Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Startseite durch vlc.de gehackt

Startseite durch vlc.de gehackt


Plagegeister aller Art und deren Bekämpfung: Startseite durch vlc.de gehackt

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 28.11.2012, 10:33   #1
gtwolffi
 
Startseite durch vlc.de gehackt - Standard

Startseite durch vlc.de gehackt


Hallo zusammen,

als erstes möchte ich mich schon mal für die hervorragende Arbeit bedanken, die ihr hier macht. Ich habe schon oft hier gelesen und meistens Entwarnung gefunden.
Diesmal habe ich jedoch ein Problem, denn es hat mir durch den VLC Player von der Seite vlc.de (diesmal bin wirklich auf diesen billigen Trick hereingefallen...) die Startseite aller meiner Browser auf Startseite.com gehackt. Ich habe hier schon in mehreren Threads den damals gewählten Lösungsweg durchgelesen, allerdings eben auch gelesen, dass man nicht einfach diesen Lösungsweg wiederholen soll, sondern jedes System individuell betrachtet werden muss. Mit der Startseite könnte ich ja noch halbwegs leben, aber ich habe Angst, dass doch mehr geladen wurde als mir lieb ist.

OLT habe ich bereits durchlaufen lassen, hier sind die beiden Logfiles:

Extras.txt
Zitat:
OTL Extras logfile created on: 28.11.2012 09:52:25 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

7,90 Gb Total Physical Memory | 6,35 Gb Available Physical Memory | 80,39% Memory free
15,81 Gb Paging File | 13,69 Gb Available in Paging File | 86,57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 653,44 Gb Total Space | 487,69 Gb Free Space | 74,63% Space Free | Partition Type: NTFS
Drive D: | 25,47 Gb Total Space | 22,23 Gb Free Space | 87,29% Space Free | Partition Type: NTFS
Drive F: | 7,53 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Orange\IEWInternet\Connectivity\ConnectivityManager.exe" = C:\Program Files (x86)\Orange\IEWInternet\Connectivity\ConnectivityManager.exe:*:enabled:CSS -- (France Telecom SA)
"C:\Program Files (x86)\Orange\IEWInternet\Connectivity\ConnectivityManager.exe" = C:\Program Files (x86)\Orange\IEWInternet\Connectivity\ConnectivityManager.exe:*:enabled:CSS -- (France Telecom SA)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0693332C-0038-4EC9-8F6C-FCBED5A64183}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{06CA3645-B8DF-40FF-9E83-2BBFA6095E1E}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{17FA765B-867E-4E5C-BA5A-B5A2C1454BB1}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{216EE464-FAC7-4C9A-B870-512A63FFA616}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{2AA48EA8-B6DE-44E4-9020-19B54B663297}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{364739E3-80D5-4720-8830-0EA7424AAE00}" = lport=10243 | protocol=6 | dir=in | app=system |
"{3ED3725E-5968-46DA-A372-BFF491E831EB}" = rport=137 | protocol=17 | dir=out | app=system |
"{41F20940-140C-4C60-AD68-2D9D9417E2BB}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4AEA1B5C-46BB-49EF-9799-55CD2A0674EA}" = lport=137 | protocol=17 | dir=in | app=system |
"{4E8A643F-3576-4259-AC12-DE19498D2F73}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{55F6F074-348C-4728-A441-ABDB76EFC4EF}" = rport=445 | protocol=6 | dir=out | app=system |
"{65648D5D-B8CF-400B-A937-3961FCCFFDFE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6573DF44-1DA4-4945-88C9-253C9B83E14D}" = rport=10243 | protocol=6 | dir=out | app=system |
"{69CB2F81-4857-45FD-B96D-FDBC484F2095}" = rport=139 | protocol=6 | dir=out | app=system |
"{6F962232-55CC-4BA9-8433-1164C870D337}" = lport=2869 | protocol=6 | dir=in | app=system |
"{72E86070-7A53-467C-BF68-9EFCAD2BF7B3}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner |
"{7A1A76C6-DAD1-4C1E-A5C4-3EAFFB15DE2D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8043BA1A-9645-45CE-9D31-2BD5EAF3F291}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{870806B0-CCA6-40B8-B6A6-C98AE75D32C4}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{8F8B55E7-2428-4766-A7C8-60C58554DBD1}" = rport=138 | protocol=17 | dir=out | app=system |
"{92AC3111-13E1-4D12-BE6B-DD9A1E1C1C5A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9BB88D15-E3C1-4D37-82D6-E243E02AF949}" = lport=138 | protocol=17 | dir=in | app=system |
"{9D65A05E-B1C9-40F5-9742-3E0FE02E9707}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{A172C2EE-AF4B-4E1D-B4C7-A0265856582F}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{AB255200-5E76-434D-85EB-8D659EF25302}" = lport=445 | protocol=6 | dir=in | app=system |
"{AE69D345-569F-4B38-8151-2040FA152917}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{B57984D8-FB65-45C8-A554-89306877B721}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B82B208D-5420-4636-BBE1-4963A40429E6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BEB50EA7-8255-4992-B4C7-C44684AB0560}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{BED67B16-9073-4E82-A087-0440F775CBE9}" = lport=139 | protocol=6 | dir=in | app=system |
"{CECFBB1B-91C7-4321-88D6-D147BD77B6F3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D63BC2F3-311F-457A-B7B5-E6701466AD33}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E7E4783C-8BEF-4100-B1D7-4D40237DE87D}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{FEECC5E8-7757-4F46-A27B-8AE7DD5A5AB8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0285A83D-3951-4DD1-BD0D-4AB747D569E1}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{04F5E2B0-0DC8-4750-932C-6250DE975A89}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{07F35306-3B1D-4066-9642-649886C31AEE}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{0B307022-64DC-4713-A4CE-9F15BAC6D51A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{12E60B2C-C410-407B-A811-AB962581A1FB}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{1C84FA94-2676-4481-8E73-4F30D648DED9}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{1E2E5953-CDB5-43DC-BEED-0BB27B30EC71}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's endwar\tom clancy's endwar launcher.exe |
"{20A04FC3-0EE3-43A2-8F98-A77C9E8E797A}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\fc2serverlauncher.exe |
"{2C1729A6-3E2B-4FD5-A2B6-1B81F7F76D1B}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\fc2editor.exe |
"{34FAEB58-593F-40BC-8EC3-6D43A16C4CFD}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\fc2launcher.exe |
"{35E9199B-3A68-4F74-9F9A-CEAA372C73DE}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{3775EC83-5A72-42ED-94F8-E2A4AD7FB6FF}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{3E11BE51-04B6-40CA-B4E7-4626F7DF3B5F}" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"{3E5667BB-345F-441B-84EB-64453C89E976}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's endwar\binaries\endwar.exe |
"{405985B5-C5F4-448D-9B1C-6125DC8760F8}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{42CA6EE7-D7DC-43EB-B4FA-A92B77EAFB22}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{465D3A70-28DC-4CAA-BC25-8568D2A76B2B}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's endwar\tom clancy's endwar launcher.exe |
"{4DD106C9-7ABC-494C-9AC4-5D40E3DEEBCC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{52E22F53-037F-4CD2-93EA-5C961DB5B82C}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{570A7F0C-C173-46A9-9832-539CA66705C6}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{5A879DED-1639-41FE-98A4-260DCAE465C2}" = protocol=6 | dir=out | app=system |
"{5E4C62D5-FE48-4D41-A33B-BF2867726F57}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{638EE019-F701-49E1-81FC-9D5C8849BEB5}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\farcry2.exe |
"{652FB133-818D-450B-B347-C5770013A74C}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{662A1600-31FA-40B0-9F0D-3C65A0D9D5AB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{688BD2B9-DD2A-4794-B22F-736372828800}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6B797F1E-63D5-429C-840F-5BD9EA5ED657}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{6B87A22C-77B6-45CB-99F5-B6D308C89AB8}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\fc2editor.exe |
"{7153FCCB-183A-400B-9D80-91B50811422D}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{7358BCB4-F64F-43F6-B18C-24995B3458FD}" = protocol=6 | dir=in | app=c:\program files (x86)\brother\brmfl07b\faxrx.exe |
"{76C7DC29-4FA7-4DF6-B0D8-04E90C0792A6}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{780E2416-318F-4A52-B04B-AB6B0B24217D}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{79EB71B2-2718-4386-B796-EA59D80EFCFC}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7D15833B-BD4D-4AFD-8F86-2712E3C032D5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{89522E51-3F54-4CE8-B32B-940EA5B4BE7C}" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"{8A1BDE0D-25CD-48A3-8E20-8C660930BEF6}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\farcry2.exe |
"{8A404954-1F07-4250-8D39-0D205EE7087F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{91DD3E47-85C5-4778-A2D8-DECC13EB82BD}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's endwar\binaries\endwar.exe |
"{91E7B7C1-10AF-4FEA-87E7-EA9C99C59D89}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\fc2serverlauncher.exe |
"{961DD3D3-A7DA-4BB0-84F7-298207175CA8}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{97BCBACA-9D27-4881-9EAB-A0CF9FE0317B}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{A4B2E48D-536E-4673-B43B-A7025E449C88}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\fc2launcher.exe |
"{A556E902-6BAC-47B9-8136-A77C36FA7642}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{B3391430-1606-4A8B-BC1B-DA36B6D22A77}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BEAE562E-4B76-4BAE-87B7-64CBBD76232F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C3F92B4E-FF98-4B25-B1A9-F799F54C4BEF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C56C8A29-6BF8-42FC-AB57-9CE04B62E07E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CCED029A-9036-4D66-A30B-24317C4CE13A}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{D9C47A34-5A85-4057-B823-9BEA87E65EF0}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{D9F01E11-F105-4C13-8C91-CF8924D6A09A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DD77C505-F3A0-4B13-A396-DB18D79F534A}" = protocol=17 | dir=in | app=c:\program files (x86)\brother\brmfl07b\faxrx.exe |
"{E0A7CD57-B1BF-4C8E-9F6C-836A06921CA2}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{E1A355B9-CF09-43BA-8CD3-630D2B2B2DCD}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{EF7254B5-4ADB-4643-A08F-65F24C8A7A14}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{EFDBF306-8D75-4BD7-A0E9-B962CE51D328}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{FB353C26-52CE-4A38-A9DB-C1633CCF7A44}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"TCP Query User{FD5193D8-EA27-4652-BE7C-60B8EF53C059}C:\program files (x86)\mouseserver\mouseserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mouseserver\mouseserver.exe |
"UDP Query User{D257F77F-D4EF-43F8-B53E-6DC7FCDCC494}C:\program files (x86)\mouseserver\mouseserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mouseserver\mouseserver.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{09536BA1-E498-4CC3-B834-D884A67D7E34}" = Intel® Trusted Connect Service Client
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{92DBCA36-9B41-4DD1-941A-AED149DD37F0}" = Windows Mobile-Gerätecenter: Treiberupdate
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}" = Lenovo Bluetooth with Enhanced Data Rate Software
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 295.93
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 295.93
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.7.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.11.1111
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D4F66BBA-D79E-4F11-9B06-70C3D75A2958}" = Adobe Photoshop Lightroom 3.6 64-bit
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"99841829BE839365AA67B2AD0E50D371F59F8A1E" = Windows-Treiberpaket - Lenovo (ACPIVPC) System (12/15/2011 7.1.0.1)
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Elantech" = Lenovo pointing device
"Lenovo EE Boot Optimizer" = Lenovo EE Boot Optimizer
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{28ABE740-47F3-441B-9437-852F6A64EFF8}" = Lenovo_Wireless_Driver
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3222B0CE-59C5-4CA0-B545-2B88F200756B}" = Falk Navi-Manager
"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F1C9552-58E0-4AAC-A616-AE3A28720EC6}" = GimpShop 2.8
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{46E1B1F2-A279-4356-9B17-029F9CC72EAE}" = Brother MFL-Pro Suite MFC-7440N
"{46ED2B64-85C7-4E1F-920C-A555B21F2E4C}" = NVIDIA PhysX
"{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}" = OpenOffice.org 3.4
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7C3D8108-8D99-427F-A1C2-D8E0D25A469C}" = Tom Clancy's EndWar
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84E21775-C6B8-4FC9-B851-6C9AD9C81F32}" = Falk Navi-Manager
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E41D2A5-C0DD-4139-8C7A-2F0E1F20ED24}" = CombineZP
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.1.7
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5AD9E46-F4F8-4CA3-939A-CF732E391ACF}" = Geldtipps Homebanking 2012 AAV
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{ADE16A9D-FBDC-4ECC-B6BD-9C31E51D0333}" = Lenovo EasyCamera
"{AF192694-4B15-4AC1-92F3-1B02E98C08BD}" = LockKey
"{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}" = AAVUpdateManager
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}" = Dolby Advanced Audio v2
"{BEWINTERNET-FR-DMGP-V2}.UninstallSuite" = Internet Everywhere
"{C2530D63-B66B-48B5-BB50-7C6281FE7AA6}" = Brother MFL-Pro Suite MFC-7820N
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E03CD71A-F595-49DF-9ADC-0CFC93B1B211}" = PlayMemories Home
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E13018F5-FFC7-4729-9C1B-1A85807D03E6}_is1" = MouseServer Version 1.2.0
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = Benutzerhandbuch
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) OpenCL CPU Runtime
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"CardDetectorHUAWEI1752_1552" = Card Detector for Huawei E1752 and E1552
"GeoSetter_is1" = GeoSetter 3.4.16
"Google Chrome" = Google Chrome
"Hugin" = Hugin 2011.4.0
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"InstallShield_{AF192694-4B15-4AC1-92F3-1B02E98C08BD}" = LockKey
"InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = UserGuide
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSC" = McAfee AntiVirus Plus
"PunkBusterSvc" = PunkBuster Services
"VeriFace" = VeriFace
"VLC media player" = VLC media player 2.0.4
"WinLiveSuite" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 21.10.2012 07:16:16 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: !ISRF1.EXE, Version: 9.0.0.20, Zeitstempel:
0x2a425e19 Name des fehlerhaften Moduls: !ISRF1.EXE, Version: 9.0.0.20, Zeitstempel:
0x2a425e19 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000040b2 ID des fehlerhaften Prozesses:
0x7e0 Startzeit der fehlerhaften Anwendung: 0x01cdaf7d7cbcf974 Pfad der fehlerhaften
Anwendung: F:\!ISRF1.EXE Pfad des fehlerhaften Moduls: F:\!ISRF1.EXE Berichtskennung:
baa2a55b-1b70-11e2-ae4c-dc0ea1e95997

Error - 21.10.2012 07:16:40 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: !ISRF1.EXE, Version: 9.0.0.20, Zeitstempel:
0x2a425e19 Name des fehlerhaften Moduls: !ISRF1.EXE, Version: 9.0.0.20, Zeitstempel:
0x2a425e19 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000040b2 ID des fehlerhaften Prozesses:
0xb04 Startzeit der fehlerhaften Anwendung: 0x01cdaf7d8a60fc26 Pfad der fehlerhaften
Anwendung: F:\!ISRF1.EXE Pfad des fehlerhaften Moduls: F:\!ISRF1.EXE Berichtskennung:
c8894e95-1b70-11e2-ae4c-dc0ea1e95997

Error - 21.10.2012 07:19:39 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: !ISRF1.EXE, Version: 9.0.0.20, Zeitstempel:
0x2a425e19 Name des fehlerhaften Moduls: !ISRF1.EXE, Version: 9.0.0.20, Zeitstempel:
0x2a425e19 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000040b2 ID des fehlerhaften Prozesses:
0x1754 Startzeit der fehlerhaften Anwendung: 0x01cdaf7dcb71e972 Pfad der fehlerhaften
Anwendung: F:\!ISRF1.EXE Pfad des fehlerhaften Moduls: F:\!ISRF1.EXE Berichtskennung:
3369f138-1b71-11e2-ae4c-dc0ea1e95997

Error - 21.10.2012 07:20:26 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: !ISRF1.EXE, Version: 9.0.0.20, Zeitstempel:
0x2a425e19 Name des fehlerhaften Moduls: !ISRF1.EXE, Version: 9.0.0.20, Zeitstempel:
0x2a425e19 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000040b2 ID des fehlerhaften Prozesses:
0xc1c Startzeit der fehlerhaften Anwendung: 0x01cdaf7dff4c6cf2 Pfad der fehlerhaften
Anwendung: F:\!ISRF1.EXE Pfad des fehlerhaften Moduls: F:\!ISRF1.EXE Berichtskennung:
4f39b7ae-1b71-11e2-ae4c-dc0ea1e95997

Error - 28.10.2012 16:01:24 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =

Error - 30.10.2012 17:33:15 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =

Error - 30.10.2012 18:38:08 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =

Error - 30.10.2012 18:45:15 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =

Error - 31.10.2012 14:01:25 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =

Error - 31.10.2012 15:25:53 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 16.10.2012 04:47:37 | Computer Name = ***-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error - 16.10.2012 04:47:37 | Computer Name = ***-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error - 18.10.2012 13:27:01 | Computer Name = ***-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error - 21.10.2012 07:32:17 | Computer Name = ***-PC | Source = NetBT | ID = 4321
Description = Der Name "WORKGROUP :1d" konnte nicht auf der Schnittstelle mit
IP-Adresse 192.168.178.30 registriert werden. Der Computer mit IP-Adresse 192.168.178.1
hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.

Error - 21.10.2012 07:37:27 | Computer Name = ***-PC | Source = NetBT | ID = 4321
Description = Der Name "WORKGROUP :1d" konnte nicht auf der Schnittstelle mit
IP-Adresse 192.168.178.30 registriert werden. Der Computer mit IP-Adresse 192.168.178.1
hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.

Error - 22.10.2012 08:43:20 | Computer Name = ***-PC | Source = NetBT | ID = 4321
Description = Der Name "WORKGROUP :1d" konnte nicht auf der Schnittstelle mit
IP-Adresse 192.168.178.30 registriert werden. Der Computer mit IP-Adresse 192.168.178.1
hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.

Error - 07.11.2012 19:31:16 | Computer Name = ***-PC | Source = WMPNetworkSvc | ID = 866300
Description =

Error - 08.11.2012 12:15:58 | Computer Name = ***-PC | Source = WMPNetworkSvc | ID = 866300
Description =

Error - 10.11.2012 07:52:38 | Computer Name = ***-PC | Source = NetBT | ID = 4321
Description = Der Name "WORKGROUP :1d" konnte nicht auf der Schnittstelle mit
IP-Adresse 192.168.178.30 registriert werden. Der Computer mit IP-Adresse 192.168.178.1
hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.

