-21 177152]
S3 rismcx64;RICOH Smart Card Reader;c:\windows\system32\DRIVERS\rismcx64.sys [2009-07-20 59008]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2011-01-18 173840]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-11-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 08:13]
.
2012-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-11 13:43]
.
2012-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-11 13:43]
.
2012-11-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3629986181-1509596615-2328272075-1000Core.job
- c:\users\weh\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-17 12:09]
.
2012-11-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3629986181-1509596615-2328272075-1000UA.job
- c:\users\weh\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-17 12:09]
.
2012-11-01 c:\windows\Tasks\HPCeeScheduleForweh.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 21:15]
.
2012-11-02 c:\windows\Tasks\SyncBack weh-data.job
- c:\program files (x86)\2BrightSparks\SyncBack\SyncBack.exe [2011-02-02 14:42]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	75544	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	75544	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	75544	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	75544	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	75544	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	75544	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	75544	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	75544	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	75544	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36	97792	----a-w-	c:\users\weh\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36	97792	----a-w-	c:\users\weh\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36	97792	----a-w-	c:\users\weh\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36	97792	----a-w-	c:\users\weh\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2010-04-05 186904]
"HPPowerAssistant"="c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe" [2009-11-19 1690680]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe" [2009-11-19 363064]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-01-29 487424]
"HP Color LaserJet CM2320 MFP Series Fax"="c:\program files (x86)\HP\HP Color LaserJet CM2320 MFP Series\hppfaxprintersrv.exe" [2009-09-22 3700736]
"ProfilerU"="c:\program files\Saitek\SD6\Software\ProfilerU.exe" [2010-07-29 310272]
"SaiMfd"="c:\program files\Saitek\SD6\Software\SaiMfd.exe" [2010-07-29 158208]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1680976]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-01-30 446392]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-09-07 1694016]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = https://www.google.ch/
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://www.bing.com
mStart Page = hxxp://www.bing.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.10.1
TCP: Interfaces\{22E969A9-1727-48F8-BD63-EE822EE53033}: NameServer = 192.168.10.1,82.237.169.10
FF - ProfilePath - c:\users\weh\AppData\Roaming\Mozilla\Firefox\Profiles\pfaihdbd.default\
FF - prefs.js: browser.startup.homepage - hxxp://localhost:8080/mastertool-proto/
FF - ExtSQL: 2012-10-22 16:32; jsonview@brh.numbera.com; c:\users\weh\AppData\Roaming\Mozilla\Firefox\Profiles\pfaihdbd.default\extensions\jsonview@brh.numbera.com.xpi
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\postgresql-x64-9.0]
"ImagePath"="C:/Program Files/PostgreSQL/9.0/bin/pg_ctl.exe runservice -N \"postgresql-x64-9.0\" -D \"C:/Program Files/PostgreSQL/9.0/data\" -w"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MySQL]
"ImagePath"="\"c:\software\Mysql5.5\bin\mysqld\" --defaults-file=\"c:\software\Mysql5.5\my.ini\" MySQL"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\postgresql-x64-9.0]
"ImagePath"="C:/Program Files/PostgreSQL/9.0/bin/pg_ctl.exe runservice -N \"postgresql-x64-9.0\" -D \"C:/Program Files/PostgreSQL/9.0/data\" -w"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
   89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{395610AE-C624-4F58-B89E-23733EA00F9A}"=hex:51,66,7a,6c,4c,1d,38,12,c0,13,45,
   3d,16,88,36,0a,c7,88,60,33,3b,fe,4b,8e
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
   76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
   aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
   b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{CC7E636D-39AA-49B6-B511-65413DA137A1}"=hex:51,66,7a,6c,4c,1d,38,12,03,60,6d,
   c8,98,77,d8,0c,ca,07,26,01,38,ff,73,b5
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
   d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
   2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{A202B231-EF71-4A08-BDB9-4CE5AE8BDE0A}"=hex:51,66,7a,6c,4c,1d,38,12,5f,b1,11,
   a6,43,a1,66,0f,c2,af,0f,a5,ab,d5,9a,1e
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:08,24,7e,eb,33,78,cc,01
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-11-15  09:30:58
ComboFix-quarantined-files.txt  2012-11-15 08:30
ComboFix2.txt  2012-11-14 16:35
.
Vor Suchlauf: 80'811'585'536 bytes free
Nach Suchlauf: 80'309'661'696 bytes free
.
- - End Of File - - DF8FAE76A5D4ED90D6474B1AECB49D01

MBAM:

Code:

ATTFilter

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.12.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
weh :: WEHBOOK [administrator]

15.11.2012 09:41:37
mbam-log-2012-11-15 (09-41-37).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 230626
Time elapsed: 2 minute(s), 20 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Psychotic · 15.11.2012, 09:50

FSS

Downloade dir bitte Farbar's Service Scanner

Starte das Tool mit Doppelklick auf die FSS.exe
Gehe sicher, dass folgende Optionen angehakt sind.
- Windows Update
- Internet Services
- Windows Firewall
- System Restore
Klicke auf Scan.
Wenn das Tool fertig ist, wird es eine FSS.txt in dem Verzeichnis erstellen, wo das Tool gelaufen ist.

Poste bitte den Inhalt hier.

weh · 15.11.2012, 09:54

FSS:

Code:

ATTFilter

Farbar Service Scanner Version: 09-11-2012
Ran by weh (administrator) on 15-11-2012 at 09:53:02
Running from "C:\Users\weh\Desktop"
Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Attempt to access Local Host IP returned error: Localhost is blocked: Other errors
LAN connected.
Attempt to access Google IP returned error. Other errors
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo IP returned error. Other errors
Attempt to access Yahoo.com returned error: Other errors


Windows Firewall:
=============

Firewall Disabled Policy: 
==================


System Restore:
============

System Restore Disabled Policy: 
========================


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

Psychotic · 15.11.2012, 09:58

Neues OTL-Log

Doppelklick auf die OTL.exe
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in den Thread.

weh · 15.11.2012, 10:21

OTL:

Code:

ATTFilter

OTL logfile created on: 11/15/2012 10:01:10 AM - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\weh\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Switzerland | Language: DES | Date Format: dd.MM.yyyy
 
3.86 Gb Total Physical Memory | 1.39 Gb Available Physical Memory | 35.90% Memory free
7.72 Gb Paging File | 4.76 Gb Available in Paging File | 61.72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 280.79 Gb Total Space | 74.86 Gb Free Space | 26.66% Space Free | Partition Type: NTFS
Drive F: | 1.99 Gb Total Space | 1.98 Gb Free Space | 99.56% Space Free | Partition Type: FAT32
Drive S: | 149.04 Gb Total Space | 50.54 Gb Free Space | 33.91% Space Free | Partition Type: NTFS
 
