Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Werbelinks in Browser - Pop-ups

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 02.01.2013, 11:31   #1
bazzzingah
 
Werbelinks in Browser - Pop-ups - Standard

Werbelinks in Browser - Pop-ups



Hallo!

Ich habe im Browser ständig irgendwelche Werbelinks, bei denen sich beim Berühren mit dem Mauszeiger ein Popup öffnet. Dies sieht so aus:

hxxp://img717.imageshack.us/img717/3949/werbelink.jpg

Hier poste ich, weil ich das Thema schon gegoogelt, sowie in Foren gesucht habe, jedoch mit keinem Erfolg. Ich habe bereitss spybot, malwarebytes, norton und adwarecleaner benutzt. Auch habe ich die Listen im Adblocker des Firefox erweitert.

Vielleicht könnt ihr mir helfen!

Alt 02.01.2013, 13:09   #2
Psychotic
/// Malwareteam
 
Werbelinks in Browser - Pop-ups - Standard

Werbelinks in Browser - Pop-ups



Um eine genauere Analyse zu ermöglichen, befolge bitte diesen Link:

An alle Hilfesuchenden! Was muss ich vor Eröffnung eines Themas beachten?

Hinweis: Poste die erstellten Logfiles hier in deinem Thema - erstelle kein neues!

Falls bereits installierte Antivirensoftware Funde gemeldet hat: Füge unbedingt die entsprechenden Logdateien bei!
__________________

__________________

Alt 02.01.2013, 16:12   #3
bazzzingah
 
Werbelinks in Browser - Pop-ups - Standard

Werbelinks in Browser - Pop-ups



Danke für die schnelle Antwort!

So, hier mal die benötigten Log-Files:

OTL.txt:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 02.01.2013 15:05:46 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\robert\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,90 Gb Total Physical Memory | 2,04 Gb Available Physical Memory | 52,37% Memory free
7,79 Gb Paging File | 5,66 Gb Available in Paging File | 72,59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 679,00 Gb Total Space | 554,55 Gb Free Space | 81,67% Space Free | Partition Type: NTFS
 
Computer Name: ROBERT_DELL | User Name: robert | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.01.02 15:03:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\robert\Desktop\OTL.exe
PRC - [2012.12.22 04:01:00 | 028,538,560 | ---- | M] (Dropbox, Inc.) -- C:\Users\robert\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.10.26 13:18:32 | 007,346,384 | ---- | M] (Bartels Media GmbH) -- C:\Program Files (x86)\PhraseExpress\phraseexpress.exe
PRC - [2012.08.07 13:25:12 | 000,021,432 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2012.08.07 13:25:02 | 003,524,536 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
PRC - [2012.07.27 12:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.06.16 03:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton AntiVirus\Engine\19.9.0.9\ccSvcHst.exe
PRC - [2011.11.04 14:19:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.11.03 19:24:06 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011.10.01 07:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.10.01 07:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011.09.27 10:44:20 | 000,439,440 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
PRC - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011.04.13 16:39:14 | 000,503,942 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2011.04.07 18:17:38 | 000,050,704 | ---- | M] (Trend Micro Inc.) -- c:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe
PRC - [2011.04.07 18:09:36 | 000,023,568 | ---- | M] (Trend Micro Inc.) -- c:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\HostedAgent.exe
PRC - [2011.01.28 06:15:33 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) -- c:\postgreSQL\bin\pg_ctl.exe
PRC - [2011.01.28 06:13:43 | 004,538,368 | ---- | M] (PostgreSQL Global Development Group) -- c:\postgreSQL\bin\postgres.exe
PRC - [2011.01.13 21:56:42 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- c:\Programme\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2010.12.29 19:54:10 | 000,740,688 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe
PRC - [2010.12.21 00:24:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010.12.21 00:24:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.11.17 16:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2010.10.01 22:55:28 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
PRC - [2010.10.01 15:49:34 | 000,727,664 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
PRC - [2009.05.16 01:44:06 | 000,435,584 | ---- | M] (Trend Micro Inc.) -- c:\Program Files (x86)\Trend Micro\Client Server Security Agent\CNTAoSMgr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.01.02 10:24:33 | 000,115,137 | ---- | M] () -- C:\Users\robert\AppData\Local\Temp\d6ebea43-a7f6-428d-ab33-ddb1ea1983ec\CliSecureRT.dll
MOD - [2012.11.16 12:33:31 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\7584733b0bfcbe669ea38a81b914a83a\System.Management.ni.dll
MOD - [2012.11.16 12:32:04 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\0acdeb764dc3715299a163fba3c7bdaa\System.Runtime.Remoting.ni.dll
MOD - [2012.11.16 12:31:31 | 001,812,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\739c5209c3538b3457c2f8f9ad196cbb\System.Xaml.ni.dll
MOD - [2012.11.15 18:59:36 | 018,022,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\960b6130c64f21d8f5d8d3eb183ae660\PresentationFramework.ni.dll
MOD - [2012.11.15 18:59:27 | 011,522,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\6053166746abce42f4c4432e0ec54fc7\PresentationCore.ni.dll
MOD - [2012.11.15 18:59:19 | 003,882,496 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\947466e2a04c48c43a8b255eb236ba71\WindowsBase.ni.dll
MOD - [2012.11.15 18:59:19 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\4a2b56d6031270f0fcf7388e4d787333\PresentationFramework.Aero.ni.dll
MOD - [2012.11.15 18:55:03 | 013,198,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\ff1ceec110e2983a75c2c21f50274ac2\System.Windows.Forms.ni.dll
MOD - [2012.11.15 18:54:59 | 007,070,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\9d1f9ff307e93bb9929b2b11661623cb\System.Core.ni.dll
MOD - [2012.11.15 18:54:55 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\e46c644e0ef0456434b32f3e91b56424\System.Xml.ni.dll
MOD - [2012.11.15 18:54:52 | 001,666,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\20ce3ca371acfbe996c6a21b5469992d\System.Drawing.ni.dll
MOD - [2012.11.15 18:54:51 | 009,095,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\aaf8a137263c899815f0acff07eb1562\System.ni.dll
MOD - [2012.11.15 18:54:45 | 014,417,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\031abbfbd476fdc0c392160b67f2c662\mscorlib.ni.dll
MOD - [2012.10.26 13:18:30 | 000,381,136 | ---- | M] () -- C:\Program Files (x86)\PhraseExpress\pexlang.dll
MOD - [2012.08.07 13:25:12 | 000,021,432 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MOD - [2011.11.04 14:19:00 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
MOD - [2011.07.29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2010.11.25 04:44:02 | 000,375,280 | ---- | M] () -- c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll
MOD - [2010.11.17 16:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
MOD - [2010.10.01 15:49:34 | 000,727,664 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2010.10.07 14:56:44 | 003,137,840 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysNative\vcsFPService.exe -- (vcsFPService)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.12.14 09:55:32 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.12.06 14:45:15 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.27 12:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.06.16 03:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton AntiVirus\Engine\19.9.0.9\ccSvcHst.exe -- (NAV)
SRV - [2011.11.04 14:19:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.11.03 19:24:06 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011.10.01 07:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 07:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011.04.07 18:17:38 | 000,050,704 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- c:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe -- (svcGenericHost)
SRV - [2011.02.19 00:08:46 | 002,060,896 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- c:\Program Files (x86)\Trend Micro\Client Server Security Agent\tmlisten.exe -- (tmlisten)
SRV - [2011.02.19 00:00:48 | 001,836,616 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- c:\Program Files (x86)\Trend Micro\Client Server Security Agent\ntrtscan.exe -- (ntrtscan)
SRV - [2011.01.28 06:15:33 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- c:\postgreSQL\bin\pg_ctl.exe -- (postgresql-8.4)
SRV - [2011.01.13 21:56:40 | 000,956,192 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- c:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2010.12.29 19:54:24 | 000,440,144 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Programme\DigitalPersona\Bin\DpHostW.exe -- (DpHost)
SRV - [2010.12.21 00:24:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010.12.21 00:24:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010.12.10 17:36:54 | 000,153,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2010.11.29 21:00:56 | 000,149,504 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Programme\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV - [2010.11.25 11:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
SRV - [2010.11.25 11:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
SRV - [2010.10.07 14:45:28 | 002,692,400 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vcsFPService.exe -- (vcsFPService)
SRV - [2010.09.23 00:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.09.21 20:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.07.21 20:48:20 | 000,596,032 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmPfw.exe -- (TmPfw)
SRV - [2010.07.21 20:44:22 | 000,917,840 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe -- (TmProxy)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 20:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.11.18 03:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Programme\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.11.13 21:41:21 | 000,230,864 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2012.07.06 03:17:58 | 000,037,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1309000.009\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2012.07.06 03:17:57 | 000,737,952 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NAVx64\1309000.009\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2012.06.29 11:19:47 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012.06.07 05:43:38 | 000,167,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1309000.009\ccsetx64.sys -- (ccSet_NAV)
DRV:64bit: - [2012.05.22 02:37:12 | 001,129,120 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NAVx64\1309000.009\symefa64.sys -- (SymEFA)
DRV:64bit: - [2012.04.26 20:54:11 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012.04.26 20:54:11 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012.04.18 03:13:32 | 000,405,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1309000.009\symnets.sys -- (SymNetS)
DRV:64bit: - [2012.04.18 02:42:14 | 000,190,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1309000.009\ironx64.sys -- (SymIRON)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.11.04 14:19:00 | 000,249,152 | ---- | M] (NVIDIA Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\nvkflt.sys -- (nvkflt)
DRV:64bit: - [2011.11.04 14:19:00 | 000,028,992 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2011.10.16 01:18:08 | 000,291,648 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvstusb.sys -- (NvStUSB)
DRV:64bit: - [2011.10.01 07:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011.10.01 07:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011.10.01 07:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011.10.01 07:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011.09.14 01:14:44 | 000,212,992 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011.09.14 01:14:42 | 000,095,744 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011.09.05 18:38:22 | 000,212,544 | ---- | M] (Fresco Logic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FLxHCIc.sys -- (FLxHCIc)
DRV:64bit: - [2011.09.05 18:38:22 | 000,069,184 | ---- | M] (Fresco Logic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FLxHCIh.sys -- (FLxHCIh)
DRV:64bit: - [2011.08.24 06:57:24 | 000,565,352 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.08.15 23:51:40 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NAVx64\1309000.009\symds64.sys -- (SymDS)
DRV:64bit: - [2011.07.20 14:39:58 | 012,287,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011.07.08 13:51:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011.06.02 06:47:22 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011.06.02 06:47:22 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2011.06.02 06:47:22 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:64bit: - [2011.05.13 09:28:46 | 000,363,856 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2011.01.20 17:20:46 | 000,176,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2011.01.14 18:09:00 | 000,349,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL)
DRV:64bit: - [2011.01.14 18:08:42 | 000,138,280 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2011.01.14 18:08:42 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2011.01.14 18:08:42 | 000,021,416 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2011.01.14 18:08:40 | 000,106,536 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2011.01.13 02:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.12.21 06:55:02 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2010.12.21 06:55:02 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus)
DRV:64bit: - [2010.12.21 06:55:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2010.12.21 06:55:02 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2010.12.01 17:12:06 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010.11.29 21:00:04 | 000,016,120 | ---- | M] (Intel(R) Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2010.11.24 17:21:32 | 004,719,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 04:23:48 | 000,168,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc60.sys -- (netvsc)
DRV:64bit: - [2010.11.21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 04:23:48 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusVideoM.sys -- (SynthVid)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.11.09 01:07:48 | 000,338,000 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmwfp.sys -- (tmwfp)
DRV:64bit: - [2010.11.09 01:06:58 | 000,196,688 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmlwf.sys -- (tmlwf)
DRV:64bit: - [2010.11.09 01:05:20 | 000,108,624 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi)
DRV:64bit: - [2010.10.20 01:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.09.29 19:38:32 | 000,027,760 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelern.sys -- (Acceler)
DRV:64bit: - [2010.08.20 10:05:12 | 000,021,616 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdcfltn.sys -- (stdcfltn)
DRV:64bit: - [2010.03.19 09:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010.02.27 16:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009.07.14 01:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009.07.14 01:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2013.01.02 13:56:27 | 002,084,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\Definitions\VirusDefs\20130101.040\ex64.sys -- (NAVEX15)
DRV - [2013.01.02 13:56:27 | 000,126,112 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\Definitions\VirusDefs\20130101.040\eng64.sys -- (NAVENG)
DRV - [2012.12.22 12:23:57 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012.12.20 17:43:39 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012.10.24 00:34:23 | 001,384,608 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\Definitions\BASHDefs\20121130.005\BHDrvx64.sys -- (BHDrvx64)
DRV - [2012.09.06 03:54:30 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\Definitions\IPSDefs\20130101.001\IDSviA64.sys -- (IDSVia64)
DRV - [2011.03.24 23:07:30 | 000,310,032 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys -- (TmFilter)
DRV - [2011.03.24 23:07:20 | 000,042,768 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmPreFlt.sys -- (TmPreFilter)
DRV - [2011.03.24 22:56:32 | 001,988,368 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- c:\Program Files (x86)\Trend Micro\Client Server Security Agent\VSApiNt.sys -- (VSApiNt)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{264EF059-64E5-4593-9706-861F279C83C9}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDR&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{264EF059-64E5-4593-9706-861F279C83C9}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDR&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USSMB/8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\SearchScopes,DefaultScope = {264EF059-64E5-4593-9706-861F279C83C9}
IE - HKCU\..\SearchScopes\{FCEF7658-2F66-43AC-BB1C-217AB5970356}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=4E6E978F-28F6-43A5-B32A-1D1B9203B10D&apn_sauid=11269212-1435-4A62-9BA6-FDFB33429FB8
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaultenginename,S: S", ""
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.order.1,S: S", ""
FF - prefs.js..browser.search.selectedEngine,S: S", ""
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "google.at"
FF - prefs.js..extensions.enabledAddons: DivXWebPlayer%40divx.com:2.0.2.039
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..keyword.URL: "www.google.at"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@cambridgesoft.com/Chem3D,version=12.0: C:\Program Files (x86)\CambridgeSoft\ChemOffice2010\Chem3D\npChem3DPlugin.dll (CambridgeSoft Corp.)
FF - HKLM\Software\MozillaPlugins\@cambridgesoft.com/ChemDraw,version=12.0: C:\Program Files (x86)\CambridgeSoft\ChemOffice2010\ChemDraw\npcdp32.dll (CambridgeSoft Corp.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\ [2012.04.26 19:43:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension [2012.12.14 08:28:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\IPSFFPlgn\ [2012.12.14 08:28:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.10.18 21:25:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.06 14:45:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.06 14:45:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.12.17 15:27:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.06 14:45:15 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.06 14:45:13 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.12.17 15:27:06 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2012.05.09 16:07:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\robert\AppData\Roaming\mozilla\Extensions
[2013.01.02 10:53:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\robert\AppData\Roaming\mozilla\Firefox\Profiles\clrglzif.default\extensions
[2012.11.11 04:26:54 | 000,000,000 | ---D | M] (Vaudix) -- C:\Users\robert\AppData\Roaming\mozilla\Firefox\Profiles\clrglzif.default\extensions\509f1b2003d9a@509f1b2003dd3.com
[2012.10.18 20:33:16 | 000,550,833 | ---- | M] () (No name found) -- C:\Users\robert\AppData\Roaming\mozilla\firefox\profiles\clrglzif.default\extensions\DivXWebPlayer@divx.com.xpi
[2012.11.23 15:53:37 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\robert\AppData\Roaming\mozilla\firefox\profiles\clrglzif.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.11.11 20:25:54 | 000,001,276 | ---- | M] () -- C:\Users\robert\AppData\Roaming\mozilla\firefox\profiles\clrglzif.default\searchplugins\simple-english.xml
[2012.11.11 20:25:43 | 000,001,032 | ---- | M] () -- C:\Users\robert\AppData\Roaming\mozilla\firefox\profiles\clrglzif.default\searchplugins\wikipedia-eng.xml
[2012.11.13 19:24:11 | 000,002,275 | ---- | M] () -- C:\Users\robert\AppData\Roaming\mozilla\firefox\profiles\clrglzif.default\searchplugins\wolframalpha.xml
[2012.12.06 14:45:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.12.06 14:45:15 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[1999.12.31 15:00:00 | 000,170,080 | ---- | M] (Tracker Software Products (Canada) Ltd.) -- C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
[2012.06.11 16:43:43 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.29 07:30:03 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.11 16:43:43 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.11 16:43:43 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.11 16:43:43 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.11 16:43:43 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll (Trend Micro Inc.)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll (Trend Micro Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\19.9.0.9\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Vaudix Class) - {D1D3E22B-DB53-9064-7038-F10FC553AE1F} - C:\ProgramData\Vaudix\509f1b2003f0c.ocx ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [DBRMTray] C:\DELL\DBRM\Reminder\DbrmTrayicon.exe (Dell Computer Corporation)
O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
O4:64bit: - HKLM..\Run: [NVHotkey] C:\Windows\SysNative\nvHotkey.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] c:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [OfficeScanNT Monitor] c:\Program Files (x86)\Trend Micro\Client Server Security Agent\pccntmon.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl9] C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup File not found
O4 - HKCU..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKCU..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O4:64bit: - HKLM..\RunOnce: [DBRMTray] C:\DELL\DBRM\Reminder\TrayApp.exe (Microsoft)
O4 - Startup: C:\Users\robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\robert\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\robert\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\robert\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\robert\Desktop\PartyPoker.lnk ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\robert\Desktop\PartyPoker.lnk ()
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 1.7.0_09)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/121022/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{174018CC-5042-4B70-A95D-69E0BB08F14D}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{96A23D24-0D78-448A-9AF1-D0C4BDF48560}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A8244C2A-DA83-4A03-BA8E-8FF8F8CF2693}: DhcpNameServer = 192.168.42.129
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll (Trend Micro Inc.)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (c:\windows\syswow64\nvinit.dll) - c:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe) - C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe (DigitalPersona, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{4a272448-8f8f-11e1-9154-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{4a272448-8f8f-11e1-9154-806e6f6e6963}\Shell\AutoRun\command - "" = D:\OSiS.exe
O33 - MountPoints2\{961a264c-d425-11e1-aa23-642737e71c3c}\Shell - "" = AutoRun
O33 - MountPoints2\{961a264c-d425-11e1-aa23-642737e71c3c}\Shell\AutoRun\command - "" = E:\iStudio.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.02 15:03:47 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\robert\Desktop\OTL.exe
[2013.01.02 10:43:51 | 000,000,000 | ---D | C] -- C:\Users\robert\AppData\Roaming\Malwarebytes
[2013.01.02 10:43:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.01.02 10:43:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.01.02 10:43:40 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.01.02 10:43:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.12.28 13:23:14 | 000,000,000 | ---D | C] -- C:\Users\robert\Documents\My Extracted Files
[2012.12.28 13:21:19 | 000,000,000 | ---D | C] -- C:\Users\robert\AppData\Local\BitZipper
[2012.12.28 01:56:34 | 000,000,000 | ---D | C] -- C:\handyfirmwaredownloads
[2012.12.28 01:22:36 | 000,000,000 | ---D | C] -- C:\odinmitpit
[2012.12.27 23:54:00 | 000,000,000 | ---D | C] -- C:\handyrootsachen
[2012.12.27 19:05:00 | 000,000,000 | ---D | C] -- C:\Sicherung Handyfotos
[2012.12.27 18:03:43 | 000,000,000 | ---D | C] -- C:\ADB
[2012.12.23 10:25:57 | 000,000,000 | ---D | C] -- C:\Users\robert\Documents\Anki
[2012.12.23 10:25:56 | 000,000,000 | ---D | C] -- C:\Users\robert\AppData\Roaming\.anki
[2012.12.23 10:24:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Anki
[2012.12.17 15:27:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2012.12.13 20:39:33 | 000,000,000 | ---D | C] -- C:\Users\robert\Desktop\TCII
[2012.12.13 18:44:35 | 000,000,000 | ---D | C] -- C:\Users\robert\Desktop\CDex
[2012.12.13 18:34:02 | 000,000,000 | ---D | C] -- C:\Users\robert\Desktop\Vorlesungen_A
[2012.12.13 09:32:19 | 000,000,000 | ---D | C] -- C:\Users\robert\AppData\Local\Grewe
[2012.12.06 14:45:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.12.04 20:23:49 | 000,000,000 | ---D | C] -- C:\Users\robert\AppData\Local\FileTypeAssistant
[2012.12.04 20:23:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\File Type Assistant
[2012.12.04 20:23:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitZipper
[2012.12.04 20:23:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BitZipper
[2012.12.03 23:24:52 | 000,000,000 | ---D | C] -- C:\Users\robert\AppData\Roaming\vlc
[2012.12.03 23:24:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012.12.03 23:24:25 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2012.12.03 16:38:18 | 000,000,000 | ---D | C] -- C:\Users\robert\AppData\Roaming\Media Player Classic
[2012.12.03 16:35:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
[2012.12.03 16:35:56 | 000,151,552 | ---- | C] (fccHandler) -- C:\Windows\SysWow64\ac3acm.acm
[2012.12.03 16:35:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\K-Lite Codec Pack
[2012.12.03 16:33:45 | 000,000,000 | ---D | C] -- C:\Users\robert\AppData\Local\Programs
[2012.12.03 15:44:50 | 000,000,000 | ---D | C] -- C:\Serien
[2010.12.27 10:46:34 | 000,096,256 | ---- | C] (Google, inc) -- C:\Users\robert\AdbWinApi.dll
[2010.12.27 10:46:34 | 000,060,928 | ---- | C] (Google, inc) -- C:\Users\robert\AdbWinUsbApi.dll
[2007.08.13 16:46:00 | 000,102,912 | ---- | C] (Albert L Faber) -- C:\Users\robert\AppData\Local\CDRip.dll
[2007.01.18 20:09:54 | 000,623,616 | ---- | C] (Ivan Bischof ©2003 - 2005) -- C:\Users\robert\AppData\Local\No23 Recorder.exe
[2006.12.11 18:13:14 | 000,013,872 | ---- | C] (Un4seen Developments) -- C:\Users\robert\AppData\Local\basscd.dll
[2006.12.11 18:13:12 | 000,097,336 | ---- | C] (Un4seen Developments) -- C:\Users\robert\AppData\Local\bass.dll
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.02 15:05:15 | 000,021,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.02 15:05:15 | 000,021,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.02 15:03:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\robert\Desktop\OTL.exe
[2013.01.02 14:59:03 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.01.02 14:58:12 | 000,000,031 | ---- | M] () -- C:\tmuninst.ini
[2013.01.02 14:57:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.02 14:57:28 | 3137,970,176 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.02 14:56:08 | 000,000,000 | ---- | M] () -- C:\Users\robert\defogger_reenable
[2013.01.02 14:55:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.01.02 14:51:03 | 000,050,477 | ---- | M] () -- C:\Users\robert\Desktop\Defogger.exe
[2013.01.02 14:25:02 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.01.02 11:23:59 | 000,234,867 | ---- | M] () -- C:\Users\robert\Desktop\werbelink.jpg
[2013.01.02 11:23:59 | 000,001,384 | ---- | M] () -- C:\Users\robert\AppData\Local\recently-used.xbel
[2013.01.02 10:43:41 | 000,001,107 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.28 13:30:21 | 000,001,790 | ---- | M] () -- C:\Users\robert\Desktop\Odin3 v1.85 - Verknüpfung.lnk
[2012.12.27 21:15:45 | 000,002,160 | ---- | M] () -- C:\{D2B6DB75-945B-402D-A2FB-9676BA44609C}
[2012.12.27 18:18:04 | 000,000,052 | ---- | M] () -- C:\Users\robert\Desktop\adb_copy.bat
[2012.12.27 18:03:43 | 000,410,399 | ---- | M] () -- C:\Users\robert\adb.exe
[2012.12.27 10:52:54 | 000,001,057 | ---- | M] () -- C:\Users\robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.12.27 10:52:44 | 000,001,027 | ---- | M] () -- C:\Users\robert\Desktop\Dropbox.lnk
[2012.12.26 10:52:57 | 000,001,086 | ---- | M] () -- C:\Users\Public\Desktop\HoldemManager2.lnk
[2012.12.26 00:05:09 | 000,037,888 | ---- | M] () -- C:\Users\robert\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.12.23 13:50:26 | 001,903,356 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.12.23 13:50:26 | 000,810,514 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.12.23 13:50:26 | 000,749,090 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.12.23 13:50:26 | 000,187,056 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.12.23 13:50:26 | 000,155,824 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.12.23 10:24:47 | 000,000,738 | ---- | M] () -- C:\Users\robert\Desktop\Anki.lnk
[2012.12.22 12:00:21 | 000,364,360 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.12.04 20:23:35 | 000,001,017 | ---- | M] () -- C:\Users\robert\Desktop\BitZipper.lnk
[2012.12.03 23:24:44 | 000,000,873 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
 