Error - 16.11.2012 15:26:13 | Computer Name = ***-PC | Source = DCOM | ID = 10010
Description =


< End of report >
OLT.txt
Zitat:
OTL logfile created on: 28.11.2012 09:52:25 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

7,90 Gb Total Physical Memory | 6,35 Gb Available Physical Memory | 80,39% Memory free
15,81 Gb Paging File | 13,69 Gb Available in Paging File | 86,57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 653,44 Gb Total Space | 487,69 Gb Free Space | 74,63% Space Free | Partition Type: NTFS
Drive D: | 25,47 Gb Total Space | 22,23 Gb Free Space | 87,29% Space Free | Partition Type: NTFS
Drive F: | 7,53 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.11.28 09:51:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Downloads\OTL.exe
PRC - [2012.06.25 08:49:57 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.06.14 03:08:56 | 027,595,032 | ---- | M] (Dropbox, Inc.) -- C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.05.10 10:43:53 | 000,329,056 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
PRC - [2012.04.22 09:05:38 | 000,474,168 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
PRC - [2012.04.22 08:58:48 | 000,724,536 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
PRC - [2012.03.21 11:39:06 | 000,122,880 | ---- | M] (wifimouse@necta.us) -- C:\Program Files (x86)\MouseServer\MouseServer.exe
PRC - [2012.02.28 10:20:02 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2012.02.28 10:19:56 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2012.02.28 10:19:46 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
PRC - [2012.02.27 12:01:58 | 000,291,608 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2012.02.23 06:54:00 | 002,458,944 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2011.12.09 14:45:00 | 000,548,864 | ---- | M] (Vimicro) -- C:\Program Files (x86)\USB Camera2\VM332_STI.EXE
PRC - [2011.11.29 19:04:56 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011.11.29 19:04:54 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2011.08.25 19:43:44 | 000,337,776 | ---- | M] ( ) -- C:\Program Files (x86)\LockKey\LockKey.exe
PRC - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.01.28 22:29:36 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
PRC - [2009.08.25 22:28:27 | 000,282,624 | R--- | M] (France Telecom SA) -- C:\Program Files (x86)\CardDetector\HUAWEI1752_1552\CardDetector.exe
PRC - [2009.08.25 20:06:20 | 000,077,824 | ---- | M] (France Telecom SA) -- C:\PROGRA~2\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
PRC - [2009.02.24 15:47:06 | 000,143,360 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe
PRC - [2008.11.12 19:14:56 | 000,384,424 | ---- | M] (Protecteer, LLC) -- C:\Users\***\AppData\Roaming\U3\0165001424D0830F\285E6953-BF3C-4445-9376-3FE5D7F645B2\Exec\bin\SignupShield.exe
PRC - [2008.10.24 15:35:44 | 000,128,296 | ---- | M] () -- C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe


========== Modules (No Company Name) ==========

MOD - [2012.11.17 23:28:09 | 000,487,424 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\4a443c775f768ede71bde8e10f50ec0b\IAStorUtil.ni.dll
MOD - [2012.11.17 23:28:09 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\e88f87e9200afb5ede994c89c92e22b8\IAStorCommon.ni.dll
MOD - [2012.11.17 22:35:20 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\03cfab5534482e8fc313ead6edc19100\System.Web.ni.dll
MOD - [2012.11.17 22:35:16 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll
MOD - [2012.11.17 22:34:53 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll
MOD - [2012.11.17 22:34:47 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll
MOD - [2012.11.17 22:34:33 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll
MOD - [2012.11.17 22:34:28 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll
MOD - [2012.11.17 22:34:25 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll
MOD - [2012.11.17 22:34:24 | 007,988,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll
MOD - [2012.11.17 22:34:19 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll
MOD - [2012.05.10 10:43:53 | 000,013,664 | ---- | M] () -- C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll
MOD - [2011.08.11 14:30:04 | 000,659,456 | ---- | M] () -- C:\Windows\SysWOW64\vmprp332.ax
MOD - [2010.11.13 00:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.02.27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
MOD - [2008.11.12 19:14:38 | 000,512,000 | ---- | M] () -- C:\Users\***\AppData\Roaming\U3\0165001424D0830F\285E6953-BF3C-4445-9376-3FE5D7F645B2\Exec\bin\res07.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012.03.20 12:11:30 | 000,162,192 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2012.03.20 11:56:24 | 000,210,584 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2012.03.20 11:55:54 | 000,199,272 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2011.01.27 17:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2011.01.27 17:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McOobeSv)
SRV:64bit: - [2011.01.27 17:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2011.01.27 17:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2011.01.27 17:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2011.01.27 17:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2011.01.27 17:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV:64bit: - [2010.12.17 09:46:34 | 000,198,784 | ---- | M] (Conexant Systems Inc.) [Auto | Running] -- C:\Windows\SysNative\CxAudMsg64.exe -- (CxAudMsg)
SRV - [2012.11.09 22:16:37 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.08.23 10:57:48 | 000,502,064 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\mcafee\virusscan\mcods.exe -- (McODS)
SRV - [2012.06.25 08:49:57 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.06.07 18:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.04.22 09:05:38 | 000,474,168 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2012.03.02 22:48:56 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012.02.28 10:20:02 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012.02.28 10:19:56 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012.02.28 10:19:46 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service)
SRV - [2012.02.23 06:54:00 | 002,458,944 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.02.13 13:41:46 | 000,572,976 | ---- | M] (Lenovo (Beijing) Limited) [Disabled | Stopped] -- C:\Programme\Lenovo\Instant Reset\DamageGuardSvc.exe -- (DamageGuardSvc)
SRV - [2012.02.02 21:29:52 | 000,628,448 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV - [2012.02.01 17:31:02 | 000,945,440 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\Lenovo\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2011.11.29 19:04:56 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.01.28 11:28:54 | 000,225,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- c:\Programme\mcafee\msc\McAWFwk.exe -- (McAWFwk)
SRV - [2010.09.22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.09.21 13:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.03.18 22:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.08.25 20:06:20 | 000,077,824 | ---- | M] (France Telecom SA) [Auto | Running] -- C:\PROGRA~2\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe -- (FTRTSVC)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.10.24 15:35:44 | 000,128,296 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe -- (AAV UpdateService)
SRV - [2007.05.31 09:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 09:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012.05.10 10:47:48 | 000,057,952 | ---- | M] (Lenovo) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fbfmon.sys -- (fbfmon)
DRV:64bit: - [2012.05.10 10:47:48 | 000,013,408 | ---- | M] (Lenovo) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BPntDrv.sys -- (BPntDrv)
DRV:64bit: - [2012.05.10 10:46:51 | 000,039,008 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LhdX64.sys -- (LHDmgr)
DRV:64bit: - [2012.05.10 10:46:51 | 000,030,816 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.27 12:01:00 | 000,788,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012.02.27 12:01:00 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012.02.27 12:01:00 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2012.02.23 06:54:00 | 000,030,016 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2012.02.22 12:29:46 | 000,647,208 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2012.02.22 12:29:46 | 000,487,296 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2012.02.22 12:29:46 | 000,289,664 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2012.02.22 12:29:46 | 000,229,528 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2012.02.22 12:29:46 | 000,160,792 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2012.02.22 12:29:46 | 000,100,912 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2012.02.22 12:29:46 | 000,075,936 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk)
DRV:64bit: - [2012.02.22 12:29:46 | 000,065,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2012.02.17 18:28:56 | 014,692,896 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012.02.10 16:36:26 | 000,217,392 | ---- | M] (Lenovo) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\DamageGuardX64.sys -- (DamageGuard)
DRV:64bit: - [2012.02.06 09:31:00 | 000,958,800 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vm332avs.sys -- (vm332avs)
DRV:64bit: - [2012.02.02 04:07:18 | 000,615,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2012.02.02 04:07:18 | 000,134,696 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcbtums.sys -- (bcbtums)
DRV:64bit: - [2012.02.02 04:07:12 | 000,211,496 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2012.02.02 04:07:12 | 000,184,360 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2012.02.02 04:07:12 | 000,039,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2012.02.02 04:07:12 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2012.01.31 06:17:44 | 001,601,152 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2012.01.15 23:21:04 | 000,208,168 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2011.12.13 10:04:52 | 000,023,648 | ---- | M] (Lenovo) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\dgfltrX64.sys -- (dgFltr)
DRV:64bit: - [2011.12.06 12:23:10 | 000,331,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2011.11.29 18:40:32 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011.11.15 11:24:20 | 000,313,960 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2011.11.15 04:12:10 | 000,111,216 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2011.11.09 18:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2011.10.27 11:44:48 | 004,746,304 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2011.10.10 08:56:15 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.10.10 08:56:15 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.01.28 22:29:58 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.06.18 23:36:04 | 000,017,920 | ---- | M] (Siliten) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\InputFilter_FlexDef2b.sys -- (InputFilter_Hid_FlexDef2b)
DRV:64bit: - [2009.07.21 13:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009.07.14 00:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009.06.15 12:45:35 | 000,116,864 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2009.06.15 12:45:35 | 000,116,224 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbfake.sys -- (hwusbfake)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.startfenster.com
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENN
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "hxxp://sonyuserforum.de/"
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012.09.25 21:12:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012.07.03 22:15:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.11.09 22:16:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.11.09 22:16:38 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012.06.18 23:45:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2012.10.31 00:22:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bofyw8vw.default\extensions
[2012.07.25 12:51:25 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\bofyw8vw.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.06.18 23:44:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.11.09 22:16:38 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.14 23:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.11.09 22:16:36 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.14 23:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.14 23:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.14 23:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.14 23:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

========== Chrome ==========

CHR - homepage: hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:se archFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\gcswf32.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.2_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll
CHR - Extension: Adblock Plus = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.3.1_0\
CHR - Extension: SiteAdvisor = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\
CHR - Extension: Google Chrome to Phone Extension = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco\2.3.1_0\

O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Common Files\mcafee\systemcore\ScriptSn.20120703190501.dll (McAfee, Inc.)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120703190501.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Programme\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe (Lenovo(beijing) Limited)
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Programme\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe (Lenovo)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [332BigDog] C:\Program Files (x86)\USB Camera2\VM332_STI.EXE (Vimicro)
O4 - HKLM..\Run: [BEWINTERNET-FR-DMGP-V2SessionManager] C:\Program Files (x86)\Orange\IEWInternet\SessionManager\SessionManager.exe (France Telecom SA)
O4 - HKLM..\Run: [CardDetectorHUAWEI1752_1552] C:\Program Files (x86)\CardDetector\HUAWEI1752_1552\CardDetector.exe (France Telecom SA)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [Dolby Advanced Audio v2] C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe (Dolby Laboratories Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LockKey] C:\Program Files (x86)\LockKey\LockKey.exe ( )
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Lenovo)
O4 - HKLM..\Run: [YouCam Mirage] C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (CyberLink)
O4 - HKLM..\Run: [YouCam Tray] C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe (CyberLink Corp.)
O4 - HKCU..\Run: [MouseServer] C:\Program Files (x86)\MouseServer\MouseServer.exe (wifimouse@necta.us)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html File not found
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.123.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{141A8D46-67F5-4C65-8B6A-DB5CE4A22047}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{141A8D46-67F5-4C65-8B6A-DB5CE4A22047}: NameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7D2011DD-CCDA-496E-A332-D4A23F6C13A4}: DhcpNameServer = 192.168.123.254
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Programme\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll (McAfee, Inc.)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.01.30 02:55:24 | 001,361,256 | R--- | M] () - F:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2012.05.09 15:01:32 | 000,000,081 | R--- | M] () - F:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{0f0bf8e1-bfb8-11e1-8208-dc0ea1e95997}\Shell - "" = AutoRun
O33 - MountPoints2\{0f0bf8e1-bfb8-11e1-8208-dc0ea1e95997}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{2a77db5b-c222-11e1-abd6-dc0ea1e95997}\Shell - "" = AutoRun
O33 - MountPoints2\{2a77db5b-c222-11e1-abd6-dc0ea1e95997}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{4f5aa206-cb88-11e1-a8eb-c01885d21b68}\Shell - "" = AutoRun
O33 - MountPoints2\{4f5aa206-cb88-11e1-a8eb-c01885d21b68}\Shell\AutoRun\command - "" = H:\AutoRunCardDetector.exe
O33 - MountPoints2\{6a231150-9a80-11e1-b831-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{6a231150-9a80-11e1-b831-806e6f6e6963}\Shell\AutoRun\command - "" = F:\0data\cbs.exe -- [2012.03.09 15:53:38 | 003,427,328 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.11.28 09:21:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012.11.25 17:38:14 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\vlc
[2012.11.25 17:38:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012.11.25 17:37:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2012.11.16 20:31:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MouseServer
[2012.11.16 20:31:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MouseServer
[2012.11.08 17:18:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Geldtipps
[2012.11.08 00:03:43 | 000,179,200 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\SysNative\BrWia09a.dll
[2012.11.04 13:46:58 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\offline Websiten
[2012.10.31 00:14:26 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\GeldtippsBackup
[2012.10.31 00:12:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IZArc
[2012.10.31 00:12:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IZArc
[2012.10.30 23:42:24 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\PC-FAX TX
[2012.10.30 23:40:52 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Brother
[2012.10.30 22:59:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
[2012.10.30 22:58:18 | 000,073,728 | ---- | C] (Brother Industories Ltd. P&S Company) -- C:\Windows\SysWow64\BRCrypt.dll
[2012.10.30 22:58:18 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\BrFaxRx
[2012.10.30 22:58:05 | 000,179,712 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\SysNative\BrfxDA5b.dll
[2012.10.30 22:58:05 | 000,118,784 | ---- | C] (Brother Industries,LTD.) -- C:\Windows\SysWow64\BrMfNt.dll
[2012.10.30 22:58:04 | 000,207,872 | ---- | C] (brother) -- C:\Windows\SysNative\NSSRH64.dll
[2012.10.30 22:58:03 | 000,082,944 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\SysNative\BrNetSti.dll
[2012.10.30 22:58:03 | 000,058,368 | ---- | C] (Brother Industries,Ltd.) -- C:\Windows\SysNative\BrWiaNCp.dll
[2012.10.30 22:58:03 | 000,047,616 | ---- | C] (Brother Industries,Ltd) -- C:\Windows\SysNative\Brnsplg.dll
[2012.10.30 22:58:01 | 000,073,728 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysWow64\BrDctF2.dll
[2012.10.30 22:58:01 | 000,005,632 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysWow64\BrDctF2L.dll
[2012.10.30 22:58:01 | 000,003,072 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysWow64\BrDctF2S.dll
[2012.10.30 22:57:59 | 001,560,576 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\SysNative\BrWia09b.dll
[2012.10.30 22:57:54 | 000,111,928 | ---- | C] (Brother Industries Ltd) -- C:\Windows\SysWow64\BRRBTOOL.EXE
[2012.10.30 22:57:54 | 000,077,824 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\SysWow64\BRLMW03A.DLL
[2012.10.30 22:57:52 | 000,176,128 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\SysWow64\BroSNMP.dll
[2012.10.30 22:57:48 | 000,167,936 | ---- | C] (brother) -- C:\Windows\SysWow64\NSSearch.dll
[2012.10.30 22:57:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Brother
[2012.10.30 22:57:45 | 000,024,223 | ---- | C] (Brother Industries, Ltd) -- C:\Windows\SysWow64\BRLM03A.DLL
[2012.10.30 22:56:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Brother
[2012.10.30 22:56:28 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\InstallShield
[2012.10.29 23:31:18 | 000,000,000 | ---D | C] -- C:\Users\***\.gimp-2.8
[2012.10.29 23:18:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth

========== Files - Modified Within 30 Days ==========

[2012.11.28 09:50:29 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2012.11.28 09:24:13 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.28 09:24:13 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.28 09:22:43 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.11.28 09:22:43 | 000,696,870 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.11.28 09:22:43 | 000,652,148 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.11.28 09:22:43 | 000,148,134 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.11.28 09:22:43 | 000,121,080 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.11.28 09:21:24 | 000,001,839 | ---- | M] () -- C:\Users\Public\Desktop\McAfee AntiVirus Plus.lnk
[2012.11.28 09:17:45 | 000,188,498 | ---- | M] () -- C:\Windows\SysNative\fastboot.set
[2012.11.28 09:16:45 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.11.28 09:14:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.28 09:14:40 | 2070,691,839 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.28 00:14:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.11.25 17:38:09 | 000,001,081 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.11.25 17:37:17 | 000,001,194 | ---- | M] () -- C:\Users\***\Desktop\Startfenster.lnk
[2012.11.19 00:13:54 | 000,001,230 | ---- | M] () -- C:\Users\***\Desktop\Calculator.lnk
[2012.11.17 22:28:29 | 000,309,280 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.11.16 20:31:13 | 000,001,058 | ---- | M] () -- C:\Users\Public\Desktop\MouseServer.lnk
[2012.11.08 17:18:11 | 000,002,176 | ---- | M] () -- C:\Users\Public\Desktop\Homebanking 2012.lnk
[2012.11.08 00:32:38 | 000,000,432 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2012.11.08 00:04:13 | 000,000,034 | ---- | M] () -- C:\Windows\SysWow64\BD7820N.DAT
[2012.11.08 00:03:48 | 000,000,050 | ---- | M] () -- C:\Windows\SysNative\bd7820n.dat
[2012.11.04 18:33:40 | 000,001,504 | ---- | M] () -- C:\Users\***\Desktop\2477-2_Fotografieren_Fortgeschrittene - Verknüpfung.lnk
[2012.11.01 00:08:40 | 000,005,971 | ---- | M] () -- C:\Users\***\AppData\Local\recently-used.xbel
[2012.10.31 00:12:37 | 000,001,844 | ---- | M] () -- C:\Users\***\Desktop\IZArc.lnk
[2012.10.30 23:42:24 | 000,000,336 | ---- | M] () -- C:\Windows\Brpfx04a.ini
[2012.10.30 22:59:22 | 000,000,093 | ---- | M] () -- C:\Windows\brpcfx.ini
[2012.10.30 22:58:59 | 000,000,034 | ---- | M] () -- C:\Windows\SysWow64\BD7440N.DAT
[2012.10.30 22:58:18 | 000,000,066 | ---- | M] () -- C:\Windows\Brfaxrx.ini
[2012.10.30 22:58:18 | 000,000,050 | ---- | M] () -- C:\Windows\SysNative\bd7440n.dat
[2012.10.30 00:25:58 | 000,202,277 | ---- | M] () -- C:\Users\***\Desktop\Cancun Landeanflug.jpg