Computer Name: WEHBOOK | User Name: weh | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\weh\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Kerio\UpdaterService\ktupdaterservice.exe (Kerio Technologies Inc.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
PRC - c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe (Hewlett-Packard Development Company, L.P)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe ( Hewlett-Packard Development Company, L.P.)
PRC - c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe (McAfee, Inc.)
PRC - c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe (McAfee, Inc.)
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (DisplayLinkService) -- C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe (DisplayLink Corp.)
SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard Company)
SRV:64bit: - (domain1) -- C:\Program Files\GlassFish\EnterpriseServer 3.0\glassfish\domains\domain1\bin\domain1Service.exe (Sun Microsystems, Inc.)
SRV:64bit: - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV:64bit: - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV:64bit: - (LBTServ) -- C:\Program Files\Common Files\logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV:64bit: - (postgresql-x64-9.0) -- C:\Program Files\PostgreSQL\9.0\bin\pg_ctl.exe (PostgreSQL Global Development Group)
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (DpHost) -- c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe (DigitalPersona, Inc.)
SRV:64bit: - (HP Power Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe (Hewlett-Packard)
SRV:64bit: - (HP Wireless Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Hewlett-Packard)
SRV:64bit: - (HpFkCryptService) -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe (McAfee, Inc.)
SRV:64bit: - (DEBridge) -- c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe (McAfee, Inc.)
SRV:64bit: - (vcsFPService) -- C:\Windows\SysNative\vcsFPService.exe (Validity Sensors, Inc.)
SRV:64bit: - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV:64bit: - (AgereModemAudio) -- C:\Program Files\LSI SoftModem\agr64svc.exe (LSI Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\AESTSr64.exe (Andrea Electronics Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (ktupdaterservice) -- C:\Program Files (x86)\Kerio\UpdaterService\ktupdaterservice.exe (Kerio Technologies Inc.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirMailService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
SRV - (TeamViewer6) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (MySQL) -- C:\Software\Mysql5.5\bin\mysqld.exe ()
SRV - (Apache CouchDB01cbce7481a03700) -- C:\Software\ApacheSoftwareFoundation\CouchDB\erts-5.8\bin\erlsrv.exe ()
SRV - (CableAssociation) -- C:\Program Files (x86)\devolo Vianect AIR Manager\Components\Association\CableAssociation.exe (Wisair Ltd.)
SRV - (rpcapd) -- C:\Program Files (x86)\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (IAANTMON) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (STacSV) -- C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\STacSV64.exe (IDT, Inc.)
SRV - (HP ProtectTools Service) -- c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe (Hewlett-Packard Development Company, L.P)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (vcsFPService) -- C:\Windows\SysWOW64\vcsFPService.exe (Validity Sensors, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (AESTFilters) -- C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\AESTSr64.exe (Andrea Electronics Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (DisplayLinkUsbPort) -- C:\Windows\SysNative\drivers\DisplayLinkUsbPort_6.1.32700.0.sys (hxxp://libusb-win32.sourceforge.net)
DRV:64bit: - (dlkmd) -- C:\Windows\SysNative\drivers\dlkmd.sys (DisplayLink Corp.)
DRV:64bit: - (dlkmdldr) -- C:\Windows\SysNative\drivers\dlkmdldr.sys (DisplayLink Corp.)
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (e1kexpress) -- C:\Windows\SysNative\drivers\e1k62x64.sys (Intel Corporation)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (BazisVirtualCDBus) -- C:\Windows\SysNative\drivers\BazisVirtualCDBus.sys (SysProgs.org)
DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard Company)
DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard Company)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys (Oracle Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidEqd) -- C:\Windows\SysNative\drivers\LHidEqd.sys (Logitech, Inc.)
DRV:64bit: - (LEqdUsb) -- C:\Windows\SysNative\drivers\LEqdUsb.sys (Logitech, Inc.)
DRV:64bit: - (SaiNtBus) -- C:\Windows\SysNative\drivers\SaiBus.sys (Saitek)
DRV:64bit: - (SaiMini) -- C:\Windows\SysNative\drivers\SaiMini.sys (Saitek)
DRV:64bit: - (SaiK0CCB) -- C:\Windows\SysNative\drivers\SaiK0CCB.sys (Saitek)
DRV:64bit: - (SaiU0CCB) -- C:\Windows\SysNative\drivers\SaiU0CCB.sys (Saitek)
DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (HWARadio) -- C:\Windows\SysNative\drivers\WSR_RCI.SYS ()
DRV:64bit: - (DWA) -- C:\Windows\SysNative\drivers\WSR_DWA.SYS ()
DRV:64bit: - (hwa) -- C:\Windows\SysNative\drivers\WSR_HWA.SYS ()
DRV:64bit: - (WSR_USF) -- C:\Windows\SysNative\drivers\WSR_USF.sys ()
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (DLCopyFilter) -- C:\Windows\SysNative\drivers\WSR_TBF.sys ()
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (NETw5s64) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation)
DRV:64bit: - (SNP2UVC) -- C:\Windows\SysNative\drivers\snp2uvc.sys ()
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (NEC Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (NEC Electronics Corporation)
DRV:64bit: - (SbFsLock) -- C:\windows\SysNative\drivers\SbFsLock.sys (McAfee, Inc.)
DRV:64bit: - (RsvLock) -- C:\windows\SysNative\drivers\RsvLock.sys (McAfee, Inc.)
DRV:64bit: - (SafeBoot) -- C:\windows\SysNative\drivers\SafeBoot.sys ()
DRV:64bit: - (risdpcie) -- C:\Windows\SysNative\drivers\risdpe64.sys (REDC)
DRV:64bit: - (rimspci) -- C:\Windows\SysNative\drivers\rimspe64.sys (REDC)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (rixdpcie) -- C:\Windows\SysNative\drivers\rixdpe64.sys (REDC)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corporation)
DRV:64bit: - (rismcx64) -- C:\Windows\SysNative\drivers\rismcx64.sys (RICOH Company, Ltd.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (rimmptsk) -- C:\Windows\SysNative\drivers\rimmpx64.sys (REDC)
DRV:64bit: - (rismxdp) -- C:\Windows\SysNative\drivers\rixdpx64.sys (REDC)
DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\drivers\rimspx64.sys (REDC)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (SbAlg) -- C:\windows\SysNative\drivers\SbAlg.sys (McAfee, Inc.)
DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV:64bit: - (LVUSBS64) -- C:\Windows\SysNative\drivers\LVUSBS64.sys (Logitech Inc.)
DRV:64bit: - (CamDrL64) -- C:\Windows\SysNative\drivers\CamDrL64.sys (Logitech Inc.)
DRV - (kqemu) -- C:\Windows\SysWOW64\drivers\kqemu.sys ()
DRV - (SbAlg) -- C:\windows\SysWow64\drivers\SbAlg.sys (McAfee, Inc.)
DRV - (SbFsLock) -- C:\windows\SysWow64\drivers\SbFsLock.sys (McAfee, Inc.)
DRV - (RsvLock) -- C:\windows\SysWow64\drivers\rsvlock.sys (McAfee, Inc.)
DRV - (SafeBoot) -- C:\windows\SysWow64\drivers\SafeBoot.sys (McAfee, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {E8E96765-A1D3-44EA-9102-639084622E71}
IE:64bit: - HKLM\..\SearchScopes\{E8E96765-A1D3-44EA-9102-639084622E71}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com
IE - HKLM\..\SearchScopes,DefaultScope = {E8E96765-A1D3-44EA-9102-639084622E71}
IE - HKLM\..\SearchScopes\{E8E96765-A1D3-44EA-9102-639084622E71}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-3629986181-1509596615-2328272075-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ch/
IE - HKU\S-1-5-21-3629986181-1509596615-2328272075-1000\..\SearchScopes,DefaultScope = {56A5D131-8A06-4305-B524-F456A810B422}
IE - HKU\S-1-5-21-3629986181-1509596615-2328272075-1000\..\SearchScopes\{56A5D131-8A06-4305-B524-F456A810B422}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-3629986181-1509596615-2328272075-1000\..\SearchScopes\{E8E96765-A1D3-44EA-9102-639084622E71}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-3629986181-1509596615-2328272075-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3629986181-1509596615-2328272075-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "hxxp://localhost:8080/mastertool-proto/"
FF - prefs.js..extensions.enabledAddons: info@elime.be:1.5
FF - prefs.js..extensions.enabledAddons: SQLiteManager@mrinalkant.blogspot.com:0.7.7
FF - prefs.js..extensions.enabledAddons: {6AC85730-7D0F-4de0-B3FA-21142DD85326}:2.8
FF - prefs.js..extensions.enabledAddons: {75CEEE46-9B64-46f8-94BF-54012DE155F0}:0.4.10
FF - prefs.js..extensions.enabledAddons: {8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}:0.17
FF - prefs.js..extensions.enabledAddons: {9c51bd27-6ed8-4000-a2bf-36cb95c0c947}:11.0.1
FF - prefs.js..extensions.enabledAddons: {ad0d925d-88f8-47f1-85ea-8463569e756e}:2.0.3
FF - prefs.js..extensions.enabledAddons: {b749fc7c-e949-447f-926c-3f4eed6accfe}:0.7.1.1
FF - prefs.js..extensions.enabledAddons: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.2.2
FF - prefs.js..extensions.enabledAddons: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.89
FF - prefs.js..extensions.enabledAddons: firefox@ghostery.com:2.8.3
FF - prefs.js..extensions.enabledAddons: jsonview@brh.numbera.com:0.7
FF - prefs.js..extensions.enabledAddons: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:6.3.0.11079
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\weh\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\weh\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ [2010/09/10 23:53:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/11/08 08:10:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/11/08 08:10:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.20\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/11/08 08:10:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.20\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2011/08/11 14:31:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\weh\AppData\Roaming\Mozilla\Extensions
[2011/02/09 12:39:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\weh\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/02/04 09:44:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\weh\AppData\Roaming\Mozilla\Extensions\pencil@evolus.vn
[2011/08/11 14:31:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\weh\AppData\Roaming\Mozilla\Firefox\Profiles\nvxzih3d.default\extensions
[2011/08/11 14:31:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\weh\AppData\Roaming\Mozilla\Firefox\Profiles\nvxzih3d.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
[2012/11/01 09:08:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\weh\AppData\Roaming\Mozilla\Firefox\Profiles\pfaihdbd.default\extensions
[2011/08/12 11:51:06 | 000,000,000 | ---D | M] (Delicious Bookmarks) -- C:\Users\weh\AppData\Roaming\Mozilla\Firefox\Profiles\pfaihdbd.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
[2012/09/20 14:15:44 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\weh\AppData\Roaming\Mozilla\Firefox\Profiles\pfaihdbd.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2012/08/06 09:19:53 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\weh\AppData\Roaming\Mozilla\Firefox\Profiles\pfaihdbd.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2011/08/11 14:34:23 | 000,000,000 | ---D | M] (Live HTTP Headers) -- C:\Users\weh\AppData\Roaming\Mozilla\Firefox\Profiles\pfaihdbd.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
[2012/09/20 14:15:43 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\weh\AppData\Roaming\Mozilla\Firefox\Profiles\pfaihdbd.default\extensions\firefox@ghostery.com
[2012/11/01 09:08:10 | 002,042,908 | ---- | M] () (No name found) -- C:\Users\weh\AppData\Roaming\Mozilla\Firefox\Profiles\pfaihdbd.default\extensions\firebug@software.joehewitt.com.xpi
[2012/04/11 13:06:48 | 000,084,034 | ---- | M] () (No name found) -- C:\Users\weh\AppData\Roaming\Mozilla\Firefox\Profiles\pfaihdbd.default\extensions\FirePHPExtension-Build@firephp.org.xpi
[2011/11/07 16:38:02 | 000,013,136 | ---- | M] () (No name found) -- C:\Users\weh\AppData\Roaming\Mozilla\Firefox\Profiles\pfaihdbd.default\extensions\info@elime.be.xpi
[2012/10/22 15:32:01 | 000,026,234 | ---- | M] () (No name found) -- C:\Users\weh\AppData\Roaming\Mozilla\Firefox\Profiles\pfaihdbd.default\extensions\jsonview@brh.numbera.com.xpi
[2011/11/25 10:12:23 | 000,255,318 | ---- | M] () (No name found) -- C:\Users\weh\AppData\Roaming\Mozilla\Firefox\Profiles\pfaihdbd.default\extensions\SQLiteManager@mrinalkant.blogspot.com.xpi
[2011/08/24 18:34:34 | 000,028,993 | ---- | M] () (No name found) -- C:\Users\weh\AppData\Roaming\Mozilla\Firefox\Profiles\pfaihdbd.default\extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}.xpi
[2011/11/23 09:48:18 | 000,080,872 | ---- | M] () (No name found) -- C:\Users\weh\AppData\Roaming\Mozilla\Firefox\Profiles\pfaihdbd.default\extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}.xpi
[2012/06/04 09:11:14 | 000,261,871 | ---- | M] () (No name found) -- C:\Users\weh\AppData\Roaming\Mozilla\Firefox\Profiles\pfaihdbd.default\extensions\{ad0d925d-88f8-47f1-85ea-8463569e756e}.xpi
[2011/12/08 14:07:22 | 000,061,705 | ---- | M] () (No name found) -- C:\Users\weh\AppData\Roaming\Mozilla\Firefox\Profiles\pfaihdbd.default\extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}.xpi
[2012/09/05 12:25:27 | 001,268,546 | ---- | M] () (No name found) -- C:\Users\weh\AppData\Roaming\Mozilla\Firefox\Profiles\pfaihdbd.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi
[2012/07/31 16:48:36 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\weh\AppData\Roaming\Mozilla\Firefox\Profiles\pfaihdbd.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/10/11 09:05:58 | 000,252,340 | ---- | M] () (No name found) -- C:\Users\weh\AppData\Roaming\Mozilla\Firefox\Profiles\pfaihdbd.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2012/10/16 09:22:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/11/14 17:50:24 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/10/16 09:22:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012/10/29 15:40:56 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/09/12 16:31:37 | 000,218,192 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files (x86)\mozilla firefox\plugins\npatgpc.dll
[2012/06/20 09:00:01 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/08/29 09:04:39 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/20 09:00:01 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012/06/20 09:00:01 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/06/20 09:00:01 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/06/20 09:00:01 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\weh\AppData\Local\Google\Chrome\Application\23.0.1271.64\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\weh\AppData\Local\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\weh\AppData\Local\Google\Chrome\Application\23.0.1271.64\pdf.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Users\weh\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Adblock Plus = C:\Users\weh\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.3.1_0\
CHR - Extension: Tampermonkey = C:\Users\weh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo\2.7.2820_0\
CHR - Extension: Postman - REST Client = C:\Users\weh\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdmmgilgnpjigdojojpjoooidkmcomcm\0.7.5_0\
CHR - Extension: Stylish = C:\Users\weh\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe\0.10_0\
CHR - Extension: Edit This Cookie = C:\Users\weh\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg\1.1.24_0\
CHR - Extension: Window Resizer = C:\Users\weh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkelicaakdanhinjdeammmilcgefonfh\1.7.0_0\