========== Files Created - No Company Name ==========
 
[2013.01.02 14:56:08 | 000,000,000 | ---- | C] () -- C:\Users\robert\defogger_reenable
[2013.01.02 14:50:51 | 000,050,477 | ---- | C] () -- C:\Users\robert\Desktop\Defogger.exe
[2013.01.02 11:23:59 | 000,001,384 | ---- | C] () -- C:\Users\robert\AppData\Local\recently-used.xbel
[2013.01.02 11:10:58 | 000,234,867 | ---- | C] () -- C:\Users\robert\Desktop\werbelink.jpg
[2013.01.02 10:43:41 | 000,001,107 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.28 13:30:21 | 000,001,790 | ---- | C] () -- C:\Users\robert\Desktop\Odin3 v1.85 - Verknüpfung.lnk
[2012.12.27 21:15:44 | 000,002,160 | ---- | C] () -- C:\{D2B6DB75-945B-402D-A2FB-9676BA44609C}
[2012.12.23 10:24:47 | 000,000,750 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anki.lnk
[2012.12.23 10:24:47 | 000,000,738 | ---- | C] () -- C:\Users\robert\Desktop\Anki.lnk
[2012.12.04 20:23:35 | 000,001,017 | ---- | C] () -- C:\Users\robert\Desktop\BitZipper.lnk
[2012.12.03 23:24:44 | 000,000,873 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.12.03 16:35:56 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012.12.03 16:35:56 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012.12.03 16:35:56 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll
[2012.12.03 16:35:56 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012.12.03 16:35:54 | 000,112,640 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012.10.10 19:17:52 | 000,037,888 | ---- | C] () -- C:\Users\robert\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.09.18 18:42:21 | 000,761,856 | ---- | C] () -- C:\Windows\SysWow64\FreeImage3.dll
[2012.09.18 18:42:21 | 000,761,856 | ---- | C] () -- C:\Windows\SysWow64\FreeImage.dll
[2012.09.18 18:42:21 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\DVM.dll
[2012.09.18 18:42:21 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\RegisterExe.exe
[2012.07.30 13:16:20 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012.07.30 13:16:18 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012.07.30 13:16:18 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012.07.30 13:16:18 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012.07.30 13:16:18 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012.06.27 12:34:14 | 000,001,565 | ---- | C] () -- C:\Users\robert\AppData\Local\RecConfig.xml
[2012.04.26 20:21:34 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012.04.26 20:21:32 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012.04.26 20:21:31 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.04.26 20:21:30 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2012.04.26 20:21:29 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2012.04.26 19:33:42 | 000,017,776 | ---- | C] () -- C:\Windows\EvtMessage.dll
[2011.11.03 19:24:18 | 000,322,880 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011.02.11 18:45:27 | 001,798,946 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.12.27 10:46:34 | 000,410,399 | ---- | C] () -- C:\Users\robert\adb.exe
[2007.08.13 16:46:00 | 000,155,136 | ---- | C] () -- C:\Users\robert\AppData\Local\lame_enc.dll
[2006.10.26 00:06:48 | 000,064,000 | ---- | C] () -- C:\Users\robert\AppData\Local\vorbisenc.dll
[2006.10.26 00:06:48 | 000,019,456 | ---- | C] () -- C:\Users\robert\AppData\Local\vorbisfile.dll
[2006.10.26 00:06:46 | 000,143,872 | ---- | C] () -- C:\Users\robert\AppData\Local\vorbis.dll
[2006.10.26 00:06:36 | 000,015,872 | ---- | C] () -- C:\Users\robert\AppData\Local\ogg.dll
[2005.08.23 21:34:06 | 000,029,184 | ---- | C] () -- C:\Users\robert\AppData\Local\no23xwrapper.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.01.02 14:53:51 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\.anki
[2012.12.13 09:32:32 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\Canon
[2012.05.09 14:47:13 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\DigitalPersona
[2013.01.02 14:59:04 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\Dropbox
[2012.10.31 20:44:39 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\DVDVideoSoft
[2012.07.15 09:43:17 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.05.09 22:09:19 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\HEM Data
[2013.01.01 23:14:23 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\HoldemManager
[2012.11.19 22:37:46 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\inkscape
[2012.11.14 08:08:10 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\LibreOffice
[2012.11.13 20:54:14 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\Mestrelab Research S.L
[2012.05.12 16:48:06 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\Microgaming
[2012.12.14 08:28:20 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\PacificPoker
[2012.09.25 19:47:51 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\Party
[2012.05.10 12:17:53 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\PCDr
[2012.12.14 08:28:20 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\PhraseExpress
[2012.08.25 13:06:09 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\Samsung
[2012.11.13 21:33:21 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\Scribus
[2012.12.23 13:58:39 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\SoftGrid Client
[2012.09.18 18:42:57 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\Softinterface, Inc
[2012.11.13 20:19:17 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\Stellarium
[2012.05.13 13:46:27 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\Thunderbird
[2012.06.01 11:22:16 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\TP
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---


Extras.txt:OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 02.01.2013 15:05:46 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\robert\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,90 Gb Total Physical Memory | 2,04 Gb Available Physical Memory | 52,37% Memory free
7,79 Gb Paging File | 5,66 Gb Available in Paging File | 72,59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 679,00 Gb Total Space | 554,55 Gb Free Space | 81,67% Space Free | Partition Type: NTFS
 