========== Files Created - No Company Name ==========

[2012.11.28 09:50:29 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2012.11.25 17:38:09 | 000,001,081 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.11.25 17:37:17 | 000,001,194 | ---- | C] () -- C:\Users\***\Desktop\Startfenster.lnk
[2012.11.19 00:13:54 | 000,001,230 | ---- | C] () -- C:\Users\***\Desktop\Calculator.lnk
[2012.11.17 14:39:48 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012.11.17 14:32:51 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012.11.16 20:31:13 | 000,001,058 | ---- | C] () -- C:\Users\Public\Desktop\MouseServer.lnk
[2012.11.08 17:18:11 | 000,002,176 | ---- | C] () -- C:\Users\Public\Desktop\Homebanking 2012.lnk
[2012.11.08 00:04:13 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD7820N.DAT
[2012.11.08 00:03:48 | 000,000,050 | ---- | C] () -- C:\Windows\SysNative\bd7820n.dat
[2012.11.04 18:33:40 | 000,001,504 | ---- | C] () -- C:\Users\***\Desktop\2477-2_Fotografieren_Fortgeschrittene - Verknüpfung.lnk
[2012.11.01 00:08:40 | 000,005,971 | ---- | C] () -- C:\Users\***\AppData\Local\recently-used.xbel
[2012.10.31 00:12:37 | 000,001,844 | ---- | C] () -- C:\Users\***\Desktop\IZArc.lnk
[2012.10.30 22:59:22 | 000,000,336 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2012.10.30 22:59:22 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2012.10.30 22:58:59 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012.10.30 22:58:59 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD7440N.DAT
[2012.10.30 22:58:18 | 000,000,050 | ---- | C] () -- C:\Windows\SysNative\bd7440n.dat
[2012.10.30 22:58:06 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll
[2012.10.30 22:58:05 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2012.10.30 22:58:05 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2012.10.30 22:58:03 | 000,143,360 | ---- | C] () -- C:\Windows\SysNative\BrSNMP64.dll
[2012.10.30 22:57:54 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2012.10.30 22:57:44 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
[2012.10.30 00:25:58 | 000,202,277 | ---- | C] () -- C:\Users\***\Desktop\Cancun Landeanflug.jpg
[2012.07.16 00:09:38 | 000,000,986 | ---- | C] () -- C:\Users\***\AppData\Roaming\.ptbt1
[2012.06.29 21:47:44 | 001,456,640 | ---- | C] () -- C:\Program Files (x86)\Common Files\Falk Navi-Manager.msi
[2012.06.25 08:50:14 | 000,111,928 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.06.25 08:49:57 | 002,793,768 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2012.06.25 08:49:57 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.06.18 16:46:20 | 000,000,000 | ---- | C] () -- C:\Windows\firstboot.dat
[2012.05.10 10:43:58 | 002,086,240 | ---- | C] () -- C:\Windows\SysWow64\LenovoVeriface.Interface.dll
[2012.05.10 10:43:58 | 001,500,512 | ---- | C] () -- C:\Windows\SysWow64\Apblend.dll
[2012.05.10 10:43:58 | 001,171,456 | ---- | C] () -- C:\Windows\SysWow64\PicNotify.dll
[2012.05.10 10:43:58 | 000,472,416 | ---- | C] () -- C:\Windows\SysWow64\Lenovo.VerifaceStub.dll
[2012.05.10 10:43:50 | 001,044,480 | ---- | C] () -- C:\Windows\SysWow64\3DImageRenderer.dll
[2012.05.10 10:33:18 | 000,001,779 | ---- | C] () -- C:\Windows\vm332Rmv.ini
[2012.05.10 10:33:18 | 000,001,779 | ---- | C] () -- C:\Windows\SysWow64\vm332Rmv.ini
[2012.05.10 10:30:46 | 001,589,650 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.03.05 09:28:13 | 000,735,796 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin
[2012.03.05 09:28:11 | 000,561,508 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin
[2012.03.05 09:28:08 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.03.05 09:28:07 | 013,020,160 | ---- | C] () -- C:\Windows\SysWow64\ig7icd32.dll
[2012.02.02 21:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll

========== ZeroAccess Check ==========

[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012.10.22 12:50:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Akademische Arbeitsgemeinschaft
[2012.11.28 09:17:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox
[2012.06.29 23:12:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GeoSetter
[2012.06.18 16:47:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LSC
[2012.06.25 10:49:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2012.10.30 23:42:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC-FAX TX

========== Purity Check ==========



< End of report >
lg
Gerhard

Alt 28.11.2012, 16:28   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Startseite durch vlc.de gehackt - Standard

Startseite durch vlc.de gehackt


Hallo und

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.

Zitat:
Startseite durch vlc.de gehackt
Erstmal was Grundsätzliches: Die Heimatseite vom VLC-Player ist videolan.org und nicht vlc.de!

Software lädt man sich mit oberster Priorität direkt vom Hersteller oder von Filepony - nicht von Fakeseiten oder gar Toolbarklitschen wie zB Softonic


Zitat:
OLT habe ich bereits durchlaufen lassen, hier sind die beiden Logfiles:
Wieso denn mehrfach?
OTL ist kein Virenscanner, es scannt das System bzw. wichtige Bereiche vom System und schreibt aus dieses gesammelten Infos ein Log.


Schon irgendwelche Scans mit anderen Tools oder Virenscanner gemacht? Sind Logs mit Funden da? Siehe => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!
__________________

__________________
Alt 28.11.2012, 17:01   #3
gtwolffi
 
Startseite durch vlc.de gehackt - Standard

Startseite durch vlc.de gehackt


Hallo cosinus, erstmal vielen Dank, dass Du Dich meinem Problem angenommen hast.

Mit den "beiden" Logfiles meinte ich nur OLT.txt und extras.txt . Eigentlich habe ich OLT nur einmal die Logs erstellen lassen. Da habe ich mich wohl mit "durchlaufen lassen" sehr missverständlich ausgedrückt.

Bislang habe ich noch keinen Virenscanner drüber laufen lassen, da (zu meiner großen Schande) mir vor ein paar Tagen mein McAffee ausgelaufen ist, und ich noch nicht nachgebessert habe .Es besteht dahingehend also auch noch kein Logfile. Ich habe mich heute dann auch streng an Eure Vorgaben gehalten und keine weitere Software installiert außer jene die Ihr in "An alle Hilfesuchenden" veröffentlicht habt

Ich habe bislang immer darauf geachtet, mir Software nur direkt vom Hersteller herunter zu laden, aber hier bin ich voll darauf reingefallen und habe (unter Zeitdruck) gedacht, dass ich auf der Herstellerseite bin. Dämlich, aber wahr.

Gruß
Gerhard
__________________
Alt 28.11.2012, 17:18   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Startseite durch vlc.de gehackt - Standard

Startseite durch vlc.de gehackt


Zitat:
Mit den "beiden" Logfiles meinte ich nur OLT.txt und extras.txt . Eigentlich habe ich OLT nur einmal die Logs erstellen lassen. Da habe ich mich wohl mit "durchlaufen lassen" sehr missverständlich ausgedrückt.
Nein, ich hab falsch gelesen sry
Warum ich ein "mehrfach" da gelesen habe weiß ich auch nicht mehr

1. aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.


2. TDSS-Killer

Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 28.11.2012, 18:09   #5
gtwolffi
 
Startseite durch vlc.de gehackt - Standard

Startseite durch vlc.de gehackt


So, beide Aufgaben erledigt:

Code:
ATTFilter
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-28 17:25:45
-----------------------------
17:25:45.783    OS Version: Windows x64 6.1.7601 Service Pack 1
17:25:45.783    Number of processors: 4 586 0x3A09
17:25:45.783    ComputerName: ***-PC  UserName: ***
17:25:46.954    Initialize success
17:28:34.039    AVAST engine defs: 12112800
17:31:13.099    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
17:31:13.099    Disk 0 Vendor: ST750LM0 2AR1 Size: 715404MB BusType: 3
17:31:13.115    Disk 0 MBR read successfully
17:31:13.115    Disk 0 MBR scan
17:31:13.115    Disk 0 Windows 7 default MBR code
17:31:13.130    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          200 MB offset 2048
17:31:13.146    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       669122 MB offset 411648
17:31:13.177    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        26080 MB offset 1370773504
17:31:13.271    Disk 0 Partition 4 00     12  Compaq diag NTFS        20001 MB offset 1424185344
17:31:13.318    Disk 0 scanning C:\Windows\system32\drivers
17:31:25.002    Service scanning
17:31:52.146    Modules scanning
17:31:52.146    Disk 0 trace - called modules:
17:31:52.193    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 
17:31:52.193    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800a047060]
17:31:52.209    3 CLASSPNP.SYS[fffff88001fbb43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007766050]
17:31:53.363    AVAST engine scan C:\Windows
17:31:55.828    AVAST engine scan C:\Windows\system32
17:34:49.940    AVAST engine scan C:\Windows\system32\drivers
17:35:02.139    AVAST engine scan C:\Users\***
17:50:02.026    AVAST engine scan C:\ProgramData
17:51:35.798    Scan finished successfully
17:57:02.744    Disk 0 MBR has been saved successfully to "C:\Users\***\Downloads\MBR.dat"
17:57:02.744    The log file has been saved successfully to "C:\Users\***\Downloads\aswMBR.txt"