CHR - Extension: Skype Click to Call = C:\Users\weh\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0\
CHR - Extension: Ghostery = C:\Users\weh\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\4.0.0_0\
CHR - Extension: Google Mail = C:\Users\weh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2012/11/14 17:27:39 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (HP ProtectTools Security Manager Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP ProtectTools Security Manager Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (IE Developer Toolbar BHO) - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files (x86)\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [HP Color LaserJet CM2320 MFP Series Fax] C:\Program Files (x86)\HP\HP Color LaserJet CM2320 MFP Series\hppfaxprintersrv.exe (Hewlett-Packard Company)
O4:64bit: - HKLM..\Run: [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4:64bit: - HKLM..\Run: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe (Saitek)
O4:64bit: - HKLM..\Run: [SaiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe (Saitek)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HPUsageTracking] C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe ()
O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)
O4 - HKLM..\Run: [NUSB3MON] c:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [WirelessUSBManager] C:\Program Files (x86)\devolo Vianect AIR Manager\Components\WirelessUSBManager\WirelessUSBManager.exe (Wisair Ltd.)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Software\Malwarebytes-Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\weh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\weh\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\weh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Launchy.lnk = C:\Program Files (x86)\Launchy\Launchy.exe ()
O4 - Startup: C:\Users\weh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\network.bat ()
O4 - Startup: C:\Users\weh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3629986181-1509596615-2328272075-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3629986181-1509596615-2328272075-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3629986181-1509596615-2328272075-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - C:\Program Files (x86)\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000016 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Reg Error: Value error.)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 10.7.2)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 10.7.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{22E969A9-1727-48F8-BD63-EE822EE53033}: DhcpNameServer = 192.168.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{22E969A9-1727-48F8-BD63-EE822EE53033}: NameServer = 192.168.10.1,82.237.169.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F54ACD9A-BA6E-432A-98EF-28A5BC5BB78A}: DhcpNameServer = 192.168.11.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/11/15 10:00:13 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\weh\Desktop\OTL.exe
[2012/11/15 09:41:40 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/11/15 09:40:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/11/15 09:02:39 | 005,001,537 | R--- | C] (Swearware) -- C:\Users\weh\Desktop\ComboFix.exe
[2012/11/14 17:06:36 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2012/11/14 17:06:36 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2012/11/14 17:06:36 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2012/11/14 17:04:20 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/11/14 17:03:42 | 000,000,000 | ---D | C] -- C:\windows\erdnt
[2012/11/14 11:10:20 | 000,741,184 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\easyupdatusapiu64.dll
[2012/11/14 11:09:56 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2012/11/13 22:28:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/11/13 21:57:48 | 000,000,000 | ---D | C] -- C:\Users\weh\Desktop\Trojan
[2012/11/13 19:02:14 | 000,000,000 | ---D | C] -- C:\Users\weh\AppData\Roaming\Malwarebytes
[2012/11/13 19:01:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/11/13 19:01:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/11/13 19:01:54 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2012/11/13 17:16:40 | 000,000,000 | ---D | C] -- C:\Users\weh\Documents\Sublime
[2012/11/09 20:48:52 | 000,000,000 | ---D | C] -- C:\Users\weh\.openshift
[2012/11/09 19:46:00 | 000,000,000 | ---D | C] -- C:\Users\weh\AppData\Roaming\LibreOffice
[2012/11/09 19:45:38 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 3.6
[2012/11/08 09:46:14 | 000,000,000 | ---D | C] -- C:\Users\weh\AppData\Roaming\NetBeans
[2012/11/08 09:46:14 | 000,000,000 | ---D | C] -- C:\Users\weh\AppData\Local\NetBeans
[2012/11/08 08:49:32 | 000,000,000 | ---D | C] -- C:\Program Files\NetBeans 7.2.1
[2012/11/08 08:10:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/11/05 15:38:57 | 000,000,000 | ---D | C] -- C:\Program Files\sges-v3
[2012/11/05 15:37:05 | 000,000,000 | ---D | C] -- C:\Program Files\NetBeans 6.8
[2012/11/05 11:49:24 | 000,000,000 | ---D | C] -- C:\Users\weh\Desktop\CJB-00412
[2012/11/01 13:33:25 | 000,000,000 | ---D | C] -- C:\Users\weh\Documents\Calibre Bibliothek
[2012/11/01 13:33:18 | 000,000,000 | ---D | C] -- C:\Users\weh\AppData\Roaming\calibre
[2012/11/01 13:32:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
[2012/11/01 08:41:03 | 000,000,000 | ---D | C] -- C:\Users\weh\AppData\Roaming\Veodin
[2012/10/25 03:12:26 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\windows\SysWow64\QuickTimeVR.qtx
[2012/10/25 03:12:26 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\windows\SysWow64\QuickTime.qts
[2012/10/23 09:50:10 | 000,000,000 | ---D | C] -- C:\Users\weh\hpremote
[2012/10/18 15:43:24 | 000,000,000 | ---D | C] -- C:\Users\weh\target
[1 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/11/15 09:56:00 | 000,001,112 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3629986181-1509596615-2328272075-1000UA.job
[2012/11/15 09:34:00 | 000,001,104 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/15 09:13:02 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/11/15 09:04:32 | 000,020,944 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/15 09:04:32 | 000,020,944 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/15 09:02:58 | 005,001,537 | R--- | M] (Swearware) -- C:\Users\weh\Desktop\ComboFix.exe
[2012/11/15 08:56:54 | 000,001,100 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/15 08:55:27 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/11/15 08:55:17 | 3107,487,744 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/14 17:59:31 | 000,783,374 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/11/14 17:59:31 | 000,655,280 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/11/14 17:59:31 | 000,122,152 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/11/14 17:27:39 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2012/11/14 16:13:16 | 000,055,734 | ---- | M] () -- C:\windows\sess_elic86qhudtd5392i3u311qo07
[2012/11/14 16:13:13 | 000,055,730 | ---- | M] () -- C:\windows\sess_1qnh9omr5kil9puqv0qddirvq3
[2012/11/14 16:13:13 | 000,055,729 | ---- | M] () -- C:\windows\sess_vo5fggrtttbe86645o7h756u52
[2012/11/14 16:13:09 | 000,055,730 | ---- | M] () -- C:\windows\sess_boipbv5o0e4r6sdujsqas4v8q1
[2012/11/14 16:11:24 | 000,000,153 | ---- | M] () -- C:\windows\SysWow64\assist.err
[2012/11/14 15:56:16 | 000,055,730 | ---- | M] () -- C:\windows\sess_kdgdalnljs6v08kqp467cgl4e6
[2012/11/14 14:55:17 | 000,055,730 | ---- | M] () -- C:\windows\sess_n6l116gr8e9vt4f74gmn97p534
[2012/11/14 14:55:17 | 000,055,730 | ---- | M] () -- C:\windows\sess_db8h2kpom9n7le0ac7ddjlmsc5
[2012/11/14 14:55:17 | 000,055,729 | ---- | M] () -- C:\windows\sess_f282qaodkkj1doetntq3ud4c11
[2012/11/14 13:50:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\weh\Desktop\OTL.exe
[2012/11/14 10:56:09 | 000,001,060 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3629986181-1509596615-2328272075-1000Core.job
[2012/11/14 09:53:24 | 000,041,696 | ---- | M] () -- C:\windows\sess_gq6280i5vcd41n05la62tdsdn7
[2012/11/14 09:36:52 | 000,041,696 | ---- | M] () -- C:\windows\sess_thcnfg8v2gveb1lcdh26tknob3
[2012/11/14 09:25:30 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\kerio-connect-koff-7.4.2-7694-win32.properties
[2012/11/13 22:21:34 | 000,000,000 | ---- | M] () -- C:\Users\weh\defogger_reenable
[2012/11/13 20:19:02 | 000,000,079 | ---- | M] () -- C:\Users\weh\AppData\Roaming\mbam.context.scan
[2012/11/13 17:57:26 | 000,055,734 | ---- | M] () -- C:\windows\sess_9tu987fm4hcn27ni6sag6m76p0
[2012/11/13 17:41:15 | 000,008,109 | ---- | M] () -- C:\Users\weh\AppData\Local\recently-used.xbel
[2012/11/13 17:21:59 | 000,055,730 | ---- | M] () -- C:\windows\sess_lvdmkq4qo7uoeu0luggma50vu2
[2012/11/13 17:21:59 | 000,055,730 | ---- | M] () -- C:\windows\sess_huhqi5nf4p3eboo3knds16qju0
[2012/11/13 17:21:58 | 000,055,729 | ---- | M] () -- C:\windows\sess_oao0jadssfb5agj7hmekr17fm6
[2012/11/13 17:06:14 | 000,000,600 | ---- | M] () -- C:\Users\weh\AppData\Roaming\winscp.rnd
[2012/11/13 10:43:47 | 000,000,600 | ---- | M] () -- C:\Users\weh\AppData\Local\PUTTY.RND
[2012/11/12 18:12:41 | 000,055,992 | ---- | M] () -- C:\windows\sess_ji29oqrt9huntmklq78ggo0bk5
[2012/11/12 11:02:09 | 000,052,802 | ---- | M] () -- C:\windows\sess_asu56gesboattdncig0gqug6j1
[2012/11/12 11:01:38 | 000,054,216 | ---- | M] () -- C:\windows\sess_nb4ot5pb7hs2snjabn46pjp9k6
[2012/11/12 10:56:59 | 000,052,862 | ---- | M] () -- C:\windows\sess_r6mhsfuv5uordl8apdvqjism67
[2012/11/12 10:50:36 | 000,052,845 | ---- | M] () -- C:\windows\sess_pckn5i8ha6dga3s3h7r67qjom7
[2012/11/12 10:50:36 | 000,052,840 | ---- | M] () -- C:\windows\sess_qubak97vfdur7nspfk92dpd0i1
[2012/11/12 10:50:36 | 000,052,840 | ---- | M] () -- C:\windows\sess_nbqhuufsaf5tr5hbppfukbvaf6
[2012/11/12 10:50:36 | 000,052,840 | ---- | M] () -- C:\windows\sess_n3gqemksbvio7btlp44sclkb53
[2012/11/12 10:22:56 | 000,002,020 | -H-- | M] () -- C:\Users\weh\Documents\Default.rdp
[2012/11/12 09:02:07 | 002,444,288 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012/11/07 13:16:53 | 000,140,936 | ---- | M] (Avira GmbH) -- C:\windows\SysNative\drivers\avfwot.sys
[2012/11/07 13:16:53 | 000,114,168 | ---- | M] (Avira GmbH) -- C:\windows\SysNative\drivers\avfwim.sys
[2012/11/06 13:53:09 | 000,000,096 | ---- | M] () -- C:\Users\weh\.asadminpass
[2012/11/02 13:18:16 | 000,000,446 | ---- | M] () -- C:\windows\tasks\SyncBack weh-data.job
[2012/11/01 08:41:11 | 000,000,192 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2012/11/01 08:30:33 | 000,000,324 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleForweh.job
[2012/10/31 10:40:43 | 000,055,734 | ---- | M] () -- C:\windows\sess_bq3ft83me4bkvqjl50roco4vt1
[2012/10/31 10:40:40 | 000,055,730 | ---- | M] () -- C:\windows\sess_u4ag8hh90qo752dkhbgq9e6e82
[2012/10/31 10:40:40 | 000,055,730 | ---- | M] () -- C:\windows\sess_4s4j4256h1s9mu5pao5hvr8b56
[2012/10/31 10:40:40 | 000,055,729 | ---- | M] () -- C:\windows\sess_o3po215620bqp6rssrrqkfl5q3
[2012/10/30 18:46:47 | 000,055,730 | ---- | M] () -- C:\windows\sess_97g5ndv6n5o25ci5etdreb4h02
[2012/10/30 18:36:34 | 000,055,730 | ---- | M] () -- C:\windows\sess_tktolkoofr7u3crek1cifj2om6
[2012/10/30 18:36:34 | 000,055,730 | ---- | M] () -- C:\windows\sess_gs7qglktm7em1ob32tqpclpid0
[2012/10/30 18:36:34 | 000,055,729 | ---- | M] () -- C:\windows\sess_ck6e78o57orm6m3v0fsnsmkrs6
[2012/10/30 18:26:10 | 000,055,734 | ---- | M] () -- C:\windows\sess_g1tcgje7g0tie17cssiukruqi6
[2012/10/30 16:00:06 | 000,055,730 | ---- | M] () -- C:\windows\sess_ackbcevao4ig9084nbraq9qnh4
[2012/10/30 16:00:06 | 000,055,729 | ---- | M] () -- C:\windows\sess_i43imlcd2pd6ht0ubu4vv5c4i5
[2012/10/30 16:00:05 | 000,055,730 | ---- | M] () -- C:\windows\sess_uvqhk201to9k2tkc6imefa2d15
[2012/10/30 13:24:55 | 000,055,730 | ---- | M] () -- C:\windows\sess_f15i3h1cj0fjh60tqnb5ajbvt2
[2012/10/30 13:24:51 | 000,055,734 | ---- | M] () -- C:\windows\sess_hov3ermjgs1ur3841b47lph4f4
[2012/10/30 13:24:50 | 000,055,731 | ---- | M] () -- C:\windows\sess_shkkuv5aqhlp1s7m430l5k7fs3
[2012/10/30 13:24:50 | 000,055,731 | ---- | M] () -- C:\windows\sess_rhrl77qni5rk1stoskms2kqbo3
[2012/10/30 13:24:50 | 000,055,731 | ---- | M] () -- C:\windows\sess_gd1rqlnjm9e4j9hefpm1vksqb2
[2012/10/30 13:24:49 | 000,055,731 | ---- | M] () -- C:\windows\sess_o24j3kvdfc09r6dag3pnri5bi0
[2012/10/30 13:24:49 | 000,055,731 | ---- | M] () -- C:\windows\sess_m3rgr8db3uuqt0ojmmlhra5g32
[2012/10/30 13:24:48 | 000,055,731 | ---- | M] () -- C:\windows\sess_aorbrupfupovpp6tr7dtca3p26
[2012/10/30 13:24:48 | 000,055,731 | ---- | M] () -- C:\windows\sess_13mmfq3o9r5ubc2r9eitbec7v6
[2012/10/30 13:24:47 | 000,055,731 | ---- | M] () -- C:\windows\sess_tihdchg92788a5tt2h5gfl29n2
[2012/10/30 13:24:47 | 000,055,731 | ---- | M] () -- C:\windows\sess_ji6jlu4bco9s36sdudfafrak95
[2012/10/30 13:24:46 | 000,055,731 | ---- | M] () -- C:\windows\sess_lmgics2ip5502cjhldkkqe2qu7
[2012/10/30 13:24:46 | 000,055,731 | ---- | M] () -- C:\windows\sess_8te5urvfeompimvtssndfagi84
[2012/10/30 13:24:45 | 000,055,731 | ---- | M] () -- C:\windows\sess_vta7v900oq9pcbpcg28uu7dh81
[2012/10/30 13:24:45 | 000,055,731 | ---- | M] () -- C:\windows\sess_rvmpobnojji97b2n64b8n1agl2
[2012/10/30 13:24:44 | 000,055,731 | ---- | M] () -- C:\windows\sess_i6s745qlsldc9u5b5gsmhl6vd3
[2012/10/30 13:24:43 | 000,055,731 | ---- | M] () -- C:\windows\sess_sdakhk1u8d7cgvve2orq8fo187
[2012/10/30 13:24:43 | 000,055,731 | ---- | M] () -- C:\windows\sess_9tnks1fnjlss99ocghdvafv5b3
[2012/10/30 13:24:41 | 000,055,731 | ---- | M] () -- C:\windows\sess_6mj1b5cvm0259qt0litdq5s5s1
[2012/10/30 13:24:39 | 000,055,731 | ---- | M] () -- C:\windows\sess_cv2fr793jsvscuuifetdiit6s5
[2012/10/30 13:24:38 | 000,055,731 | ---- | M] () -- C:\windows\sess_8a3a7oq9fbf6mh5ctt0bsvrb40
[2012/10/30 13:24:38 | 000,055,731 | ---- | M] () -- C:\windows\sess_808hnu32uct2qnoafud9fg3875
[2012/10/30 13:24:37 | 000,055,737 | ---- | M] () -- C:\windows\sess_lqtc2glsll58gkmnimvfrgokk1
[2012/10/30 12:59:22 | 000,056,998 | ---- | M] () -- C:\windows\sess_mr42h249sfc361jognvd4n0ed5
[2012/10/30 11:07:37 | 000,055,755 | ---- | M] () -- C:\windows\sess_ngsvm19ab9mj25vn38u3792gq2
[2012/10/30 11:07:29 | 000,055,730 | ---- | M] () -- C:\windows\sess_udha87qccf1agmojk1g7u7nha1
[2012/10/30 11:07:29 | 000,055,730 | ---- | M] () -- C:\windows\sess_6ke4qfdea2slffai9dom9ohba7
[2012/10/30 11:07:29 | 000,055,729 | ---- | M] () -- C:\windows\sess_hrs3582avmtrivu1q1ktuts220
[2012/10/30 10:45:13 | 000,056,998 | ---- | M] () -- C:\windows\sess_jr6m113onblrsq6ijiud2vn5e3
[2012/10/30 10:43:30 | 000,055,713 | ---- | M] () -- C:\windows\sess_90dkcda0b7rqu0q0h6sa0dpbj5
[2012/10/30 10:35:52 | 000,055,755 | ---- | M] () -- C:\windows\sess_53d2sgamtrsu5tg7i2e80jojc5
[2012/10/30 10:34:43 | 000,017,207 | ---- | M] () -- C:\windows\sess_5g79d29snkoa34eagq8qn5vtk6
[2012/10/30 10:31:09 | 000,055,734 | ---- | M] () -- C:\windows\sess_fkbct4t16nvbgt96tfjqmiuu97
[2012/10/30 10:30:58 | 000,055,730 | ---- | M] () -- C:\windows\sess_g24u7htafegheojc00372ga214
[2012/10/30 10:30:57 | 000,055,730 | ---- | M] () -- C:\windows\sess_e8s1evn067dacp3d6uqh8l0et3
[2012/10/30 10:30:57 | 000,055,729 | ---- | M] () -- C:\windows\sess_8oc2suk2jl2mfieju3afriodv6
[2012/10/30 10:30:32 | 000,045,283 | ---- | M] () -- C:\windows\sess_uaubatcuej9sccitroqgbrdtg2
[2012/10/29 18:28:45 | 000,055,355 | ---- | M] () -- C:\windows\sess_p9u03qr02m5er9s5r8qscejs82
[2012/10/29 16:58:56 | 000,017,180 | ---- | M] () -- C:\windows\sess_ckg5krd4al0kmeb6v7ea95av30
[2012/10/29 16:32:15 | 000,055,334 | ---- | M] () -- C:\windows\sess_9gu4eaaeg471uam8tc922b2de5
[2012/10/29 16:32:05 | 000,055,330 | ---- | M] () -- C:\windows\sess_54l46ldslo0486iqagsemqtu60