Computer Name: ROBERT_DELL | User Name: robert | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01FD7212-B892-405C-8F28-7B4F1940C7BB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{05D16A9A-A4D1-483C-8133-76F11091AFE0}" = lport=445 | protocol=6 | dir=in | app=system | 
"{08B1EB2B-9A15-4B4C-8666-B5EE2771CE9B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{0CEE36EF-BE28-4A65-9104-183D27F1DB19}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{0D9A2AB4-6CD6-4D18-81AF-3DF287EAF8D2}" = lport=61117 | protocol=17 | dir=in | name=trend micro client/server security agent - broadcast | 
"{11625F1A-13A2-4AAD-AE8F-D382202ECB65}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{1B6F22D0-048D-4A58-B401-942B2915E2EA}" = rport=139 | protocol=6 | dir=out | app=system | 
"{1F9939A5-FB91-4F03-9E4F-83AD6C608223}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{2610A42F-F1B2-4C47-920C-C509C8139DD1}" = rport=138 | protocol=17 | dir=out | app=system | 
"{2675F5E8-E08D-4086-A2BE-5A30B281ADB6}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{27CA3FA0-3398-4D61-BB68-01FCBCDC2C10}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{2CD2A44B-7F4B-417B-BDA1-90CFEA3DB7B5}" = lport=61116 | protocol=6 | dir=in | name=trend micro client/server security agent - update | 
"{2E5C8B8A-518B-478E-97D4-A7EF857C5D08}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{4FD59A85-8330-44F1-B0D1-632AC49CAB48}" = lport=5432 | protocol=6 | dir=in | name=postgres | 
"{5F268CD6-D32F-4C2E-885B-C9C7EAB665B6}" = lport=21112 | protocol=6 | dir=in | name=trend micro client/server security agent listener | 
"{61AE4471-C963-4715-87FE-3E61CA015FA0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{63E6CFA1-6F8B-4563-B35E-1B487B0E1712}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7181A2CB-3829-4BB3-BF5B-6D8FFE057BC1}" = lport=137 | protocol=17 | dir=in | app=system | 
"{729694C9-9FCE-4F70-A0EC-7CBD839D3E1E}" = rport=445 | protocol=6 | dir=out | app=system | 
"{812F392F-0796-469F-8508-2982CC9DBEDE}" = lport=61116 | protocol=6 | dir=in | name=trend micro client/server security agent - update | 
"{858D9DC1-0EFD-4A22-91A2-2D7D20AA1C25}" = lport=138 | protocol=17 | dir=in | app=system | 
"{92E7F044-4E4C-442C-BA85-43ECBE10FB6A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{96A4AB93-3CED-42F6-97D0-93EED8FEBE02}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{A8D9645C-47A9-4AE4-957C-40838A859222}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{A95E8B74-9FDE-4ACF-B543-65596DB02BAD}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{AEAE4315-FE39-4ABA-8434-46F095AEBAC0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{C9970573-F46D-45EF-A6FD-E01547BB9C0B}" = lport=61117 | protocol=17 | dir=in | name=trend micro client/server security agent - broadcast | 
"{C99EE0F8-E41B-41CF-B2F9-2A2548C13C2A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{CFE2729A-205C-4AE8-AD43-939D81ADC4EE}" = lport=139 | protocol=6 | dir=in | app=system | 
"{D4C87B6C-B4A0-426D-B4B0-105BD81C9E68}" = rport=137 | protocol=17 | dir=out | app=system | 
"{D50F0291-53A8-4F68-A23B-4284C4985726}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06AC1AF2-315D-407C-8B98-13C970B71AFF}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe | 
"{103FAEB8-2A85-4C35-89B6-B7F01CA8B75D}" = dir=in | app=c:\program files (x86)\file type assistant\tsassist.exe | 
"{15B0DC4B-2401-4BC6-9EED-1D93FE013E9E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{18610147-5C43-4CF6-83D1-1C131CE80B7A}" = protocol=17 | dir=in | app=c:\users\robert\appdata\roaming\dropbox\bin\dropbox.exe | 
"{1FDA0919-BE88-4486-BE16-951663EB9207}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{20E111E6-8314-490E-A6DC-490F818E8C06}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{2282EAB2-66D5-49A5-9F74-534669289725}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{3713AFA6-4C3F-4FE5-8281-33412F9199F0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{3AC5BB90-50A4-48CD-B23D-44CBEF0F95B4}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{490161FF-041F-4F5A-B82B-9784CC94C398}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4A1E2B84-76CF-4DB0-9FE0-6D2D0661F6F8}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{4CB19DF4-858B-4331-ABA3-50E9A18A4E26}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{50DE9D0E-B34A-466B-B4F4-265EF36EA39C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{61932536-4F37-48EE-84D2-CEDBF5B520E8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{634397A4-C095-4877-8266-2836058300DC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6B6D9C28-5859-4453-99A4-CF4578BD063B}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{7F4B074C-070C-498F-B96E-E8BBF110F29D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{8AAE6F45-4423-4BDF-B792-0A281C8553EB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{9C9CD5F1-A6BB-4456-A84D-7EC56432F919}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{A64E3343-FACF-4A3C-9180-A57D69C9CD37}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A719B87C-9D0E-48D4-B72A-7E5FD265A33A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{ACD6C0DA-1F15-43C5-ACD1-7FDAB40DD9B5}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{AEDB5308-6F25-417B-A449-9E0FAA909A6B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{B585E355-EDC3-405B-BA19-E8CC1C0C3ED2}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{C91D3CC9-5E20-42D9-B6A8-CAD27C2A7DA9}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{CD2A34F9-3D82-4A26-8FBC-CC38CCF62BA7}" = dir=in | app=c:\program files (x86)\phraseexpress\phraseexpress.exe | 
"{CEAB01BB-311B-4D32-8BDE-0F428F1DB903}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D1249906-BECC-4995-9894-062409D0464A}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{DE0B7580-A5A5-4B20-810B-166F8F90FDDF}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{F5C256D5-E477-4696-939D-6C94599A281B}" = protocol=6 | dir=in | app=c:\users\robert\appdata\roaming\dropbox\bin\dropbox.exe | 
"{F8115FBB-44EC-4100-A778-4F1768FA4B55}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe | 
"{FB2ECA17-AFE4-41A3-8937-CC9255E672E3}" = protocol=6 | dir=out | app=system | 
"TCP Query User{027B807D-4B61-4B9C-B9E8-31C4C8B442A5}C:\program files (x86)\pacificpoker\bin\poker.exe" = protocol=6 | dir=in | app=c:\program files (x86)\pacificpoker\bin\poker.exe | 
"TCP Query User{56175F55-9711-41E7-A437-C47FB6CAEE45}C:\users\robert\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\robert\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{617ADD1D-579E-473F-8EFF-7A991BB6CADA}C:\windows\syswow64\java.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\java.exe | 
"TCP Query User{D4C50EFB-8D66-4785-88F2-1FAFECA12CE7}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{E0624968-418C-4B1E-BFB4-E3F46F3970E9}C:\program files (x86)\open source\developer tools for upnp technologies\device spy.exe" = protocol=6 | dir=in | app=c:\program files (x86)\open source\developer tools for upnp technologies\device spy.exe | 
"UDP Query User{138560D3-6D1A-4A6B-835A-F6B9DB23C204}C:\users\robert\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\robert\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{333AE265-BD9E-4BD6-A1F1-86256F5B1169}C:\windows\syswow64\java.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\java.exe | 
"UDP Query User{506D3312-36BF-4CE8-B562-F59E6B3FFDAB}C:\program files (x86)\open source\developer tools for upnp technologies\device spy.exe" = protocol=17 | dir=in | app=c:\program files (x86)\open source\developer tools for upnp technologies\device spy.exe | 
"UDP Query User{7A1D3AE2-45D8-4F50-BE8C-7814F3B1B468}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{CCC83377-A58A-463D-AC00-51C96E8CD07C}C:\program files (x86)\pacificpoker\bin\poker.exe" = protocol=17 | dir=in | app=c:\program files (x86)\pacificpoker\bin\poker.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{10AAF056-7792-497A-ACAF-3BF002196574}" = Validity Sensors DDK
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX430_series" = Canon MX430 series MP Drivers
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86417009FF}" = Java 7 Update 9 (64-bit)
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{50B4B603-A4C6-4739-AE96-6C76A0F8A388}" = Dell Backup and Recovery Manager
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}" = Microsoft SQL Server Native Client
"{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 285.77
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 285.77
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 285.77
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.5.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.24.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B53BC1E1-34B6-5EDF-BC34-7C946ED8E317}" = VaudiX
"{B636C9B9-A3F2-4DCE-ADCC-72E095018385}" = Microsoft SQL Server VSS Writer
"{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Überwachungstool für die Intel® Turbo-Boost-Technik 2.0
"{C0C2D40A-1231-46FA-8F02-B45E6BF2036A}" = DigitalPersona Fingerprint Software 5.20
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"DW WLAN Card" = DW WLAN Card
"GIMP-2_is1" = GIMP 2.8.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"PC-Doctor for Windows" = Dell Support Center
"Stellarium_is1" = Stellarium 0.11.4
"VaudiX" = 
"VLC media player" = VLC media player 2.0.4
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F7ACD8E-66FC-4C14-90B4-9C457CC73D63}" = Developer Tools for UPnP Technologies
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress
"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{47EA4DDF-FD99-46B3-846C-9F3F315268AD}" = ICM Trainer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C454033-8240-425E-A170-1C648FCB74FD}" = PokerStrategy.com Equilab
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{58D379F7-62BC-4748-8237-FE071ECE797C}" = Microsoft SQL Server 2005 Tools
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{5C2F3077-DBF4-4931-8186-26A6161B29C3}" = CambridgeSoft ChemDraw ActiveX Enterprise Constant 12.0
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{681002C6-5019-81A2-7871-A43754F71E56}" = 
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{87434D51-51DB-4109-B68F-A829ECDCF380}" = AccelerometerP11
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.4) MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B0F9497C-52B4-4686-8E73-74D866BBDF59}" = Microsoft SQL Server 2005 (CSSQL05)
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B93BC257-3F73-47B1-B68D-597C6878C8E7}" = CambridgeSoft ChemBioDraw Ultra 12.0
"{BED0B8A2-2986-49F8-90D6-FA008D37A3D2}" = Trend Micro Client/Server Security Agent
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CBCF6C86-4738-4A84-9C2C-331804DCEB9B}" = LibreOffice 3.6
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E773E0B9-6ABE-4F9E-816C-56B2DD8613B9}" = CambridgeSoft Activation Client
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter
"{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F596E368-2A1D-4896-AB37-C81BFA4DD011}" = CambridgeSoft ENotebook 12.02
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"7-Zip" = 7-Zip 9.20
"888poker" = 888poker
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Anki" = Anki
"Argumentative" = Argumentative
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"Canon MX430 series Benutzerregistrierung" = Canon MX430 series Benutzerregistrierung
"Canon MX430 series On-screen Manual" = Canon MX430 series On-screen Manual
"Canon_IJ_Network_Scanner_Selector_EX" = Canon IJ Network Scanner Selector EX
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon My Printer
"Convert Image To PDF_is1" = Convert Image To PDF
"Dell Webcam Central" = Dell Webcam Central
"DivX Setup" = DivX Setup
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.34.1015
"GanttProject" = GanttProject
"HoldemManager2" = Holdem Manager 2
"Inkscape" = Inkscape 0.48.1 
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5
"jdownloader09" = JDownloader 0.9
"jMemorize" = jMemorize
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 9.5.5
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"MestReNova LITE" = MestReNova LITE 5.2.5-5780
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"Mozilla Thunderbird 17.0 (x86 de)" = Mozilla Thunderbird 17.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 5.1" = Canon MP Navigator EX 5.1
"NAV" = Norton AntiVirus
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"PartyPoker" = PartyPoker
"PhraseExpress_is1" = PhraseExpress v8.0.156
"PokerStars" = PokerStars
"PostgreSQL 8.4" = PostgreSQL 8.4
"Scribus 1.4.1" = Scribus 1.4.1
"SP_09de8db5" = 
"Speed Dial Utility" = Canon Kurzwahlprogramm
"TrueCrypt" = TrueCrypt
"Trusted Software Assistant_is1" = File Type Assistant
"win2day Poker " = win2day Poker
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"WinDirStat" = WinDirStat 1.1.2
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 02.01.2013 04:01:58 | Computer Name = robert_dell | Source = WinMgmt | ID = 10
Description = 
 
Error - 02.01.2013 05:21:51 | Computer Name = robert_dell | Source = WinMgmt | ID = 10
Description = 
 
Error - 02.01.2013 05:51:12 | Computer Name = robert_dell | Source = PostgreSQL | ID = 0
Description = 2013-01-02 10:51:12 CETFATAL:  the database system is starting up 
 
Error - 02.01.2013 05:51:17 | Computer Name = robert_dell | Source = PostgreSQL | ID = 0
Description = 2013-01-02 10:51:17 CETFATAL:  the database system is starting up 
 
Error - 02.01.2013 05:51:18 | Computer Name = robert_dell | Source = PostgreSQL | ID = 0
Description = 2013-01-02 10:51:18 CETFATAL:  the database system is starting up 
 
Error - 02.01.2013 05:51:34 | Computer Name = robert_dell | Source = WinMgmt | ID = 10
Description = 
 
Error - 02.01.2013 07:04:07 | Computer Name = robert_dell | Source = WinMgmt | ID = 10
Description = 
 
Error - 02.01.2013 09:57:47 | Computer Name = robert_dell | Source = PostgreSQL | ID = 0
Description = 2013-01-02 14:57:47 CETFATAL:  the database system is starting up 
 
Error - 02.01.2013 09:57:48 | Computer Name = robert_dell | Source = PostgreSQL | ID = 0
Description = 2013-01-02 14:57:48 CETFATAL:  the database system is starting up 
 
Error - 02.01.2013 09:58:58 | Computer Name = robert_dell | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 31.12.2012 10:14:26 | Computer Name = robert_dell | Source = DCOM | ID = 10016
Description = 
 
Error - 01.01.2013 13:05:43 | Computer Name = robert_dell | Source = DCOM | ID = 10016
Description = 
 
Error - 01.01.2013 18:17:18 | Computer Name = robert_dell | Source = DCOM | ID = 10010
Description = 
 
Error - 02.01.2013 04:03:01 | Computer Name = robert_dell | Source = DCOM | ID = 10016
Description = 
 
Error - 02.01.2013 05:21:33 | Computer Name = robert_dell | Source = DCOM | ID = 10016
Description = 
 
Error - 02.01.2013 05:52:13 | Computer Name = robert_dell | Source = DCOM | ID = 10016
Description = 
 
Error - 02.01.2013 05:52:17 | Computer Name = robert_dell | Source = DCOM | ID = 10010
Description = 
 
Error - 02.01.2013 07:04:04 | Computer Name = robert_dell | Source = DCOM | ID = 10016
Description = 
 
Error - 02.01.2013 09:59:01 | Computer Name = robert_dell | Source = DCOM | ID = 10016
Description = 
 
Error - 02.01.2013 09:59:20 | Computer Name = robert_dell | Source = WMPNetworkSvc | ID = 866300
Description = 
 
 
< End of report >
         
--- --- ---
__________________

Alt 03.01.2013, 09:09   #4
Psychotic
/// Malwareteam
 
Werbelinks in Browser - Pop-ups - Standard

Werbelinks in Browser - Pop-ups



Schritt 1: aswMBR


Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung) Vista und Win7 User mit Rechtsklick "als Admininstartor starten"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. ( Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen ) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.




Schritt 2: Scan mit TDSS-Killer



Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und speichere das Logfile. TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern ( Meistens C:\ ) Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt
Poste den Inhalt bitte hier in deinen Thread.
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 03.01.2013, 14:59   #5
bazzzingah
 
Werbelinks in Browser - Pop-ups - Standard

Werbelinks in Browser - Pop-ups



Es gibt leider ein Problem mit aswMBR. Der Scan-Button ist zwar da, jedoch steckt der scan seit fast zwei Stunden bei einer Datei. Ist das noch in Ordnung? Oder soll ich den Prozess beenden?