und


Code:
ATTFilter
18:01:12.0420 3816  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
18:01:14.0435 3816  ============================================================
18:01:14.0435 3816  Current date / time: 2012/11/28 18:01:14.0435
18:01:14.0435 3816  SystemInfo:
18:01:14.0435 3816  
18:01:14.0435 3816  OS Version: 6.1.7601 ServicePack: 1.0
18:01:14.0435 3816  Product type: Workstation
18:01:14.0435 3816  ComputerName: ***-PC
18:01:14.0435 3816  UserName: ***
18:01:14.0435 3816  Windows directory: C:\Windows
18:01:14.0435 3816  System windows directory: C:\Windows
18:01:14.0435 3816  Running under WOW64
18:01:14.0435 3816  Processor architecture: Intel x64
18:01:14.0435 3816  Number of processors: 4
18:01:14.0435 3816  Page size: 0x1000
18:01:14.0435 3816  Boot type: Normal boot
18:01:14.0435 3816  ============================================================
18:01:14.0793 3816  Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:01:14.0793 3816  ============================================================
18:01:14.0793 3816  \Device\Harddisk0\DR0:
18:01:14.0793 3816  MBR partitions:
18:01:14.0793 3816  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x64000
18:01:14.0793 3816  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64800, BlocksNum 0x51AE1000
18:01:14.0793 3816  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x51B45800, BlocksNum 0x32F0000
18:01:14.0793 3816  ============================================================
18:01:14.0825 3816  C: <-> \Device\Harddisk0\DR0\Partition2
18:01:14.0871 3816  D: <-> \Device\Harddisk0\DR0\Partition3
18:01:14.0871 3816  ============================================================
18:01:14.0871 3816  Initialize success
18:01:14.0871 3816  ============================================================
18:01:44.0229 4396  ============================================================
18:01:44.0229 4396  Scan started
18:01:44.0229 4396  Mode: Manual; SigCheck; TDLFS; 
18:01:44.0229 4396  ============================================================
18:01:44.0666 4396  ================ Scan system memory ========================
18:01:44.0666 4396  System memory - ok
18:01:44.0666 4396  ================ Scan services =============================
18:01:44.0884 4396  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
18:01:45.0025 4396  1394ohci - ok
18:01:45.0134 4396  [ 7EEB488346FBFA3731276C3EE8A8FD9E ] AAV UpdateService C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
18:01:45.0165 4396  AAV UpdateService - ok
18:01:45.0243 4396  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
18:01:45.0274 4396  ACPI - ok
18:01:45.0305 4396  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
18:01:45.0368 4396  AcpiPmi - ok
18:01:45.0415 4396  [ 5E813B11629007309E4FC0F0FD2B7C30 ] ACPIVPC         C:\Windows\system32\DRIVERS\AcpiVpc.sys
18:01:45.0461 4396  ACPIVPC - ok
18:01:45.0571 4396  [ 11A52CF7B265631DEEB24C6149309EFF ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:01:45.0586 4396  AdobeARMservice - ok
18:01:45.0649 4396  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
18:01:45.0680 4396  adp94xx - ok
18:01:45.0742 4396  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
18:01:45.0773 4396  adpahci - ok
18:01:45.0773 4396  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
18:01:45.0789 4396  adpu320 - ok
18:01:45.0805 4396  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
18:01:45.0929 4396  AeLookupSvc - ok
18:01:45.0992 4396  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
18:01:46.0054 4396  AFD - ok
18:01:46.0085 4396  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
18:01:46.0101 4396  agp440 - ok
18:01:46.0179 4396  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
18:01:46.0241 4396  ALG - ok
18:01:46.0257 4396  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
18:01:46.0273 4396  aliide - ok
18:01:46.0304 4396  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
18:01:46.0319 4396  amdide - ok
18:01:46.0319 4396  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
18:01:46.0382 4396  AmdK8 - ok
18:01:46.0429 4396  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
18:01:46.0522 4396  AmdPPM - ok
18:01:46.0553 4396  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
18:01:46.0569 4396  amdsata - ok
18:01:46.0616 4396  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
18:01:46.0631 4396  amdsbs - ok
18:01:46.0663 4396  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
18:01:46.0678 4396  amdxata - ok
18:01:46.0709 4396  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
18:01:46.0881 4396  AppID - ok
18:01:46.0912 4396  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
18:01:46.0975 4396  AppIDSvc - ok
18:01:47.0021 4396  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
18:01:47.0084 4396  Appinfo - ok
18:01:47.0099 4396  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
18:01:47.0099 4396  arc - ok
18:01:47.0115 4396  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
18:01:47.0131 4396  arcsas - ok
18:01:47.0255 4396  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
18:01:47.0271 4396  aspnet_state - ok
18:01:47.0302 4396  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
18:01:47.0333 4396  AsyncMac - ok
18:01:47.0365 4396  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
18:01:47.0380 4396  atapi - ok
18:01:47.0427 4396  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:01:47.0505 4396  AudioEndpointBuilder - ok
18:01:47.0505 4396  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
18:01:47.0567 4396  AudioSrv - ok
18:01:47.0583 4396  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
18:01:47.0645 4396  AxInstSV - ok
18:01:47.0692 4396  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
18:01:47.0755 4396  b06bdrv - ok
18:01:47.0770 4396  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
18:01:47.0801 4396  b57nd60a - ok
18:01:47.0833 4396  [ BC9E4469FE2CE605902D4C8BB09E8236 ] bcbtums         C:\Windows\system32\drivers\bcbtums.sys
18:01:47.0848 4396  bcbtums - ok
18:01:47.0957 4396  [ FBC76C8D561D0AD159EF9452D9F328F6 ] BCM43XX         C:\Windows\system32\DRIVERS\bcmwl664.sys
18:01:48.0098 4396  BCM43XX - ok
18:01:48.0145 4396  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
18:01:48.0191 4396  BDESVC - ok
18:01:48.0223 4396  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
18:01:48.0285 4396  Beep - ok
18:01:48.0316 4396  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
18:01:48.0379 4396  BFE - ok
18:01:48.0410 4396  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
18:01:48.0472 4396  BITS - ok
18:01:48.0503 4396  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
18:01:48.0519 4396  blbdrive - ok
18:01:48.0550 4396  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
18:01:48.0613 4396  bowser - ok
18:01:48.0644 4396  [ AAA4F992F879977A000FE8B8C730CD2C ] BPntDrv         C:\Windows\system32\drivers\BPntDrv.sys
18:01:48.0644 4396  BPntDrv - ok
18:01:48.0691 4396  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
18:01:48.0737 4396  BrFiltLo - ok
18:01:48.0737 4396  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
18:01:48.0769 4396  BrFiltUp - ok
18:01:48.0815 4396  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
18:01:48.0847 4396  Browser - ok
18:01:48.0862 4396  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
18:01:48.0893 4396  Brserid - ok
18:01:48.0893 4396  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
18:01:48.0925 4396  BrSerWdm - ok
18:01:48.0925 4396  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
18:01:48.0956 4396  BrUsbMdm - ok
18:01:48.0971 4396  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
18:01:48.0987 4396  BrUsbSer - ok
18:01:49.0049 4396  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
18:01:49.0096 4396  BthEnum - ok
18:01:49.0096 4396  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
18:01:49.0127 4396  BTHMODEM - ok
18:01:49.0143 4396  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
18:01:49.0174 4396  BthPan - ok
18:01:49.0221 4396  [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT         C:\Windows\system32\Drivers\BTHport.sys
18:01:49.0268 4396  BTHPORT - ok
18:01:49.0299 4396  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
18:01:49.0361 4396  bthserv - ok
18:01:49.0361 4396  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
18:01:49.0393 4396  BTHUSB - ok
18:01:49.0455 4396  [ 93F0E54C65EF7FCB56287FA685E4C4B7 ] btwampfl        C:\Windows\system32\drivers\btwampfl.sys
18:01:49.0486 4396  btwampfl - ok
18:01:49.0502 4396  [ D1F3C58892C621935947C0261BAEF3C0 ] btwaudio        C:\Windows\system32\drivers\btwaudio.sys
18:01:49.0502 4396  btwaudio - ok
18:01:49.0533 4396  [ 9C7A3858D87F3A2574C1D326CA6C1461 ] btwavdt         C:\Windows\system32\drivers\btwavdt.sys
18:01:49.0533 4396  btwavdt - ok
18:01:49.0627 4396  [ CE6AD9E2874D19069569F03C819B558C ] btwdins         C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
18:01:49.0658 4396  btwdins - ok
18:01:49.0705 4396  [ B1ACFD00CDD13B48D86F46BFEC153BF9 ] btwl2cap        C:\Windows\system32\DRIVERS\btwl2cap.sys
18:01:49.0720 4396  btwl2cap - ok
18:01:49.0736 4396  [ BB892C59D453E127797F8C5B203678DC ] btwrchid        C:\Windows\system32\DRIVERS\btwrchid.sys
18:01:49.0751 4396  btwrchid - ok
18:01:49.0783 4396  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
18:01:49.0845 4396  cdfs - ok
18:01:49.0876 4396  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
18:01:49.0907 4396  cdrom - ok
18:01:49.0954 4396  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
18:01:50.0001 4396  CertPropSvc - ok
18:01:50.0048 4396  [ 274CE03459896006F7A5069266E0469E ] cfwids          C:\Windows\system32\drivers\cfwids.sys
18:01:50.0048 4396  cfwids - ok
18:01:50.0079 4396  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
18:01:50.0110 4396  circlass - ok
18:01:50.0141 4396  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
18:01:50.0157 4396  CLFS - ok
18:01:50.0219 4396  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:01:50.0235 4396  clr_optimization_v2.0.50727_32 - ok
18:01:50.0266 4396  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:01:50.0282 4396  clr_optimization_v2.0.50727_64 - ok
18:01:50.0344 4396  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:01:50.0375 4396  clr_optimization_v4.0.30319_32 - ok
18:01:50.0407 4396  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:01:50.0407 4396  clr_optimization_v4.0.30319_64 - ok
18:01:50.0438 4396  [ 50F92C943F18B070F166D019DFAB3D9A ] clwvd           C:\Windows\system32\DRIVERS\clwvd.sys
18:01:50.0438 4396  clwvd - ok
18:01:50.0469 4396  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
18:01:50.0500 4396  CmBatt - ok
18:01:50.0516 4396  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
18:01:50.0531 4396  cmdide - ok
18:01:50.0594 4396  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
18:01:50.0641 4396  CNG - ok
18:01:50.0719 4396  [ 9F6DE1995A188615CEEE908E750A34ED ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys
18:01:50.0765 4396  CnxtHdAudService - ok
18:01:50.0797 4396  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
18:01:50.0828 4396  Compbatt - ok
18:01:50.0843 4396  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
18:01:50.0875 4396  CompositeBus - ok
18:01:50.0890 4396  COMSysApp - ok
18:01:50.0968 4396  [ 9DE2CE0A06DAB38BA03471BFE60493A6 ] cphs            C:\Windows\SysWow64\IntelCpHeciSvc.exe
18:01:50.0999 4396  cphs - ok
18:01:51.0015 4396  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
18:01:51.0031 4396  crcdisk - ok
18:01:51.0093 4396  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
18:01:51.0140 4396  CryptSvc - ok
18:01:51.0187 4396  [ F160B26B26BA4AFE8CECC12ED5AC231E ] CxAudMsg        C:\Windows\system32\CxAudMsg64.exe
18:01:51.0202 4396  CxAudMsg - ok
18:01:51.0218 4396  [ 56F4750B7F0CE969E43DE2A76DDA5A5F ] DamageGuard     C:\Windows\system32\DRIVERS\DamageGuardX64.sys
18:01:51.0233 4396  DamageGuard - ok
18:01:51.0296 4396  [ FE34E2BC039CB305702C8D8D81B38DBA ] DamageGuardSvc  C:\Program Files\Lenovo\Instant Reset\DamageGuardSvc.exe
18:01:51.0327 4396  DamageGuardSvc - ok
18:01:51.0374 4396  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
18:01:51.0421 4396  DcomLaunch - ok
18:01:51.0467 4396  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
18:01:51.0530 4396  defragsvc - ok
18:01:51.0561 4396  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
18:01:51.0608 4396  DfsC - ok
18:01:51.0639 4396  [ 5014042B07FE6CBE0E6C737AA3F1EBFC ] dgFltr          C:\Windows\system32\drivers\dgFltrX64.sys
18:01:51.0655 4396  dgFltr - ok
18:01:51.0670 4396  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
18:01:51.0733 4396  Dhcp - ok
18:01:51.0764 4396  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
18:01:51.0826 4396  discache - ok
18:01:51.0857 4396  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
18:01:51.0857 4396  Disk - ok
18:01:51.0889 4396  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
18:01:51.0935 4396  Dnscache - ok
18:01:51.0967 4396  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
18:01:51.0998 4396  dot3svc - ok
18:01:52.0029 4396  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
18:01:52.0060 4396  DPS - ok
18:01:52.0091 4396  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
18:01:52.0123 4396  drmkaud - ok
18:01:52.0154 4396  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
18:01:52.0185 4396  DXGKrnl - ok
18:01:52.0216 4396  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
18:01:52.0279 4396  EapHost - ok
18:01:52.0357 4396  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
18:01:52.0435 4396  ebdrv - ok
18:01:52.0466 4396  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
18:01:52.0513 4396  EFS - ok
18:01:52.0575 4396  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
18:01:52.0653 4396  ehRecvr - ok
18:01:52.0669 4396  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
18:01:52.0684 4396  ehSched - ok
18:01:52.0747 4396  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
18:01:52.0778 4396  elxstor - ok
18:01:52.0778 4396  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
18:01:52.0809 4396  ErrDev - ok
18:01:52.0840 4396  [ 4B18C33EEDD15BD2AAF99807D36555B3 ] ETD             C:\Windows\system32\DRIVERS\ETD.sys
18:01:52.0871 4396  ETD - ok
18:01:52.0903 4396  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
18:01:52.0934 4396  EventSystem - ok
18:01:52.0965 4396  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
18:01:52.0996 4396  exfat - ok
18:01:53.0012 4396  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
18:01:53.0043 4396  fastfat - ok
18:01:53.0074 4396  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
18:01:53.0121 4396  Fax - ok
18:01:53.0152 4396  [ 0BDD7984DB7AAFF6DFEFD11D82D473DB ] fbfmon          C:\Windows\system32\drivers\fbfmon.sys
18:01:53.0168 4396  fbfmon - ok
18:01:53.0183 4396  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
18:01:53.0199 4396  fdc - ok
18:01:53.0246 4396  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
18:01:53.0293 4396  fdPHost - ok
18:01:53.0308 4396  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
18:01:53.0355 4396  FDResPub - ok
18:01:53.0386 4396  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
18:01:53.0417 4396  FileInfo - ok
18:01:53.0433 4396  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
18:01:53.0495 4396  Filetrace - ok
18:01:53.0527 4396  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
18:01:53.0542 4396  flpydisk - ok
18:01:53.0558 4396  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
18:01:53.0573 4396  FltMgr - ok
18:01:53.0605 4396  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
18:01:53.0651 4396  FontCache - ok
18:01:53.0683 4396  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:01:53.0698 4396  FontCache3.0.0.0 - ok
18:01:53.0714 4396  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
18:01:53.0745 4396  FsDepends - ok
18:01:53.0761 4396  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
18:01:53.0776 4396  Fs_Rec - ok
18:01:53.0870 4396  [ 10DBAA1703253FB511D0F5C5F6064B00 ] FTRTSVC         C:\PROGRA~2\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
18:01:53.0901 4396  FTRTSVC ( UnsignedFile.Multi.Generic ) - warning
18:01:53.0901 4396  FTRTSVC - detected UnsignedFile.Multi.Generic (1)
18:01:53.0917 4396  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
18:01:53.0932 4396  fvevol - ok
18:01:53.0963 4396  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
18:01:53.0979 4396  gagp30kx - ok
18:01:54.0026 4396  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
18:01:54.0088 4396  gpsvc - ok
18:01:54.0151 4396  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:01:54.0182 4396  gupdate - ok
18:01:54.0182 4396  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:01:54.0197 4396  gupdatem - ok
18:01:54.0213 4396  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
18:01:54.0244 4396  hcw85cir - ok
18:01:54.0275 4396  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:01:54.0338 4396  HdAudAddService - ok
18:01:54.0369 4396  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
18:01:54.0416 4396  HDAudBus - ok
18:01:54.0431 4396  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
18:01:54.0463 4396  HidBatt - ok
18:01:54.0478 4396  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
18:01:54.0509 4396  HidBth - ok
18:01:54.0525 4396  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
18:01:54.0541 4396  HidIr - ok
18:01:54.0572 4396  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
18:01:54.0587 4396  hidserv - ok
18:01:54.0619 4396  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
18:01:54.0634 4396  HidUsb - ok
18:01:54.0665 4396  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
18:01:54.0697 4396  hkmsvc - ok
18:01:54.0728 4396  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:01:54.0759 4396  HomeGroupListener - ok
18:01:54.0790 4396  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:01:54.0806 4396  HomeGroupProvider - ok
18:01:54.0837 4396  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
18:01:54.0837 4396  HpSAMD - ok
18:01:54.0884 4396  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
18:01:54.0915 4396  HTTP - ok
18:01:54.0962 4396  [ 4B5C07DB91A0099272FAAE732E1152BD ] hwdatacard      C:\Windows\system32\DRIVERS\ewusbmdm.sys
18:01:55.0009 4396  hwdatacard - ok
18:01:55.0024 4396  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
18:01:55.0040 4396  hwpolicy - ok
18:01:55.0071 4396  [ 1F24CF1F7DB6D4461AC65A86DB8E4BC2 ] hwusbfake       C:\Windows\system32\DRIVERS\ewusbfake.sys
18:01:55.0102 4396  hwusbfake - ok
18:01:55.0149 4396  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
18:01:55.0165 4396  i8042prt - ok
18:01:55.0211 4396  [ C224331A54571C8C9162F7714400BBBD ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
18:01:55.0227 4396  iaStor - ok
18:01:55.0274 4396  [ 7D4B9A48430ED57ACA6373B71D5904CA ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
18:01:55.0305 4396  IAStorDataMgrSvc - ok
18:01:55.0321 4396  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
18:01:55.0336 4396  iaStorV - ok
18:01:55.0414 4396  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:01:55.0445 4396  idsvc - ok
18:01:55.0711 4396  [ 7054941241807E91663A83A38BCE3F0D ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
18:01:56.0038 4396  igfx - ok
18:01:56.0085 4396  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
18:01:56.0116 4396  iirsp - ok
18:01:56.0147 4396  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
18:01:56.0194 4396  IKEEXT - ok
18:01:56.0241 4396  [ CAA8BC6737DFA3BF1A50175CFB226788 ] InputFilter_Hid_FlexDef2b C:\Windows\system32\DRIVERS\InputFilter_FlexDef2b.sys
18:01:56.0288 4396  InputFilter_Hid_FlexDef2b - ok
18:01:56.0319 4396  [ 6C9FFFECA9FED31347D211C5D1FFBD2D ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
18:01:56.0381 4396  IntcDAud - ok
18:01:56.0444 4396  [ 832CE330DD987227B7DEA8C03F22AEFA ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
18:01:56.0459 4396  Intel(R) Capability Licensing Service Interface - ok
18:01:56.0491 4396  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
18:01:56.0506 4396  intelide - ok
18:01:56.0537 4396  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
18:01:56.0569 4396  intelppm - ok
18:01:56.0615 4396  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
18:01:56.0662 4396  IPBusEnum - ok
18:01:56.0662 4396  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:01:56.0693 4396  IpFilterDriver - ok
18:01:56.0740 4396  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
18:01:56.0771 4396  iphlpsvc - ok
18:01:56.0771 4396  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
18:01:56.0787 4396  IPMIDRV - ok
18:01:56.0803 4396  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
18:01:56.0834 4396  IPNAT - ok
18:01:56.0849 4396  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
18:01:56.0881 4396  IRENUM - ok
18:01:56.0881 4396  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
18:01:56.0896 4396  isapnp - ok
18:01:56.0927 4396  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
18:01:56.0943 4396  iScsiPrt - ok
18:01:56.0974 4396  [ 846354992EBB373F452EB9182D501B08 ] iusb3hcs        C:\Windows\system32\DRIVERS\iusb3hcs.sys
18:01:56.0990 4396  iusb3hcs - ok
18:01:57.0005 4396  [ 1D88A23853387D34D52CC8F9DDBFC56C ] iusb3hub        C:\Windows\system32\DRIVERS\iusb3hub.sys
18:01:57.0021 4396  iusb3hub - ok
18:01:57.0037 4396  [ FC5EFD7C797DF19DFB999F0605A7924E ] iusb3xhc        C:\Windows\system32\DRIVERS\iusb3xhc.sys
18:01:57.0052 4396  iusb3xhc - ok
18:01:57.0099 4396  [ 09CA717536671E0896E07D239EE6740F ] jhi_service     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
18:01:57.0115 4396  jhi_service - ok
18:01:57.0161 4396  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
18:01:57.0161 4396  kbdclass - ok
18:01:57.0193 4396  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
18:01:57.0208 4396  kbdhid - ok
18:01:57.0239 4396  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
18:01:57.0239 4396  KeyIso - ok
18:01:57.0302 4396  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
18:01:57.0317 4396  KSecDD - ok
18:01:57.0333 4396  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
18:01:57.0349 4396  KSecPkg - ok
18:01:57.0364 4396  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
18:01:57.0411 4396  ksthunk - ok
18:01:57.0442 4396  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
18:01:57.0473 4396  KtmRm - ok
18:01:57.0520 4396  [ E84DA1A93978B3700EA63414357B9BA3 ] L1C             C:\Windows\system32\DRIVERS\L1C62x64.sys
18:01:57.0520 4396  L1C - ok
18:01:57.0551 4396  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
18:01:57.0598 4396  LanmanServer - ok
18:01:57.0629 4396  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:01:57.0676 4396  LanmanWorkstation - ok
18:01:57.0707 4396  [ BE166935083F9C38EDFDC21B9A7A679B ] LHDmgr          C:\Windows\system32\DRIVERS\LhdX64.sys
18:01:57.0707 4396  LHDmgr - ok
18:01:57.0739 4396  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
18:01:57.0785 4396  lltdio - ok
18:01:57.0817 4396  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
18:01:57.0848 4396  lltdsvc - ok
18:01:57.0879 4396  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
18:01:57.0910 4396  lmhosts - ok
18:01:57.0957 4396  [ A60D56228FF3EE7EC1A56A908924680E ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
18:01:57.0988 4396  LMS - ok
18:01:58.0035 4396  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
18:01:58.0051 4396  LSI_FC - ok
18:01:58.0066 4396  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
18:01:58.0082 4396  LSI_SAS - ok
18:01:58.0082 4396  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
18:01:58.0097 4396  LSI_SAS2 - ok
18:01:58.0113 4396  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
18:01:58.0113 4396  LSI_SCSI - ok
18:01:58.0144 4396  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
18:01:58.0191 4396  luafv - ok
18:01:58.0285 4396  [ ACB01BF1A905356AB7F978C7FE852209 ] McAfee SiteAdvisor Service C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
18:01:58.0300 4396  McAfee SiteAdvisor Service - ok
18:01:58.0363 4396  [ F48571922079BBAB289C57BAFEFE88F3 ] McAWFwk         c:\PROGRA~1\mcafee\msc\mcawfwk.exe
18:01:58.0378 4396  McAWFwk - ok
18:01:58.0394 4396  [ ACB01BF1A905356AB7F978C7FE852209 ] McMPFSvc        C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
18:01:58.0409 4396  McMPFSvc - ok
18:01:58.0425 4396  [ ACB01BF1A905356AB7F978C7FE852209 ] mcmscsvc        C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
18:01:58.0425 4396  mcmscsvc - ok
18:01:58.0441 4396  [ ACB01BF1A905356AB7F978C7FE852209 ] McNaiAnn        C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
18:01:58.0456 4396  McNaiAnn - ok
18:01:58.0472 4396  [ ACB01BF1A905356AB7F978C7FE852209 ] McNASvc         C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
18:01:58.0472 4396  McNASvc - ok
18:01:58.0550 4396  [ 44D0DA102FA7A1BE22FD7499E80DCF9B ] McODS           C:\Program Files\mcafee\VirusScan\mcods.exe
18:01:58.0581 4396  McODS - ok
18:01:58.0581 4396  [ ACB01BF1A905356AB7F978C7FE852209 ] McOobeSv        C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
18:01:58.0597 4396  McOobeSv - ok
18:01:58.0597 4396  [ ACB01BF1A905356AB7F978C7FE852209 ] McProxy         C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
18:01:58.0612 4396  McProxy - ok
18:01:58.0675 4396  [ E998E3B12101288D716558466CBF6AE1 ] McShield        C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
18:01:58.0721 4396  McShield - ok
18:01:58.0753 4396  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
18:01:58.0784 4396  Mcx2Svc - ok
18:01:58.0784 4396  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
18:01:58.0799 4396  megasas - ok
18:01:58.0831 4396  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
18:01:58.0846 4396  MegaSR - ok
18:01:58.0877 4396  [ 6B01B7414A105B9E51652089A03027CF ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
18:01:58.0893 4396  MEIx64 - ok
18:01:58.0909 4396  [ 01884CB7655C8908B43FF5E364FE6FD2 ] mfeapfk         C:\Windows\system32\drivers\mfeapfk.sys
18:01:58.0924 4396  mfeapfk - ok
18:01:58.0940 4396  [ DAB9A9CDFB04E4D68924492AA043019D ] mfeavfk         C:\Windows\system32\drivers\mfeavfk.sys
18:01:58.0955 4396  mfeavfk - ok
18:01:58.0971 4396  mfeavfk01 - ok
18:01:59.0002 4396  [ B26782C3D6045B4464017D7926877560 ] mfefire         C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
18:01:59.0033 4396  mfefire - ok
18:01:59.0049 4396  [ CE9A3680675C0907ADE16404CA967B49 ] mfefirek        C:\Windows\system32\drivers\mfefirek.sys
18:01:59.0080 4396  mfefirek - ok
18:01:59.0111 4396  [ 60CF67458DD29CD17E77F2327B1A9A54 ] mfehidk         C:\Windows\system32\drivers\mfehidk.sys
18:01:59.0127 4396  mfehidk - ok
18:01:59.0127 4396  [ A8129CFB919347F8533C934B365E9202 ] mfenlfk         C:\Windows\system32\DRIVERS\mfenlfk.sys
18:01:59.0143 4396  mfenlfk - ok
18:01:59.0158 4396  [ 5041FA2BD2B3A2693B015771BFBF6DCA ] mferkdet        C:\Windows\system32\drivers\mferkdet.sys
18:01:59.0174 4396  mferkdet - ok
18:01:59.0205 4396  [ 723A5EB6CEF7F408C3D0F15A82A6BFF8 ] mfevtp          C:\Windows\system32\mfevtps.exe
18:01:59.0205 4396  mfevtp - ok
18:01:59.0221 4396  [ 919C56DB14A0E1E2AB6DA5D2821DC26E ] mfewfpk         C:\Windows\system32\drivers\mfewfpk.sys
18:01:59.0236 4396  mfewfpk - ok
18:01:59.0252 4396  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
18:01:59.0299 4396  MMCSS - ok
18:01:59.0299 4396  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
18:01:59.0345 4396  Modem - ok
18:01:59.0377 4396  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
18:01:59.0408 4396  monitor - ok
18:01:59.0423 4396  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
18:01:59.0439 4396  mouclass - ok
18:01:59.0470 4396  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
18:01:59.0486 4396  mouhid - ok