[2012/10/29 16:32:02 | 000,055,330 | ---- | M] () -- C:\windows\sess_oo8e57s72jli2gmkit9ckk1lo6
[2012/10/29 15:36:07 | 000,055,331 | ---- | M] () -- C:\windows\sess_nf9dktvoqpat9ngg7d55mmj081
[2012/10/29 15:36:06 | 000,055,334 | ---- | M] () -- C:\windows\sess_vr1p8694sg1oj73kfr9tnl4391
[2012/10/29 15:36:01 | 000,055,331 | ---- | M] () -- C:\windows\sess_ceoamnsfguhlfj7omrlhjur5h3
[2012/10/29 15:36:00 | 000,055,334 | ---- | M] () -- C:\windows\sess_uqeibbekcgelidagl0efp370b4
[2012/10/29 15:04:54 | 000,055,331 | ---- | M] () -- C:\windows\sess_e48gsn7b30649srbsdd5v2jad2
[2012/10/29 15:04:53 | 000,055,334 | ---- | M] () -- C:\windows\sess_m0eff5cro6cmecll7ta423f7m3
[2012/10/29 15:04:49 | 000,055,331 | ---- | M] () -- C:\windows\sess_80qqdd7vcugmqcprg7m0mrdc63
[2012/10/29 15:04:48 | 000,055,334 | ---- | M] () -- C:\windows\sess_e1hek2huu5in47umqhisq2qts3
[2012/10/29 14:22:03 | 000,020,945 | ---- | M] () -- C:\Users\weh\_viminfo
[2012/10/29 13:34:14 | 000,055,337 | ---- | M] () -- C:\windows\sess_79fdpon8qand25v3e948b4qbc2
[2012/10/29 13:22:26 | 000,056,549 | ---- | M] () -- C:\windows\sess_or5ti5vc0huujf3amhdp6ktgr7
[2012/10/29 12:44:26 | 000,056,018 | ---- | M] () -- C:\windows\sess_3g8v3hdrf5h8pfm3hoa0c7v810
[2012/10/29 12:43:59 | 000,056,018 | ---- | M] () -- C:\windows\sess_hptd0jobar5v9rg5lh5banu106
[2012/10/29 12:42:04 | 000,055,331 | ---- | M] () -- C:\windows\sess_jl1hm965gj4arq1bj12f6h36s2
[2012/10/29 12:42:03 | 000,055,334 | ---- | M] () -- C:\windows\sess_3dvkc4cn7gmeiqsdmp1n0kd604
[2012/10/29 12:41:54 | 000,055,334 | ---- | M] () -- C:\windows\sess_uk1138urs57j7ttqucr63cvm64
[2012/10/29 12:41:54 | 000,055,331 | ---- | M] () -- C:\windows\sess_a27e56h9km988m32t56noav4e5
[2012/10/29 12:41:54 | 000,055,331 | ---- | M] () -- C:\windows\sess_9jgs504p6p70ljkjopt4goj604
[2012/10/29 12:41:54 | 000,055,331 | ---- | M] () -- C:\windows\sess_9dshatt5b3btt5p40jgu94dn86
[2012/10/29 12:41:53 | 000,055,331 | ---- | M] () -- C:\windows\sess_sfc2m3gigflvlfeptsgqp8qd31
[2012/10/29 12:41:53 | 000,055,331 | ---- | M] () -- C:\windows\sess_rh2u220939aj3s2hhapeq7aa92
[2012/10/29 12:41:53 | 000,055,331 | ---- | M] () -- C:\windows\sess_ko5k1i7r82ggrp3lqp1ks6el53
[2012/10/29 12:41:53 | 000,055,331 | ---- | M] () -- C:\windows\sess_dpa68cs7bpne1jh70ctf4uvvn7
[2012/10/29 12:41:52 | 000,055,331 | ---- | M] () -- C:\windows\sess_uo6iktgako59la171ejqrtp2d7
[2012/10/29 12:41:52 | 000,055,331 | ---- | M] () -- C:\windows\sess_qlkgj6c37uqfo3mrfsi96ekvb3
[2012/10/29 12:41:52 | 000,055,331 | ---- | M] () -- C:\windows\sess_hfd3ep695kf6o746d36vekcdr7
[2012/10/29 12:41:52 | 000,055,331 | ---- | M] () -- C:\windows\sess_6mtp4dvm2bn31akdfc20i1c992
[2012/10/29 12:41:51 | 000,055,331 | ---- | M] () -- C:\windows\sess_di3br0qgoqhb4kabbjq5hv9da6
[2012/10/29 12:41:51 | 000,055,331 | ---- | M] () -- C:\windows\sess_8h140ng9m69cc58mnm9ehtkuo7
[2012/10/29 12:41:50 | 000,055,331 | ---- | M] () -- C:\windows\sess_h18pqh6dqbf3vcerlp0fm45q25
[2012/10/29 12:41:49 | 000,055,331 | ---- | M] () -- C:\windows\sess_uct1u8q8ksh0h4v678siujstm0
[2012/10/29 12:41:49 | 000,055,331 | ---- | M] () -- C:\windows\sess_k9clsss02l2m8kun3f1p20kma6
[2012/10/29 12:41:46 | 000,055,331 | ---- | M] () -- C:\windows\sess_ai0013ue12ol6b8f8jb3ebuub1
[2012/10/29 12:41:43 | 000,055,331 | ---- | M] () -- C:\windows\sess_dj4ds0m76l3j28i14lau54ul64
[2012/10/29 12:41:42 | 000,055,331 | ---- | M] () -- C:\windows\sess_i95efddtfib87roh9u7s4oife0
[2012/10/29 12:41:41 | 000,055,337 | ---- | M] () -- C:\windows\sess_b0oorbo902kds8ik3euh8n9u36
[2012/10/29 12:41:41 | 000,055,331 | ---- | M] () -- C:\windows\sess_n4rtaj9673lgl1c8paojsadct3
[2012/10/29 11:17:44 | 000,117,914 | ---- | M] () -- C:\windows\sess_r8aqfbre4t9eu7ptb0lk4kp753
[2012/10/29 10:53:36 | 000,055,337 | ---- | M] () -- C:\windows\sess_1b34unhehtj5drqqj002g2c341
[2012/10/29 10:45:19 | 000,055,337 | ---- | M] () -- C:\windows\sess_4ddeobtrm2h933s9tbmdrd1195
[2012/10/29 10:19:10 | 000,055,337 | ---- | M] () -- C:\windows\sess_37rp294k6ngpqghg8slht4js25
[2012/10/29 10:18:58 | 000,056,018 | ---- | M] () -- C:\windows\sess_c2u7mnhd5qli6lkjh7g54jusa4
[2012/10/29 10:18:48 | 000,056,014 | ---- | M] () -- C:\windows\sess_cmqq0pi5vinkd1efgcbodl51k6
[2012/10/29 10:18:48 | 000,056,014 | ---- | M] () -- C:\windows\sess_abgllcvef9pe6erhu8ekq6ggq7
[2012/10/29 09:00:22 | 000,055,337 | ---- | M] () -- C:\windows\sess_mr1cat7qm67s5gcp6tkdjk3cv0
[2012/10/29 08:26:46 | 000,056,014 | ---- | M] () -- C:\windows\sess_jlicsl856i6kpbdk139ehmdmu5
[2012/10/29 08:26:46 | 000,056,014 | ---- | M] () -- C:\windows\sess_b7j2b41nrl3h4knbj1jublks24
[2012/10/29 08:26:46 | 000,056,013 | ---- | M] () -- C:\windows\sess_m47mnj6fnjr6bed2m33s2ovcj1
[2012/10/29 08:26:45 | 000,056,018 | ---- | M] () -- C:\windows\sess_glhj9012kcitku78q76j44kpd1
[2012/10/26 17:38:44 | 000,055,334 | ---- | M] () -- C:\windows\sess_7d0o08b2jvb3o56aqs6jfc9no3
[2012/10/26 17:28:19 | 000,055,334 | ---- | M] () -- C:\windows\sess_9j4qcm8bujgnngn3hnc5459te0
[2012/10/26 17:28:18 | 000,055,330 | ---- | M] () -- C:\windows\sess_80kg347lala241i37juhb2ht33
[2012/10/26 17:28:18 | 000,055,329 | ---- | M] () -- C:\windows\sess_rouoeojkmh2qjg2rin3vohnoo5
[2012/10/26 14:57:03 | 000,055,334 | ---- | M] () -- C:\windows\sess_003f8llqf9juv54l19p34fa2t0
[2012/10/26 14:43:00 | 000,055,334 | ---- | M] () -- C:\windows\sess_2gg91ani31jr2mk1g4oauj7a66
[2012/10/26 14:34:59 | 000,017,197 | ---- | M] () -- C:\windows\sess_oktj28skagalmeu1n49vd5kja1
[2012/10/26 14:20:16 | 000,056,018 | ---- | M] () -- C:\windows\sess_9g3vvudfgeplqafi035mj10pb4
[2012/10/26 14:00:44 | 000,056,018 | ---- | M] () -- C:\windows\sess_iaco566vveo1nk8hh38fk9psh1
[2012/10/26 14:00:35 | 000,056,014 | ---- | M] () -- C:\windows\sess_vu76hmdaq64d03456rdmcqejo3
[2012/10/26 14:00:35 | 000,056,014 | ---- | M] () -- C:\windows\sess_2mtr6rnmg46li3sm6pml8aq922
[2012/10/26 14:00:27 | 000,017,197 | ---- | M] () -- C:\windows\sess_ohl13bigcbtbr1q4utedjbvb63
[2012/10/26 14:00:11 | 000,008,135 | ---- | M] () -- C:\windows\sess_1dd31c0bv81j7fqeq6ijo79t32
[2012/10/26 14:00:06 | 000,008,135 | ---- | M] () -- C:\windows\sess_n4ojdb7vouu7dv4eh3bb7oeas0
[2012/10/26 14:00:06 | 000,008,135 | ---- | M] () -- C:\windows\sess_dfr7j3g68dko7tqlt9a5kk5l71
[2012/10/26 14:00:06 | 000,008,135 | ---- | M] () -- C:\windows\sess_9h9vk071a9lqu6ngerj10327c3
[2012/10/26 13:57:52 | 000,017,744 | ---- | M] () -- C:\windows\sess_hm6rs9vngkei8anekqp7kpj695
[2012/10/26 13:57:44 | 000,056,039 | ---- | M] () -- C:\windows\sess_laso3tial542op3adau0k3u4s4
[2012/10/26 13:56:55 | 000,056,018 | ---- | M] () -- C:\windows\sess_7h4c9p4209n4j7tcistfdsgdf5
[2012/10/26 13:56:43 | 000,056,014 | ---- | M] () -- C:\windows\sess_7d5r342kicj3r8knhlhopaf103
[2012/10/26 13:56:43 | 000,056,013 | ---- | M] () -- C:\windows\sess_d5j44ssniv68iiha5lkdb3ho71
[2012/10/26 13:56:42 | 000,056,014 | ---- | M] () -- C:\windows\sess_dtuns1pog6bnbm3csfss34fae1
[2012/10/26 13:51:01 | 000,117,912 | ---- | M] () -- C:\windows\sess_3t4t9o9bcfktnbudkkfia0ho32
[2012/10/26 13:50:30 | 000,045,473 | ---- | M] () -- C:\windows\sess_o8h8vrob84aootauinbka1kdb7
[2012/10/26 13:46:43 | 000,017,744 | ---- | M] () -- C:\windows\sess_tp5elbhkdj0pd0k28qttd18bf1
[2012/10/26 13:46:28 | 000,017,744 | ---- | M] () -- C:\windows\sess_euiecr1raruhctmvvi276nl8l6
[2012/10/26 09:52:26 | 006,506,496 | ---- | M] () -- C:\Users\weh\Desktop\magento1.5.1-brentford.eap
[2012/10/26 08:38:56 | 000,000,642 | ---- | M] () -- C:\windows\ODBC.INI
[2012/10/26 08:38:10 | 000,000,105 | ---- | M] () -- C:\Users\weh\Documents\brentford_magento.dsn
[2012/10/25 18:01:23 | 000,055,334 | ---- | M] () -- C:\windows\sess_6e531cq1p7s7iassi6v52m1bv4
[2012/10/25 18:00:58 | 000,055,334 | ---- | M] () -- C:\windows\sess_q5bafm61pcrfmlpb7gr38da994
[2012/10/25 18:00:49 | 000,055,330 | ---- | M] () -- C:\windows\sess_6bbkkqldn5dntv14pa1agp9mb5
[2012/10/25 18:00:49 | 000,055,329 | ---- | M] () -- C:\windows\sess_0llk0cipmv6g70rhdpqq8td881
[2012/10/25 14:15:09 | 000,055,355 | ---- | M] () -- C:\windows\sess_jklmtai3q2bv8bl2au34503i31
[2012/10/25 14:05:30 | 000,055,334 | ---- | M] () -- C:\windows\sess_h90983pa344ace3u217utjh6a7
[2012/10/25 14:05:20 | 000,055,330 | ---- | M] () -- C:\windows\sess_l1auaakfkhf7ona7rmftht0hh0
[2012/10/25 14:05:20 | 000,055,330 | ---- | M] () -- C:\windows\sess_1irk55glhtu785oeeefu8q0om6
[2012/10/25 14:05:20 | 000,055,329 | ---- | M] () -- C:\windows\sess_319di38o2l4c20m69q9qpg95c5
[2012/10/25 03:12:26 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\windows\SysWow64\QuickTimeVR.qtx
[2012/10/25 03:12:26 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\windows\SysWow64\QuickTime.qts
[2012/10/24 09:45:34 | 000,007,665 | ---- | M] () -- C:\Users\weh\AppData\Local\Resmon.ResmonCfg
[2012/10/24 08:08:55 | 000,000,022 | ---- | M] () -- C:\windows\SysWow64\devconinfo
[2012/10/24 08:08:55 | 000,000,021 | ---- | M] () -- C:\windows\SysNative\devconinfo
[2012/10/17 09:34:13 | 000,053,989 | ---- | M] () -- C:\windows\sess_lu43omd1jijp04254o8upvou53
[2012/10/17 09:29:56 | 000,055,334 | ---- | M] () -- C:\windows\sess_vq4pa77dgs8bmfet4je9oqr2n5
[2012/10/17 09:29:45 | 000,055,334 | ---- | M] () -- C:\windows\sess_li9m6gajg2gt3mj0km03a3bda4
[2012/10/17 09:29:42 | 000,055,330 | ---- | M] () -- C:\windows\sess_arn2psussqhgdu9u5c3e1gmdg6
[2012/10/17 09:29:41 | 000,055,330 | ---- | M] () -- C:\windows\sess_fiestfqdrk3elset0epm6vbqu6
[2012/10/17 09:29:41 | 000,055,329 | ---- | M] () -- C:\windows\sess_0q4rp9ekmb6hrubjdb0milis13
[2012/10/17 09:29:32 | 000,055,330 | ---- | M] () -- C:\windows\sess_hqhe0m60dmtpe5s9v279jnmba6
[2012/10/17 09:29:32 | 000,055,330 | ---- | M] () -- C:\windows\sess_1tquf8v4rek4o28hqi5va5l890
[2012/10/17 09:29:31 | 000,055,329 | ---- | M] () -- C:\windows\sess_8aq6fm6cdqimhd0jb9qhfqcg80
[2012/10/16 15:48:06 | 000,055,340 | ---- | M] () -- C:\windows\sess_lo7ubcqd4547gnmiqvugct6tl2
[2012/10/16 15:36:45 | 000,055,334 | ---- | M] () -- C:\windows\sess_210d12007katu43nc58jiv9gv0
[2012/10/16 15:02:33 | 000,055,337 | ---- | M] () -- C:\windows\sess_ojpd9jnu8itdde4v59utfrp2g7
[2012/10/16 15:01:31 | 000,052,764 | ---- | M] () -- C:\windows\sess_1aru2t09vrhnvj4jiupcptdq35
[2012/10/16 12:52:01 | 000,055,335 | ---- | M] () -- C:\windows\sess_gmntlm6kmaseratfn59q5ju450
[2012/10/16 12:50:19 | 000,052,764 | ---- | M] () -- C:\windows\sess_m3prje56a0st38hnas035gjv26
[2012/10/16 12:49:41 | 000,055,340 | ---- | M] () -- C:\windows\sess_7bq1n0hda1dn5g7bbno2n0lpn2
[2012/10/16 12:07:28 | 000,055,334 | ---- | M] () -- C:\windows\sess_bj84k794pf96fatnl849j1fvh6
[1 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/11/14 17:06:36 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2012/11/14 17:06:36 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2012/11/14 17:06:36 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2012/11/14 17:06:36 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2012/11/14 17:06:36 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2012/11/14 16:13:11 | 000,055,734 | ---- | C] () -- C:\windows\sess_elic86qhudtd5392i3u311qo07
[2012/11/14 16:13:11 | 000,055,730 | ---- | C] () -- C:\windows\sess_1qnh9omr5kil9puqv0qddirvq3
[2012/11/14 16:13:11 | 000,055,729 | ---- | C] () -- C:\windows\sess_vo5fggrtttbe86645o7h756u52
[2012/11/14 16:13:08 | 000,055,730 | ---- | C] () -- C:\windows\sess_boipbv5o0e4r6sdujsqas4v8q1
[2012/11/14 14:55:10 | 000,055,730 | ---- | C] () -- C:\windows\sess_n6l116gr8e9vt4f74gmn97p534
[2012/11/14 14:55:10 | 000,055,730 | ---- | C] () -- C:\windows\sess_kdgdalnljs6v08kqp467cgl4e6
[2012/11/14 14:55:10 | 000,055,729 | ---- | C] () -- C:\windows\sess_f282qaodkkj1doetntq3ud4c11
[2012/11/14 14:55:08 | 000,055,730 | ---- | C] () -- C:\windows\sess_db8h2kpom9n7le0ac7ddjlmsc5
[2012/11/14 09:53:23 | 000,041,696 | ---- | C] () -- C:\windows\sess_gq6280i5vcd41n05la62tdsdn7
[2012/11/14 09:36:40 | 000,041,696 | ---- | C] () -- C:\windows\sess_thcnfg8v2gveb1lcdh26tknob3
[2012/11/14 09:25:30 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\kerio-connect-koff-7.4.2-7694-win32.properties
[2012/11/13 22:21:34 | 000,000,000 | ---- | C] () -- C:\Users\weh\defogger_reenable
[2012/11/13 20:19:02 | 000,000,079 | ---- | C] () -- C:\Users\weh\AppData\Roaming\mbam.context.scan
[2012/11/13 17:41:15 | 000,008,109 | ---- | C] () -- C:\Users\weh\AppData\Local\recently-used.xbel
[2012/11/13 17:21:50 | 000,055,734 | ---- | C] () -- C:\windows\sess_9tu987fm4hcn27ni6sag6m76p0
[2012/11/13 17:21:50 | 000,055,730 | ---- | C] () -- C:\windows\sess_lvdmkq4qo7uoeu0luggma50vu2
[2012/11/13 17:21:50 | 000,055,729 | ---- | C] () -- C:\windows\sess_oao0jadssfb5agj7hmekr17fm6
[2012/11/13 17:21:47 | 000,055,730 | ---- | C] () -- C:\windows\sess_huhqi5nf4p3eboo3knds16qju0
[2012/11/12 11:04:07 | 000,055,992 | ---- | C] () -- C:\windows\sess_ji29oqrt9huntmklq78ggo0bk5
[2012/11/12 11:02:01 | 000,052,802 | ---- | C] () -- C:\windows\sess_asu56gesboattdncig0gqug6j1
[2012/11/12 10:50:32 | 000,052,862 | ---- | C] () -- C:\windows\sess_r6mhsfuv5uordl8apdvqjism67
[2012/11/12 10:50:32 | 000,052,845 | ---- | C] () -- C:\windows\sess_pckn5i8ha6dga3s3h7r67qjom7
[2012/11/12 10:50:32 | 000,052,840 | ---- | C] () -- C:\windows\sess_qubak97vfdur7nspfk92dpd0i1
[2012/11/12 10:50:32 | 000,052,840 | ---- | C] () -- C:\windows\sess_nbqhuufsaf5tr5hbppfukbvaf6
[2012/11/12 10:50:32 | 000,052,840 | ---- | C] () -- C:\windows\sess_n3gqemksbvio7btlp44sclkb53
[2012/11/12 10:23:57 | 000,054,216 | ---- | C] () -- C:\windows\sess_nb4ot5pb7hs2snjabn46pjp9k6
[2012/11/01 08:41:11 | 000,000,192 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2012/10/31 10:40:37 | 000,055,734 | ---- | C] () -- C:\windows\sess_bq3ft83me4bkvqjl50roco4vt1
[2012/10/31 10:40:37 | 000,055,730 | ---- | C] () -- C:\windows\sess_4s4j4256h1s9mu5pao5hvr8b56
[2012/10/31 10:40:37 | 000,055,729 | ---- | C] () -- C:\windows\sess_o3po215620bqp6rssrrqkfl5q3
[2012/10/31 10:40:35 | 000,055,730 | ---- | C] () -- C:\windows\sess_u4ag8hh90qo752dkhbgq9e6e82
[2012/10/30 18:36:35 | 000,055,730 | ---- | C] () -- C:\windows\sess_97g5ndv6n5o25ci5etdreb4h02
[2012/10/30 18:36:32 | 000,055,730 | ---- | C] () -- C:\windows\sess_tktolkoofr7u3crek1cifj2om6
[2012/10/30 18:36:32 | 000,055,730 | ---- | C] () -- C:\windows\sess_gs7qglktm7em1ob32tqpclpid0
[2012/10/30 18:36:32 | 000,055,729 | ---- | C] () -- C:\windows\sess_ck6e78o57orm6m3v0fsnsmkrs6
[2012/10/30 16:00:04 | 000,055,734 | ---- | C] () -- C:\windows\sess_g1tcgje7g0tie17cssiukruqi6
[2012/10/30 16:00:04 | 000,055,730 | ---- | C] () -- C:\windows\sess_ackbcevao4ig9084nbraq9qnh4
[2012/10/30 16:00:04 | 000,055,729 | ---- | C] () -- C:\windows\sess_i43imlcd2pd6ht0ubu4vv5c4i5
[2012/10/30 16:00:02 | 000,055,730 | ---- | C] () -- C:\windows\sess_uvqhk201to9k2tkc6imefa2d15
[2012/10/30 13:24:50 | 000,055,734 | ---- | C] () -- C:\windows\sess_hov3ermjgs1ur3841b47lph4f4
[2012/10/30 13:24:50 | 000,055,731 | ---- | C] () -- C:\windows\sess_shkkuv5aqhlp1s7m430l5k7fs3
[2012/10/30 13:24:50 | 000,055,731 | ---- | C] () -- C:\windows\sess_rhrl77qni5rk1stoskms2kqbo3
[2012/10/30 13:24:49 | 000,055,731 | ---- | C] () -- C:\windows\sess_o24j3kvdfc09r6dag3pnri5bi0
[2012/10/30 13:24:49 | 000,055,731 | ---- | C] () -- C:\windows\sess_gd1rqlnjm9e4j9hefpm1vksqb2
[2012/10/30 13:24:48 | 000,055,731 | ---- | C] () -- C:\windows\sess_m3rgr8db3uuqt0ojmmlhra5g32
[2012/10/30 13:24:48 | 000,055,731 | ---- | C] () -- C:\windows\sess_aorbrupfupovpp6tr7dtca3p26
[2012/10/30 13:24:47 | 000,055,731 | ---- | C] () -- C:\windows\sess_ji6jlu4bco9s36sdudfafrak95
[2012/10/30 13:24:47 | 000,055,731 | ---- | C] () -- C:\windows\sess_13mmfq3o9r5ubc2r9eitbec7v6
[2012/10/30 13:24:46 | 000,055,731 | ---- | C] () -- C:\windows\sess_tihdchg92788a5tt2h5gfl29n2
[2012/10/30 13:24:46 | 000,055,731 | ---- | C] () -- C:\windows\sess_8te5urvfeompimvtssndfagi84
[2012/10/30 13:24:45 | 000,055,731 | ---- | C] () -- C:\windows\sess_vta7v900oq9pcbpcg28uu7dh81
[2012/10/30 13:24:45 | 000,055,731 | ---- | C] () -- C:\windows\sess_lmgics2ip5502cjhldkkqe2qu7