Alt 03.01.2013, 15:00   #6
Psychotic
/// Malwareteam
 
Werbelinks in Browser - Pop-ups - Standard

Werbelinks in Browser - Pop-ups



Lass aswMBR weg, poste das log vom TDSS-Killer!
__________________
--> Werbelinks in Browser - Pop-ups

Alt 03.01.2013, 15:01   #7
bazzzingah
 
Werbelinks in Browser - Pop-ups - Standard

Werbelinks in Browser - Pop-ups



ok

15:04:16.0655 6060 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
15:04:17.0089 6060 ============================================================
15:04:17.0089 6060 Current date / time: 2013/01/03 15:04:17.0089
15:04:17.0089 6060 SystemInfo:
15:04:17.0089 6060
15:04:17.0089 6060 OS Version: 6.1.7601 ServicePack: 1.0
15:04:17.0089 6060 Product type: Workstation
15:04:17.0089 6060 ComputerName: ROBERT_DELL
15:04:17.0089 6060 UserName: robert
15:04:17.0089 6060 Windows directory: C:\Windows
15:04:17.0089 6060 System windows directory: C:\Windows
15:04:17.0089 6060 Running under WOW64
15:04:17.0089 6060 Processor architecture: Intel x64
15:04:17.0089 6060 Number of processors: 4
15:04:17.0089 6060 Page size: 0x1000
15:04:17.0089 6060 Boot type: Normal boot
15:04:17.0089 6060 ============================================================
15:04:18.0100 6060 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:04:18.0113 6060 ============================================================
15:04:18.0113 6060 \Device\Harddisk0\DR0:
15:04:18.0114 6060 MBR partitions:
15:04:18.0114 6060 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x34000, BlocksNum 0x2710000
15:04:18.0114 6060 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2744000, BlocksNum 0x54E01EF0
15:04:18.0114 6060 ============================================================
15:04:18.0158 6060 C: <-> \Device\Harddisk0\DR0\Partition2
15:04:18.0158 6060 ============================================================
15:04:18.0158 6060 Initialize success
15:04:18.0158 6060 ============================================================
15:04:22.0514 5580 ============================================================
15:04:22.0514 5580 Scan started
15:04:22.0514 5580 Mode: Manual;
15:04:22.0514 5580 ============================================================
15:04:23.0262 5580 ================ Scan system memory ========================
15:04:23.0262 5580 System memory - ok
15:04:23.0263 5580 ================ Scan services =============================
15:04:23.0396 5580 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
15:04:23.0431 5580 1394ohci - ok
15:04:23.0472 5580 [ AEDB94A49236F5FF060C90E09E70281F ] Acceler C:\Windows\system32\DRIVERS\Accelern.sys
15:04:23.0496 5580 Acceler - ok
15:04:23.0531 5580 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
15:04:23.0560 5580 ACPI - ok
15:04:23.0578 5580 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
15:04:23.0596 5580 AcpiPmi - ok
15:04:23.0757 5580 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:04:23.0766 5580 AdobeARMservice - ok
15:04:23.0876 5580 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:04:23.0881 5580 AdobeFlashPlayerUpdateSvc - ok
15:04:23.0920 5580 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
15:04:23.0928 5580 adp94xx - ok
15:04:23.0954 5580 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
15:04:23.0959 5580 adpahci - ok
15:04:23.0978 5580 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
15:04:23.0997 5580 adpu320 - ok
15:04:24.0033 5580 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
15:04:24.0033 5580 AeLookupSvc - ok
15:04:24.0099 5580 [ D1E343BC00136CE03C4D403194D06A80 ] AERTFilters C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
15:04:24.0102 5580 AERTFilters - ok
15:04:24.0139 5580 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
15:04:24.0163 5580 AFD - ok
15:04:24.0204 5580 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
15:04:24.0222 5580 agp440 - ok
15:04:24.0263 5580 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
15:04:24.0279 5580 ALG - ok
15:04:24.0300 5580 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
15:04:24.0313 5580 aliide - ok
15:04:24.0316 5580 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
15:04:24.0328 5580 amdide - ok
15:04:24.0332 5580 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
15:04:24.0336 5580 AmdK8 - ok
15:04:24.0353 5580 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
15:04:24.0358 5580 AmdPPM - ok
15:04:24.0374 5580 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
15:04:24.0394 5580 amdsata - ok
15:04:24.0416 5580 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
15:04:24.0421 5580 amdsbs - ok
15:04:24.0431 5580 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
15:04:24.0433 5580 amdxata - ok
15:04:24.0474 5580 [ 4DE0D5D747A73797C95A97DCCE5018B5 ] androidusb C:\Windows\system32\Drivers\ssadadb.sys
15:04:24.0501 5580 androidusb - ok
15:04:24.0544 5580 [ 24ED0EB2B2558970176ECEE680F8F806 ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
15:04:24.0564 5580 ApfiltrService - ok
15:04:24.0605 5580 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
15:04:24.0608 5580 AppID - ok
15:04:24.0629 5580 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
15:04:24.0645 5580 AppIDSvc - ok
15:04:24.0663 5580 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
15:04:24.0664 5580 Appinfo - ok
15:04:24.0710 5580 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
15:04:24.0726 5580 AppMgmt - ok
15:04:24.0731 5580 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
15:04:24.0733 5580 arc - ok
15:04:24.0752 5580 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
15:04:24.0754 5580 arcsas - ok
15:04:24.0855 5580 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
15:04:24.0888 5580 aspnet_state - ok
15:04:24.0921 5580 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
15:04:24.0922 5580 AsyncMac - ok
15:04:24.0953 5580 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
15:04:24.0964 5580 atapi - ok
15:04:25.0018 5580 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:04:25.0027 5580 AudioEndpointBuilder - ok
15:04:25.0037 5580 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
15:04:25.0041 5580 AudioSrv - ok
15:04:25.0070 5580 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
15:04:25.0083 5580 AxInstSV - ok
15:04:25.0116 5580 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
15:04:25.0138 5580 b06bdrv - ok
15:04:25.0178 5580 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
15:04:25.0199 5580 b57nd60a - ok
15:04:25.0314 5580 [ 783F1C7ED6B39454A8D1028D4F30768D ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
15:04:25.0409 5580 BCM43XX - ok
15:04:25.0438 5580 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
15:04:25.0458 5580 BDESVC - ok
15:04:25.0483 5580 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
15:04:25.0485 5580 Beep - ok
15:04:25.0530 5580 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
15:04:25.0540 5580 BFE - ok
15:04:25.0763 5580 [ ED97ADAF00A61F57A2CCBBB1CE58C600 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\Definitions\BASHDefs\20121130.005\BHDrvx64.sys
15:04:25.0821 5580 BHDrvx64 - ok
15:04:25.0856 5580 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
15:04:25.0868 5580 BITS - ok
15:04:25.0884 5580 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
15:04:25.0886 5580 blbdrive - ok
15:04:25.0927 5580 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
15:04:25.0954 5580 bowser - ok
15:04:25.0979 5580 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
15:04:25.0980 5580 BrFiltLo - ok
15:04:25.0993 5580 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
15:04:26.0008 5580 BrFiltUp - ok
15:04:26.0063 5580 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
15:04:26.0066 5580 Browser - ok
15:04:26.0085 5580 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
15:04:26.0090 5580 Brserid - ok
15:04:26.0093 5580 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
15:04:26.0110 5580 BrSerWdm - ok
15:04:26.0115 5580 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
15:04:26.0132 5580 BrUsbMdm - ok
15:04:26.0136 5580 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
15:04:26.0137 5580 BrUsbSer - ok
15:04:26.0199 5580 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
15:04:26.0218 5580 BthEnum - ok
15:04:26.0237 5580 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
15:04:26.0239 5580 BTHMODEM - ok
15:04:26.0263 5580 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
15:04:26.0282 5580 BthPan - ok
15:04:26.0319 5580 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
15:04:26.0338 5580 BTHPORT - ok
15:04:26.0529 5580 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
15:04:26.0532 5580 bthserv - ok
15:04:26.0575 5580 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
15:04:26.0603 5580 BTHUSB - ok
15:04:26.0649 5580 [ A0DFB69ADE3444C78B17636FCF28E898 ] BTWAMPFL C:\Windows\system32\DRIVERS\btwampfl.sys
15:04:26.0655 5580 BTWAMPFL - ok
15:04:26.0685 5580 [ F6135859A582A7294BA7A3336E08BAA1 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
15:04:26.0700 5580 btwaudio - ok
15:04:26.0737 5580 [ 3DEF2370E414B4E299673558BA171A51 ] btwavdt C:\Windows\system32\DRIVERS\btwavdt.sys
15:04:26.0750 5580 btwavdt - ok
15:04:26.0799 5580 [ B7DEA77EE893806859072274EE8EC8FC ] btwdins c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
15:04:26.0810 5580 btwdins - ok
15:04:26.0830 5580 [ 9AD0FA253ED531D39FB2D74FE12A5FA9 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
15:04:26.0832 5580 btwl2cap - ok
15:04:26.0844 5580 [ 9937E0E4DFC0030560A6DFE9D3A94B39 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
15:04:26.0857 5580 btwrchid - ok
15:04:26.0953 5580 [ 2C6FFCCA37B002AAB3C7C31A6D780A76 ] ccSet_NAV C:\Windows\system32\drivers\NAVx64\1309000.009\ccSetx64.sys
15:04:26.0969 5580 ccSet_NAV - ok
15:04:27.0019 5580 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
15:04:27.0047 5580 cdfs - ok
15:04:27.0078 5580 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
15:04:27.0082 5580 cdrom - ok
15:04:27.0115 5580 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
15:04:27.0117 5580 CertPropSvc - ok
15:04:27.0129 5580 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
15:04:27.0141 5580 circlass - ok
15:04:27.0168 5580 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
15:04:27.0187 5580 CLFS - ok
15:04:27.0280 5580 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:04:27.0310 5580 clr_optimization_v2.0.50727_32 - ok
15:04:27.0349 5580 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:04:27.0380 5580 clr_optimization_v2.0.50727_64 - ok
15:04:27.0441 5580 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:04:27.0535 5580 clr_optimization_v4.0.30319_32 - ok
15:04:27.0556 5580 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:04:27.0622 5580 clr_optimization_v4.0.30319_64 - ok
15:04:27.0646 5580 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
15:04:27.0649 5580 CmBatt - ok
15:04:27.0672 5580 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
15:04:27.0674 5580 cmdide - ok
15:04:27.0727 5580 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
15:04:27.0749 5580 CNG - ok
15:04:27.0766 5580 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
15:04:27.0769 5580 Compbatt - ok
15:04:27.0782 5580 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
15:04:27.0784 5580 CompositeBus - ok
15:04:27.0795 5580 COMSysApp - ok
15:04:27.0809 5580 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
15:04:27.0821 5580 crcdisk - ok
15:04:27.0877 5580 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
15:04:27.0880 5580 CryptSvc - ok
15:04:27.0901 5580 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
15:04:27.0930 5580 CSC - ok
15:04:27.0959 5580 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
15:04:27.0968 5580 CscService - ok
15:04:28.0036 5580 [ BC3D4F90978CD7C8EABD1BAF3BF7873A ] CtClsFlt C:\Windows\system32\DRIVERS\CtClsFlt.sys
15:04:28.0040 5580 CtClsFlt - ok
15:04:28.0393 5580 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
15:04:28.0408 5580 cvhsvc - ok
15:04:28.0451 5580 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
15:04:28.0459 5580 DcomLaunch - ok
15:04:28.0488 5580 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
15:04:28.0505 5580 defragsvc - ok
15:04:28.0538 5580 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
15:04:28.0555 5580 DfsC - ok
15:04:28.0595 5580 dgderdrv - ok
15:04:28.0621 5580 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
15:04:28.0626 5580 Dhcp - ok
15:04:28.0636 5580 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
15:04:28.0638 5580 discache - ok
15:04:28.0670 5580 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
15:04:28.0688 5580 Disk - ok
15:04:28.0731 5580 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
15:04:28.0751 5580 dmvsc - ok
15:04:28.0779 5580 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
15:04:28.0783 5580 Dnscache - ok
15:04:28.0802 5580 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
15:04:28.0808 5580 dot3svc - ok
15:04:28.0847 5580 [ C43618154FC0C8480F53B04BA7A2F371 ] DpHost C:\Program Files\DigitalPersona\Bin\DpHostW.exe
15:04:28.0854 5580 DpHost - ok
15:04:28.0870 5580 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
15:04:28.0874 5580 DPS - ok
15:04:28.0899 5580 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
15:04:28.0915 5580 drmkaud - ok
15:04:28.0959 5580 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
15:04:28.0984 5580 DXGKrnl - ok
15:04:29.0036 5580 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
15:04:29.0039 5580 EapHost - ok
15:04:29.0124 5580 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
15:04:29.0199 5580 ebdrv - ok
15:04:29.0286 5580 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
15:04:29.0314 5580 eeCtrl - ok
15:04:29.0342 5580 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
15:04:29.0344 5580 EFS - ok
15:04:29.0407 5580 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
15:04:29.0431 5580 ehRecvr - ok
15:04:29.0460 5580 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
15:04:29.0496 5580 ehSched - ok
15:04:29.0534 5580 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
15:04:29.0556 5580 elxstor - ok
15:04:29.0606 5580 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
15:04:29.0610 5580 EraserUtilRebootDrv - ok
15:04:29.0613 5580 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
15:04:29.0614 5580 ErrDev - ok
15:04:29.0651 5580 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
15:04:29.0657 5580 EventSystem - ok
15:04:29.0673 5580 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
15:04:29.0676 5580 exfat - ok
15:04:29.0690 5580 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
15:04:29.0694 5580 fastfat - ok
15:04:29.0719 5580 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
15:04:29.0728 5580 Fax - ok
15:04:29.0741 5580 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
15:04:29.0742 5580 fdc - ok
15:04:29.0758 5580 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
15:04:29.0761 5580 fdPHost - ok
15:04:29.0771 5580 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
15:04:29.0773 5580 FDResPub - ok
15:04:29.0781 5580 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
15:04:29.0800 5580 FileInfo - ok
15:04:29.0818 5580 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
15:04:29.0820 5580 Filetrace - ok
15:04:29.0832 5580 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
15:04:29.0834 5580 flpydisk - ok
15:04:29.0850 5580 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
15:04:29.0856 5580 FltMgr - ok
15:04:29.0877 5580 [ F910874E4789DC95F37D2CF6285A85FA ] FLxHCIc C:\Windows\system32\DRIVERS\FLxHCIc.sys
15:04:29.0882 5580 FLxHCIc - ok
15:04:29.0903 5580 [ B957F9A14F696DBC0DC65497AAFD0CA4 ] FLxHCIh C:\Windows\system32\DRIVERS\FLxHCIh.sys
15:04:29.0906 5580 FLxHCIh - ok
15:04:29.0968 5580 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
15:04:29.0982 5580 FontCache - ok
15:04:30.0030 5580 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:04:30.0042 5580 FontCache3.0.0.0 - ok
15:04:30.0070 5580 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
15:04:30.0073 5580 FsDepends - ok
15:04:30.0115 5580 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
15:04:30.0138 5580 Fs_Rec - ok
15:04:30.0164 5580 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
15:04:30.0185 5580 fvevol - ok
15:04:30.0210 5580 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
15:04:30.0224 5580 gagp30kx - ok
15:04:30.0335 5580 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
15:04:30.0345 5580 gpsvc - ok
15:04:30.0438 5580 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:04:30.0442 5580 gupdate - ok
15:04:30.0455 5580 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:04:30.0456 5580 gupdatem - ok
15:04:30.0474 5580 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
15:04:30.0489 5580 hcw85cir - ok
15:04:30.0519 5580 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
15:04:30.0539 5580 HDAudBus - ok
15:04:30.0543 5580 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
15:04:30.0545 5580 HidBatt - ok
15:04:30.0567 5580 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
15:04:30.0570 5580 HidBth - ok
15:04:30.0580 5580 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
15:04:30.0582 5580 HidIr - ok
15:04:30.0602 5580 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
15:04:30.0604 5580 hidserv - ok
15:04:30.0637 5580 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
15:04:30.0654 5580 HidUsb - ok
15:04:30.0689 5580 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
15:04:30.0693 5580 hkmsvc - ok
15:04:30.0704 5580 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:04:30.0709 5580 HomeGroupListener - ok
15:04:30.0734 5580 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:04:30.0739 5580 HomeGroupProvider - ok
15:04:30.0764 5580 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
15:04:30.0778 5580 HpSAMD - ok
15:04:30.0802 5580 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
15:04:30.0814 5580 HTTP - ok
15:04:30.0822 5580 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
15:04:30.0839 5580 hwpolicy - ok
15:04:30.0860 5580 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
15:04:30.0863 5580 i8042prt - ok
15:04:30.0895 5580 [ D469B77687E12FE43E344806740B624D ] iaStor C:\Windows\system32\drivers\iaStor.sys
15:04:30.0897 5580 iaStor - ok
15:04:30.0915 5580 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
15:04:30.0922 5580 iaStorV - ok
15:04:30.0965 5580 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:04:30.0990 5580 idsvc - ok
15:04:31.0105 5580 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\Definitions\IPSDefs\20130102.001\IDSvia64.sys
15:04:31.0114 5580 IDSVia64 - ok
15:04:31.0320 5580 [ 0BD58366C86EF9DDC4F61AFED0CADA99 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
15:04:31.0534 5580 igfx - ok
15:04:31.0570 5580 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
15:04:31.0584 5580 iirsp - ok
15:04:31.0628 5580 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
15:04:31.0640 5580 IKEEXT - ok
15:04:31.0664 5580 [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd C:\Windows\system32\drivers\Impcd.sys
15:04:31.0677 5580 Impcd - ok
15:04:31.0734 5580 [ 1B491F385EE96F9D9EE4CB430C8CD29E ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
15:04:31.0810 5580 IntcAzAudAddService - ok
15:04:31.0840 5580 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
15:04:31.0854 5580 intelide - ok
15:04:31.0876 5580 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
15:04:31.0890 5580 intelppm - ok
15:04:31.0924 5580 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