18:01:59.0517 4396  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
18:01:59.0533 4396  mountmgr - ok
18:01:59.0595 4396  [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:01:59.0611 4396  MozillaMaintenance - ok
18:01:59.0642 4396  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
18:01:59.0657 4396  mpio - ok
18:01:59.0673 4396  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
18:01:59.0704 4396  mpsdrv - ok
18:01:59.0735 4396  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
18:01:59.0767 4396  MpsSvc - ok
18:01:59.0782 4396  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
18:01:59.0813 4396  MRxDAV - ok
18:01:59.0829 4396  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
18:01:59.0891 4396  mrxsmb - ok
18:01:59.0907 4396  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:01:59.0938 4396  mrxsmb10 - ok
18:01:59.0938 4396  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:01:59.0969 4396  mrxsmb20 - ok
18:01:59.0985 4396  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
18:02:00.0001 4396  msahci - ok
18:02:00.0016 4396  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
18:02:00.0032 4396  msdsm - ok
18:02:00.0047 4396  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
18:02:00.0063 4396  MSDTC - ok
18:02:00.0094 4396  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
18:02:00.0141 4396  Msfs - ok
18:02:00.0141 4396  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
18:02:00.0188 4396  mshidkmdf - ok
18:02:00.0203 4396  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
18:02:00.0203 4396  msisadrv - ok
18:02:00.0235 4396  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
18:02:00.0266 4396  MSiSCSI - ok
18:02:00.0266 4396  msiserver - ok
18:02:00.0281 4396  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
18:02:00.0313 4396  MSKSSRV - ok
18:02:00.0344 4396  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
18:02:00.0375 4396  MSPCLOCK - ok
18:02:00.0375 4396  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
18:02:00.0406 4396  MSPQM - ok
18:02:00.0437 4396  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
18:02:00.0453 4396  MsRPC - ok
18:02:00.0453 4396  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
18:02:00.0469 4396  mssmbios - ok
18:02:00.0500 4396  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
18:02:00.0531 4396  MSTEE - ok
18:02:00.0531 4396  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
18:02:00.0547 4396  MTConfig - ok
18:02:00.0578 4396  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
18:02:00.0578 4396  Mup - ok
18:02:00.0609 4396  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
18:02:00.0656 4396  napagent - ok
18:02:00.0687 4396  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
18:02:00.0703 4396  NativeWifiP - ok
18:02:00.0781 4396  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
18:02:00.0812 4396  NDIS - ok
18:02:00.0812 4396  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
18:02:00.0843 4396  NdisCap - ok
18:02:00.0874 4396  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
18:02:00.0905 4396  NdisTapi - ok
18:02:00.0905 4396  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
18:02:00.0952 4396  Ndisuio - ok
18:02:00.0968 4396  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
18:02:00.0999 4396  NdisWan - ok
18:02:00.0999 4396  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
18:02:01.0030 4396  NDProxy - ok
18:02:01.0061 4396  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
18:02:01.0139 4396  NetBIOS - ok
18:02:01.0139 4396  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
18:02:01.0171 4396  NetBT - ok
18:02:01.0186 4396  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
18:02:01.0202 4396  Netlogon - ok
18:02:01.0249 4396  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
18:02:01.0295 4396  Netman - ok
18:02:01.0358 4396  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:02:01.0420 4396  NetMsmqActivator - ok
18:02:01.0420 4396  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:02:01.0467 4396  NetPipeActivator - ok
18:02:01.0483 4396  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
18:02:01.0514 4396  netprofm - ok
18:02:01.0529 4396  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:02:01.0561 4396  NetTcpActivator - ok
18:02:01.0576 4396  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:02:01.0607 4396  NetTcpPortSharing - ok
18:02:01.0639 4396  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
18:02:01.0654 4396  nfrd960 - ok
18:02:01.0670 4396  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
18:02:01.0701 4396  NlaSvc - ok
18:02:01.0717 4396  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
18:02:01.0732 4396  Npfs - ok
18:02:01.0763 4396  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
18:02:01.0810 4396  nsi - ok
18:02:01.0810 4396  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
18:02:01.0857 4396  nsiproxy - ok
18:02:01.0919 4396  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
18:02:01.0951 4396  Ntfs - ok
18:02:01.0982 4396  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
18:02:02.0013 4396  Null - ok
18:02:02.0263 4396  [ A68C95F8E17A4CFCB99F2139D73F552B ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:02:02.0590 4396  nvlddmkm - ok
18:02:02.0606 4396  [ 7B4BD86B22DFE63FC08E5F4E24B54438 ] nvpciflt        C:\Windows\system32\DRIVERS\nvpciflt.sys
18:02:02.0621 4396  nvpciflt - ok
18:02:02.0653 4396  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
18:02:02.0653 4396  nvraid - ok
18:02:02.0668 4396  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
18:02:02.0684 4396  nvstor - ok
18:02:02.0715 4396  [ BD1CEC4D0CACABCFD93A07B2CC46C9EB ] nvsvc           C:\Windows\system32\nvvsvc.exe
18:02:02.0746 4396  nvsvc - ok
18:02:02.0840 4396  [ 82205275BDB35B0AC8750FA8D0A21A5B ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
18:02:02.0902 4396  nvUpdatusService - ok
18:02:02.0918 4396  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
18:02:02.0933 4396  nv_agp - ok
18:02:02.0949 4396  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
18:02:02.0965 4396  ohci1394 - ok
18:02:02.0980 4396  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
18:02:03.0011 4396  p2pimsvc - ok
18:02:03.0027 4396  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
18:02:03.0043 4396  p2psvc - ok
18:02:03.0074 4396  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
18:02:03.0074 4396  Parport - ok
18:02:03.0105 4396  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
18:02:03.0121 4396  partmgr - ok
18:02:03.0136 4396  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
18:02:03.0152 4396  PcaSvc - ok
18:02:03.0183 4396  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
18:02:03.0199 4396  pci - ok
18:02:03.0214 4396  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
18:02:03.0230 4396  pciide - ok
18:02:03.0245 4396  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
18:02:03.0245 4396  pcmcia - ok
18:02:03.0261 4396  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
18:02:03.0277 4396  pcw - ok
18:02:03.0292 4396  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
18:02:03.0339 4396  PEAUTH - ok
18:02:03.0401 4396  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
18:02:03.0433 4396  PerfHost - ok
18:02:03.0479 4396  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
18:02:03.0542 4396  pla - ok
18:02:03.0604 4396  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
18:02:03.0667 4396  PlugPlay - ok
18:02:03.0776 4396  [ 3072137896BFCCF4B190D248F583B48E ] PMBDeviceInfoProvider C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
18:02:03.0807 4396  PMBDeviceInfoProvider - ok
18:02:03.0807 4396  PnkBstrA - ok
18:02:03.0823 4396  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
18:02:03.0854 4396  PNRPAutoReg - ok
18:02:03.0869 4396  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
18:02:03.0869 4396  PNRPsvc - ok
18:02:03.0901 4396  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
18:02:03.0947 4396  PolicyAgent - ok
18:02:03.0963 4396  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
18:02:04.0010 4396  Power - ok
18:02:04.0041 4396  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
18:02:04.0072 4396  PptpMiniport - ok
18:02:04.0088 4396  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
18:02:04.0103 4396  Processor - ok
18:02:04.0135 4396  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
18:02:04.0166 4396  ProfSvc - ok
18:02:04.0181 4396  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
18:02:04.0181 4396  ProtectedStorage - ok
18:02:04.0213 4396  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
18:02:04.0275 4396  Psched - ok
18:02:04.0337 4396  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
18:02:04.0384 4396  ql2300 - ok
18:02:04.0400 4396  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
18:02:04.0400 4396  ql40xx - ok
18:02:04.0431 4396  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
18:02:04.0447 4396  QWAVE - ok
18:02:04.0462 4396  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
18:02:04.0478 4396  QWAVEdrv - ok
18:02:04.0571 4396  [ A55E7D0D873B2C97585B3B5926AC6ADE ] RapiMgr         C:\Windows\WindowsMobile\rapimgr.dll
18:02:04.0587 4396  RapiMgr - ok
18:02:04.0603 4396  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
18:02:04.0649 4396  RasAcd - ok
18:02:04.0696 4396  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
18:02:04.0759 4396  RasAgileVpn - ok
18:02:04.0790 4396  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
18:02:04.0852 4396  RasAuto - ok
18:02:04.0883 4396  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
18:02:04.0915 4396  Rasl2tp - ok
18:02:04.0946 4396  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
18:02:04.0977 4396  RasMan - ok
18:02:05.0008 4396  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
18:02:05.0039 4396  RasPppoe - ok
18:02:05.0055 4396  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
18:02:05.0086 4396  RasSstp - ok
18:02:05.0102 4396  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
18:02:05.0133 4396  rdbss - ok
18:02:05.0149 4396  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
18:02:05.0164 4396  rdpbus - ok
18:02:05.0195 4396  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
18:02:05.0258 4396  RDPCDD - ok
18:02:05.0258 4396  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
18:02:05.0305 4396  RDPENCDD - ok
18:02:05.0320 4396  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
18:02:05.0351 4396  RDPREFMP - ok
18:02:05.0367 4396  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
18:02:05.0398 4396  RDPWD - ok
18:02:05.0414 4396  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
18:02:05.0429 4396  rdyboost - ok
18:02:05.0461 4396  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
18:02:05.0476 4396  RemoteAccess - ok
18:02:05.0507 4396  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
18:02:05.0554 4396  RemoteRegistry - ok
18:02:05.0585 4396  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
18:02:05.0617 4396  RFCOMM - ok
18:02:05.0648 4396  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
18:02:05.0679 4396  RpcEptMapper - ok
18:02:05.0695 4396  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
18:02:05.0741 4396  RpcLocator - ok
18:02:05.0757 4396  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
18:02:05.0804 4396  RpcSs - ok
18:02:05.0819 4396  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
18:02:05.0851 4396  rspndr - ok
18:02:05.0897 4396  [ 88AB579F407A3D02918B8DCC4E6E34B3 ] RSUSBVSTOR      C:\Windows\system32\Drivers\RtsUVStor.sys
18:02:05.0913 4396  RSUSBVSTOR - ok
18:02:05.0944 4396  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
18:02:05.0960 4396  SamSs - ok
18:02:05.0975 4396  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
18:02:05.0975 4396  sbp2port - ok
18:02:06.0007 4396  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
18:02:06.0085 4396  SCardSvr - ok
18:02:06.0100 4396  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
18:02:06.0131 4396  scfilter - ok
18:02:06.0163 4396  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
18:02:06.0225 4396  Schedule - ok
18:02:06.0256 4396  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
18:02:06.0303 4396  SCPolicySvc - ok
18:02:06.0319 4396  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
18:02:06.0350 4396  SDRSVC - ok
18:02:06.0381 4396  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
18:02:06.0412 4396  secdrv - ok
18:02:06.0428 4396  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
18:02:06.0443 4396  seclogon - ok
18:02:06.0475 4396  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
18:02:06.0506 4396  SENS - ok
18:02:06.0521 4396  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
18:02:06.0537 4396  SensrSvc - ok
18:02:06.0584 4396  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\drivers\serenum.sys
18:02:06.0599 4396  Serenum - ok
18:02:06.0615 4396  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\drivers\serial.sys
18:02:06.0631 4396  Serial - ok
18:02:06.0646 4396  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
18:02:06.0662 4396  sermouse - ok
18:02:06.0693 4396  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
18:02:06.0724 4396  SessionEnv - ok
18:02:06.0724 4396  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
18:02:06.0740 4396  sffdisk - ok
18:02:06.0740 4396  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
18:02:06.0771 4396  sffp_mmc - ok
18:02:06.0771 4396  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
18:02:06.0787 4396  sffp_sd - ok
18:02:06.0818 4396  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
18:02:06.0833 4396  sfloppy - ok
18:02:06.0865 4396  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
18:02:06.0896 4396  SharedAccess - ok
18:02:06.0927 4396  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:02:06.0958 4396  ShellHWDetection - ok
18:02:06.0974 4396  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
18:02:06.0974 4396  SiSRaid2 - ok
18:02:06.0989 4396  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
18:02:06.0989 4396  SiSRaid4 - ok
18:02:07.0021 4396  [ DDAA5F4A6B958FC313EBD02DD925752F ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
18:02:07.0036 4396  SkypeUpdate - ok
18:02:07.0052 4396  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
18:02:07.0083 4396  Smb - ok
18:02:07.0099 4396  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
18:02:07.0099 4396  SNMPTRAP - ok
18:02:07.0114 4396  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
18:02:07.0130 4396  spldr - ok
18:02:07.0177 4396  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
18:02:07.0223 4396  Spooler - ok
18:02:07.0301 4396  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
18:02:07.0379 4396  sppsvc - ok
18:02:07.0395 4396  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
18:02:07.0426 4396  sppuinotify - ok
18:02:07.0442 4396  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
18:02:07.0473 4396  srv - ok
18:02:07.0504 4396  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
18:02:07.0535 4396  srv2 - ok
18:02:07.0551 4396  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
18:02:07.0567 4396  srvnet - ok
18:02:07.0598 4396  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
18:02:07.0629 4396  SSDPSRV - ok
18:02:07.0629 4396  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
18:02:07.0660 4396  SstpSvc - ok
18:02:07.0676 4396  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
18:02:07.0691 4396  stexstor - ok
18:02:07.0754 4396  [ DECACB6921DED1A38642642685D77DAC ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
18:02:07.0785 4396  StillCam - ok
18:02:07.0832 4396  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
18:02:07.0863 4396  stisvc - ok
18:02:07.0894 4396  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
18:02:07.0894 4396  swenum - ok
18:02:07.0925 4396  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
18:02:07.0957 4396  swprv - ok
18:02:08.0019 4396  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
18:02:08.0081 4396  SysMain - ok
18:02:08.0097 4396  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:02:08.0128 4396  TabletInputService - ok
18:02:08.0144 4396  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
18:02:08.0175 4396  TapiSrv - ok
18:02:08.0206 4396  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
18:02:08.0253 4396  TBS - ok
18:02:08.0347 4396  [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
18:02:08.0393 4396  Tcpip - ok
18:02:08.0425 4396  [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
18:02:08.0456 4396  TCPIP6 - ok
18:02:08.0471 4396  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
18:02:08.0487 4396  tcpipreg - ok
18:02:08.0518 4396  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
18:02:08.0549 4396  TDPIPE - ok
18:02:08.0565 4396  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
18:02:08.0581 4396  TDTCP - ok
18:02:08.0596 4396  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
18:02:08.0659 4396  tdx - ok
18:02:08.0690 4396  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
18:02:08.0721 4396  TermDD - ok
18:02:08.0752 4396  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
18:02:08.0815 4396  TermService - ok
18:02:08.0830 4396  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
18:02:08.0846 4396  Themes - ok
18:02:08.0877 4396  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
18:02:08.0908 4396  THREADORDER - ok
18:02:08.0924 4396  [ DBCC20C02E8A3E43B03C304A4E40A84F ] TPM             C:\Windows\system32\drivers\tpm.sys
18:02:08.0955 4396  TPM - ok
18:02:08.0971 4396  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
18:02:09.0002 4396  TrkWks - ok
18:02:09.0064 4396  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:02:09.0127 4396  TrustedInstaller - ok
18:02:09.0127 4396  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
18:02:09.0189 4396  tssecsrv - ok
18:02:09.0205 4396  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
18:02:09.0267 4396  TsUsbFlt - ok
18:02:09.0267 4396  [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
18:02:09.0283 4396  TsUsbGD - ok
18:02:09.0314 4396  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
18:02:09.0345 4396  tunnel - ok
18:02:09.0361 4396  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
18:02:09.0361 4396  uagp35 - ok
18:02:09.0392 4396  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
18:02:09.0439 4396  udfs - ok
18:02:09.0470 4396  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
18:02:09.0485 4396  UI0Detect - ok
18:02:09.0517 4396  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
18:02:09.0517 4396  uliagpkx - ok
18:02:09.0548 4396  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
18:02:09.0595 4396  umbus - ok
18:02:09.0610 4396  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
18:02:09.0626 4396  UmPass - ok
18:02:09.0735 4396  [ A0153CC9D28568A10BDAEE5EC612CFC8 ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
18:02:09.0751 4396  UNS - ok
18:02:09.0782 4396  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
18:02:09.0860 4396  upnphost - ok
18:02:09.0907 4396  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
18:02:09.0953 4396  usbccgp - ok
18:02:09.0969 4396  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
18:02:09.0985 4396  usbcir - ok
18:02:10.0000 4396  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
18:02:10.0016 4396  usbehci - ok
18:02:10.0047 4396  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
18:02:10.0078 4396  usbhub - ok
18:02:10.0094 4396  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
18:02:10.0125 4396  usbohci - ok
18:02:10.0141 4396  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\drivers\usbprint.sys
18:02:10.0172 4396  usbprint - ok
18:02:10.0187 4396  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:02:10.0234 4396  USBSTOR - ok
18:02:10.0250 4396  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
18:02:10.0281 4396  usbuhci - ok
18:02:10.0297 4396  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
18:02:10.0312 4396  usbvideo - ok
18:02:10.0343 4396  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
18:02:10.0406 4396  UxSms - ok
18:02:10.0421 4396  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
18:02:10.0437 4396  VaultSvc - ok
18:02:10.0437 4396  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
18:02:10.0453 4396  vdrvroot - ok
18:02:10.0468 4396  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
18:02:10.0515 4396  vds - ok
18:02:10.0531 4396  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
18:02:10.0546 4396  vga - ok
18:02:10.0562 4396  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
18:02:10.0593 4396  VgaSave - ok
18:02:10.0609 4396  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
18:02:10.0624 4396  vhdmp - ok
18:02:10.0624 4396  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
18:02:10.0640 4396  viaide - ok
18:02:10.0687 4396  [ BEEC7DB99737B083C62A84D1328571D2 ] vm332avs        C:\Windows\system32\Drivers\vm332avs.sys
18:02:10.0702 4396  vm332avs - ok
18:02:10.0733 4396  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
18:02:10.0733 4396  volmgr - ok
18:02:10.0749 4396  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
18:02:10.0765 4396  volmgrx - ok
18:02:10.0780 4396  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
18:02:10.0796 4396  volsnap - ok
18:02:10.0827 4396  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
18:02:10.0843 4396  vsmraid - ok
18:02:10.0874 4396  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
18:02:10.0936 4396  VSS - ok
18:02:10.0952 4396  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
18:02:10.0967 4396  vwifibus - ok
18:02:10.0999 4396  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
18:02:11.0014 4396  vwififlt - ok
18:02:11.0045 4396  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
18:02:11.0061 4396  vwifimp - ok
18:02:11.0108 4396  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
18:02:11.0155 4396  W32Time - ok
18:02:11.0186 4396  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
18:02:11.0233 4396  WacomPen - ok
18:02:11.0264 4396  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
18:02:11.0326 4396  WANARP - ok
18:02:11.0342 4396  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
18:02:11.0357 4396  Wanarpv6 - ok
18:02:11.0420 4396  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
18:02:11.0467 4396  WatAdminSvc - ok
18:02:11.0513 4396  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
18:02:11.0607 4396  wbengine - ok
18:02:11.0623 4396  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
18:02:11.0638 4396  WbioSrvc - ok
18:02:11.0669 4396  [ 8BDA6DB43AA54E8BB5E0794541DDC209 ] WcesComm        C:\Windows\WindowsMobile\wcescomm.dll
18:02:11.0685 4396  WcesComm - ok
18:02:11.0716 4396  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
18:02:11.0763 4396  wcncsvc - ok
18:02:11.0779 4396  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:02:11.0825 4396  WcsPlugInService - ok
18:02:11.0841 4396  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
18:02:11.0857 4396  Wd - ok
18:02:11.0888 4396  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
18:02:11.0903 4396  Wdf01000 - ok
18:02:11.0919 4396  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
18:02:11.0981 4396  WdiServiceHost - ok
18:02:11.0981 4396  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
18:02:11.0997 4396  WdiSystemHost - ok
18:02:12.0013 4396  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
18:02:12.0044 4396  WebClient - ok
18:02:12.0059 4396  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
18:02:12.0091 4396  Wecsvc - ok
18:02:12.0122 4396  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
18:02:12.0137 4396  wercplsupport - ok
18:02:12.0153 4396  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
18:02:12.0184 4396  WerSvc - ok
18:02:12.0200 4396  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
18:02:12.0231 4396  WfpLwf - ok
18:02:12.0247 4396  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
18:02:12.0262 4396  WIMMount - ok
18:02:12.0278 4396  WinDefend - ok
18:02:12.0278 4396  WinHttpAutoProxySvc - ok
18:02:12.0340 4396  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
18:02:12.0418 4396  Winmgmt - ok
18:02:12.0481 4396  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
18:02:12.0543 4396  WinRM - ok
18:02:12.0590 4396  [ FE88B288356E7B47B74B13372ADD906D ] WINUSB          C:\Windows\system32\DRIVERS\WinUSB.SYS
18:02:12.0637 4396  WINUSB - ok
18:02:12.0668 4396  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
18:02:12.0715 4396  Wlansvc - ok
18:02:12.0777 4396  [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
18:02:12.0793 4396  wlcrasvc - ok
18:02:12.0871 4396  [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:02:12.0917 4396  wlidsvc - ok
18:02:12.0964 4396  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
18:02:12.0964 4396  WmiAcpi - ok
18:02:12.0995 4396  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
18:02:13.0027 4396  wmiApSrv - ok
18:02:13.0058 4396  WMPNetworkSvc - ok
18:02:13.0073 4396  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
18:02:13.0105 4396  WPCSvc - ok
18:02:13.0136 4396  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
18:02:13.0151 4396  WPDBusEnum - ok
18:02:13.0167 4396  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
18:02:13.0183 4396  ws2ifsl - ok
18:02:13.0198 4396  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
18:02:13.0214 4396  wscsvc - ok
18:02:13.0214 4396  WSearch - ok
18:02:13.0245 4396  [ 83575C43B2BFE9AB0661A7F957E843C0 ] wsvd            C:\Windows\system32\DRIVERS\wsvd.sys
18:02:13.0245 4396  wsvd - ok
18:02:13.0323 4396  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
18:02:13.0401 4396  wuauserv - ok
18:02:13.0432 4396  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
18:02:13.0479 4396  WudfPf - ok
18:02:13.0510 4396  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
18:02:13.0541 4396  WUDFRd - ok
18:02:13.0557 4396  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
18:02:13.0604 4396  wudfsvc - ok
18:02:13.0635 4396  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
18:02:13.0666 4396  WwanSvc - ok
18:02:13.0682 4396  ================ Scan global ===============================
18:02:13.0697 4396  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
18:02:13.0744 4396  [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
18:02:13.0760 4396  [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
18:02:13.0791 4396  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
18:02:13.0822 4396  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
18:02:13.0838 4396  [Global] - ok
18:02:13.0838 4396  ================ Scan MBR ==================================
18:02:13.0853 4396  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
18:02:14.0041 4396  \Device\Harddisk0\DR0 - ok
18:02:14.0041 4396  ================ Scan VBR ==================================
18:02:14.0041 4396  [ CCEDB254BBDAF6DFED43AEF0615F96D4 ] \Device\Harddisk0\DR0\Partition1
18:02:14.0041 4396  \Device\Harddisk0\DR0\Partition1 - ok
18:02:14.0072 4396  [ BAE100A22317EBF0E03738FE2DC8093C ] \Device\Harddisk0\DR0\Partition2
18:02:14.0072 4396  \Device\Harddisk0\DR0\Partition2 - ok
18:02:14.0103 4396  [ A9BF7B20C81C1FDB04EF5992771BCCA8 ] \Device\Harddisk0\DR0\Partition3
18:02:14.0103 4396  \Device\Harddisk0\DR0\Partition3 - ok
18:02:14.0103 4396  ============================================================
18:02:14.0103 4396  Scan finished
18:02:14.0103 4396  ============================================================
18:02:14.0119 4132  Detected object count: 1
18:02:14.0119 4132  Actual detected object count: 1
18:02:30.0249 4132  FTRTSVC ( UnsignedFile.Multi.Generic ) - skipped by user
18:02:30.0249 4132  FTRTSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:03:14.0470 2228  Deinitialize success