[2012/10/30 13:24:44 | 000,055,731 | ---- | C] () -- C:\windows\sess_rvmpobnojji97b2n64b8n1agl2
[2012/10/30 13:24:43 | 000,055,731 | ---- | C] () -- C:\windows\sess_sdakhk1u8d7cgvve2orq8fo187
[2012/10/30 13:24:43 | 000,055,731 | ---- | C] () -- C:\windows\sess_i6s745qlsldc9u5b5gsmhl6vd3
[2012/10/30 13:24:41 | 000,055,731 | ---- | C] () -- C:\windows\sess_9tnks1fnjlss99ocghdvafv5b3
[2012/10/30 13:24:39 | 000,055,731 | ---- | C] () -- C:\windows\sess_6mj1b5cvm0259qt0litdq5s5s1
[2012/10/30 13:24:38 | 000,055,731 | ---- | C] () -- C:\windows\sess_cv2fr793jsvscuuifetdiit6s5
[2012/10/30 13:24:38 | 000,055,731 | ---- | C] () -- C:\windows\sess_8a3a7oq9fbf6mh5ctt0bsvrb40
[2012/10/30 13:24:37 | 000,055,731 | ---- | C] () -- C:\windows\sess_808hnu32uct2qnoafud9fg3875
[2012/10/30 13:24:36 | 000,055,737 | ---- | C] () -- C:\windows\sess_lqtc2glsll58gkmnimvfrgokk1
[2012/10/30 11:07:30 | 000,055,730 | ---- | C] () -- C:\windows\sess_f15i3h1cj0fjh60tqnb5ajbvt2
[2012/10/30 11:07:29 | 000,055,755 | ---- | C] () -- C:\windows\sess_ngsvm19ab9mj25vn38u3792gq2
[2012/10/30 11:07:28 | 000,055,730 | ---- | C] () -- C:\windows\sess_udha87qccf1agmojk1g7u7nha1
[2012/10/30 11:07:28 | 000,055,730 | ---- | C] () -- C:\windows\sess_6ke4qfdea2slffai9dom9ohba7
[2012/10/30 11:07:28 | 000,055,729 | ---- | C] () -- C:\windows\sess_hrs3582avmtrivu1q1ktuts220
[2012/10/30 10:45:32 | 000,056,998 | ---- | C] () -- C:\windows\sess_mr42h249sfc361jognvd4n0ed5
[2012/10/30 10:41:46 | 000,056,998 | ---- | C] () -- C:\windows\sess_jr6m113onblrsq6ijiud2vn5e3
[2012/10/30 10:40:50 | 000,055,713 | ---- | C] () -- C:\windows\sess_90dkcda0b7rqu0q0h6sa0dpbj5
[2012/10/30 10:30:55 | 000,055,755 | ---- | C] () -- C:\windows\sess_53d2sgamtrsu5tg7i2e80jojc5
[2012/10/30 10:30:51 | 000,055,734 | ---- | C] () -- C:\windows\sess_fkbct4t16nvbgt96tfjqmiuu97
[2012/10/30 10:30:51 | 000,055,730 | ---- | C] () -- C:\windows\sess_e8s1evn067dacp3d6uqh8l0et3
[2012/10/30 10:30:51 | 000,055,729 | ---- | C] () -- C:\windows\sess_8oc2suk2jl2mfieju3afriodv6
[2012/10/30 10:30:49 | 000,055,730 | ---- | C] () -- C:\windows\sess_g24u7htafegheojc00372ga214
[2012/10/30 10:28:45 | 000,017,207 | ---- | C] () -- C:\windows\sess_5g79d29snkoa34eagq8qn5vtk6
[2012/10/30 10:19:05 | 000,045,283 | ---- | C] () -- C:\windows\sess_uaubatcuej9sccitroqgbrdtg2
[2012/10/29 16:58:48 | 000,017,180 | ---- | C] () -- C:\windows\sess_ckg5krd4al0kmeb6v7ea95av30
[2012/10/29 16:32:04 | 000,055,334 | ---- | C] () -- C:\windows\sess_9gu4eaaeg471uam8tc922b2de5
[2012/10/29 16:32:04 | 000,055,330 | ---- | C] () -- C:\windows\sess_54l46ldslo0486iqagsemqtu60
[2012/10/29 16:32:02 | 000,055,355 | ---- | C] () -- C:\windows\sess_p9u03qr02m5er9s5r8qscejs82
[2012/10/29 16:32:01 | 000,055,330 | ---- | C] () -- C:\windows\sess_oo8e57s72jli2gmkit9ckk1lo6
[2012/10/29 15:36:07 | 000,055,331 | ---- | C] () -- C:\windows\sess_nf9dktvoqpat9ngg7d55mmj081
[2012/10/29 15:36:06 | 000,055,334 | ---- | C] () -- C:\windows\sess_vr1p8694sg1oj73kfr9tnl4391
[2012/10/29 15:36:01 | 000,055,331 | ---- | C] () -- C:\windows\sess_ceoamnsfguhlfj7omrlhjur5h3
[2012/10/29 15:36:00 | 000,055,334 | ---- | C] () -- C:\windows\sess_uqeibbekcgelidagl0efp370b4
[2012/10/29 15:04:54 | 000,055,331 | ---- | C] () -- C:\windows\sess_e48gsn7b30649srbsdd5v2jad2
[2012/10/29 15:04:53 | 000,055,334 | ---- | C] () -- C:\windows\sess_m0eff5cro6cmecll7ta423f7m3
[2012/10/29 15:04:49 | 000,055,331 | ---- | C] () -- C:\windows\sess_80qqdd7vcugmqcprg7m0mrdc63
[2012/10/29 15:04:48 | 000,055,334 | ---- | C] () -- C:\windows\sess_e1hek2huu5in47umqhisq2qts3
[2012/10/29 13:34:14 | 000,055,337 | ---- | C] () -- C:\windows\sess_79fdpon8qand25v3e948b4qbc2
[2012/10/29 12:42:04 | 000,055,331 | ---- | C] () -- C:\windows\sess_jl1hm965gj4arq1bj12f6h36s2
[2012/10/29 12:42:03 | 000,055,334 | ---- | C] () -- C:\windows\sess_3dvkc4cn7gmeiqsdmp1n0kd604
[2012/10/29 12:41:54 | 000,055,334 | ---- | C] () -- C:\windows\sess_uk1138urs57j7ttqucr63cvm64
[2012/10/29 12:41:54 | 000,055,331 | ---- | C] () -- C:\windows\sess_9jgs504p6p70ljkjopt4goj604
[2012/10/29 12:41:54 | 000,055,331 | ---- | C] () -- C:\windows\sess_9dshatt5b3btt5p40jgu94dn86
[2012/10/29 12:41:53 | 000,055,331 | ---- | C] () -- C:\windows\sess_sfc2m3gigflvlfeptsgqp8qd31
[2012/10/29 12:41:53 | 000,055,331 | ---- | C] () -- C:\windows\sess_ko5k1i7r82ggrp3lqp1ks6el53
[2012/10/29 12:41:53 | 000,055,331 | ---- | C] () -- C:\windows\sess_dpa68cs7bpne1jh70ctf4uvvn7
[2012/10/29 12:41:53 | 000,055,331 | ---- | C] () -- C:\windows\sess_a27e56h9km988m32t56noav4e5
[2012/10/29 12:41:52 | 000,055,331 | ---- | C] () -- C:\windows\sess_uo6iktgako59la171ejqrtp2d7
[2012/10/29 12:41:52 | 000,055,331 | ---- | C] () -- C:\windows\sess_rh2u220939aj3s2hhapeq7aa92
[2012/10/29 12:41:52 | 000,055,331 | ---- | C] () -- C:\windows\sess_qlkgj6c37uqfo3mrfsi96ekvb3
[2012/10/29 12:41:52 | 000,055,331 | ---- | C] () -- C:\windows\sess_6mtp4dvm2bn31akdfc20i1c992
[2012/10/29 12:41:51 | 000,055,331 | ---- | C] () -- C:\windows\sess_hfd3ep695kf6o746d36vekcdr7
[2012/10/29 12:41:51 | 000,055,331 | ---- | C] () -- C:\windows\sess_di3br0qgoqhb4kabbjq5hv9da6
[2012/10/29 12:41:50 | 000,055,331 | ---- | C] () -- C:\windows\sess_8h140ng9m69cc58mnm9ehtkuo7
[2012/10/29 12:41:49 | 000,055,331 | ---- | C] () -- C:\windows\sess_k9clsss02l2m8kun3f1p20kma6
[2012/10/29 12:41:49 | 000,055,331 | ---- | C] () -- C:\windows\sess_h18pqh6dqbf3vcerlp0fm45q25
[2012/10/29 12:41:46 | 000,055,331 | ---- | C] () -- C:\windows\sess_uct1u8q8ksh0h4v678siujstm0
[2012/10/29 12:41:43 | 000,055,331 | ---- | C] () -- C:\windows\sess_ai0013ue12ol6b8f8jb3ebuub1
[2012/10/29 12:41:42 | 000,055,331 | ---- | C] () -- C:\windows\sess_dj4ds0m76l3j28i14lau54ul64
[2012/10/29 12:41:41 | 000,055,337 | ---- | C] () -- C:\windows\sess_b0oorbo902kds8ik3euh8n9u36
[2012/10/29 12:41:41 | 000,055,331 | ---- | C] () -- C:\windows\sess_n4rtaj9673lgl1c8paojsadct3
[2012/10/29 12:41:41 | 000,055,331 | ---- | C] () -- C:\windows\sess_i95efddtfib87roh9u7s4oife0
[2012/10/29 10:53:36 | 000,055,337 | ---- | C] () -- C:\windows\sess_1b34unhehtj5drqqj002g2c341
[2012/10/29 10:45:19 | 000,055,337 | ---- | C] () -- C:\windows\sess_4ddeobtrm2h933s9tbmdrd1195
[2012/10/29 10:44:16 | 000,117,914 | ---- | C] () -- C:\windows\sess_r8aqfbre4t9eu7ptb0lk4kp753
[2012/10/29 10:19:09 | 000,055,337 | ---- | C] () -- C:\windows\sess_37rp294k6ngpqghg8slht4js25
[2012/10/29 10:18:47 | 000,056,018 | ---- | C] () -- C:\windows\sess_c2u7mnhd5qli6lkjh7g54jusa4
[2012/10/29 10:18:47 | 000,056,018 | ---- | C] () -- C:\windows\sess_3g8v3hdrf5h8pfm3hoa0c7v810
[2012/10/29 10:18:47 | 000,056,014 | ---- | C] () -- C:\windows\sess_cmqq0pi5vinkd1efgcbodl51k6
[2012/10/29 10:18:45 | 000,056,014 | ---- | C] () -- C:\windows\sess_abgllcvef9pe6erhu8ekq6ggq7
[2012/10/29 09:04:06 | 000,056,549 | ---- | C] () -- C:\windows\sess_or5ti5vc0huujf3amhdp6ktgr7
[2012/10/29 09:00:21 | 000,055,337 | ---- | C] () -- C:\windows\sess_mr1cat7qm67s5gcp6tkdjk3cv0
[2012/10/29 08:26:46 | 000,056,018 | ---- | C] () -- C:\windows\sess_hptd0jobar5v9rg5lh5banu106
[2012/10/29 08:26:42 | 000,056,018 | ---- | C] () -- C:\windows\sess_glhj9012kcitku78q76j44kpd1
[2012/10/29 08:26:42 | 000,056,014 | ---- | C] () -- C:\windows\sess_b7j2b41nrl3h4knbj1jublks24
[2012/10/29 08:26:42 | 000,056,013 | ---- | C] () -- C:\windows\sess_m47mnj6fnjr6bed2m33s2ovcj1
[2012/10/29 08:26:39 | 000,056,014 | ---- | C] () -- C:\windows\sess_jlicsl856i6kpbdk139ehmdmu5
[2012/10/26 17:28:19 | 000,055,334 | ---- | C] () -- C:\windows\sess_9j4qcm8bujgnngn3hnc5459te0
[2012/10/26 17:28:19 | 000,055,334 | ---- | C] () -- C:\windows\sess_7d0o08b2jvb3o56aqs6jfc9no3
[2012/10/26 17:28:18 | 000,055,330 | ---- | C] () -- C:\windows\sess_80kg347lala241i37juhb2ht33
[2012/10/26 17:28:18 | 000,055,329 | ---- | C] () -- C:\windows\sess_rouoeojkmh2qjg2rin3vohnoo5
[2012/10/26 14:42:27 | 000,055,334 | ---- | C] () -- C:\windows\sess_2gg91ani31jr2mk1g4oauj7a66
[2012/10/26 14:41:22 | 000,055,334 | ---- | C] () -- C:\windows\sess_003f8llqf9juv54l19p34fa2t0
[2012/10/26 14:34:59 | 000,017,197 | ---- | C] () -- C:\windows\sess_oktj28skagalmeu1n49vd5kja1
[2012/10/26 14:00:34 | 000,056,018 | ---- | C] () -- C:\windows\sess_iaco566vveo1nk8hh38fk9psh1
[2012/10/26 14:00:34 | 000,056,018 | ---- | C] () -- C:\windows\sess_9g3vvudfgeplqafi035mj10pb4
[2012/10/26 14:00:34 | 000,056,014 | ---- | C] () -- C:\windows\sess_vu76hmdaq64d03456rdmcqejo3
[2012/10/26 14:00:34 | 000,056,014 | ---- | C] () -- C:\windows\sess_2mtr6rnmg46li3sm6pml8aq922
[2012/10/26 14:00:26 | 000,017,197 | ---- | C] () -- C:\windows\sess_ohl13bigcbtbr1q4utedjbvb63
[2012/10/26 14:00:05 | 000,008,135 | ---- | C] () -- C:\windows\sess_n4ojdb7vouu7dv4eh3bb7oeas0
[2012/10/26 14:00:05 | 000,008,135 | ---- | C] () -- C:\windows\sess_dfr7j3g68dko7tqlt9a5kk5l71
[2012/10/26 14:00:05 | 000,008,135 | ---- | C] () -- C:\windows\sess_9h9vk071a9lqu6ngerj10327c3
[2012/10/26 14:00:05 | 000,008,135 | ---- | C] () -- C:\windows\sess_1dd31c0bv81j7fqeq6ijo79t32
[2012/10/26 13:56:42 | 000,056,039 | ---- | C] () -- C:\windows\sess_laso3tial542op3adau0k3u4s4
[2012/10/26 13:56:41 | 000,056,018 | ---- | C] () -- C:\windows\sess_7h4c9p4209n4j7tcistfdsgdf5
[2012/10/26 13:56:41 | 000,056,014 | ---- | C] () -- C:\windows\sess_7d5r342kicj3r8knhlhopaf103
[2012/10/26 13:56:40 | 000,056,013 | ---- | C] () -- C:\windows\sess_d5j44ssniv68iiha5lkdb3ho71
[2012/10/26 13:56:38 | 000,056,014 | ---- | C] () -- C:\windows\sess_dtuns1pog6bnbm3csfss34fae1
[2012/10/26 13:50:46 | 000,117,912 | ---- | C] () -- C:\windows\sess_3t4t9o9bcfktnbudkkfia0ho32
[2012/10/26 13:47:34 | 000,045,473 | ---- | C] () -- C:\windows\sess_o8h8vrob84aootauinbka1kdb7
[2012/10/26 13:46:43 | 000,017,744 | ---- | C] () -- C:\windows\sess_tp5elbhkdj0pd0k28qttd18bf1
[2012/10/26 13:46:01 | 000,017,744 | ---- | C] () -- C:\windows\sess_euiecr1raruhctmvvi276nl8l6
[2012/10/26 13:39:07 | 000,017,744 | ---- | C] () -- C:\windows\sess_hm6rs9vngkei8anekqp7kpj695
[2012/10/26 08:38:10 | 000,000,105 | ---- | C] () -- C:\Users\weh\Documents\brentford_magento.dsn
[2012/10/26 08:35:54 | 006,506,496 | ---- | C] () -- C:\Users\weh\Desktop\magento1.5.1-brentford.eap
[2012/10/25 18:00:48 | 000,055,334 | ---- | C] () -- C:\windows\sess_q5bafm61pcrfmlpb7gr38da994
[2012/10/25 18:00:48 | 000,055,330 | ---- | C] () -- C:\windows\sess_6bbkkqldn5dntv14pa1agp9mb5
[2012/10/25 18:00:48 | 000,055,329 | ---- | C] () -- C:\windows\sess_0llk0cipmv6g70rhdpqq8td881
[2012/10/25 18:00:46 | 000,055,334 | ---- | C] () -- C:\windows\sess_6e531cq1p7s7iassi6v52m1bv4
[2012/10/25 14:05:20 | 000,055,355 | ---- | C] () -- C:\windows\sess_jklmtai3q2bv8bl2au34503i31
[2012/10/25 14:05:11 | 000,055,334 | ---- | C] () -- C:\windows\sess_h90983pa344ace3u217utjh6a7
[2012/10/25 14:05:11 | 000,055,330 | ---- | C] () -- C:\windows\sess_1irk55glhtu785oeeefu8q0om6
[2012/10/25 14:05:11 | 000,055,329 | ---- | C] () -- C:\windows\sess_319di38o2l4c20m69q9qpg95c5
[2012/10/25 14:05:09 | 000,055,330 | ---- | C] () -- C:\windows\sess_l1auaakfkhf7ona7rmftht0hh0
[2012/10/24 08:08:54 | 000,000,022 | ---- | C] () -- C:\windows\SysWow64\devconinfo
[2012/10/24 08:08:54 | 000,000,021 | ---- | C] () -- C:\windows\SysNative\devconinfo
[2012/10/17 09:32:39 | 000,053,989 | ---- | C] () -- C:\windows\sess_lu43omd1jijp04254o8upvou53
[2012/10/17 09:29:42 | 000,055,334 | ---- | C] () -- C:\windows\sess_vq4pa77dgs8bmfet4je9oqr2n5
[2012/10/17 09:29:40 | 000,055,330 | ---- | C] () -- C:\windows\sess_fiestfqdrk3elset0epm6vbqu6
[2012/10/17 09:29:40 | 000,055,330 | ---- | C] () -- C:\windows\sess_arn2psussqhgdu9u5c3e1gmdg6
[2012/10/17 09:29:40 | 000,055,329 | ---- | C] () -- C:\windows\sess_0q4rp9ekmb6hrubjdb0milis13
[2012/10/17 09:29:27 | 000,055,334 | ---- | C] () -- C:\windows\sess_li9m6gajg2gt3mj0km03a3bda4
[2012/10/17 09:29:27 | 000,055,330 | ---- | C] () -- C:\windows\sess_hqhe0m60dmtpe5s9v279jnmba6
[2012/10/17 09:29:27 | 000,055,329 | ---- | C] () -- C:\windows\sess_8aq6fm6cdqimhd0jb9qhfqcg80
[2012/10/17 09:29:24 | 000,055,330 | ---- | C] () -- C:\windows\sess_1tquf8v4rek4o28hqi5va5l890
[2012/10/16 15:36:22 | 000,055,334 | ---- | C] () -- C:\windows\sess_210d12007katu43nc58jiv9gv0
[2012/10/16 15:02:33 | 000,055,337 | ---- | C] () -- C:\windows\sess_ojpd9jnu8itdde4v59utfrp2g7
[2012/10/16 15:01:27 | 000,052,764 | ---- | C] () -- C:\windows\sess_1aru2t09vrhnvj4jiupcptdq35
[2012/10/16 12:50:14 | 000,055,335 | ---- | C] () -- C:\windows\sess_gmntlm6kmaseratfn59q5ju450
[2012/10/16 12:50:09 | 000,052,764 | ---- | C] () -- C:\windows\sess_m3prje56a0st38hnas035gjv26
[2012/10/16 12:49:36 | 000,055,340 | ---- | C] () -- C:\windows\sess_7bq1n0hda1dn5g7bbno2n0lpn2
[2012/08/14 14:08:40 | 000,000,152 | ---- | C] () -- C:\windows\SysWow64\RSLSP.ini
[2012/08/14 12:34:03 | 000,000,236 | ---- | C] () -- C:\windows\sripper.ini
[2012/08/14 12:34:03 | 000,000,052 | ---- | C] () -- C:\windows\StreamRipper32.INI
[2012/07/20 19:05:53 | 000,000,424 | ---- | C] () -- C:\Users\weh\AppData\Roaming\.ptbt1
[2012/07/17 10:22:56 | 000,001,484 | ---- | C] () -- C:\Users\weh\.h2.server.properties
[2012/07/09 09:44:01 | 000,000,158 | ---- | C] () -- C:\Users\weh\.gtkrc-2.0
[2012/05/08 11:52:20 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\dlumd9.dll
[2012/05/08 11:52:20 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\dlumd11.dll
[2012/05/08 11:52:20 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\dlumd10.dll
[2012/03/30 10:08:41 | 000,040,757 | ---- | C] () -- C:\Users\weh\AppData\Local\recently-used.xbel.I07BCW
[2012/02/27 15:16:43 | 000,000,017 | ---- | C] () -- C:\Users\weh\_pentadactylrc
[2011/11/11 19:15:41 | 000,003,190 | ---- | C] () -- C:\Users\weh\.ganttproject
[2011/11/04 10:11:00 | 000,000,335 | ---- | C] () -- C:\Users\weh\.gitconfig
[2011/11/04 10:00:01 | 000,000,189 | ---- | C] () -- C:\Users\weh\.gitignore
[2011/08/22 20:11:16 | 000,007,665 | ---- | C] () -- C:\Users\weh\AppData\Local\Resmon.ResmonCfg
[2011/08/17 12:50:33 | 002,463,976 | ---- | C] () -- C:\windows\SysWow64\NPSWF32.dll
[2011/06/22 09:13:36 | 000,000,067 | ---- | C] () -- C:\windows\Emu48.ini
[2011/06/01 12:04:19 | 000,001,117 | ---- | C] () -- C:\Users\weh\.scala_history
[2011/05/06 10:34:16 | 000,167,784 | -H-- | C] () -- C:\windows\SysWow64\mlfcache.dat
[2011/04/28 07:52:27 | 000,001,854 | ---- | C] () -- C:\Users\weh\AppData\Roaming\GhostObjGAFix.xml
[2011/04/11 16:18:46 | 000,695,642 | ---- | C] () -- C:\windows\unins000.exe
[2011/04/11 16:18:46 | 000,001,729 | ---- | C] () -- C:\windows\unins000.dat
[2011/03/30 12:26:16 | 000,000,012 | ---- | C] () -- C:\windows\dirsaver.ini
[2011/03/30 12:26:09 | 000,028,672 | ---- | C] () -- C:\windows\gscr.dll
[2011/03/18 09:35:26 | 000,000,017 | ---- | C] () -- C:\Users\weh\.javafx_ping_sent
[2011/03/01 18:15:28 | 000,000,642 | ---- | C] () -- C:\windows\ODBC.INI
[2011/03/01 18:13:58 | 000,000,232 | ---- | C] () -- C:\windows\ODBCINST.INI
[2011/03/01 10:59:10 | 000,000,920 | -H-- | C] () -- C:\Users\weh\.gitk
[2011/03/01 09:11:02 | 000,020,945 | ---- | C] () -- C:\Users\weh\_viminfo
[2011/02/21 10:20:08 | 000,000,255 | ---- | C] () -- C:\Users\weh\AppData\Roaming\sqlite3Explorer.xml
[2011/02/17 17:54:46 | 000,144,622 | ---- | C] () -- C:\windows\SysWow64\drivers\kqemu.sys
[2011/02/17 15:02:37 | 000,000,600 | ---- | C] () -- C:\Users\weh\AppData\Local\PUTTY.RND
[2011/02/09 12:39:32 | 000,000,000 | ---- | C] () -- C:\windows\nsreg.dat
[2011/02/03 10:46:23 | 000,000,182 | ---- | C] () -- C:\Users\weh\.zf.ini
[2011/02/02 09:00:04 | 000,000,600 | ---- | C] () -- C:\Users\weh\AppData\Roaming\winscp.rnd
[2011/02/01 15:50:39 | 000,000,727 | ---- | C] () -- C:\windows\hpntwksetup.ini
[2011/02/01 15:49:34 | 000,176,788 | ---- | C] () -- C:\windows\hppins12.dat
[2011/02/01 15:49:34 | 000,007,855 | ---- | C] () -- C:\windows\hppmdl12.dat
[2011/02/01 15:30:41 | 000,769,286 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/02/01 14:27:11 | 000,000,056 | -H-- | C] () -- C:\windows\SysWow64\ezsidmv.dat
[2011/02/01 11:03:03 | 000,000,096 | ---- | C] () -- C:\Users\weh\.asadminpass
 