15:04:31.0928 5580 IPBusEnum - ok
15:04:31.0940 5580 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:04:31.0943 5580 IpFilterDriver - ok
15:04:31.0981 5580 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
15:04:31.0999 5580 iphlpsvc - ok
15:04:32.0011 5580 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
15:04:32.0014 5580 IPMIDRV - ok
15:04:32.0028 5580 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
15:04:32.0033 5580 IPNAT - ok
15:04:32.0048 5580 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
15:04:32.0064 5580 IRENUM - ok
15:04:32.0097 5580 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
15:04:32.0114 5580 isapnp - ok
15:04:32.0197 5580 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
15:04:32.0244 5580 iScsiPrt - ok
15:04:32.0301 5580 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
15:04:32.0321 5580 kbdclass - ok
15:04:32.0392 5580 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
15:04:32.0417 5580 kbdhid - ok
15:04:32.0504 5580 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
15:04:32.0505 5580 KeyIso - ok
15:04:32.0563 5580 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
15:04:32.0574 5580 KSecDD - ok
15:04:32.0608 5580 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
15:04:32.0630 5580 KSecPkg - ok
15:04:32.0709 5580 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
15:04:32.0730 5580 ksthunk - ok
15:04:32.0775 5580 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
15:04:32.0801 5580 KtmRm - ok
15:04:32.0965 5580 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
15:04:32.0971 5580 LanmanServer - ok
15:04:33.0048 5580 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:04:33.0051 5580 LanmanWorkstation - ok
15:04:33.0116 5580 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
15:04:33.0129 5580 lltdio - ok
15:04:33.0206 5580 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
15:04:33.0210 5580 lltdsvc - ok
15:04:33.0224 5580 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
15:04:33.0226 5580 lmhosts - ok
15:04:33.0287 5580 [ 7F32D4C47A50E7223491E8FB9359907D ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
15:04:33.0292 5580 LMS - ok
15:04:33.0316 5580 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
15:04:33.0332 5580 LSI_FC - ok
15:04:33.0361 5580 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
15:04:33.0377 5580 LSI_SAS - ok
15:04:33.0396 5580 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
15:04:33.0398 5580 LSI_SAS2 - ok
15:04:33.0406 5580 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
15:04:33.0409 5580 LSI_SCSI - ok
15:04:33.0428 5580 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
15:04:33.0442 5580 luafv - ok
15:04:33.0467 5580 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
15:04:33.0480 5580 Mcx2Svc - ok
15:04:33.0499 5580 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
15:04:33.0501 5580 megasas - ok
15:04:33.0514 5580 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
15:04:33.0519 5580 MegaSR - ok
15:04:33.0538 5580 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
15:04:33.0553 5580 MEIx64 - ok
15:04:33.0579 5580 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
15:04:33.0580 5580 MMCSS - ok
15:04:33.0594 5580 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
15:04:33.0597 5580 Modem - ok
15:04:33.0616 5580 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
15:04:33.0635 5580 monitor - ok
15:04:33.0652 5580 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
15:04:33.0670 5580 mouclass - ok
15:04:33.0695 5580 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
15:04:33.0697 5580 mouhid - ok
15:04:33.0719 5580 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
15:04:33.0722 5580 mountmgr - ok
15:04:33.0767 5580 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:04:33.0792 5580 MozillaMaintenance - ok
15:04:33.0809 5580 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
15:04:33.0813 5580 mpio - ok
15:04:33.0825 5580 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
15:04:33.0841 5580 mpsdrv - ok
15:04:33.0879 5580 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
15:04:33.0891 5580 MpsSvc - ok
15:04:33.0896 5580 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
15:04:33.0898 5580 MRxDAV - ok
15:04:33.0921 5580 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
15:04:33.0925 5580 mrxsmb - ok
15:04:33.0937 5580 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:04:33.0943 5580 mrxsmb10 - ok
15:04:33.0957 5580 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:04:33.0960 5580 mrxsmb20 - ok
15:04:33.0976 5580 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
15:04:33.0993 5580 msahci - ok
15:04:34.0026 5580 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
15:04:34.0030 5580 msdsm - ok
15:04:34.0043 5580 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
15:04:34.0047 5580 MSDTC - ok
15:04:34.0064 5580 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
15:04:34.0078 5580 Msfs - ok
15:04:34.0188 5580 [ 54819FC5C79E4B2C6E896F9DE440494D ] msftesql$CSSQL05 c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
15:04:34.0190 5580 msftesql$CSSQL05 - ok
15:04:34.0215 5580 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
15:04:34.0226 5580 mshidkmdf - ok
15:04:34.0244 5580 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
15:04:34.0261 5580 msisadrv - ok
15:04:34.0296 5580 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
15:04:34.0326 5580 MSiSCSI - ok
15:04:34.0329 5580 msiserver - ok
15:04:34.0354 5580 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
15:04:34.0356 5580 MSKSSRV - ok
15:04:34.0375 5580 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
15:04:34.0377 5580 MSPCLOCK - ok
15:04:34.0388 5580 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
15:04:34.0390 5580 MSPQM - ok
15:04:34.0407 5580 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
15:04:34.0426 5580 MsRPC - ok
15:04:34.0446 5580 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
15:04:34.0448 5580 mssmbios - ok
15:04:34.0471 5580 MSSQL$CSSQL05 - ok
15:04:34.0519 5580 [ 1D89EB4E2A99CABD4E81225F4F4C4B25 ] MSSQLServerADHelper c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe
15:04:34.0541 5580 MSSQLServerADHelper - ok
15:04:34.0557 5580 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
15:04:34.0559 5580 MSTEE - ok
15:04:34.0571 5580 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
15:04:34.0573 5580 MTConfig - ok
15:04:34.0587 5580 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
15:04:34.0607 5580 Mup - ok
15:04:34.0645 5580 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
15:04:34.0654 5580 napagent - ok
15:04:34.0678 5580 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
15:04:34.0683 5580 NativeWifiP - ok
15:04:34.0770 5580 [ F2840DBFE9322F35557219AE82CC4597 ] NAV C:\Program Files (x86)\Norton AntiVirus\Engine\19.9.0.9\ccSvcHst.exe
15:04:34.0774 5580 NAV - ok
15:04:34.0859 5580 [ C58D8A669D6551F616D90244BD2C2D4F ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\Definitions\VirusDefs\20130102.023\ENG64.SYS
15:04:34.0865 5580 NAVENG - ok
15:04:34.0927 5580 [ A3DBDB412ADFA5882DD6843B11FE0828 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\Definitions\VirusDefs\20130102.023\EX64.SYS
15:04:34.0961 5580 NAVEX15 - ok
15:04:35.0006 5580 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
15:04:35.0032 5580 NDIS - ok
15:04:35.0069 5580 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
15:04:35.0070 5580 NdisCap - ok
15:04:35.0081 5580 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
15:04:35.0101 5580 NdisTapi - ok
15:04:35.0128 5580 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
15:04:35.0130 5580 Ndisuio - ok
15:04:35.0146 5580 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
15:04:35.0162 5580 NdisWan - ok
15:04:35.0176 5580 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
15:04:35.0178 5580 NDProxy - ok
15:04:35.0197 5580 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
15:04:35.0199 5580 NetBIOS - ok
15:04:35.0209 5580 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
15:04:35.0213 5580 NetBT - ok
15:04:35.0238 5580 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
15:04:35.0239 5580 Netlogon - ok
15:04:35.0284 5580 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
15:04:35.0288 5580 Netman - ok
15:04:35.0320 5580 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:04:35.0374 5580 NetMsmqActivator - ok
15:04:35.0379 5580 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:04:35.0380 5580 NetPipeActivator - ok
15:04:35.0406 5580 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
15:04:35.0423 5580 netprofm - ok
15:04:35.0429 5580 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:04:35.0430 5580 NetTcpActivator - ok
15:04:35.0434 5580 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:04:35.0435 5580 NetTcpPortSharing - ok
15:04:35.0468 5580 [ 73CE12B8BDD747B0063CB0A7EF44CEA7 ] netvsc C:\Windows\system32\DRIVERS\netvsc60.sys
15:04:35.0487 5580 netvsc - ok
15:04:35.0514 5580 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
15:04:35.0530 5580 nfrd960 - ok
15:04:35.0580 5580 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
15:04:35.0586 5580 NlaSvc - ok
15:04:35.0601 5580 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
15:04:35.0603 5580 Npfs - ok
15:04:35.0625 5580 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
15:04:35.0627 5580 nsi - ok
15:04:35.0638 5580 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
15:04:35.0652 5580 nsiproxy - ok
15:04:35.0706 5580 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
15:04:35.0757 5580 Ntfs - ok
15:04:35.0858 5580 [ 4E6E6BE52EF05E666CC7D6D99C2C426A ] ntrtscan c:\Program Files (x86)\Trend Micro\Client Server Security Agent\ntrtscan.exe
15:04:35.0891 5580 ntrtscan - ok
15:04:35.0900 5580 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
15:04:35.0902 5580 Null - ok
15:04:35.0921 5580 [ D584ABB6A308933A5F72B46C9E5A783F ] nusb3hub C:\Windows\system32\drivers\nusb3hub.sys
15:04:35.0923 5580 nusb3hub - ok
15:04:35.0940 5580 [ 345B9C04E2036DA4346E3249A5BDFD06 ] nusb3xhc C:\Windows\system32\drivers\nusb3xhc.sys
15:04:35.0944 5580 nusb3xhc - ok
15:04:36.0001 5580 [ 10204955027011E08A9DC27737A48A54 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
15:04:36.0019 5580 NVHDA - ok
15:04:36.0061 5580 [ D980B1551DD0C8BDC3B07D617B4D42A6 ] nvkflt C:\Windows\system32\DRIVERS\nvkflt.sys
15:04:36.0076 5580 nvkflt - ok
15:04:36.0282 5580 [ 386FB2E1EF51495629089231957B7D9A ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:04:36.0477 5580 nvlddmkm - ok
15:04:36.0494 5580 [ E0CABFD2564CB064EAA5789CD6960C4A ] nvpciflt C:\Windows\system32\DRIVERS\nvpciflt.sys
15:04:36.0496 5580 nvpciflt - ok
15:04:36.0531 5580 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
15:04:36.0535 5580 nvraid - ok
15:04:36.0551 5580 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
15:04:36.0563 5580 nvstor - ok
15:04:36.0599 5580 [ 4DC87CDA61D7B185E79618581F46B85A ] NvStUSB C:\Windows\system32\drivers\nvstusb.sys
15:04:36.0606 5580 NvStUSB - ok
15:04:36.0651 5580 [ 3947AD5D03E6ABCCE037801162FDB90D ] nvsvc C:\Windows\system32\nvvsvc.exe
15:04:36.0678 5580 nvsvc - ok
15:04:36.0754 5580 [ C5B3BB5DC9C62700C4A72C2A89CA1D58 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
15:04:36.0799 5580 nvUpdatusService - ok
15:04:36.0822 5580 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
15:04:36.0824 5580 nv_agp - ok
15:04:36.0840 5580 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
15:04:36.0843 5580 ohci1394 - ok
15:04:36.0897 5580 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:04:36.0922 5580 ose - ok
15:04:37.0112 5580 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:04:37.0220 5580 osppsvc - ok
15:04:37.0248 5580 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
15:04:37.0253 5580 p2pimsvc - ok
15:04:37.0272 5580 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
15:04:37.0280 5580 p2psvc - ok
15:04:37.0296 5580 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
15:04:37.0309 5580 Parport - ok
15:04:37.0345 5580 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
15:04:37.0360 5580 partmgr - ok
15:04:37.0383 5580 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
15:04:37.0388 5580 PcaSvc - ok
15:04:37.0410 5580 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
15:04:37.0414 5580 pci - ok
15:04:37.0433 5580 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
15:04:37.0436 5580 pciide - ok
15:04:37.0454 5580 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
15:04:37.0459 5580 pcmcia - ok
15:04:37.0471 5580 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
15:04:37.0474 5580 pcw - ok
15:04:37.0497 5580 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
15:04:37.0505 5580 PEAUTH - ok
15:04:37.0542 5580 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
15:04:37.0567 5580 PeerDistSvc - ok
15:04:37.0616 5580 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
15:04:37.0633 5580 PerfHost - ok
15:04:37.0682 5580 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
15:04:37.0725 5580 pla - ok
15:04:37.0763 5580 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
15:04:37.0771 5580 PlugPlay - ok
15:04:37.0779 5580 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
15:04:37.0793 5580 PNRPAutoReg - ok
15:04:37.0816 5580 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
15:04:37.0818 5580 PNRPsvc - ok
15:04:37.0842 5580 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
15:04:37.0849 5580 PolicyAgent - ok
15:04:37.0938 5580 postgresql-8.4 - ok
15:04:37.0961 5580 [ A2CCA4FB273E6050F17A0A416CFF2FCD ] Power C:\Windows\system32\umpo.dll
15:04:37.0966 5580 Power - ok
15:04:37.0993 5580 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
15:04:37.0995 5580 PptpMiniport - ok
15:04:38.0011 5580 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
15:04:38.0014 5580 Processor - ok
15:04:38.0047 5580 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
15:04:38.0052 5580 ProfSvc - ok
15:04:38.0062 5580 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:04:38.0063 5580 ProtectedStorage - ok
15:04:38.0088 5580 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
15:04:38.0091 5580 Psched - ok
15:04:38.0122 5580 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
15:04:38.0137 5580 PxHlpa64 - ok
15:04:38.0177 5580 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
15:04:38.0222 5580 ql2300 - ok
15:04:38.0248 5580 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
15:04:38.0251 5580 ql40xx - ok
15:04:38.0280 5580 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
15:04:38.0302 5580 QWAVE - ok
15:04:38.0324 5580 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
15:04:38.0338 5580 QWAVEdrv - ok
15:04:38.0355 5580 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
15:04:38.0357 5580 RasAcd - ok
15:04:38.0366 5580 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
15:04:38.0368 5580 RasAgileVpn - ok
15:04:38.0379 5580 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
15:04:38.0396 5580 RasAuto - ok
15:04:38.0418 5580 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
15:04:38.0421 5580 Rasl2tp - ok
15:04:38.0440 5580 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
15:04:38.0461 5580 RasMan - ok
15:04:38.0480 5580 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
15:04:38.0483 5580 RasPppoe - ok
15:04:38.0492 5580 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
15:04:38.0495 5580 RasSstp - ok
15:04:38.0514 5580 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
15:04:38.0519 5580 rdbss - ok
15:04:38.0534 5580 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
15:04:38.0536 5580 rdpbus - ok
15:04:38.0547 5580 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
15:04:38.0563 5580 RDPCDD - ok
15:04:38.0598 5580 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
15:04:38.0610 5580 RDPDR - ok
15:04:38.0630 5580 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
15:04:38.0632 5580 RDPENCDD - ok
15:04:38.0648 5580 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
15:04:38.0650 5580 RDPREFMP - ok
15:04:38.0687 5580 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
15:04:38.0704 5580 RDPWD - ok
15:04:38.0730 5580 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
15:04:38.0734 5580 rdyboost - ok
15:04:38.0746 5580 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
15:04:38.0766 5580 RemoteAccess - ok
15:04:38.0802 5580 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
15:04:38.0807 5580 RemoteRegistry - ok
15:04:38.0833 5580 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
15:04:38.0846 5580 RFCOMM - ok
15:04:38.0975 5580 [ 3C957189B31C34D3AD21967B12B6AED7 ] RoxMediaDB12OEM C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
15:04:39.0031 5580 RoxMediaDB12OEM - ok
15:04:39.0061 5580 [ 2B73088CC2CA757A172B425C9398E5BC ] RoxWatch12 C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
15:04:39.0082 5580 RoxWatch12 - ok
15:04:39.0108 5580 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
15:04:39.0110 5580 RpcEptMapper - ok
15:04:39.0131 5580 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
15:04:39.0143 5580 RpcLocator - ok
15:04:39.0165 5580 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
15:04:39.0168 5580 RpcSs - ok
15:04:39.0196 5580 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
15:04:39.0208 5580 rspndr - ok
15:04:39.0251 5580 [ 135A64530D7699AD48F29D73A658DD11 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
15:04:39.0269 5580 RSUSBSTOR - ok
15:04:39.0305 5580 [ 9140DB0911DE035FED0A9A77A2D156EA ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
15:04:39.0314 5580 RTL8167 - ok
15:04:39.0337 5580 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
15:04:39.0356 5580 s3cap - ok
15:04:39.0372 5580 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
15:04:39.0373 5580 SamSs - ok
15:04:39.0392 5580 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
15:04:39.0408 5580 sbp2port - ok
15:04:39.0437 5580 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
15:04:39.0442 5580 SCardSvr - ok
15:04:39.0456 5580 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
15:04:39.0458 5580 scfilter - ok
15:04:39.0482 5580 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
15:04:39.0495 5580 Schedule - ok
15:04:39.0509 5580 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
15:04:39.0510 5580 SCPolicySvc - ok
15:04:39.0522 5580 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
15:04:39.0542 5580 SDRSVC - ok
15:04:39.0575 5580 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
15:04:39.0577 5580 secdrv - ok
15:04:39.0585 5580 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
15:04:39.0602 5580 seclogon - ok
15:04:39.0616 5580 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
15:04:39.0618 5580 SENS - ok
15:04:39.0625 5580 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
15:04:39.0628 5580 SensrSvc - ok
15:04:39.0650 5580 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
15:04:39.0663 5580 Serenum - ok
15:04:39.0667 5580 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
15:04:39.0677 5580 Serial - ok
15:04:39.0701 5580 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
15:04:39.0702 5580 sermouse - ok
15:04:39.0719 5580 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
15:04:39.0722 5580 SessionEnv - ok
15:04:39.0725 5580 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
15:04:39.0741 5580 sffdisk - ok
15:04:39.0744 5580 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
15:04:39.0745 5580 sffp_mmc - ok