Alt 29.11.2012, 10:38   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Startseite durch vlc.de gehackt - Standard

Startseite durch vlc.de gehackt


adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)
__________________
--> Startseite durch vlc.de gehackt

Alt 29.11.2012, 20:12   #7
gtwolffi
 
Startseite durch vlc.de gehackt - Standard

Startseite durch vlc.de gehackt


Sorry, dauerte heute etwas länger.

Code:
ATTFilter
# AdwCleaner v2.009 - Datei am 29/11/2012 um 15:10:33 erstellt
# Aktualisiert am 24/11/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : *** - ***-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\***\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gefunden : C:\ProgramData\Partner

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKLM\Software\Freeze.com

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v16.0.2 (de)

Profilname : default 
Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\bofyw8vw.default\prefs.js

[OK] Die Datei ist sauber.

Profilname : default 
Datei : C:\Users\Kati\AppData\Roaming\Mozilla\Firefox\Profiles\7vw5ufhx.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [1165 octets] - [29/11/2012 15:10:33]

########## EOF - C:\AdwCleaner[R1].txt - [1225 octets] ##########

Alt 29.11.2012, 20:41   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Startseite durch vlc.de gehackt - Standard

Startseite durch vlc.de gehackt


adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x=fortlaufende Nummer)

Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 29.11.2012, 21:41   #9
gtwolffi
 
Startseite durch vlc.de gehackt - Standard

Startseite durch vlc.de gehackt


So, erledigt

Code:
ATTFilter
# AdwCleaner v2.009 - Datei am 29/11/2012 um 21:11:47 erstellt
# Aktualisiert am 24/11/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : *** - ***-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\***\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\ProgramData\Partner

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKLM\Software\Freeze.com

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v16.0.2 (de)

Profilname : default 
Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\bofyw8vw.default\prefs.js

[OK] Die Datei ist sauber.

Profilname : default 
Datei : C:\Users\Kati\AppData\Roaming\Mozilla\Firefox\Profiles\7vw5ufhx.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [1294 octets] - [29/11/2012 15:10:33]
AdwCleaner[S1].txt - [1227 octets] - [29/11/2012 21:11:47]