========== ZeroAccess Check ==========
 
[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2011/08/10 10:44:59 | 000,000,000 | ---D | M] -- C:\Users\weh\AppData\Roaming\Acronis
[2012/08/28 11:56:55 | 000,000,000 | ---D | M] -- C:\Users\weh\AppData\Roaming\BalsamiqMockupsForDesktop.EDE15CF69E11F7F7D45B5430C7D37CC6C3545E3C.1
[2011/07/08 08:03:32 | 000,000,000 | ---D | M] -- C:\Users\weh\AppData\Roaming\Bitcoin
[2012/11/01 13:44:15 | 000,000,000 | ---D | M] -- C:\Users\weh\AppData\Roaming\calibre
[2011/02/01 09:26:29 | 000,000,000 | ---D | M] -- C:\Users\weh\AppData\Roaming\DigitalPersona
[2012/11/14 16:55:01 | 000,000,000 | ---D | M] -- C:\Users\weh\AppData\Roaming\Dropbox
[2011/07/26 11:38:57 | 000,000,000 | ---D | M] -- C:\Users\weh\AppData\Roaming\EasyTax
[2012/10/31 09:25:13 | 000,000,000 | ---D | M] -- C:\Users\weh\AppData\Roaming\FileZilla
[2012/05/22 12:23:46 | 000,000,000 | ---D | M] -- C:\Users\weh\AppData\Roaming\GitHub
[2012/04/13 14:37:09 | 000,000,000 | ---D | M] -- C:\Users\weh\AppData\Roaming\gtk-2.0
[2012/03/20 11:03:52 | 000,000,000 | ---D | M] -- C:\Users\weh\AppData\Roaming\HandBrake
[2011/02/01 17:12:48 | 000,000,000 | ---D | M] -- C:\Users\weh\AppData\Roaming\HeidiSQL
[2011/09/21 14:42:36 | 000,000,000 | ---D | M] -- C:\Users\weh\AppData\Roaming\InfraRecorder
[2012/06/01 13:13:47 | 000,000,000 | ---D | M] -- C:\Users\weh\AppData\Roaming\inkscape
[2012/10/31 19:31:51 | 000,000,000 | ---D | M] -- C:\Users\weh\AppData\Roaming\KeePass
[2011/05/19 17:38:36 | 000,000,000 | ---D | M] -- C:\Users\weh\AppData\Roaming\Launchy
[2011/04/13 10:03:22 | 000,000,000 | ---D | M] -- C:\Users\weh\AppData\Roaming\Leadertech
[2012/11/09 19:46:00 | 000,000,000 | ---D | M] -- C:\Users\weh\AppData\Roaming\LibreOffice
[2011/02/03 09:17:20 | 000,000,000 | ---D | M] -- C:\Users\weh\AppData\Roaming\motorola
[2011/02/22 09:46:08 | 000,000,000 | ---D | M] -- C:\Users\weh\AppData\Roaming\MySQL
[2012/11/08 09:48:15 | 000,000,000 | ---D | M] -- C:\Users\weh\AppData\Roaming\NetBeans
[2011/05/19 17:38:37 | 000,000,000 | ---D | M] -- C:\Users\weh\AppData\Roaming\Notepad++
[2012/03/16 13:00:08 | 000,000,000 | ---D | M] -- C:\Users\weh\AppData\Roaming\npm
[2012/03/16 18:08:41 | 000,000,000 | ---D | M] -- C:\Users\weh\AppData\Roaming\npm-cache
[2011/02/02 12:57:47 | 000,000,000 | ---D | M] -- C:\Users\weh\AppData\Roaming\OpenOffice.org
[2011/09/07 12:09:59 | 000,000,000 | ---D | M] -- C:\Users\weh\AppData\Roaming\Opera
[2011/11/24 10:21:25 | 000,000,000 | ---D | M] -- C:\Users\weh\AppData\Roaming\pdfforge
[2011/02/04 09:44:14 | 000,000,000 | ---D | M] -- C:\Users\weh\AppData\Roaming\Pencil
[2011/02/01 17:11:05 | 000,000,000 | ---D | M] -- C:\Users\weh\AppData\Roaming\postgresql
[2011/02/01 16:28:25 | 000,000,000 | ---D | M] -- C:\Users\weh\AppData\Roaming\Sparx Systems
[2011/10/13 09:32:13 | 000,000,000 | ---D | M] -- C:\Users\weh\AppData\Roaming\Sublime Text 2
[2011/02/01 10:37:24 | 000,000,000 | ---D | M] -- C:\Users\weh\AppData\Roaming\Subversion
[2012/02/29 13:53:13 | 000,000,000 | ---D | M] -- C:\Users\weh\AppData\Roaming\TeamViewer
[2011/02/09 12:39:32 | 000,000,000 | ---D | M] -- C:\Users\weh\AppData\Roaming\Thunderbird
[2012/11/01 08:41:03 | 000,000,000 | ---D | M] -- C:\Users\weh\AppData\Roaming\Veodin
[2012/09/12 16:32:09 | 000,000,000 | ---D | M] -- C:\Users\weh\AppData\Roaming\webex
[2011/11/22 16:15:58 | 000,000,000 | ---D | M] -- C:\Users\weh\AppData\Roaming\Wireshark
 
========== Purity Check ==========
 
 

< End of report >

weh · 15.11.2012, 10:22

Extras:

Code:

ATTFilter

OTL Extras logfile created on: 11/15/2012 10:01:10 AM - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\weh\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Switzerland | Language: DES | Date Format: dd.MM.yyyy
 
3.86 Gb Total Physical Memory | 1.39 Gb Available Physical Memory | 35.90% Memory free
7.72 Gb Paging File | 4.76 Gb Available in Paging File | 61.72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 280.79 Gb Total Space | 74.86 Gb Free Space | 26.66% Space Free | Partition Type: NTFS
Drive F: | 1.99 Gb Total Space | 1.98 Gb Free Space | 99.56% Space Free | Partition Type: FAT32
Drive S: | 149.04 Gb Total Space | 50.54 Gb Free Space | 33.91% Space Free | Partition Type: NTFS
 
Computer Name: WEHBOOK | User Name: weh | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
 