15:04:39.0760 5580 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
15:04:39.0778 5580 sffp_sd - ok
15:04:39.0783 5580 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
15:04:39.0805 5580 sfloppy - ok
15:04:39.0836 5580 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
15:04:39.0846 5580 Sftfs - ok
15:04:39.0944 5580 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
15:04:39.0952 5580 sftlist - ok
15:04:39.0970 5580 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
15:04:39.0993 5580 Sftplay - ok
15:04:40.0006 5580 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
15:04:40.0027 5580 Sftredir - ok
15:04:40.0041 5580 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
15:04:40.0057 5580 Sftvol - ok
15:04:40.0077 5580 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
15:04:40.0081 5580 sftvsa - ok
15:04:40.0112 5580 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
15:04:40.0135 5580 SharedAccess - ok
15:04:40.0158 5580 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:04:40.0172 5580 ShellHWDetection - ok
15:04:40.0189 5580 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
15:04:40.0192 5580 SiSRaid2 - ok
15:04:40.0217 5580 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
15:04:40.0219 5580 SiSRaid4 - ok
15:04:40.0272 5580 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
15:04:40.0297 5580 SkypeUpdate - ok
15:04:40.0318 5580 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
15:04:40.0320 5580 Smb - ok
15:04:40.0346 5580 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
15:04:40.0349 5580 SNMPTRAP - ok
15:04:40.0362 5580 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
15:04:40.0373 5580 spldr - ok
15:04:40.0409 5580 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
15:04:40.0418 5580 Spooler - ok
15:04:40.0476 5580 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
15:04:40.0531 5580 sppsvc - ok
15:04:40.0547 5580 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
15:04:40.0551 5580 sppuinotify - ok
15:04:40.0611 5580 [ 86EBD8B1F23E743AAD21F4D5B4D40985 ] SQLBrowser c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
15:04:40.0615 5580 SQLBrowser - ok
15:04:40.0682 5580 [ 3C432A96363097870995E2A3C8B66ABD ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
15:04:40.0687 5580 SQLWriter - ok
15:04:40.0784 5580 [ 891793E00432FA055CF040605C260E49 ] SRTSP C:\Windows\System32\Drivers\NAVx64\1309000.009\SRTSP64.SYS
15:04:40.0811 5580 SRTSP - ok
15:04:40.0829 5580 [ 1CB7BB3B0561FB5ECFE37F7731E8BF3E ] SRTSPX C:\Windows\system32\drivers\NAVx64\1309000.009\SRTSPX64.SYS
15:04:40.0842 5580 SRTSPX - ok
15:04:40.0879 5580 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
15:04:40.0900 5580 srv - ok
15:04:40.0919 5580 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
15:04:40.0926 5580 srv2 - ok
15:04:40.0939 5580 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
15:04:40.0942 5580 srvnet - ok
15:04:41.0014 5580 [ 8F8324ED1DE63FFC7B1A02CD2D963C72 ] ssadbus C:\Windows\system32\DRIVERS\ssadbus.sys
15:04:41.0030 5580 ssadbus - ok
15:04:41.0077 5580 [ 58221EFCB74167B73667F0024C661CE0 ] ssadmdfl C:\Windows\system32\DRIVERS\ssadmdfl.sys
15:04:41.0089 5580 ssadmdfl - ok
15:04:41.0112 5580 [ 4DA7C71BFAC5AD71255B7E4CAB980163 ] ssadmdm C:\Windows\system32\DRIVERS\ssadmdm.sys
15:04:41.0132 5580 ssadmdm - ok
15:04:41.0147 5580 [ ED161B91FDF7EAA39469D72D463D5F4E ] sscdbus C:\Windows\system32\DRIVERS\sscdbus.sys
15:04:41.0151 5580 sscdbus - ok
15:04:41.0176 5580 [ 4CB09E77593DBD8D7AF33B37375CA715 ] sscdmdfl C:\Windows\system32\DRIVERS\sscdmdfl.sys
15:04:41.0179 5580 sscdmdfl - ok
15:04:41.0195 5580 [ C7B4CF53497A6E5363F3439427663882 ] sscdmdm C:\Windows\system32\DRIVERS\sscdmdm.sys
15:04:41.0200 5580 sscdmdm - ok
15:04:41.0232 5580 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
15:04:41.0237 5580 SSDPSRV - ok
15:04:41.0246 5580 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
15:04:41.0259 5580 SstpSvc - ok
15:04:41.0298 5580 [ 92E7F6666633D2DD91D527503DAA7BE0 ] stdcfltn C:\Windows\system32\DRIVERS\stdcfltn.sys
15:04:41.0301 5580 stdcfltn - ok
15:04:41.0348 5580 [ B69E79470474A8BEF06BE2130D0210A8 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
15:04:41.0355 5580 Stereo Service - ok
15:04:41.0370 5580 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
15:04:41.0384 5580 stexstor - ok
15:04:41.0407 5580 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
15:04:41.0417 5580 stisvc - ok
15:04:41.0463 5580 [ 7731F46EC0D687A931CBA063E8F90EF0 ] stllssvr C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
15:04:41.0496 5580 stllssvr - ok
15:04:41.0523 5580 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
15:04:41.0526 5580 StorSvc - ok
15:04:41.0544 5580 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
15:04:41.0561 5580 storvsc - ok
15:04:41.0644 5580 [ DA8DA61CB3289AE3840D35C3C73317A3 ] svcGenericHost c:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe
15:04:41.0647 5580 svcGenericHost - ok
15:04:41.0671 5580 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
15:04:41.0689 5580 swenum - ok
15:04:41.0716 5580 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
15:04:41.0724 5580 swprv - ok
15:04:41.0775 5580 [ 8B2430762099598DA40686F754632EFD ] SymDS C:\Windows\system32\drivers\NAVx64\1309000.009\SYMDS64.SYS
15:04:41.0806 5580 SymDS - ok
15:04:41.0860 5580 [ 5CB7F2FD7E30A0F52F93574BFC3A8041 ] SymEFA C:\Windows\system32\drivers\NAVx64\1309000.009\SYMEFA64.SYS
15:04:41.0894 5580 SymEFA - ok
15:04:41.0925 5580 [ 898BB48C797483420DF523B2BBC1ECDB ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
15:04:41.0940 5580 SymEvent - ok
15:04:41.0976 5580 [ 5013A76CAAA1D7CF1C55214B490B4E35 ] SymIRON C:\Windows\system32\drivers\NAVx64\1309000.009\Ironx64.SYS
15:04:41.0979 5580 SymIRON - ok
15:04:41.0996 5580 [ 3911BD0E68C010E5438A87706ABBE9AB ] SymNetS C:\Windows\System32\Drivers\NAVx64\1309000.009\SYMNETS.SYS
15:04:42.0025 5580 SymNetS - ok
15:04:42.0057 5580 [ 4CDD7DF58730D23BA9CB5829A6E2ECEA ] SynthVid C:\Windows\system32\DRIVERS\VMBusVideoM.sys
15:04:42.0069 5580 SynthVid - ok
15:04:42.0122 5580 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
15:04:42.0153 5580 SysMain - ok
15:04:42.0163 5580 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:04:42.0176 5580 TabletInputService - ok
15:04:42.0202 5580 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
15:04:42.0226 5580 TapiSrv - ok
15:04:42.0241 5580 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
15:04:42.0266 5580 TBS - ok
15:04:42.0325 5580 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
15:04:42.0387 5580 Tcpip - ok
15:04:42.0424 5580 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
15:04:42.0432 5580 TCPIP6 - ok
15:04:42.0467 5580 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
15:04:42.0470 5580 tcpipreg - ok
15:04:42.0494 5580 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
15:04:42.0510 5580 TDPIPE - ok
15:04:42.0534 5580 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
15:04:42.0548 5580 TDTCP - ok
15:04:42.0569 5580 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
15:04:42.0572 5580 tdx - ok
15:04:42.0587 5580 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
15:04:42.0590 5580 TermDD - ok
15:04:42.0622 5580 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
15:04:42.0634 5580 TermService - ok
15:04:42.0643 5580 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
15:04:42.0646 5580 Themes - ok
15:04:42.0671 5580 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
15:04:42.0672 5580 THREADORDER - ok
15:04:42.0721 5580 [ 5602F33CCC295C7C80E9DB2B2C5CEB06 ] TmFilter c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys
15:04:42.0756 5580 TmFilter - ok
15:04:42.0800 5580 [ BAC43306908F70E878BFE01F3A9079CA ] tmlisten c:\Program Files (x86)\Trend Micro\Client Server Security Agent\tmlisten.exe
15:04:42.0825 5580 tmlisten - ok
15:04:42.0866 5580 [ B5C00FC8786A237937C33AABEE68CA26 ] tmlwf C:\Windows\system32\DRIVERS\tmlwf.sys
15:04:42.0870 5580 tmlwf - ok
15:04:42.0893 5580 [ 48D09383511757645C0A828622EF5AB3 ] TmPfw c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmPfw.exe
15:04:42.0904 5580 TmPfw - ok
15:04:42.0916 5580 [ AA78D4E62E335EAD1C200875D7DAC9FA ] TmPreFilter c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmPreFlt.sys
15:04:42.0930 5580 TmPreFilter - ok
15:04:42.0958 5580 [ A4B0E0D9CB7AAED795BF880C3EDAA08F ] TmProxy c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe
15:04:42.0964 5580 TmProxy - ok
15:04:42.0975 5580 [ A42E6780C52B248AF54C6010A9A93384 ] tmtdi C:\Windows\system32\DRIVERS\tmtdi.sys
15:04:42.0993 5580 tmtdi - ok
15:04:43.0023 5580 [ 5D38C32A4B093BC8190CF3FB9078C9CD ] tmwfp C:\Windows\system32\DRIVERS\tmwfp.sys
15:04:43.0029 5580 tmwfp - ok
15:04:43.0049 5580 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
15:04:43.0053 5580 TrkWks - ok
15:04:43.0089 5580 [ 8DE922CD4FEA6F83B10805DF965B9A08 ] truecrypt C:\Windows\system32\drivers\truecrypt.sys
15:04:43.0111 5580 truecrypt - ok
15:04:43.0158 5580 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:04:43.0178 5580 TrustedInstaller - ok
15:04:43.0202 5580 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
15:04:43.0205 5580 tssecsrv - ok
15:04:43.0216 5580 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
15:04:43.0218 5580 TsUsbFlt - ok
15:04:43.0228 5580 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
15:04:43.0229 5580 TsUsbGD - ok
15:04:43.0260 5580 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
15:04:43.0279 5580 tunnel - ok
15:04:43.0314 5580 [ FD24F98D2898BE093FE926604BE7DB99 ] TurboB C:\Windows\system32\DRIVERS\TurboB.sys
15:04:43.0329 5580 TurboB - ok
15:04:43.0360 5580 [ 600B406A04D90F577FEA8A88D7379F08 ] TurboBoost C:\Program Files\Intel\TurboBoost\TurboBoost.exe
15:04:43.0380 5580 TurboBoost - ok
15:04:43.0400 5580 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
15:04:43.0403 5580 uagp35 - ok
15:04:43.0420 5580 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
15:04:43.0426 5580 udfs - ok
15:04:43.0443 5580 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
15:04:43.0446 5580 UI0Detect - ok
15:04:43.0465 5580 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
15:04:43.0468 5580 uliagpkx - ok
15:04:43.0480 5580 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
15:04:43.0482 5580 umbus - ok
15:04:43.0493 5580 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
15:04:43.0495 5580 UmPass - ok
15:04:43.0523 5580 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
15:04:43.0529 5580 UmRdpService - ok
15:04:43.0631 5580 [ 2C16648A12999AE69A9EBF41974B0BA2 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
15:04:43.0674 5580 UNS - ok
15:04:43.0695 5580 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
15:04:43.0702 5580 upnphost - ok
15:04:43.0725 5580 [ 19AD7990C0B67E48DAC5B26F99628223 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
15:04:43.0743 5580 usbccgp - ok
15:04:43.0774 5580 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
15:04:43.0789 5580 usbcir - ok
15:04:43.0808 5580 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
15:04:43.0824 5580 usbehci - ok
15:04:43.0862 5580 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
15:04:43.0883 5580 usbhub - ok
15:04:43.0903 5580 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
15:04:43.0916 5580 usbohci - ok
15:04:43.0939 5580 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
15:04:43.0953 5580 usbprint - ok
15:04:43.0986 5580 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
15:04:44.0001 5580 usbscan - ok
15:04:44.0016 5580 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:04:44.0018 5580 USBSTOR - ok
15:04:44.0041 5580 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
15:04:44.0043 5580 usbuhci - ok
15:04:44.0062 5580 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
15:04:44.0066 5580 usbvideo - ok
15:04:44.0105 5580 [ 70D05EE263568A742D14E1876DF80532 ] usb_rndisx C:\Windows\system32\drivers\usb8023x.sys
15:04:44.0125 5580 usb_rndisx - ok
15:04:44.0157 5580 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
15:04:44.0160 5580 UxSms - ok
15:04:44.0173 5580 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
15:04:44.0174 5580 VaultSvc - ok
15:04:44.0229 5580 [ 20BF96C13DB4BA085D98F4700F3B05FE ] vcsFPService C:\Windows\system32\vcsFPService.exe
15:04:44.0332 5580 vcsFPService - ok
15:04:44.0362 5580 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
15:04:44.0378 5580 vdrvroot - ok
15:04:44.0404 5580 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
15:04:44.0413 5580 vds - ok
15:04:44.0437 5580 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
15:04:44.0452 5580 vga - ok
15:04:44.0468 5580 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
15:04:44.0470 5580 VgaSave - ok
15:04:44.0485 5580 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
15:04:44.0489 5580 vhdmp - ok
15:04:44.0501 5580 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
15:04:44.0503 5580 viaide - ok
15:04:44.0530 5580 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
15:04:44.0545 5580 VMBusHID - ok
15:04:44.0565 5580 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
15:04:44.0567 5580 volmgr - ok
15:04:44.0583 5580 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
15:04:44.0588 5580 volmgrx - ok
15:04:44.0606 5580 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
15:04:44.0624 5580 volsnap - ok
15:04:44.0707 5580 [ AD4BA28B99BCFBFF40A550872A652A33 ] VSApiNt c:\Program Files (x86)\Trend Micro\Client Server Security Agent\VSApiNt.sys
15:04:44.0775 5580 VSApiNt - ok
15:04:44.0797 5580 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
15:04:44.0801 5580 vsmraid - ok
15:04:44.0845 5580 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
15:04:44.0877 5580 VSS - ok
15:04:44.0891 5580 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
15:04:44.0910 5580 vwifibus - ok
15:04:44.0929 5580 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
15:04:44.0931 5580 vwififlt - ok
15:04:44.0981 5580 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
15:04:44.0983 5580 vwifimp - ok
15:04:45.0006 5580 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
15:04:45.0012 5580 W32Time - ok
15:04:45.0028 5580 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
15:04:45.0031 5580 WacomPen - ok
15:04:45.0047 5580 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
15:04:45.0050 5580 WANARP - ok
15:04:45.0053 5580 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
15:04:45.0054 5580 Wanarpv6 - ok
15:04:45.0111 5580 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
15:04:45.0153 5580 WatAdminSvc - ok
15:04:45.0194 5580 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
15:04:45.0252 5580 wbengine - ok
15:04:45.0269 5580 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
15:04:45.0286 5580 WbioSrvc - ok
15:04:45.0308 5580 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
15:04:45.0316 5580 wcncsvc - ok
15:04:45.0325 5580 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:04:45.0340 5580 WcsPlugInService - ok
15:04:45.0371 5580 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
15:04:45.0385 5580 Wd - ok
15:04:45.0422 5580 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
15:04:45.0444 5580 Wdf01000 - ok
15:04:45.0460 5580 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
15:04:45.0463 5580 WdiServiceHost - ok
15:04:45.0466 5580 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
15:04:45.0468 5580 WdiSystemHost - ok
15:04:45.0482 5580 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
15:04:45.0506 5580 WebClient - ok
15:04:45.0535 5580 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
15:04:45.0568 5580 Wecsvc - ok
15:04:45.0583 5580 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
15:04:45.0586 5580 wercplsupport - ok
15:04:45.0610 5580 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
15:04:45.0611 5580 WerSvc - ok
15:04:45.0626 5580 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
15:04:45.0645 5580 WfpLwf - ok
15:04:45.0671 5580 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
15:04:45.0673 5580 WIMMount - ok
15:04:45.0687 5580 WinDefend - ok
15:04:45.0694 5580 WinHttpAutoProxySvc - ok
15:04:45.0738 5580 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
15:04:45.0742 5580 Winmgmt - ok
15:04:45.0788 5580 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
15:04:45.0832 5580 WinRM - ok
15:04:45.0854 5580 [ FE88B288356E7B47B74B13372ADD906D ] WinUSB C:\Windows\system32\DRIVERS\WinUSB.sys
15:04:45.0874 5580 WinUSB - ok
15:04:45.0904 5580 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
15:04:45.0917 5580 Wlansvc - ok
15:04:45.0955 5580 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
15:04:45.0968 5580 wlcrasvc - ok
15:04:46.0065 5580 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:04:46.0102 5580 wlidsvc - ok
15:04:46.0111 5580 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
15:04:46.0113 5580 WmiAcpi - ok
15:04:46.0137 5580 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
15:04:46.0141 5580 wmiApSrv - ok
15:04:46.0155 5580 WMPNetworkSvc - ok
15:04:46.0190 5580 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
15:04:46.0205 5580 WPCSvc - ok
15:04:46.0220 5580 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
15:04:46.0226 5580 WPDBusEnum - ok
15:04:46.0239 5580 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
15:04:46.0242 5580 ws2ifsl - ok
15:04:46.0252 5580 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
15:04:46.0255 5580 wscsvc - ok
15:04:46.0287 5580 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
15:04:46.0299 5580 WSDPrintDevice - ok
15:04:46.0329 5580 [ 4A2A5C50DD1A63577D3ACA94269FBC7F ] WSDScan C:\Windows\system32\DRIVERS\WSDScan.sys
15:04:46.0343 5580 WSDScan - ok
15:04:46.0346 5580 WSearch - ok
15:04:46.0410 5580 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
15:04:46.0449 5580 wuauserv - ok
15:04:46.0483 5580 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
15:04:46.0485 5580 WudfPf - ok
15:04:46.0515 5580 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
15:04:46.0535 5580 WUDFRd - ok
15:04:46.0562 5580 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
15:04:46.0565 5580 wudfsvc - ok
15:04:46.0586 5580 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
15:04:46.0619 5580 WwanSvc - ok
15:04:46.0650 5580 ================ Scan global ===============================
15:04:46.0669 5580 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
15:04:46.0702 5580 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
15:04:46.0711 5580 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
15:04:46.0730 5580 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
15:04:46.0759 5580 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
15:04:46.0765 5580 [Global] - ok
15:04:46.0766 5580 ================ Scan MBR ==================================
15:04:46.0775 5580 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
15:04:47.0038 5580 \Device\Harddisk0\DR0 - ok
15:04:47.0038 5580 ================ Scan VBR ==================================
15:04:47.0041 5580 [ FED2F78B76F3E2669F4551B288782F5C ] \Device\Harddisk0\DR0\Partition1
15:04:47.0043 5580 \Device\Harddisk0\DR0\Partition1 - ok
15:04:47.0063 5580 [ 8BB9E90A2B4737751E2867FE3831B9F6 ] \Device\Harddisk0\DR0\Partition2
15:04:47.0064 5580 \Device\Harddisk0\DR0\Partition2 - ok
15:04:47.0065 5580 ============================================================
15:04:47.0065 5580 Scan finished
15:04:47.0065 5580 ============================================================
15:04:47.0072 5364 Detected object count: 0
15:04:47.0072 5364 Actual detected object count: 0