########## EOF - C:\AdwCleaner[S1].txt - [1287 octets] ##########

Code:
ATTFilter
OTL logfile created on: 29.11.2012 21:18:48 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,90 Gb Total Physical Memory | 6,00 Gb Available Physical Memory | 75,91% Memory free
15,81 Gb Paging File | 13,66 Gb Available in Paging File | 86,40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 653,44 Gb Total Space | 498,31 Gb Free Space | 76,26% Space Free | Partition Type: NTFS
Drive D: | 25,47 Gb Total Space | 22,23 Gb Free Space | 87,29% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Lenovo)
PRC - C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe (Sony Corporation)
PRC - C:\Program Files (x86)\MouseServer\MouseServer.exe (wifimouse@necta.us)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\USB Camera2\VM332_STI.EXE (Vimicro)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\LockKey\LockKey.exe ( )
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (CyberLink)
PRC - C:\Program Files (x86)\CardDetector\HUAWEI1752_1552\CardDetector.exe (France Telecom SA)
PRC - C:\PROGRA~2\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe (France Telecom SA)
PRC - C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe (Brother Industries, Ltd.)
PRC - C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\4a443c775f768ede71bde8e10f50ec0b\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\e88f87e9200afb5ede994c89c92e22b8\IAStorCommon.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\03cfab5534482e8fc313ead6edc19100\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
MOD - C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (mfevtp) -- C:\Windows\SysNative\mfevtps.exe (McAfee, Inc.)
SRV:64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
SRV:64bit: - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV:64bit: - (McProxy) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McOobeSv) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNASvc) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNaiAnn) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (mcmscsvc) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McMPFSvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McAfee SiteAdvisor Service) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (CxAudMsg) -- C:\Windows\SysNative\CxAudMsg64.exe (Conexant Systems Inc.)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (McODS) -- C:\Programme\mcafee\virusscan\mcods.exe (McAfee, Inc.)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (PMBDeviceInfoProvider) -- C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe (Sony Corporation)
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (DamageGuardSvc) -- C:\Programme\Lenovo\Instant Reset\DamageGuardSvc.exe (Lenovo (Beijing) Limited)
SRV - (Intel(R) -- C:\Programme\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation)
SRV - (btwdins) -- C:\Programme\Lenovo\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (McAWFwk) -- c:\Programme\mcafee\msc\McAWFwk.exe (McAfee, Inc.)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (FTRTSVC) -- C:\PROGRA~2\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe (France Telecom SA)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (AAV UpdateService) -- C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ()
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (fbfmon) -- C:\Windows\SysNative\drivers\fbfmon.sys (Lenovo)
DRV:64bit: - (BPntDrv) -- C:\Windows\SysNative\drivers\BPntDrv.sys (Lenovo)
DRV:64bit: - (LHDmgr) -- C:\Windows\SysNative\drivers\LhdX64.sys (Lenovo.)
DRV:64bit: - (ACPIVPC) -- C:\Windows\SysNative\drivers\AcpiVpc.sys (Lenovo Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation)
DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation)
DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation)
DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation)
DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
DRV:64bit: - (mfefirek) -- C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.)
DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\drivers\mfewfpk.sys (McAfee, Inc.)
DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.)
DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.)
DRV:64bit: - (mferkdet) -- C:\Windows\SysNative\drivers\mferkdet.sys (McAfee, Inc.)
DRV:64bit: - (mfenlfk) -- C:\Windows\SysNative\drivers\mfenlfk.sys (McAfee, Inc.)
DRV:64bit: - (cfwids) -- C:\Windows\SysNative\drivers\cfwids.sys (McAfee, Inc.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (DamageGuard) -- C:\Windows\SysNative\drivers\DamageGuardX64.sys (Lenovo)
DRV:64bit: - (vm332avs) -- C:\Windows\SysNative\drivers\vm332avs.sys (Vimicro Corporation)
DRV:64bit: - (btwampfl) -- C:\Windows\SysNative\drivers\btwampfl.sys (Broadcom Corporation.)
DRV:64bit: - (bcbtums) -- C:\Windows\SysNative\drivers\bcbtums.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)
DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronics Corp.)
DRV:64bit: - (dgFltr) -- C:\Windows\SysNative\drivers\dgfltrX64.sys (Lenovo)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (RSUSBVSTOR) -- C:\Windows\SysNative\drivers\rtsuvstor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (InputFilter_Hid_FlexDef2b) -- C:\Windows\SysNative\drivers\InputFilter_FlexDef2b.sys (Siliten)
DRV:64bit: - (wsvd) -- C:\Windows\SysNative\drivers\wsvd.sys (CyberLink)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (hwusbfake) -- C:\Windows\SysNative\drivers\ewusbfake.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-1218633498-1621177202-3112573493-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
IE - HKU\S-1-5-21-1218633498-1621177202-3112573493-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com [binary data]
IE - HKU\S-1-5-21-1218633498-1621177202-3112573493-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-1218633498-1621177202-3112573493-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKU\S-1-5-21-1218633498-1621177202-3112573493-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENN
IE - HKU\S-1-5-21-1218633498-1621177202-3112573493-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-1218633498-1621177202-3112573493-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
IE - HKU\S-1-5-21-1218633498-1621177202-3112573493-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com [binary data]
IE - HKU\S-1-5-21-1218633498-1621177202-3112573493-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.startfenster.com
IE - HKU\S-1-5-21-1218633498-1621177202-3112573493-1001\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-1218633498-1621177202-3112573493-1001\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-1218633498-1621177202-3112573493-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKU\S-1-5-21-1218633498-1621177202-3112573493-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENN
IE - HKU\S-1-5-21-1218633498-1621177202-3112573493-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://sonyuserforum.de/"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012.09.25 21:12:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012.07.03 22:15:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.11.09 22:16:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.11.09 22:16:38 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.06.18 23:45:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2012.10.31 00:22:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bofyw8vw.default\extensions
[2012.07.25 12:51:25 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\bofyw8vw.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.06.18 23:44:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.11.09 22:16:38 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.14 23:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.11.09 22:16:36 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.14 23:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.14 23:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.14 23:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.14 23:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.91\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.91\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.91\gcswf32.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.2_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll
CHR - Extension: Adblock Plus = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.3.1_0\
CHR - Extension: SiteAdvisor = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\
CHR - Extension: Google Chrome to Phone Extension = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco\2.3.1_0\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Common Files\mcafee\systemcore\ScriptSn.20120703190501.dll (McAfee, Inc.)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120703190501.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1218633498-1621177202-3112573493-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Programme\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe (Lenovo(beijing) Limited)
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Programme\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe (Lenovo)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [332BigDog] C:\Program Files (x86)\USB Camera2\VM332_STI.EXE (Vimicro)
O4 - HKLM..\Run: [BEWINTERNET-FR-DMGP-V2SessionManager] C:\Program Files (x86)\Orange\IEWInternet\SessionManager\SessionManager.exe (France Telecom SA)
O4 - HKLM..\Run: [CardDetectorHUAWEI1752_1552] C:\Program Files (x86)\CardDetector\HUAWEI1752_1552\CardDetector.exe (France Telecom SA)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [Dolby Advanced Audio v2] C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe (Dolby Laboratories Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LockKey] C:\Program Files (x86)\LockKey\LockKey.exe ( )
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Lenovo)
O4 - HKLM..\Run: [YouCam Mirage] C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (CyberLink)
O4 - HKLM..\Run: [YouCam Tray] C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe (CyberLink Corp.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1218633498-1621177202-3112573493-1000..\Run: [Power2GoExpress] NA File not found
O4 - HKU\S-1-5-21-1218633498-1621177202-3112573493-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1218633498-1621177202-3112573493-1001..\Run: [MouseServer] C:\Program Files (x86)\MouseServer\MouseServer.exe (wifimouse@necta.us)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-1218633498-1621177202-3112573493-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-1218633498-1621177202-3112573493-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html File not found
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{141A8D46-67F5-4C65-8B6A-DB5CE4A22047}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{141A8D46-67F5-4C65-8B6A-DB5CE4A22047}: NameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7D2011DD-CCDA-496E-A332-D4A23F6C13A4}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Programme\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll (McAfee, Inc.)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0f0bf8e1-bfb8-11e1-8208-dc0ea1e95997}\Shell - "" = AutoRun
O33 - MountPoints2\{0f0bf8e1-bfb8-11e1-8208-dc0ea1e95997}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{2a77db5b-c222-11e1-abd6-dc0ea1e95997}\Shell - "" = AutoRun
O33 - MountPoints2\{2a77db5b-c222-11e1-abd6-dc0ea1e95997}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{4f5aa206-cb88-11e1-a8eb-c01885d21b68}\Shell - "" = AutoRun
O33 - MountPoints2\{4f5aa206-cb88-11e1-a8eb-c01885d21b68}\Shell\AutoRun\command - "" = H:\AutoRunCardDetector.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.29 21:19:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012.11.28 17:59:02 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\***\Desktop\tdsskiller.exe
[2012.11.28 09:51:05 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.11.25 17:38:14 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\vlc
[2012.11.25 17:38:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012.11.25 17:37:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2012.11.17 14:39:47 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys
[2012.11.17 14:39:47 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll
[2012.11.17 14:35:34 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.11.17 14:35:34 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.11.17 14:35:33 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.11.17 14:35:33 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.11.17 14:35:33 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.11.17 14:35:33 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.11.17 14:35:33 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.11.17 14:35:33 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.11.17 14:35:32 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.11.17 14:35:32 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.11.17 14:35:32 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.11.17 14:35:32 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.11.17 14:35:31 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.11.17 14:35:31 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.11.17 14:35:31 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012.11.17 14:32:53 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll
[2012.11.17 14:32:53 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll
[2012.11.17 14:32:52 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll
[2012.11.17 14:32:52 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe
[2012.11.16 20:31:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MouseServer
[2012.11.16 20:31:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MouseServer
[2012.11.16 18:30:42 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll
[2012.11.16 18:30:42 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll
[2012.11.16 18:30:42 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll
[2012.11.16 18:30:33 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll
[2012.11.16 18:30:33 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll
[2012.11.16 18:30:33 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll
[2012.11.16 18:30:33 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll
[2012.11.16 18:30:14 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll
[2012.11.16 18:30:14 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll
[2012.11.16 18:29:49 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll
[2012.11.16 18:29:48 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll
[2012.11.08 17:18:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Geldtipps
[2012.11.08 01:35:48 | 000,513,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_2.dll
[2012.11.08 01:35:48 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll
[2012.11.08 01:35:48 | 000,072,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_1.dll
[2012.11.08 01:35:48 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll
[2012.11.08 01:35:45 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_2.dll
[2012.11.08 01:35:45 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_2.dll
[2012.11.08 01:35:44 | 001,942,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_39.dll
[2012.11.08 01:35:44 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll
[2012.11.08 01:35:44 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_39.dll
[2012.11.08 01:35:44 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll
[2012.11.08 01:35:43 | 004,992,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_39.dll
[2012.11.08 01:35:43 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll
[2012.11.08 01:35:41 | 000,511,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_1.dll
[2012.11.08 01:35:41 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_1.dll
[2012.11.08 01:35:41 | 000,068,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_0.dll
[2012.11.08 01:35:41 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_0.dll
[2012.11.08 01:35:40 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_1.dll
[2012.11.08 01:35:40 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_1.dll
[2012.11.08 01:35:39 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_4.dll
[2012.11.08 01:35:39 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_4.dll
[2012.11.08 01:35:38 | 001,941,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_38.dll
[2012.11.08 01:35:38 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_38.dll
[2012.11.08 01:35:37 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_38.dll
[2012.11.08 01:35:37 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_38.dll
[2012.11.08 01:35:35 | 004,991,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_38.dll
[2012.11.08 01:35:35 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_38.dll
[2012.11.08 01:35:33 | 000,489,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_0.dll
[2012.11.08 01:35:33 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_0.dll
[2012.11.08 01:35:32 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_0.dll
[2012.11.08 01:35:32 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_0.dll
[2012.11.08 01:35:31 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_3.dll
[2012.11.08 01:35:31 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_3.dll
[2012.11.08 01:35:29 | 001,860,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_37.dll
[2012.11.08 01:35:29 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_37.dll
[2012.11.08 01:35:29 | 000,529,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_37.dll
[2012.11.08 01:35:29 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_37.dll
[2012.11.08 01:35:25 | 004,910,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_37.dll
[2012.11.08 01:35:25 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_37.dll
[2012.11.08 01:35:25 | 000,411,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_10.dll
[2012.11.08 01:35:25 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_10.dll
[2012.11.08 01:35:19 | 002,006,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_36.dll
[2012.11.08 01:35:19 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_36.dll
[2012.11.08 01:35:19 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_36.dll
[2012.11.08 01:35:19 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_36.dll
[2012.11.08 01:35:10 | 005,081,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_36.dll
[2012.11.08 01:35:10 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_36.dll
[2012.11.08 01:35:04 | 000,411,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_9.dll
[2012.11.08 01:35:04 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_9.dll
[2012.11.08 01:35:02 | 001,985,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_35.dll
[2012.11.08 01:35:02 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_35.dll
[2012.11.08 01:35:02 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_35.dll
[2012.11.08 01:35:02 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_35.dll
[2012.11.08 01:35:00 | 005,073,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_35.dll
[2012.11.08 01:34:59 | 000,409,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_8.dll
[2012.11.08 01:34:59 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_8.dll
[2012.11.08 01:34:59 | 000,021,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_2.dll
[2012.11.08 01:34:59 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_2.dll
[2012.11.08 01:34:52 | 001,401,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_34.dll
[2012.11.08 01:34:52 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_34.dll
[2012.11.08 01:34:52 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_34.dll
[2012.11.08 01:34:52 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_34.dll
[2012.11.08 01:34:50 | 004,496,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_34.dll
[2012.11.08 01:34:50 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_34.dll
[2012.11.08 01:34:48 | 000,107,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_3.dll
[2012.11.08 01:34:48 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_3.dll
[2012.11.08 01:34:47 | 000,403,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_7.dll
[2012.11.08 01:34:47 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_7.dll
[2012.11.08 01:34:46 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_33.dll
[2012.11.08 01:34:46 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_33.dll
[2012.11.08 01:34:45 | 001,400,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_33.dll
[2012.11.08 01:34:45 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_33.dll
[2012.11.08 01:34:44 | 004,494,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_33.dll
[2012.11.08 01:34:44 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_33.dll
[2012.11.08 01:34:42 | 000,393,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_6.dll
[2012.11.08 01:34:42 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_6.dll
[2012.11.08 01:34:41 | 000,390,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_5.dll
[2012.11.08 01:34:41 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_5.dll
[2012.11.08 01:34:39 | 000,469,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10.dll
[2012.11.08 01:34:39 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10.dll
[2012.11.08 01:34:37 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_32.dll
[2012.11.08 01:34:37 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll
[2012.11.08 01:34:06 | 000,364,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_4.dll
[2012.11.08 01:34:06 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_4.dll
[2012.11.08 01:34:06 | 000,017,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_1.dll
[2012.11.08 01:34:06 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_1.dll
[2012.11.08 01:33:34 | 003,977,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_31.dll
[2012.11.08 01:33:34 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_31.dll
[2012.11.08 01:33:23 | 000,363,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_3.dll
[2012.11.08 01:33:23 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_3.dll
[2012.11.08 01:33:18 | 000,083,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_2.dll
[2012.11.08 01:33:18 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_2.dll
[2012.11.08 01:33:10 | 000,354,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_2.dll
[2012.11.08 01:33:10 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_2.dll
[2012.11.08 01:33:06 | 000,083,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_1.dll
[2012.11.08 01:33:06 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_1.dll
[2012.11.08 01:33:00 | 000,352,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_1.dll
[2012.11.08 01:33:00 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_1.dll
[2012.11.08 01:32:14 | 003,927,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_30.dll
[2012.11.08 01:32:14 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll
[2012.11.08 01:32:12 | 000,355,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_0.dll
[2012.11.08 01:32:12 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_0.dll
[2012.11.08 01:32:12 | 000,016,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_0.dll
[2012.11.08 01:32:12 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_0.dll
[2012.11.08 01:32:10 | 003,830,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_29.dll
[2012.11.08 01:32:10 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_29.dll
[2012.11.08 01:32:07 | 003,815,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_28.dll
[2012.11.08 01:32:07 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_28.dll
[2012.11.08 01:32:04 | 003,807,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_27.dll
[2012.11.08 01:32:04 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_27.dll
[2012.11.08 01:32:02 | 003,767,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_26.dll
[2012.11.08 01:32:02 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_26.dll
[2012.11.08 01:32:01 | 003,823,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_25.dll
[2012.11.08 01:32:01 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_25.dll
[2012.11.08 01:31:59 | 003,544,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_24.dll
[2012.11.08 01:31:59 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_24.dll
[2012.11.08 00:03:43 | 000,179,200 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\SysNative\BrWia09a.dll
[2012.11.04 13:46:58 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\offline Websiten
[2012.10.31 00:14:26 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\GeldtippsBackup
[2012.10.31 00:12:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IZArc
[2012.10.31 00:12:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IZArc
[2012.10.30 23:42:24 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\PC-FAX TX
[2012.10.30 23:40:52 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Brother
[2012.10.30 22:59:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
[2012.10.30 22:58:18 | 000,073,728 | ---- | C] (Brother Industories Ltd. P&S Company) -- C:\Windows\SysWow64\BRCrypt.dll
[2012.10.30 22:58:18 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\BrFaxRx
[2012.10.30 22:58:05 | 000,179,712 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\SysNative\BrfxDA5b.dll
[2012.10.30 22:58:05 | 000,118,784 | ---- | C] (Brother Industries,LTD.) -- C:\Windows\SysWow64\BrMfNt.dll
[2012.10.30 22:58:04 | 000,207,872 | ---- | C] (brother) -- C:\Windows\SysNative\NSSRH64.dll
[2012.10.30 22:58:03 | 000,082,944 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\SysNative\BrNetSti.dll
[2012.10.30 22:58:03 | 000,058,368 | ---- | C] (Brother Industries,Ltd.) -- C:\Windows\SysNative\BrWiaNCp.dll
[2012.10.30 22:58:03 | 000,047,616 | ---- | C] (Brother Industries,Ltd) -- C:\Windows\SysNative\Brnsplg.dll
[2012.10.30 22:58:01 | 000,073,728 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysWow64\BrDctF2.dll
[2012.10.30 22:58:01 | 000,005,632 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysWow64\BrDctF2L.dll
[2012.10.30 22:58:01 | 000,003,072 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysWow64\BrDctF2S.dll
[2012.10.30 22:57:59 | 001,560,576 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\SysNative\BrWia09b.dll
[2012.10.30 22:57:54 | 000,111,928 | ---- | C] (Brother Industries Ltd) -- C:\Windows\SysWow64\BRRBTOOL.EXE
[2012.10.30 22:57:54 | 000,077,824 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\SysWow64\BRLMW03A.DLL
[2012.10.30 22:57:52 | 000,176,128 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\SysWow64\BroSNMP.dll
[2012.10.30 22:57:48 | 000,167,936 | ---- | C] (brother) -- C:\Windows\SysWow64\NSSearch.dll
[2012.10.30 22:57:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Brother
[2012.10.30 22:57:45 | 000,024,223 | ---- | C] (Brother Industries, Ltd) -- C:\Windows\SysWow64\BRLM03A.DLL
[2012.10.30 22:56:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Brother
[2012.10.30 22:56:28 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\InstallShield
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.29 21:21:57 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.29 21:21:57 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.29 21:19:35 | 000,001,839 | ---- | M] () -- C:\Users\Public\Desktop\McAfee AntiVirus Plus.lnk
[2012.11.29 21:15:36 | 000,143,188 | ---- | M] () -- C:\Windows\SysNative\fastboot.set
[2012.11.29 21:14:21 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.11.29 21:14:01 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.11.29 21:13:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.29 21:13:41 | 2070,691,839 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.29 21:10:04 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.11.29 21:10:04 | 000,696,870 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.11.29 21:10:04 | 000,652,148 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.11.29 21:10:04 | 000,148,134 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.11.29 21:10:04 | 000,121,080 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.11.29 14:07:23 | 000,480,125 | ---- | M] () -- C:\Users\***\Desktop\adwcleaner.exe
[2012.11.28 17:59:15 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\***\Desktop\tdsskiller.exe
[2012.11.28 09:51:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.11.28 09:50:29 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2012.11.25 17:38:09 | 000,001,081 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.11.25 17:37:17 | 000,001,194 | ---- | M] () -- C:\Users\***\Desktop\Startfenster.lnk
[2012.11.19 00:13:54 | 000,001,230 | ---- | M] () -- C:\Users\***\Desktop\Calculator.lnk
[2012.11.17 22:28:29 | 000,309,280 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.11.16 20:31:13 | 000,001,058 | ---- | M] () -- C:\Users\Public\Desktop\MouseServer.lnk
[2012.11.08 17:18:11 | 000,002,176 | ---- | M] () -- C:\Users\Public\Desktop\Homebanking 2012.lnk
[2012.11.08 00:32:38 | 000,000,432 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2012.11.08 00:04:13 | 000,000,034 | ---- | M] () -- C:\Windows\SysWow64\BD7820N.DAT
[2012.11.08 00:03:48 | 000,000,050 | ---- | M] () -- C:\Windows\SysNative\bd7820n.dat
[2012.11.04 18:33:40 | 000,001,504 | ---- | M] () -- C:\Users\***\Desktop\2477-2_Fotografieren_Fortgeschrittene - Verknüpfung.lnk
[2012.11.01 00:08:40 | 000,005,971 | ---- | M] () -- C:\Users\***\AppData\Local\recently-used.xbel
[2012.10.31 00:12:37 | 000,001,844 | ---- | M] () -- C:\Users\***\Desktop\IZArc.lnk
[2012.10.30 23:42:24 | 000,000,336 | ---- | M] () -- C:\Windows\Brpfx04a.ini
[2012.10.30 22:59:22 | 000,000,093 | ---- | M] () -- C:\Windows\brpcfx.ini
[2012.10.30 22:58:59 | 000,000,034 | ---- | M] () -- C:\Windows\SysWow64\BD7440N.DAT
[2012.10.30 22:58:18 | 000,000,066 | ---- | M] () -- C:\Windows\Brfaxrx.ini
[2012.10.30 22:58:18 | 000,000,050 | ---- | M] () -- C:\Windows\SysNative\bd7440n.dat
 