[HKEY_USERS\S-1-5-21-3629986181-1509596615-2328272075-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [git_shell] -- wscript "C:\Program Files (x86)\Git\Git Bash.vbs" "%1"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [git_shell] -- wscript "C:\Program Files (x86)\Git\Git Bash.vbs" "%1"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallDisableNotify" = 0
"FirewallOverride" = 1
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system | 
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system | 
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system | 
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system | 
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system | 
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system | 
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system | 
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system | 
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system | 
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0611B3CC-B5DB-4B93-ACE4-97B8F938E6B7}" = 64 Bit HP CIO Components Installer
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1111706F-666A-4037-7777-211648764D10}" = JavaFX 2.1.1 (64-bit)
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{2051F4CD-5708-4E26-BB74-00A0A6B06DFC}" = TortoiseGit 1.7.3.0 (64 bit)
"{218BB4A0-250C-4EBF-AE0A-398AF174A794}" = devolo Vianect AIR TV
"{2222706F-666A-4037-7777-211648764D10}" = JavaFX 2.1.1 SDK (64-bit)
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416023FF}" = Java(TM) 6 Update 23 (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86417007FF}" = Java 7 Update 7 (64-bit)
"{290D4DB2-F1B4-4B8E-918D-D71EF29A001B}" = Intel(R) PROSet/Wireless WiFi-Software
"{2917FD4B-9D6C-4012-BB45-DC9722CA78E2}" = HP ProtectTools Security Manager
"{2B7F5983-7076-4D6E-9207-D9D05722502F}" = Smart Technology Programming Software 7.0.2.7
"{2C22EA92-CB30-4932-0052-000001000000}" = InfraRecorder 0.52 (x64 edition)
"{32939827-d8e5-470a-b126-870db3c69fd0}" = Python 2.7.1 (64-bit)
"{3513DD3C-7680-4C7C-BF18-BA375D5F4132}" = Pre-Boot Security for HP ProtectTools
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4E2D1823-C889-4CA9-9BB2-08E962A5E735}" = MySQL Server 5.5
"{51662E6C-5813-46D3-9801-A68ECC9BB6BC}" = DisplayLink Graphics
"{518C838E-A21C-40BE-B844-648040C2491D}" = HP Wireless Assistant
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64A3A4F4-B792-11D6-A78A-00B0D0160230}" = Java(TM) SE Development Kit 6 Update 23 (64-bit)
"{64A3A4F4-B792-11D6-A78A-00B0D0170070}" = Java SE Development Kit 7 Update 7 (64-bit)
"{67C090D6-109A-47D7-8DED-4160C4D96F32}" = HP 3D DriveGuard
"{6D45461F-F0FF-4E32-A16D-C636722FCA12}" = devolo Vianect AIR Manager
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{72A9C5F2-0F2A-48C7-B965-469C418859BF}" = DisplayLink Core Software
"{79CFB0AF-7F21-415D-AF84-B1F3DEE44ED9}" = ActivePerl 5.12.3 Build 1204 (64-bit)
"{818AA386-29D5-4DFF-BBB5-3F16133F1409}" = TortoiseSVN 1.6.12.20536 (64 bit)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{938C9D51-4233-4DCE-A650-96918ACDBF3E}" = HP Power Data
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = HP Integrated Module with Bluetooth wireless technology
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{ADCF7C16-C3AC-4AFB-A738-968C86A5C2CF}" = Oracle VM VirtualBox 4.0.2
"{b2042d5e-986d-44ec-aee3-afe4108ccc94}" = Python 3.2 (64-bit)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 276.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 276.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 136.02
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BD7AB0B9-4491-4642-B6BB-2560648A0A22}" = HP Power Assistant
"{BE9ED4AF-949C-4B95-B2FD-0A2F228A7689}" = Validity Fingerprint Driver
"{C44218B2-EC4D-4EB9-A3E3-F8F4A46927EC}" = MySQL Connector/ODBC 5.1
"{C7AE4EC3-9C13-4213-8457-74D16B353F91}" = HP Web Camera
"{C862EC05-1C15-4327-B15D-C7788D6CFF73}" = Image Resizer Powertoy Clone for Windows (64 bit)
"{D6782B98-BDC0-45F4-A046-9D26C475CBF8}" = Drive Encryption for HP ProtectTools
"{ECF3E482-9188-4e29-9C31-E02FD8DC74C0}" = HP Color LaserJet CM2320 MFP Series 3.1
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800)
"6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1" = Windows Driver Package - Broadcom Bluetooth  (07/30/2009 6.2.0.9405)
"6B8550A319DDC8B17F35F4A89988705E4592349B" = Windows Driver Package - Broadcom Bluetooth  (06/15/2009 6.2.0.9000)
"8973-4025-0853-7287" = DbVisualizer 8.0.8
"GIMP-2_is1" = GIMP 2.8.0-rc1
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"HPProtectTools" = HP ProtectTools Security Manager
"LSI Soft Modem" = LSI HDA Modem
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"nbi-glassfish-mod-3.1.2.23.0" = GlassFish Server Open Source Edition 3.1.2
"nbi-glassfish-mod-3.1.2.23.2" = GlassFish Server Open Source Edition 3.1.2.2
"nbi-glassfish-mod-3.1.43.0.0" = GlassFish Server Open Source Edition 3.1
"nbi-glassfish-mod-sun-3.0.0.74.2" = Sun GlassFish Enterprise Server v3
"nbi-nb-base-6.8.0.0.0" = NetBeans IDE 6.8
"nbi-nb-base-7.0.0.0.0" = NetBeans IDE 7.0
"nbi-nb-base-7.1.1.0.0" = NetBeans IDE 7.1.1
"nbi-nb-base-7.2.1.0.201210100934" = NetBeans IDE 7.2.1
"nbi-tomcat-7.0.22.0.0" = Apache Tomcat 7.0.22
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"PostgreSQL 9.0" = PostgreSQL 9.0 
"ProInst" = Intel PROSet Wireless
"PROSet" = Intel(R) Network Connections Drivers
"RealVNC_is1" = VNC Enterprise Edition E4.6.0
"sp6" = Logitech SetPoint 6.20
"Sublime Text 2_is1" = Sublime Text 2.0.1
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Vim 7.3" = Vim 7.3 (self-installing)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{01E73CF7-3B8E-49F6-B09C-3FB122B3938A}" = HP Software Framework
"{04801E42-B1A6-4C52-9F3D-CADB5A050433}" = HP Software Setup
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{09E46892-D189-410F-AE52-72D620247182}" = calibre
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{1A20BE74-67F7-449D-B66D-6FC37FC4FEF2}" = Subversion
"{1D61E881-43CD-447B-9E6B-D2C6138B2862}" = HP Webcam
"{1E6219D4-027E-47EE-AB83-DD2F26E31A32}" = HP Setup
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{24495227-1B47-4D55-AC27-167B6BC3FF73}" = hppScanToCM2320
"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 35
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{2AF401F8-D652-4F0D-A445-88F149969AB8}" = AirParrot
"{2DA697D7-FED3-4DE2-A174-92A2A12F9688}" = HP SoftPaq Download Manager
"{33C9F24B-1D92-4632-A915-81E3BB1D5D6B}" = Theft Recovery
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = HP Webcam Driver
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C6DEBDB-E980-4C6F-9642-A44F59C70C73}" = LibreOffice 3.6 Help Pack (German)
"{511CA535-9CB1-4128-A30C-5F4C5D4AB848}" = hppFaxUtilityCM2320
"{52937564-8312-4B49-BB13-F7EDBB67EB34}" = MySQL Workbench 5.2 CE
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{549F3C2A-33EF-571C-AF1E-066865E63716}" = Balsamiq Mockups For Desktop
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5BF8E079-D6E2-4323-B794-75152371122A}" = Windows 7 Default Setting
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{62052A1A-0997-4EB1-9DD1-176F2A2A302B}" = Adobe LiveCycle Designer ES3
"{62272D4E-78E9-4BAD-B7AA-63072D06AAA9}" = HP Documentation
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{676CF48E-6847-4C3E-8327-9813BCEBD1A3}" = node.js
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
"{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{77697747-7567-428D-8394-2287586F6974}" = hppusgCM2320
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85262A06-2D8C-4BC1-B6ED-5A705D09CFFC}" = Apache HTTP Server 2.2.17
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8B0CB1FA-6D45-4D41-B7BA-5F13EA6BEC5A}" = Adobe Edge Preview
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.VISIOR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.VISIOR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.VISIOR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.VISIOR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.VISIOR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.VISIOR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2010
"{90140000-0054-0409-0000-0000000FF1CE}_Office14.VISIOR_{CDC4310F-8189-485F-B47D-D972217CE173}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.VISIOR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.VISIOR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.VISIOR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0057-0000-0000-0000000FF1CE}" = Microsoft Office Visio 2010
"{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{01D8AE4B-A04D-47E5-81BF-E3F98B81B8C3}" = Microsoft Visio 2010 Service Pack 1 (SP1)
"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{995F2783-8311-49BF-833E-DB659774B4F6}" = hppFonts
"{99EE30D2-A7EA-486C-9AD4-57C8583375BF}" = hppSendFaxCM2320
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A743BBCC-3438-4BB3-8397-6C9D9AC125A6}" = Timershot Powertoy for Windows XP
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{ABB8337F-50AC-412E-8E7E-279E3716B91C}" = Kerio Outlook Connector (Offline Edition)
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AC76BA86-7AD7-5670-0000-900000000003}" = Korean Fonts Support For Adobe Reader 9
"{AE7C40B6-9C6D-4022-B017-A41A6B7FA4D3}" = hppManualsCM2320
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B226235F-51A4-4090-B5DB-5482A28D1B0F}" = hppFaxDrvCM2320
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C2A9E3FA-1D9D-4BC1-AEED-135AADADEBF9}" = Kerio Updater Service
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{C813DEA0-D8F0-22B5-F372-F5CC329556EA}" = Adobe Community Help
"{CBCF6C86-4738-4A84-9C2C-331804DCEB9B}" = LibreOffice 3.6
"{CC98E8B3-FAAA-4D09-A813-A44C9FA1A3EE}" = Enterprise Architect 8
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CE07BE71-510D-414A-92D4-DFF47631848A}" = Simple Build Tool
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D50B8348-D00C-4208-94D2-76A0E0CD5776}_is1" = Gummi version 0.6.2~beta2
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{DD7D788B-D6C2-4CB1-AACC-8614D6C21D7C}" = hppCLJCM2320
"{DF26C0AE-3520-484F-8BF7-CD061E32F027}" = HP ESU for Microsoft Windows 7
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E7081891-BC7F-43F9-9CE6-B5DD2F497156}" = Internet Explorer Developer Toolbar
"{ED23E382-E5E3-4E21-B616-01FC59A40916}" = OpenOffice.org 3.3
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F173C2B3-296F-458C-98FF-1676A42EBA02}" = HP Wallpaper
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F5CC2EF8-20A4-4366-A681-3FE849E65809}" = RICOH Media Driver
"{FD8234FF-A70D-4632-B146-F41AB37C0B24}" = HP Business Card Reader
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FF841249-0D6B-41D7-8013-953EE3A33263}" = hppQFolderCM2320
"ActiveTouchMeetingClient" = Cisco WebEx Meetings
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Flex Builder 3" = Adobe Flex Builder 3
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"ApacheCouchDB_is1" = Apache CouchDB 1.0.1
"Ashampoo MyAutoplay Menu_is1" = Ashampoo MyAutoplay Menu 1.0.5
"Avira AntiVir Desktop" = Avira Professional Security
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"BalsamiqMockupsForDesktop.EDE15CF69E11F7F7D45B5430C7D37CC6C3545E3C.1" = Balsamiq Mockups For Desktop
"CDex" = CDex - Open Source Digital Audio CD Extractor
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CIH_STXrecordDOO_scr.scr" = CIH_STXrecordDOO_scr ScreenSaver
"CollabNet Subversion Client" = CollabNet Subversion Client 1.6.12
"ESET Online Scanner" = ESET Online Scanner v3
"FileZilla Client" = FileZilla Client 3.5.3
"Flickr.Net Screensaver_is1" = Flickr.Net Screensaver 4
"Git_is1" = Git version 1.7.4-preview20110204
"GPL Ghostscript 9.00" = GPL Ghostscript 9.00
"GTK2-Runtime" = GTK2-Runtime
"GTK2-Themes" = GTK2-Themes
"HandBrake" = HandBrake 0.9.6
"HeidiSQL_is1" = HeidiSQL 7.0.0.4053
"Hugin" = Hugin 2011.4.0
"Inkscape" = Inkscape 0.48.3.1
"InstallShield_{33C9F24B-1D92-4632-A915-81E3BB1D5D6B}" = Theft Recovery
"InstallShield_{6D45461F-F0FF-4E32-A16D-C636722FCA12}" = devolo Vianect AIR Manager
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"KeePassPasswordSafe2_is1" = KeePass Password Safe 2.14
"KQEMU" = KQEMU virtualisation module for QEMU
"Launchy_21344213_is1" = Launchy 2.5
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
"MiKTeX 2.9" = MiKTeX 2.9
"mIRC" = mIRC
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"Mozilla Thunderbird (3.1.20)" = Mozilla Thunderbird (3.1.20)
"Mozilla XULRunner (1.9.0.4)" = Mozilla XULRunner (1.9.0.4)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Office14.VISIOR" = Microsoft Visio Professional 2010
"Opera 11.62.1347" = Opera 11.62
"ownCloud" = ownCloud
"Pencil" = Pencil
"Polipo" = Polipo 1.0.4.1
"PowerCmd_is1" = PowerCmd 2.2
"PuTTY_is1" = PuTTY version 0.60
"RealVNC_is1" = VNC Free Edition 4.1.3
"SyncBack_is1" = SyncBack
"Synergy" = Synergy
"TeamViewer 6" = TeamViewer 6
"TeamViewer 7" = TeamViewer 7
"Tor" = Tor 0.2.2.33
"Vidalia" = Vidalia 0.2.14
"VLC media player" = VLC media player 1.1.11
"WinCDEmu" = WinCDEmu
"WinPcapInst" = WinPcap 4.1.2
"winscp3_is1" = WinSCP 5.1
"Wireshark" = Wireshark 1.6.4
"Xming_is1" = Xming 6.9.0.31
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3629986181-1509596615-2328272075-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{BD5F3A9C-22D5-4C1D-AEA0-ED1BE83A1E67}_is1" = Ruby 1.9.2-p180
"BrickBreaker" = BrickBreaker
"Dropbox" = Dropbox
"GanttProject 2.0.10" = GanttProject 2.0.10
"Google Chrome" = Google Chrome
"StationRipper" = StationRipper 2.98.5
"StyleEditor" = StyleEditor
"SwirlingSquares" = SwirlingSquares
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 11/14/2012 12:26:43 AM | Computer Name = wehbook | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "C:\Program Files (x86)\Sparx
 Systems\EA\SSInvoke.exe".Error in manifest or policy file "C:\Program Files (x86)\Sparx
 Systems\EA\SSInvoke.exe" on line 21.  Invalid Xml syntax.
 
Error - 11/14/2012 12:32:44 AM | Computer Name = wehbook | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\program files (x86)\ESET\eset
 online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
 .  A component version required by the application conflicts with another component
 version already active.  Conflicting components are:.  Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 11/14/2012 12:32:46 AM | Computer Name = wehbook | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\program files (x86)\ESET\eset
 online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
 .  A component version required by the application conflicts with another component
 version already active.  Conflicting components are:.  Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 11/14/2012 5:46:32 AM | Computer Name = wehbook | Source = Microsoft-Windows-RestartManager | ID = 10006
Description = Application or service 'Internet Explorer' could not be shut down.
 
Error - 11/14/2012 8:58:20 AM | Computer Name = wehbook | Source = Application Error | ID = 1000
Description = Faulting application name: notepad++.exe, version: 5.8.7.0, time stamp:
 0x4d434075  Faulting module name: Explorer.dll_unloaded, version: 0.0.0.0, time stamp:
 0x4a04adee  Exception code: 0xc0000005  Fault offset: 0x027d7626  Faulting process id:
 0x11f8  Faulting application start time: 0x01cdc2660ebfe83f  Faulting application path:
 C:\Program Files (x86)\Notepad++\notepad++.exe  Faulting module path: Explorer.dll
Report
 Id: f68963a1-2e5a-11e2-94f5-68b599e6ebab
 
Error - 11/14/2012 11:56:22 AM | Computer Name = wehbook | Source = Application Error | ID = 1000
Description = Faulting application name: Explorer.EXE, version: 6.1.7601.17567, 
time stamp: 0x4d672ee4  Faulting module name: ntdll.dll, version: 6.1.7601.17725, 
time stamp: 0x4ec4aa8e  Exception code: 0xc0000005  Fault offset: 0x000000000004e4b4
Faulting
 process id: 0xba4  Faulting application start time: 0x01cdc280284c7e9c  Faulting application
 path: C:\windows\Explorer.EXE  Faulting module path: C:\windows\SYSTEM32\ntdll.dll
Report
 Id: d5a13918-2e73-11e2-8876-68b599e6ebab
 
Error - 11/14/2012 12:29:11 PM | Computer Name = wehbook | Source = Avira Antivirus | ID = 4122
Description = Unable to load file AvShadow.   Returned error code: 0x3fa
 
Error - 11/14/2012 1:12:46 PM | Computer Name = wehbook | Source = Avira Antivirus | ID = 4129
Description = The update from WEHBOOK () failed.  No detailed error description available..
There
 were no new files loaded.
 