Gestern ist mir noch aufgefallen, dass auf manchen Seiten klein "Ads bei Browse to Save" steht. Vielleicht hängt es auch damit zusammen...

Geändert von bazzzingah (03.01.2013 um 15:09 Uhr)

Alt 03.01.2013, 15:17   #8
Psychotic
/// Malwareteam
 
Werbelinks in Browser - Pop-ups - Standard

Werbelinks in Browser - Pop-ups



Schritt 1: Software deinstallieren

  • Klicke Start-->Systemsteuerung.
  • Öffne Programme und Funktionen.
  • Suche und deinstalliere folgende Einträge:
    Zitat:
    VaudiX
  • Schließe das Fenster.




Schritt 2: adwCleaner




Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.



Schritt 3: Neues OTL-Log


  • Doppelklick auf die OTL.exe
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 03.01.2013, 16:14   #9
bazzzingah
 
Werbelinks in Browser - Pop-ups - Standard

Werbelinks in Browser - Pop-ups



Code:
ATTFilter
# AdwCleaner v2.103 - Datei am 27/12/2012 um 22:42:54 erstellt
# Aktualisiert am 25/12/2012 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : robert - ROBERT_DELL
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\robert\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\END
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\ProgramData\InstallMate
Ordner Gelöscht : C:\ProgramData\Premium
Ordner Gelöscht : C:\Users\robert\AppData\LocalLow\boost_interprocess
Ordner Gelöscht : C:\Users\robert\AppData\Roaming\pdfforge

***** [Registrierungsdatenbank] *****

Daten Gelöscht : HKLM\..\Windows [AppInit_DLLs] = c:\progra~2\vaudix\sprote~1.dll
Daten Gelöscht : HKLM\..\Windows [AppInit_DLLs] = c:\progra~3\browse~1\23796~1.11\{16cdf~1\browse~1.dll
Schlüssel Gelöscht : HKCU\Software\AppDataLow\SProtector
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\82dd8fb13db843
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\Description
Schlüssel Gelöscht : HKLM\Software\Freeze.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7B63B2922B174135AFC0E1377DD81EC2}
Schlüssel Gelöscht : HKLM\Software\SP Global
Schlüssel Gelöscht : HKLM\Software\SProtector
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\82dd8fb13db843
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v17.0.1 (de)

Datei : C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\clrglzif.default\prefs.js

C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\clrglzif.default\user.js ... Gelöscht !

Gelöscht : user_pref("aol_toolbar.default.homepage.check", false);
Gelöscht : user_pref("aol_toolbar.default.search.check", false);
Gelöscht : user_pref("extensions.509f1b2003e46.scode", "(function(){try{if('aol.com,mail.google.com,mystart.inc[...]
Gelöscht : user_pref("extensions.BabylonToolbar.admin", false);
Gelöscht : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Gelöscht : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
Gelöscht : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Gelöscht : user_pref("extensions.BabylonToolbar.excTlbr", false);
Gelöscht : user_pref("extensions.BabylonToolbar.id", "c43f51d2000000000000642737e71c3b");
Gelöscht : user_pref("extensions.BabylonToolbar.instlDay", "15655");
Gelöscht : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Gelöscht : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Gelöscht : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Gelöscht : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Gelöscht : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Gelöscht : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Gelöscht : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...]
Gelöscht : user_pref("extensions.BabylonToolbar.vrsn", "1.8.3.8");
Gelöscht : user_pref("extensions.BabylonToolbar.vrsni", "1.8.3.8");
Gelöscht : user_pref("extensions.BabylonToolbar_i.newTab", true);
Gelöscht : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=117065&tt=4512_[...]
Gelöscht : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Gelöscht : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.3.84:27:08");
Gelöscht : user_pref("extensions.enabledAddons", "beamgeraet%40web.de:4.11.0.30,DivXWebPlayer%40divx.com:2.0.2.[...]
Gelöscht : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Gelöscht : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Gelöscht : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Gelöscht : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Gelöscht : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Gelöscht : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
Gelöscht : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
Gelöscht : user_pref("sweetim.toolbar.searchguard.enable", "");

*************************

AdwCleaner[S1].txt - [5780 octets] - [27/12/2012 22:42:54]

########## EOF - C:\AdwCleaner[S1].txt - [5840 octets] ##########
         
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 03.01.2013 15:32:28 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\robert\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,90 Gb Total Physical Memory | 1,65 Gb Available Physical Memory | 42,36% Memory free
7,79 Gb Paging File | 5,32 Gb Available in Paging File | 68,24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 679,00 Gb Total Space | 554,44 Gb Free Space | 81,66% Space Free | Partition Type: NTFS
 