========== Files Created - No Company Name ==========
 
[2012.11.29 14:07:13 | 000,480,125 | ---- | C] () -- C:\Users\***\Desktop\adwcleaner.exe
[2012.11.28 09:50:29 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2012.11.25 17:38:09 | 000,001,081 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.11.25 17:37:17 | 000,001,194 | ---- | C] () -- C:\Users\***\Desktop\Startfenster.lnk
[2012.11.19 00:13:54 | 000,001,230 | ---- | C] () -- C:\Users\***\Desktop\Calculator.lnk
[2012.11.17 14:39:48 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012.11.17 14:32:51 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012.11.16 20:31:13 | 000,001,058 | ---- | C] () -- C:\Users\Public\Desktop\MouseServer.lnk
[2012.11.08 17:18:11 | 000,002,176 | ---- | C] () -- C:\Users\Public\Desktop\Homebanking 2012.lnk
[2012.11.08 00:04:13 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD7820N.DAT
[2012.11.08 00:03:48 | 000,000,050 | ---- | C] () -- C:\Windows\SysNative\bd7820n.dat
[2012.11.04 18:33:40 | 000,001,504 | ---- | C] () -- C:\Users\***\Desktop\2477-2_Fotografieren_Fortgeschrittene - Verknüpfung.lnk
[2012.11.01 00:08:40 | 000,005,971 | ---- | C] () -- C:\Users\***\AppData\Local\recently-used.xbel
[2012.10.31 00:12:37 | 000,001,844 | ---- | C] () -- C:\Users\***\Desktop\IZArc.lnk
[2012.10.30 22:59:22 | 000,000,336 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2012.10.30 22:59:22 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2012.10.30 22:58:59 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012.10.30 22:58:59 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD7440N.DAT
[2012.10.30 22:58:18 | 000,000,050 | ---- | C] () -- C:\Windows\SysNative\bd7440n.dat
[2012.10.30 22:58:06 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll
[2012.10.30 22:58:05 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2012.10.30 22:58:05 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2012.10.30 22:58:03 | 000,143,360 | ---- | C] () -- C:\Windows\SysNative\BrSNMP64.dll
[2012.10.30 22:57:54 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2012.10.30 22:57:44 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
[2012.07.16 00:09:38 | 000,000,986 | ---- | C] () -- C:\Users\***\AppData\Roaming\.ptbt1
[2012.06.29 21:47:44 | 001,456,640 | ---- | C] () -- C:\Program Files (x86)\Common Files\Falk Navi-Manager.msi
[2012.06.25 08:50:14 | 000,111,928 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.06.25 08:49:57 | 002,793,768 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2012.06.25 08:49:57 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.06.18 16:46:20 | 000,000,000 | ---- | C] () -- C:\Windows\firstboot.dat
[2012.05.10 10:43:58 | 002,086,240 | ---- | C] () -- C:\Windows\SysWow64\LenovoVeriface.Interface.dll
[2012.05.10 10:43:58 | 001,500,512 | ---- | C] () -- C:\Windows\SysWow64\Apblend.dll
[2012.05.10 10:43:58 | 001,171,456 | ---- | C] () -- C:\Windows\SysWow64\PicNotify.dll
[2012.05.10 10:43:58 | 000,472,416 | ---- | C] () -- C:\Windows\SysWow64\Lenovo.VerifaceStub.dll
[2012.05.10 10:43:50 | 001,044,480 | ---- | C] () -- C:\Windows\SysWow64\3DImageRenderer.dll
[2012.05.10 10:33:18 | 000,001,779 | ---- | C] () -- C:\Windows\vm332Rmv.ini
[2012.05.10 10:33:18 | 000,001,779 | ---- | C] () -- C:\Windows\SysWow64\vm332Rmv.ini
[2012.05.10 10:30:46 | 001,589,650 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.03.05 09:28:13 | 000,735,796 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin
[2012.03.05 09:28:11 | 000,561,508 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin
[2012.03.05 09:28:08 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.03.05 09:28:07 | 013,020,160 | ---- | C] () -- C:\Windows\SysWow64\ig7icd32.dll
[2012.02.02 21:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
Code:
ATTFilter
OTL Extras logfile created on: 29.11.2012 21:18:48 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,90 Gb Total Physical Memory | 6,00 Gb Available Physical Memory | 75,91% Memory free
15,81 Gb Paging File | 13,66 Gb Available in Paging File | 86,40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 653,44 Gb Total Space | 498,31 Gb Free Space | 76,26% Space Free | Partition Type: NTFS
Drive D: | 25,47 Gb Total Space | 22,23 Gb Free Space | 87,29% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_USERS\S-1-5-21-1218633498-1621177202-3112573493-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Orange\IEWInternet\Connectivity\ConnectivityManager.exe" = C:\Program Files (x86)\Orange\IEWInternet\Connectivity\ConnectivityManager.exe:*:enabled:CSS -- (France Telecom SA)
"C:\Program Files (x86)\Orange\IEWInternet\Connectivity\ConnectivityManager.exe" = C:\Program Files (x86)\Orange\IEWInternet\Connectivity\ConnectivityManager.exe:*:enabled:CSS -- (France Telecom SA)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0693332C-0038-4EC9-8F6C-FCBED5A64183}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{06CA3645-B8DF-40FF-9E83-2BBFA6095E1E}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{17FA765B-867E-4E5C-BA5A-B5A2C1454BB1}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{216EE464-FAC7-4C9A-B870-512A63FFA616}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{2AA48EA8-B6DE-44E4-9020-19B54B663297}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{364739E3-80D5-4720-8830-0EA7424AAE00}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{3ED3725E-5968-46DA-A372-BFF491E831EB}" = rport=137 | protocol=17 | dir=out | app=system | 
"{41F20940-140C-4C60-AD68-2D9D9417E2BB}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4AEA1B5C-46BB-49EF-9799-55CD2A0674EA}" = lport=137 | protocol=17 | dir=in | app=system | 
"{4E8A643F-3576-4259-AC12-DE19498D2F73}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{55F6F074-348C-4728-A441-ABDB76EFC4EF}" = rport=445 | protocol=6 | dir=out | app=system | 
"{65648D5D-B8CF-400B-A937-3961FCCFFDFE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{6573DF44-1DA4-4945-88C9-253C9B83E14D}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{69CB2F81-4857-45FD-B96D-FDBC484F2095}" = rport=139 | protocol=6 | dir=out | app=system | 
"{6F962232-55CC-4BA9-8433-1164C870D337}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{72E86070-7A53-467C-BF68-9EFCAD2BF7B3}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner | 
"{7A1A76C6-DAD1-4C1E-A5C4-3EAFFB15DE2D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{8043BA1A-9645-45CE-9D31-2BD5EAF3F291}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{870806B0-CCA6-40B8-B6A6-C98AE75D32C4}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{8F8B55E7-2428-4766-A7C8-60C58554DBD1}" = rport=138 | protocol=17 | dir=out | app=system | 
"{92AC3111-13E1-4D12-BE6B-DD9A1E1C1C5A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{9BB88D15-E3C1-4D37-82D6-E243E02AF949}" = lport=138 | protocol=17 | dir=in | app=system | 
"{9D65A05E-B1C9-40F5-9742-3E0FE02E9707}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{A172C2EE-AF4B-4E1D-B4C7-A0265856582F}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{AB255200-5E76-434D-85EB-8D659EF25302}" = lport=445 | protocol=6 | dir=in | app=system | 
"{AE69D345-569F-4B38-8151-2040FA152917}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{B57984D8-FB65-45C8-A554-89306877B721}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B82B208D-5420-4636-BBE1-4963A40429E6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{BEB50EA7-8255-4992-B4C7-C44684AB0560}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{BED67B16-9073-4E82-A087-0440F775CBE9}" = lport=139 | protocol=6 | dir=in | app=system | 
"{CECFBB1B-91C7-4321-88D6-D147BD77B6F3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D63BC2F3-311F-457A-B7B5-E6701466AD33}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E7E4783C-8BEF-4100-B1D7-4D40237DE87D}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{FEECC5E8-7757-4F46-A27B-8AE7DD5A5AB8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0285A83D-3951-4DD1-BD0D-4AB747D569E1}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{04F5E2B0-0DC8-4750-932C-6250DE975A89}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{07F35306-3B1D-4066-9642-649886C31AEE}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{0B307022-64DC-4713-A4CE-9F15BAC6D51A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{12E60B2C-C410-407B-A811-AB962581A1FB}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{1C84FA94-2676-4481-8E73-4F30D648DED9}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{1E2E5953-CDB5-43DC-BEED-0BB27B30EC71}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's endwar\tom clancy's endwar launcher.exe | 
"{20A04FC3-0EE3-43A2-8F98-A77C9E8E797A}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\fc2serverlauncher.exe | 
"{2C1729A6-3E2B-4FD5-A2B6-1B81F7F76D1B}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\fc2editor.exe | 
"{34FAEB58-593F-40BC-8EC3-6D43A16C4CFD}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\fc2launcher.exe | 
"{35E9199B-3A68-4F74-9F9A-CEAA372C73DE}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{3775EC83-5A72-42ED-94F8-E2A4AD7FB6FF}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{3E11BE51-04B6-40CA-B4E7-4626F7DF3B5F}" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | 
"{3E5667BB-345F-441B-84EB-64453C89E976}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's endwar\binaries\endwar.exe | 
"{405985B5-C5F4-448D-9B1C-6125DC8760F8}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{42CA6EE7-D7DC-43EB-B4FA-A92B77EAFB22}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{465D3A70-28DC-4CAA-BC25-8568D2A76B2B}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's endwar\tom clancy's endwar launcher.exe | 
"{4DD106C9-7ABC-494C-9AC4-5D40E3DEEBCC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{52E22F53-037F-4CD2-93EA-5C961DB5B82C}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{570A7F0C-C173-46A9-9832-539CA66705C6}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{5A879DED-1639-41FE-98A4-260DCAE465C2}" = protocol=6 | dir=out | app=system | 
"{5E4C62D5-FE48-4D41-A33B-BF2867726F57}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{638EE019-F701-49E1-81FC-9D5C8849BEB5}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\farcry2.exe | 
"{652FB133-818D-450B-B347-C5770013A74C}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{662A1600-31FA-40B0-9F0D-3C65A0D9D5AB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{688BD2B9-DD2A-4794-B22F-736372828800}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{6B797F1E-63D5-429C-840F-5BD9EA5ED657}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{6B87A22C-77B6-45CB-99F5-B6D308C89AB8}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\fc2editor.exe | 
"{7153FCCB-183A-400B-9D80-91B50811422D}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{7358BCB4-F64F-43F6-B18C-24995B3458FD}" = protocol=6 | dir=in | app=c:\program files (x86)\brother\brmfl07b\faxrx.exe | 
"{76C7DC29-4FA7-4DF6-B0D8-04E90C0792A6}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{780E2416-318F-4A52-B04B-AB6B0B24217D}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{79EB71B2-2718-4386-B796-EA59D80EFCFC}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{7D15833B-BD4D-4AFD-8F86-2712E3C032D5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{89522E51-3F54-4CE8-B32B-940EA5B4BE7C}" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | 
"{8A1BDE0D-25CD-48A3-8E20-8C660930BEF6}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\farcry2.exe | 
"{8A404954-1F07-4250-8D39-0D205EE7087F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{91DD3E47-85C5-4778-A2D8-DECC13EB82BD}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's endwar\binaries\endwar.exe | 
"{91E7B7C1-10AF-4FEA-87E7-EA9C99C59D89}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\fc2serverlauncher.exe | 
"{961DD3D3-A7DA-4BB0-84F7-298207175CA8}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{97BCBACA-9D27-4881-9EAB-A0CF9FE0317B}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{A4B2E48D-536E-4673-B43B-A7025E449C88}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\fc2launcher.exe | 
"{A556E902-6BAC-47B9-8136-A77C36FA7642}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{B3391430-1606-4A8B-BC1B-DA36B6D22A77}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{BEAE562E-4B76-4BAE-87B7-64CBBD76232F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{C3F92B4E-FF98-4B25-B1A9-F799F54C4BEF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C56C8A29-6BF8-42FC-AB57-9CE04B62E07E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{CCED029A-9036-4D66-A30B-24317C4CE13A}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{D9C47A34-5A85-4057-B823-9BEA87E65EF0}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{D9F01E11-F105-4C13-8C91-CF8924D6A09A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{DD77C505-F3A0-4B13-A396-DB18D79F534A}" = protocol=17 | dir=in | app=c:\program files (x86)\brother\brmfl07b\faxrx.exe | 
"{E0A7CD57-B1BF-4C8E-9F6C-836A06921CA2}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{E1A355B9-CF09-43BA-8CD3-630D2B2B2DCD}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{EF7254B5-4ADB-4643-A08F-65F24C8A7A14}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{EFDBF306-8D75-4BD7-A0E9-B962CE51D328}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{FB353C26-52CE-4A38-A9DB-C1633CCF7A44}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"TCP Query User{FD5193D8-EA27-4652-BE7C-60B8EF53C059}C:\program files (x86)\mouseserver\mouseserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mouseserver\mouseserver.exe | 
"UDP Query User{D257F77F-D4EF-43F8-B53E-6DC7FCDCC494}C:\program files (x86)\mouseserver\mouseserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mouseserver\mouseserver.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{09536BA1-E498-4CC3-B834-D884A67D7E34}" = Intel® Trusted Connect Service Client
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{92DBCA36-9B41-4DD1-941A-AED149DD37F0}" = Windows Mobile-Gerätecenter: Treiberupdate
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}" = Lenovo Bluetooth with Enhanced Data Rate Software
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 295.93
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 295.93
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.7.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.11.1111
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D4F66BBA-D79E-4F11-9B06-70C3D75A2958}" = Adobe Photoshop Lightroom 3.6 64-bit
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"99841829BE839365AA67B2AD0E50D371F59F8A1E" = Windows-Treiberpaket - Lenovo (ACPIVPC) System  (12/15/2011 7.1.0.1)
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Elantech" = Lenovo pointing device
"Lenovo EE Boot Optimizer" = Lenovo EE Boot Optimizer
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{28ABE740-47F3-441B-9437-852F6A64EFF8}" = Lenovo_Wireless_Driver
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3222B0CE-59C5-4CA0-B545-2B88F200756B}" = Falk Navi-Manager
"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F1C9552-58E0-4AAC-A616-AE3A28720EC6}" = GimpShop 2.8
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{46E1B1F2-A279-4356-9B17-029F9CC72EAE}" = Brother MFL-Pro Suite MFC-7440N
"{46ED2B64-85C7-4E1F-920C-A555B21F2E4C}" = NVIDIA PhysX
"{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}" = OpenOffice.org 3.4
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7C3D8108-8D99-427F-A1C2-D8E0D25A469C}" = Tom Clancy's EndWar
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84E21775-C6B8-4FC9-B851-6C9AD9C81F32}" = Falk Navi-Manager
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E41D2A5-C0DD-4139-8C7A-2F0E1F20ED24}" = CombineZP
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.1.7
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5AD9E46-F4F8-4CA3-939A-CF732E391ACF}" = Geldtipps Homebanking 2012 AAV
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{ADE16A9D-FBDC-4ECC-B6BD-9C31E51D0333}" = Lenovo EasyCamera
"{AF192694-4B15-4AC1-92F3-1B02E98C08BD}" = LockKey
"{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}" = AAVUpdateManager
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}" = Dolby Advanced Audio v2
"{BEWINTERNET-FR-DMGP-V2}.UninstallSuite" = Internet Everywhere
"{C2530D63-B66B-48B5-BB50-7C6281FE7AA6}" = Brother MFL-Pro Suite MFC-7820N
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E03CD71A-F595-49DF-9ADC-0CFC93B1B211}" = PlayMemories Home
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E13018F5-FFC7-4729-9C1B-1A85807D03E6}_is1" = MouseServer Version 1.2.0
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = Benutzerhandbuch
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) OpenCL CPU Runtime
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"CardDetectorHUAWEI1752_1552" = Card Detector for Huawei E1752 and E1552
"GeoSetter_is1" = GeoSetter 3.4.16
"Google Chrome" = Google Chrome
"Hugin" = Hugin 2011.4.0
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"InstallShield_{AF192694-4B15-4AC1-92F3-1B02E98C08BD}" = LockKey
"InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = UserGuide
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSC" = McAfee AntiVirus Plus
"PunkBusterSvc" = PunkBuster Services
"VeriFace" = VeriFace
"VLC media player" = VLC media player 2.0.4
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1218633498-1621177202-3112573493-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1218633498-1621177202-3112573493-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 30.10.2012 17:33:15 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 30.10.2012 18:38:08 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 30.10.2012 18:45:15 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 31.10.2012 14:01:25 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 31.10.2012 15:25:53 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 03.11.2012 09:39:55 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 03.11.2012 11:47:10 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 04.11.2012 06:10:15 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 04.11.2012 17:28:50 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 06.11.2012 22:21:10 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 16.10.2012 04:47:37 | Computer Name = ***-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 16.10.2012 04:47:37 | Computer Name = ***-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 18.10.2012 13:27:01 | Computer Name = ***-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 21.10.2012 07:32:17 | Computer Name = ***-PC | Source = NetBT | ID = 4321
Description = Der Name "WORKGROUP      :1d" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.178.30  registriert werden. Der Computer mit IP-Adresse 192.168.178.1
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 21.10.2012 07:37:27 | Computer Name = ***-PC | Source = NetBT | ID = 4321
Description = Der Name "WORKGROUP      :1d" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.178.30  registriert werden. Der Computer mit IP-Adresse 192.168.178.1
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 22.10.2012 08:43:20 | Computer Name = ***-PC | Source = NetBT | ID = 4321
Description = Der Name "WORKGROUP      :1d" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.178.30  registriert werden. Der Computer mit IP-Adresse 192.168.178.1
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 07.11.2012 19:31:16 | Computer Name = ***-PC | Source = WMPNetworkSvc | ID = 866300
Description = 
 
Error - 08.11.2012 12:15:58 | Computer Name = ***-PC | Source = WMPNetworkSvc | ID = 866300
Description = 
 
Error - 10.11.2012 07:52:38 | Computer Name = ***-PC | Source = NetBT | ID = 4321
Description = Der Name "WORKGROUP      :1d" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.178.30  registriert werden. Der Computer mit IP-Adresse 192.168.178.1
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 16.11.2012 15:26:13 | Computer Name = ***-PC | Source = DCOM | ID = 10010
Description = 
 
 
< End of report >

Alt 29.11.2012, 22:31   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Startseite durch vlc.de gehackt - Standard

Startseite durch vlc.de gehackt


Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 30.11.2012, 00:40   #11
gtwolffi
 
Startseite durch vlc.de gehackt - Ausrufezeichen

Startseite durch vlc.de gehackt


hat lange gedauert, aber irgendwann war dann aus ESET fertig, aber erstmal das Log von malwarebytes

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.11.29.10

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
*** :: ***-PC [Administrator]

Schutz: Aktiviert

29.11.2012 22:48:42
mbam-log-2012-11-29 (22-48-42).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 246784
Laufzeit: 3 Minute(n), 53 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\***\Downloads\IZArcInstall.exe (PUP.BundleInstaller.BI) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

und nun ESET

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=12
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=3cd2e183fa10794e97837c824fbc3193
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-11-29 10:04:30
# local_time=2012-11-29 11:04:30 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5121 16777213 100 75 8040164 8511772 0 0
# compatibility_mode=5893 16776573 100 94 35646 105856520 0 0
# compatibility_mode=8192 67108863 100 0 3824 3824 0 0
# scanned=0
# found=0
# cleaned=0
# scan_time=0
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=3cd2e183fa10794e97837c824fbc3193
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-11-29 11:21:39
# local_time=2012-11-30 12:21:39 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5121 16777213 100 75 8040489 8512097 0 0
# compatibility_mode=5893 16776573 100 94 35971 105856845 0 0
# compatibility_mode=8192 67108863 100 0 4149 4149 0 0
# scanned=156595
# found=0
# cleaned=0
# scan_time=4303

Alt 30.11.2012, 09:52   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Startseite durch vlc.de gehackt - Standard

Startseite durch vlc.de gehackt


Sieht soweit ok aus. Der Fund von Malwarebytes bedeutet nur, dass der Installer von IZArc Toolbars/Adware installieren kann

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 30.11.2012, 12:37   #13
gtwolffi
 
Startseite durch vlc.de gehackt - Standard

Startseite durch vlc.de gehackt


Vielen Dank für die Hilfe, ich werde mir MVPS Hosts File sicherlich anschauen und dann auch anwenden. Ich denke ich bin jetzt wieder "seuchenfrei", zumindest kann ich nichts mehr erkennen. Ich musste jetzt allerdings die Einträge für die angelegte Startseite in den Browsern noch manuell ändern, aber jetzt ist davon nichts mehr zu sehen.

Als nächstes werde ich wohl meinen Virenschutz wieder auf Vordermann bringen, damit ich das nächste Mal besser gewappnet bin, und euch nicht nochmals in Anspruch nehmen muss
Ich finde Eure Arbeit super, ihr seid wirklich unglaublich hilfsbereit und kompetent. Nochmals herzlichen Dank dafür.

lg
Gerhard

Alt 30.11.2012, 12:40   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Startseite durch vlc.de gehackt - Standard

Startseite durch vlc.de gehackt


Dann wären wir durch!

Die Programme, die hier zum Einsatz kamen, können alle wieder runter. Mit Hilfe von OTL kannst du auch viele Tools entfernen:

Starte bitte OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.


Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken.


Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate
Windows XP:Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.
Windows Vista/7: Start, Systemsteuerung, Windows-Update


PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:
Prüfen => Adobe - Flash Player
Downloadlinks findest du hier => Browsers and Plugins - FilePony.de

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 02.12.2012, 15:59   #15
gtwolffi
 
Startseite durch vlc.de gehackt - Standard

Startseite durch vlc.de gehackt


Ich habe nun all Deine Tips beachtet und werde die empfohlenen Software sicherlich auch noch auf meine anderen PC installieren. Ich danke Dir nochmals für die gute und prompte Hilfe.

Viele Grüße
Gerhard

Antwort

Themen zu Startseite durch vlc.de gehackt
adblock, autorun, bho, browser, error, firefox, flash player, format, geld, google, home, install.exe, lenovo, mozilla, nvidia update, nvpciflt.sys, object, problem, realtek, registry, rundll, scan, security, siteadvisor, software, startseite.com vlc trojaner?, svchost.exe, system, trick, usb, usb 2.0, usb 3.0, warnung, windows


« Ebenfalls: Fehlermeldung beim Start: Server ist ausgelastet / WIN7 | Ukash Bundespolizei Infektion - Logs anbei »


Ähnliche Themen: Startseite durch vlc.de gehackt


  1. Durch Teamspeak 3 gehackt werden?
    Plagegeister aller Art und deren Bekämpfung - 10.10.2015 (8)
  2. Windows 7: Steam Account durch Virus gehackt und entwendet, Steam infiziert : Win32:Malware-gen
    Log-Analyse und Auswertung - 14.09.2015 (16)
  3. Win 7, Addware durch Softwareinstallation (Programme, Umleitungen, neue Startseite und Suchmaschine, Browser Add-ons und Plug-Ins)
    Log-Analyse und Auswertung - 21.01.2015 (11)
  4. Programm wird andauernd minimiert durch "Suchergebnisse" + Firefox springt immer auf Startseite zurück
    Log-Analyse und Auswertung - 23.12.2014 (7)
  5. Durch Biet-o-matic jetzt statt google startseite jetzt webssearches
    Plagegeister aller Art und deren Bekämpfung - 22.12.2014 (9)
  6. email gehackt überprüft durch BSI-sicherheitstest
    Plagegeister aller Art und deren Bekämpfung - 23.01.2014 (6)
  7. Windows7PC - Win32Adware-gen und Win32:Dropper-gen erst nach vollst. Scan durch AVAST gefunden - Kreditkarte "gehackt"
    Log-Analyse und Auswertung - 28.10.2013 (9)
  8. Wahrscheinlich E-mail durch Keylogger gehackt
    Plagegeister aller Art und deren Bekämpfung - 23.05.2013 (8)
  9. MY start incredibar entfernen durch Downloads auf Google startseite
    Log-Analyse und Auswertung - 13.10.2012 (2)
  10. Wurde mein Rapidshare-Account durch einen Keylogger, etc. "gehackt"?
    Plagegeister aller Art und deren Bekämpfung - 07.05.2012 (0)
  11. [Gehackt]Gehackt dank nem kleinen Bruder
    Plagegeister aller Art und deren Bekämpfung - 03.02.2011 (2)
  12. eMailpasswort gehackt, Probleme mit alles USB-Geräten immer wieder Funde durch Antivir
    Log-Analyse und Auswertung - 08.01.2011 (21)
  13. In Firefox wird die Startseite durch Werbung ersetzt
    Log-Analyse und Auswertung - 25.05.2010 (2)
  14. Amazon Account gehackt + E-mail gehackt !
    Plagegeister aller Art und deren Bekämpfung - 05.05.2008 (16)
  15. Gehackt werden durch Mail??
    Diskussionsforum - 31.03.2008 (8)
  16. Online Banking gehackt durch Trojaner !!!!!!!!
    Plagegeister aller Art und deren Bekämpfung - 24.01.2006 (9)
  17. Meine Startseite ist geändert durch einen Trojaner???
    Log-Analyse und Auswertung - 10.11.2004 (3)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Startseite durch vlc.de gehackt - Hallo zusammen, als erstes möchte ich mich schon mal für die hervorragende Arbeit bedanken, die ihr hier macht. Ich habe schon oft hier gelesen und meistens Entwarnung gefunden. Diesmal habe - Startseite durch vlc.de gehackt...
Archiv
Du betrachtest: Startseite durch vlc.de gehackt auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131