Error - 11/15/2012 4:00:37 AM | Computer Name = wehbook | Source = Avira Antivirus | ID = 4129
Description = The update from WEHBOOK () failed.  No detailed error description available..
There
 were no new files loaded.
 
Error - 11/15/2012 5:00:37 AM | Computer Name = wehbook | Source = Avira Antivirus | ID = 4129
Description = The update from WEHBOOK () failed.  No detailed error description available..
There
 were no new files loaded.
 
[ Hewlett-Packard Events ]
Error - 10/24/2012 1:39:36 PM | Computer Name = wehbook | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261   at HP.SupportAssistant.Common.CustomerExperience.HPSASession.addTempSession()
Message:
 Object reference not set to an instance of an object.  StackTrace:   at HP.SupportAssistant.Common.CustomerExperience.HPSASession.addTempSession()
Source:
 HP.SupportAssistant.Common    Name: HPSF.exe  Version: 06.00.01.01  Path: C:\Program Files
 (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: en-US  RAM: 3951  Ram Utilization:
 50  TargetSite: Void addTempSession()  
 
Error - 10/24/2012 1:39:38 PM | Computer Name = wehbook | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261HPSF.exe   at HP.SupportAssistant.Common.CustomerExperience.HPSASession.addTempSession()
Message:
 Object reference not set to an instance of an object.  StackTrace:   at HP.SupportAssistant.Common.CustomerExperience.HPSASession.addTempSession()
Source:
 HP.SupportAssistant.Common    Name: HPSF.exe  Version: 06.00.01.01  Path: C:\Program Files
 (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: en-US  RAM: 3951  Ram Utilization:
 50  TargetSite: Void addTempSession()  
 
Error - 10/31/2012 2:03:37 PM | Computer Name = wehbook | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261   at HP.SupportAssistant.Common.CustomerExperience.HPSASession.addTempSession()
Message:
 Object reference not set to an instance of an object.  StackTrace:   at HP.SupportAssistant.Common.CustomerExperience.HPSASession.addTempSession()
Source:
 HP.SupportAssistant.Common    Name: HPSF.exe  Version: 06.00.01.01  Path: C:\Program Files
 (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: en-US  RAM: 3951  Ram Utilization:
 70  TargetSite: Void addTempSession()  
 
Error - 10/31/2012 2:03:38 PM | Computer Name = wehbook | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261HPSF.exe   at HP.SupportAssistant.Common.CustomerExperience.HPSASession.addTempSession()
Message:
 Object reference not set to an instance of an object.  StackTrace:   at HP.SupportAssistant.Common.CustomerExperience.HPSASession.addTempSession()
Source:
 HP.SupportAssistant.Common    Name: HPSF.exe  Version: 06.00.01.01  Path: C:\Program Files
 (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: en-US  RAM: 3951  Ram Utilization:
 70  TargetSite: Void addTempSession()  
 
Error - 11/8/2012 2:44:00 AM | Computer Name = wehbook | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261   at HP.SupportAssistant.Common.CustomerExperience.HPSASession.addTempSession()
Message:
 Object reference not set to an instance of an object.  StackTrace:   at HP.SupportAssistant.Common.CustomerExperience.HPSASession.addTempSession()
Source:
 HP.SupportAssistant.Common    Name: HPSF.exe  Version: 06.00.01.01  Path: C:\Program Files
 (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: en-US  RAM: 3951  Ram Utilization:
 60  TargetSite: Void addTempSession()  
 
Error - 11/8/2012 2:44:01 AM | Computer Name = wehbook | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261HPSF.exe   at HP.SupportAssistant.Common.CustomerExperience.HPSASession.addTempSession()
Message:
 Object reference not set to an instance of an object.  StackTrace:   at HP.SupportAssistant.Common.CustomerExperience.HPSASession.addTempSession()
Source:
 HP.SupportAssistant.Common    Name: HPSF.exe  Version: 06.00.01.01  Path: C:\Program Files
 (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: en-US  RAM: 3951  Ram Utilization:
 60  TargetSite: Void addTempSession()  
 
Error - 11/14/2012 11:57:20 AM | Computer Name = wehbook | Source = HPSFMsgr.exe | ID = 4000
Description = HP Error ID: -2147023169   at System.RuntimeTypeHandle.CreateInstance(RuntimeType
 type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle&
 ctor, Boolean& bNeedSecurityCheck)     at System.RuntimeType.CreateInstanceSlow(Boolean
 publicOnly, Boolean fillCache)     at System.RuntimeType.CreateInstanceImpl(Boolean
 publicOnly, Boolean skipVisibilityChecks, Boolean fillCache)     at System.Activator.CreateInstance(Type
 type, Boolean nonPublic)     at HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed()
StackTrace:
   at System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly,
 Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck)

   at System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache)

   at System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks,
 Boolean fillCache)     at System.Activator.CreateInstance(Type type, Boolean nonPublic)

   at HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed()  Source: mscorlib

Name:
 HPSFMsgr.exe  Version: 01.00.00.00  Path: C:\Program Files (x86)\Hewlett-Packard\HP
 Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe  Format: en-US  RAM: 3951  Ram
 Utilization: 50  TargetSite: System.Object CreateInstance(System.RuntimeType, Boolean,
 Boolean, Boolean ByRef, System.RuntimeMethodHandle ByRef, Boolean ByRef)  
 
Error - 11/15/2012 4:05:47 AM | Computer Name = wehbook | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 11/15/2012 4:07:23 AM | Computer Name = wehbook | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261HPSF.exe   at HP.SupportAssistant.Common.CustomerExperience.HPSASession.addTempSession()
Message:
 Object reference not set to an instance of an object.  StackTrace:   at HP.SupportAssistant.Common.CustomerExperience.HPSASession.addTempSession()
Source:
 HP.SupportAssistant.Common    Name: HPSF.exe  Version: 06.00.01.01  Path: C:\Program Files
 (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: en-US  RAM: 3951  Ram Utilization:
 50  TargetSite: Void addTempSession()  
 
Error - 11/15/2012 4:07:23 AM | Computer Name = wehbook | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261HPSF.exe   at HP.SupportAssistant.Common.CustomerExperience.HPSASession.addTempSession()
Message:
 Object reference not set to an instance of an object.  StackTrace:   at HP.SupportAssistant.Common.CustomerExperience.HPSASession.addTempSession()
Source:
 HP.SupportAssistant.Common    Name: HPSF.exe  Version: 06.00.01.01  Path: C:\Program Files
 (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: en-US  RAM: 3951  Ram Utilization:
 50  TargetSite: Void addTempSession()  
 
[ HP Power Assistant Events ]
Error - 3/3/2012 1:15:08 PM | Computer Name = wehbook | Source = HP PA Application | ID = 0
Description = Current OS (processorVersion=64, version=6.1, servicePack=1.0) not
 found in the dat file.
 
Error - 3/3/2012 1:15:09 PM | Computer Name = wehbook | Source = HP PA Application | ID = 0
Description = Aero consumption missing from the power usage node (planName=HP powerSource=AC).
 
Error - 3/3/2012 1:15:09 PM | Computer Name = wehbook | Source = HP PA Application | ID = 0
Description = HPPA_Main.IncompleteDatFileException Aero consumption missing from 
the power usage node (planName=HP powerSource=AC).    at HPPA_Main.DatFileAccess.LogError(Nullable`1
 throwException, String formatString, Object[] args)     at HPPA_Main.DatFileAccess.EnsureDevicesExist(PowerUsage
 pu)     at HPPA_Main.DatFileAccess.EnsurePowerUsagesExist(Boolean throwOnSystemIdNotFound)

   at HPPA_Main.DatFileAccess.IsValid(Boolean throwOnSystemIdNotFound)
 
Error - 3/3/2012 1:23:43 PM | Computer Name = wehbook | Source = HP PA Application | ID = 0
Description = Current OS (processorVersion=64, version=6.1, servicePack=1.0) not
 found in the dat file.
 
Error - 3/3/2012 1:23:45 PM | Computer Name = wehbook | Source = HP PA Application | ID = 0
Description = Aero consumption missing from the power usage node (planName=HP powerSource=AC).
 
Error - 3/3/2012 1:23:45 PM | Computer Name = wehbook | Source = HP PA Application | ID = 0
Description = HPPA_Main.IncompleteDatFileException Aero consumption missing from 
the power usage node (planName=HP powerSource=AC).    at HPPA_Main.DatFileAccess.LogError(Nullable`1
 throwException, String formatString, Object[] args)     at HPPA_Main.DatFileAccess.EnsureDevicesExist(PowerUsage
 pu)     at HPPA_Main.DatFileAccess.EnsurePowerUsagesExist(Boolean throwOnSystemIdNotFound)

   at HPPA_Main.DatFileAccess.IsValid(Boolean throwOnSystemIdNotFound)
 
Error - 3/5/2012 5:23:20 AM | Computer Name = wehbook | Source = HP PA Application | ID = 0
Description = Current OS (processorVersion=64, version=6.1, servicePack=1.0) not
 found in the dat file.
 
Error - 3/5/2012 5:23:24 AM | Computer Name = wehbook | Source = HP PA Application | ID = 0
Description = Aero consumption missing from the power usage node (planName=HP powerSource=AC).
 
Error - 3/5/2012 5:23:24 AM | Computer Name = wehbook | Source = HP PA Application | ID = 0
Description = HPPA_Main.IncompleteDatFileException Aero consumption missing from 
the power usage node (planName=HP powerSource=AC).    at HPPA_Main.DatFileAccess.LogError(Nullable`1
 throwException, String formatString, Object[] args)     at HPPA_Main.DatFileAccess.EnsureDevicesExist(PowerUsage
 pu)     at HPPA_Main.DatFileAccess.EnsurePowerUsagesExist(Boolean throwOnSystemIdNotFound)

   at HPPA_Main.DatFileAccess.IsValid(Boolean throwOnSystemIdNotFound)
 
Error - 3/6/2012 4:53:15 AM | Computer Name = wehbook | Source = HP PA Application | ID = 0
Description = Current OS (processorVersion=64, version=6.1, servicePack=1.0) not
 found in the dat file.
 
[ HP Wireless Assistant Events ]
Error - 9/24/2012 3:40:08 AM | Computer Name = wehbook | Source = HP WA Application | ID = 0
Description = System.Exception HardwareAccess hasn't been instantiated properly.  
  at PAProgramAccess.Impl.UpdatePowerSchemeInformation(PowerScheme powerScheme)
 
Error - 9/27/2012 8:51:58 AM | Computer Name = wehbook | Source = HP WA Service | ID = 0
Description = System.Management.ManagementException Not supported     at System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
 errorCode)     at System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()

   at HPPA_Service.CurrentConfiguration.GetPanelBrightnessPercentage()
 
Error - 10/10/2012 3:02:37 AM | Computer Name = wehbook | Source = HP WA Application | ID = 0
Description = System.Exception HardwareAccess hasn't been instantiated properly.  
  at PAProgramAccess.Impl.UpdatePowerSchemeInformation(PowerScheme powerScheme)
 
Error - 10/15/2012 3:25:12 AM | Computer Name = wehbook | Source = HP WA Application | ID = 0
Description = System.Exception HardwareAccess hasn't been instantiated properly.  
  at PAProgramAccess.Impl.UpdatePowerSchemeInformation(PowerScheme powerScheme)
 
Error - 10/23/2012 3:44:34 AM | Computer Name = wehbook | Source = HP WA Application | ID = 0
Description = System.Exception HardwareAccess hasn't been instantiated properly.  
  at PAProgramAccess.Impl.UpdatePowerSchemeInformation(PowerScheme powerScheme)
 
Error - 10/25/2012 10:15:37 AM | Computer Name = wehbook | Source = HP WA Application | ID = 0
Description = System.Exception HardwareAccess hasn't been instantiated properly.  
  at PAProgramAccess.Impl.UpdatePowerSchemeInformation(PowerScheme powerScheme)
 
Error - 10/29/2012 3:06:30 AM | Computer Name = wehbook | Source = HP WA Application | ID = 0
Description = HardwareAccess.UnableToConnectException Application.ApplicationStartup;
 failed to create hardware layer Error in the application.    at HardwareAccess.Hardware..ctor(Dispatcher
 dispatcher, ServicePort port, Int32 timeout)     at HardwareAccess.Hardware.Create(Dispatcher
 dispatcher, ServicePort port, Int32 timeout)     at HPWA_Main.App.ApplicationStartup(Object
 sender, StartupEventArgs args)
 
Error - 10/29/2012 3:06:41 AM | Computer Name = wehbook | Source = HP WA Application | ID = 0
Description = MainWindow.ShowImpl; not initialized, closing application...
 
Error - 11/5/2012 4:55:31 AM | Computer Name = wehbook | Source = HP WA Application | ID = 0
Description = System.Exception HardwareAccess hasn't been instantiated properly.  
  at PAProgramAccess.Impl.UpdatePowerSchemeInformation(PowerScheme powerScheme)
 
Error - 11/14/2012 5:36:07 AM | Computer Name = wehbook | Source = HP WA Application | ID = 0
Description = System.Exception HardwareAccess hasn't been instantiated properly.  
  at PAProgramAccess.Impl.UpdatePowerSchemeInformation(PowerScheme powerScheme)
 
[ System Events ]
Error - 11/15/2012 3:59:29 AM | Computer Name = wehbook | Source = Service Control Manager | ID = 7001
Description = The Intel(R) Management & Security Application User Notification Service
 service depends on the Intel(R) Management and Security Application Local Management
 Service service which failed to start because of the following error:   %%1053
 
Error - 11/15/2012 3:59:31 AM | Computer Name = wehbook | Source = DCOM | ID = 10005
Description = 
 
Error - 11/15/2012 3:59:31 AM | Computer Name = wehbook | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Intel(R)
 Management and Security Application Local Management Service service to connect.
 
Error - 11/15/2012 3:59:31 AM | Computer Name = wehbook | Source = Service Control Manager | ID = 7000
Description = The Intel(R) Management and Security Application Local Management 
Service service failed to start due to the following error:   %%1053
 
Error - 11/15/2012 3:59:31 AM | Computer Name = wehbook | Source = Service Control Manager | ID = 7001
Description = The Intel(R) Management & Security Application User Notification Service
 service depends on the Intel(R) Management and Security Application Local Management
 Service service which failed to start because of the following error:   %%1053
 
Error - 11/15/2012 4:12:23 AM | Computer Name = wehbook | Source = Service Control Manager | ID = 7034
Description = The hpqcxs08 service terminated unexpectedly.  It has done this 1 
time(s).
 
Error - 11/15/2012 4:12:23 AM | Computer Name = wehbook | Source = Service Control Manager | ID = 7034
Description = The HP CUE DeviceDiscovery Service service terminated unexpectedly.
  It has done this 1 time(s).
 
Error - 11/15/2012 4:12:23 AM | Computer Name = wehbook | Source = Service Control Manager | ID = 7034
Description = The Skype C2C Service service terminated unexpectedly.  It has done
 this 1 time(s).
 
Error - 11/15/2012 4:20:07 AM | Computer Name = wehbook | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service.  However,
 the system is configured to not allow interactive services.  This service may not
 function properly.
 
Error - 11/15/2012 4:27:01 AM | Computer Name = wehbook | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service.  However,
 the system is configured to not allow interactive services.  This service may not
 function properly.
 
 
< End of report >

Psychotic · 15.11.2012, 10:31

Deaktiviere die Windows Firewall und versuche, mit Chrome und Firefox ins Netz zu kommen.

Versuche eine Reparaturinstalltion von Antivir über die Systemsteuerung.

Berichte!