Computer Name: ROBERT_DELL | User Name: robert | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\robert\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\robert\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\PhraseExpress\phraseexpress.exe (Bartels Media GmbH)
PRC - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
PRC - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Norton AntiVirus\Engine\19.9.0.9\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
PRC - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe (Trend Micro Inc.)
PRC - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\HostedAgent.exe (Trend Micro Inc.)
PRC - c:\postgreSQL\bin\pg_ctl.exe (PostgreSQL Global Development Group)
PRC - c:\postgreSQL\bin\postgres.exe (PostgreSQL Global Development Group)
PRC - c:\Programme\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe (Broadcom Corporation.)
PRC - C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe (DigitalPersona, Inc.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
PRC - C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
PRC - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\CNTAoSMgr.exe (Trend Micro Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\robert\AppData\Local\Temp\d6ebea43-a7f6-428d-ab33-ddb1ea1983ec\CliSecureRT.dll ()
MOD - C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll ()
MOD - C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll ()
MOD - C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\7584733b0bfcbe669ea38a81b914a83a\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\0acdeb764dc3715299a163fba3c7bdaa\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\739c5209c3538b3457c2f8f9ad196cbb\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\960b6130c64f21d8f5d8d3eb183ae660\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\6053166746abce42f4c4432e0ec54fc7\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\947466e2a04c48c43a8b255eb236ba71\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\4a2b56d6031270f0fcf7388e4d787333\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\ff1ceec110e2983a75c2c21f50274ac2\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\9d1f9ff307e93bb9929b2b11661623cb\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\e46c644e0ef0456434b32f3e91b56424\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\20ce3ca371acfbe996c6a21b5469992d\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\aaf8a137263c899815f0acff07eb1562\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\031abbfbd476fdc0c392160b67f2c662\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\PhraseExpress\pexlang.dll ()
MOD - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
MOD - C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll ()
MOD - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MOD - c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll ()
MOD - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
MOD - C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (vcsFPService) -- C:\Windows\SysNative\vcsFPService.exe (Validity Sensors, Inc.)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (NAV) -- C:\Program Files (x86)\Norton AntiVirus\Engine\19.9.0.9\ccSvcHst.exe (Symantec Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (svcGenericHost) -- c:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe (Trend Micro Inc.)
SRV - (tmlisten) -- c:\Program Files (x86)\Trend Micro\Client Server Security Agent\tmlisten.exe (Trend Micro Inc.)
SRV - (ntrtscan) -- c:\Program Files (x86)\Trend Micro\Client Server Security Agent\ntrtscan.exe (Trend Micro Inc.)
SRV - (postgresql-8.4) -- c:\postgreSQL\bin\pg_ctl.exe (PostgreSQL Global Development Group)
SRV - (btwdins) -- c:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (DpHost) -- C:\Programme\DigitalPersona\Bin\DpHostW.exe (DigitalPersona, Inc.)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (SQLWriter) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (TurboBoost) -- C:\Programme\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation)
SRV - (RoxWatch12) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe (Sonic Solutions)
SRV - (RoxMediaDB12OEM) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe (Sonic Solutions)
SRV - (vcsFPService) -- C:\Windows\SysWOW64\vcsFPService.exe (Validity Sensors, Inc.)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (TmPfw) -- c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmPfw.exe (Trend Micro Inc.)
SRV - (TmProxy) -- c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe (Trend Micro Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (AERTFilters) -- C:\Programme\Realtek\Audio\HDA\AERTSr64.exe (Andrea Electronics Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (truecrypt) -- C:\Windows\SysNative\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\NAVx64\1309000.009\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\NAVx64\1309000.009\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (ccSet_NAV) -- C:\Windows\SysNative\drivers\NAVx64\1309000.009\ccsetx64.sys (Symantec Corporation)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NAVx64\1309000.009\symefa64.sys (Symantec Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\NAVx64\1309000.009\symnets.sys (Symantec Corporation)
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\NAVx64\1309000.009\ironx64.sys (Symantec Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (nvkflt) -- C:\Windows\SysNative\drivers\nvkflt.sys (NVIDIA Corporation)
DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation)
DRV:64bit: - (NvStUSB) -- C:\Windows\SysNative\drivers\nvstusb.sys (NVIDIA Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (FLxHCIc) -- C:\Windows\SysNative\drivers\FLxHCIc.sys (Fresco Logic)
DRV:64bit: - (FLxHCIh) -- C:\Windows\SysNative\drivers\FLxHCIh.sys (Fresco Logic)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\NAVx64\1309000.009\symds64.sys (Symantec Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation)
DRV:64bit: - (ssadbus) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation)
DRV:64bit: - (ssadmdfl) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation)
DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\drivers\CtClsFlt.sys (Creative Technology Ltd.)
DRV:64bit: - (BTWAMPFL) -- C:\Windows\SysNative\drivers\btwampfl.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (sscdmdm) -- C:\Windows\SysNative\drivers\sscdmdm.sys (MCCI Corporation)
DRV:64bit: - (sscdbus) -- C:\Windows\SysNative\drivers\sscdbus.sys (MCCI Corporation)
DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\ssadadb.sys (Google Inc)
DRV:64bit: - (sscdmdfl) -- C:\Windows\SysNative\drivers\sscdmdfl.sys (MCCI Corporation)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys (Intel(R) Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (netvsc) -- C:\Windows\SysNative\drivers\netvsc60.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (SynthVid) -- C:\Windows\SysNative\drivers\VMBusVideoM.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (tmwfp) -- C:\Windows\SysNative\drivers\tmwfp.sys (Trend Micro Inc.)
DRV:64bit: - (tmlwf) -- C:\Windows\SysNative\drivers\tmlwf.sys (Trend Micro Inc.)
DRV:64bit: - (tmtdi) -- C:\Windows\SysNative\drivers\tmtdi.sys (Trend Micro Inc.)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (Acceler) -- C:\Windows\SysNative\drivers\Accelern.sys (ST Microelectronics)
DRV:64bit: - (stdcfltn) -- C:\Windows\SysNative\drivers\stdcfltn.sys (ST Microelectronics)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (WSDScan) -- C:\Windows\SysNative\drivers\WSDScan.sys (Microsoft Corporation)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\Definitions\VirusDefs\20130102.023\ex64.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\Definitions\VirusDefs\20130102.023\eng64.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\Definitions\BASHDefs\20121130.005\BHDrvx64.sys (Symantec Corporation)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\Definitions\IPSDefs\20130102.001\IDSviA64.sys (Symantec Corporation)
DRV - (TmFilter) -- c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys (Trend Micro Inc.)
DRV - (TmPreFilter) -- c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmPreFlt.sys (Trend Micro Inc.)
DRV - (VSApiNt) -- c:\Program Files (x86)\Trend Micro\Client Server Security Agent\VSApiNt.sys (Trend Micro Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{264EF059-64E5-4593-9706-861F279C83C9}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDR&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{264EF059-64E5-4593-9706-861F279C83C9}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDR&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USSMB/8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{FCEF7658-2F66-43AC-BB1C-217AB5970356}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=4E6E978F-28F6-43A5-B32A-1D1B9203B10D&apn_sauid=11269212-1435-4A62-9BA6-FDFB33429FB8
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaultenginename,S: S", ""
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.order.1,S: S", ""
FF - prefs.js..browser.search.selectedEngine,S: S", ""
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "google.at"
FF - prefs.js..keyword.URL: "www.google.at"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@cambridgesoft.com/Chem3D,version=12.0: C:\Program Files (x86)\CambridgeSoft\ChemOffice2010\Chem3D\npChem3DPlugin.dll (CambridgeSoft Corp.)
FF - HKLM\Software\MozillaPlugins\@cambridgesoft.com/ChemDraw,version=12.0: C:\Program Files (x86)\CambridgeSoft\ChemOffice2010\ChemDraw\npcdp32.dll (CambridgeSoft Corp.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\ [2012.04.26 19:43:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension [2012.12.14 08:28:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\IPSFFPlgn\ [2012.12.14 08:28:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.10.18 21:25:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.06 14:45:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.06 14:45:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.12.17 15:27:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.06 14:45:15 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.06 14:45:13 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.12.17 15:27:06 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2012.05.09 16:07:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\robert\AppData\Roaming\mozilla\Extensions
[2013.01.02 20:45:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\robert\AppData\Roaming\mozilla\Firefox\Profiles\clrglzif.default\extensions
[2012.10.18 20:33:16 | 000,550,833 | ---- | M] () (No name found) -- C:\Users\robert\AppData\Roaming\mozilla\firefox\profiles\clrglzif.default\extensions\DivXWebPlayer@divx.com.xpi
[2012.11.23 15:53:37 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\robert\AppData\Roaming\mozilla\firefox\profiles\clrglzif.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.11.11 20:25:54 | 000,001,276 | ---- | M] () -- C:\Users\robert\AppData\Roaming\mozilla\firefox\profiles\clrglzif.default\searchplugins\simple-english.xml
[2012.11.11 20:25:43 | 000,001,032 | ---- | M] () -- C:\Users\robert\AppData\Roaming\mozilla\firefox\profiles\clrglzif.default\searchplugins\wikipedia-eng.xml
[2012.11.13 19:24:11 | 000,002,275 | ---- | M] () -- C:\Users\robert\AppData\Roaming\mozilla\firefox\profiles\clrglzif.default\searchplugins\wolframalpha.xml
[2012.12.06 14:45:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.12.06 14:45:15 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[1999.12.31 15:00:00 | 000,170,080 | ---- | M] (Tracker Software Products (Canada) Ltd.) -- C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
[2012.06.11 16:43:43 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.29 07:30:03 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.11 16:43:43 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.11 16:43:43 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.11 16:43:43 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.11 16:43:43 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll (Trend Micro Inc.)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll (Trend Micro Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\19.9.0.9\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Vaudix Class) - {D1D3E22B-DB53-9064-7038-F10FC553AE1F} - C:\ProgramData\Vaudix\509f1b2003f0c.ocx ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [DBRMTray] C:\DELL\DBRM\Reminder\DbrmTrayicon.exe (Dell Computer Corporation)
O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
O4:64bit: - HKLM..\Run: [NVHotkey] C:\Windows\SysNative\nvHotkey.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] c:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [OfficeScanNT Monitor] c:\Program Files (x86)\Trend Micro\Client Server Security Agent\pccntmon.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl9] C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup File not found
O4 - HKCU..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKCU..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O4:64bit: - HKLM..\RunOnce: [DBRMTray] C:\DELL\DBRM\Reminder\TrayApp.exe (Microsoft)
O4 - Startup: C:\Users\robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\robert\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\robert\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\robert\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\robert\Desktop\PartyPoker.lnk ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\robert\Desktop\PartyPoker.lnk ()
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 1.7.0_09)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/121022/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{174018CC-5042-4B70-A95D-69E0BB08F14D}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{96A23D24-0D78-448A-9AF1-D0C4BDF48560}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A8244C2A-DA83-4A03-BA8E-8FF8F8CF2693}: DhcpNameServer = 192.168.42.129
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll (Trend Micro Inc.)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (c:\windows\syswow64\nvinit.dll) - c:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe) - C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe (DigitalPersona, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{4a272448-8f8f-11e1-9154-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{4a272448-8f8f-11e1-9154-806e6f6e6963}\Shell\AutoRun\command - "" = D:\OSiS.exe
O33 - MountPoints2\{961a264c-d425-11e1-aa23-642737e71c3c}\Shell - "" = AutoRun
O33 - MountPoints2\{961a264c-d425-11e1-aa23-642737e71c3c}\Shell\AutoRun\command - "" = E:\iStudio.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.03 15:02:47 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\robert\Desktop\tdsskiller.exe
[2013.01.02 15:03:47 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\robert\Desktop\OTL.exe
[2013.01.02 10:43:51 | 000,000,000 | ---D | C] -- C:\Users\robert\AppData\Roaming\Malwarebytes
[2013.01.02 10:43:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.01.02 10:43:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.01.02 10:43:40 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.01.02 10:43:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.12.28 13:23:14 | 000,000,000 | ---D | C] -- C:\Users\robert\Documents\My Extracted Files
[2012.12.28 13:21:19 | 000,000,000 | ---D | C] -- C:\Users\robert\AppData\Local\BitZipper
[2012.12.28 01:56:34 | 000,000,000 | ---D | C] -- C:\handyfirmwaredownloads
[2012.12.28 01:22:36 | 000,000,000 | ---D | C] -- C:\odinmitpit
[2012.12.27 23:54:00 | 000,000,000 | ---D | C] -- C:\handyrootsachen
[2012.12.27 19:05:00 | 000,000,000 | ---D | C] -- C:\Sicherung Handyfotos
[2012.12.27 18:03:43 | 000,000,000 | ---D | C] -- C:\ADB
[2012.12.23 10:25:57 | 000,000,000 | ---D | C] -- C:\Users\robert\Documents\Anki
[2012.12.23 10:25:56 | 000,000,000 | ---D | C] -- C:\Users\robert\AppData\Roaming\.anki
[2012.12.23 10:24:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Anki
[2012.12.22 03:00:48 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012.12.22 03:00:48 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012.12.22 03:00:45 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012.12.22 03:00:44 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012.12.17 15:27:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2012.12.15 03:01:05 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.12.15 03:01:05 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.12.15 03:01:05 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.12.15 03:01:04 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.12.15 03:01:04 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.12.15 03:01:04 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.12.15 03:01:04 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.12.15 03:01:04 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.12.15 03:01:03 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.12.15 03:01:03 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.12.15 03:01:03 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.12.15 03:01:03 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.12.15 03:01:02 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.12.15 03:01:02 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.12.15 03:01:02 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012.12.14 08:53:59 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012.12.14 08:53:59 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012.12.14 08:53:58 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012.12.14 08:53:58 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012.12.14 08:53:57 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012.12.14 08:53:57 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012.12.14 08:53:57 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012.12.14 08:53:57 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012.12.14 08:53:57 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012.12.14 08:53:57 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012.12.14 08:53:57 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012.12.14 08:53:57 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012.12.14 08:53:57 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012.12.14 08:53:57 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012.12.14 08:53:57 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012.12.14 08:53:57 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012.12.14 08:53:57 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012.12.14 08:53:57 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012.12.14 08:53:57 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012.12.14 08:53:57 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012.12.14 08:53:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.12.14 08:53:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.12.14 08:53:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012.12.14 08:53:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012.12.14 08:53:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012.12.14 08:53:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012.12.14 08:53:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012.12.14 08:53:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012.12.14 08:53:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012.12.14 08:53:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012.12.14 08:53:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.12.14 08:53:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.12.14 08:53:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.12.14 08:53:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.12.14 08:53:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.12.14 08:53:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012.12.14 08:53:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012.12.14 08:53:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012.12.14 08:53:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.12.14 08:53:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.12.14 08:53:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012.12.14 08:53:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012.12.14 08:53:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012.12.14 08:53:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012.12.14 08:53:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012.12.14 08:53:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012.12.14 08:53:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012.12.14 08:53:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012.12.14 08:53:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.12.14 08:53:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012.12.14 08:53:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012.12.14 08:53:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012.12.14 08:53:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012.12.14 08:53:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012.12.14 08:53:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012.12.14 08:53:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012.12.14 08:53:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012.12.14 08:53:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012.12.14 08:53:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.12.14 08:53:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.12.14 08:53:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012.12.14 08:53:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012.12.14 08:53:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012.12.14 08:53:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012.12.14 08:53:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012.12.14 08:53:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012.12.14 08:53:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012.12.14 08:53:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012.12.14 08:53:57 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012.12.14 08:52:25 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll
[2012.12.13 20:39:33 | 000,000,000 | ---D | C] -- C:\Users\robert\Desktop\TCII
[2012.12.13 18:44:35 | 000,000,000 | ---D | C] -- C:\Users\robert\Desktop\CDex
[2012.12.13 18:34:02 | 000,000,000 | ---D | C] -- C:\Users\robert\Desktop\Vorlesungen_A
[2012.12.13 09:32:19 | 000,000,000 | ---D | C] -- C:\Users\robert\AppData\Local\Grewe
[2012.12.12 09:32:14 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll
[2012.12.06 14:45:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.12.04 20:23:49 | 000,000,000 | ---D | C] -- C:\Users\robert\AppData\Local\FileTypeAssistant
[2012.12.04 20:23:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\File Type Assistant
[2012.12.04 20:23:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitZipper
[2012.12.04 20:23:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BitZipper
[2010.12.27 10:46:34 | 000,096,256 | ---- | C] (Google, inc) -- C:\Users\robert\AdbWinApi.dll
[2010.12.27 10:46:34 | 000,060,928 | ---- | C] (Google, inc) -- C:\Users\robert\AdbWinUsbApi.dll
[2007.08.13 16:46:00 | 000,102,912 | ---- | C] (Albert L Faber) -- C:\Users\robert\AppData\Local\CDRip.dll
[2007.01.18 20:09:54 | 000,623,616 | ---- | C] (Ivan Bischof ©2003 - 2005) -- C:\Users\robert\AppData\Local\No23 Recorder.exe
[2006.12.11 18:13:14 | 000,013,872 | ---- | C] (Un4seen Developments) -- C:\Users\robert\AppData\Local\basscd.dll
[2006.12.11 18:13:12 | 000,097,336 | ---- | C] (Un4seen Developments) -- C:\Users\robert\AppData\Local\bass.dll
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.03 15:34:42 | 000,021,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.03 15:34:42 | 000,021,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.03 15:27:38 | 000,000,031 | ---- | M] () -- C:\tmuninst.ini
[2013.01.03 15:27:13 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.01.03 15:27:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.03 15:26:53 | 3137,970,176 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.03 15:25:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.01.03 15:22:53 | 000,551,997 | ---- | M] () -- C:\Users\robert\Desktop\adwcleaner(1).exe
[2013.01.03 15:03:08 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\robert\Desktop\tdsskiller.exe
[2013.01.03 14:55:08 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.01.02 17:36:45 | 000,046,990 | ---- | M] () -- C:\Users\robert\Desktop\excluded_volume.jpg
[2013.01.02 15:03:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\robert\Desktop\OTL.exe
[2013.01.02 14:56:08 | 000,000,000 | ---- | M] () -- C:\Users\robert\defogger_reenable
[2013.01.02 14:51:03 | 000,050,477 | ---- | M] () -- C:\Users\robert\Desktop\Defogger.exe
[2013.01.02 11:23:59 | 000,234,867 | ---- | M] () -- C:\Users\robert\Desktop\werbelink.jpg
[2013.01.02 11:23:59 | 000,001,384 | ---- | M] () -- C:\Users\robert\AppData\Local\recently-used.xbel
[2013.01.02 10:43:41 | 000,001,107 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.28 13:30:21 | 000,001,790 | ---- | M] () -- C:\Users\robert\Desktop\Odin3 v1.85 - Verknüpfung.lnk
[2012.12.27 21:15:45 | 000,002,160 | ---- | M] () -- C:\{D2B6DB75-945B-402D-A2FB-9676BA44609C}
[2012.12.27 18:18:04 | 000,000,052 | ---- | M] () -- C:\Users\robert\Desktop\adb_copy.bat
[2012.12.27 18:03:43 | 000,410,399 | ---- | M] () -- C:\Users\robert\adb.exe
[2012.12.27 18:03:43 | 000,096,256 | ---- | M] (Google, inc) -- C:\Users\robert\AdbWinApi.dll
[2012.12.27 18:03:43 | 000,060,928 | ---- | M] (Google, inc) -- C:\Users\robert\AdbWinUsbApi.dll
[2012.12.27 10:52:54 | 000,001,057 | ---- | M] () -- C:\Users\robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.12.27 10:52:44 | 000,001,027 | ---- | M] () -- C:\Users\robert\Desktop\Dropbox.lnk
[2012.12.26 10:52:57 | 000,001,086 | ---- | M] () -- C:\Users\Public\Desktop\HoldemManager2.lnk
[2012.12.26 00:05:09 | 000,037,888 | ---- | M] () -- C:\Users\robert\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.12.23 13:50:26 | 001,903,356 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.12.23 13:50:26 | 000,810,514 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.12.23 13:50:26 | 000,749,090 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.12.23 13:50:26 | 000,187,056 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.12.23 13:50:26 | 000,155,824 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.12.23 10:24:47 | 000,000,738 | ---- | M] () -- C:\Users\robert\Desktop\Anki.lnk
[2012.12.22 12:00:21 | 000,364,360 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.12.16 18:11:22 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012.12.16 15:45:03 | 000,367,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012.12.16 15:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012.12.16 15:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.12.14 09:55:32 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.12.14 09:55:32 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.12.04 20:23:35 | 000,001,017 | ---- | M] () -- C:\Users\robert\Desktop\BitZipper.lnk
 
========== Files Created - No Company Name ==========
 
[2013.01.03 15:22:45 | 000,551,997 | ---- | C] () -- C:\Users\robert\Desktop\adwcleaner(1).exe
[2013.01.02 17:36:44 | 000,046,990 | ---- | C] () -- C:\Users\robert\Desktop\excluded_volume.jpg
[2013.01.02 14:56:08 | 000,000,000 | ---- | C] () -- C:\Users\robert\defogger_reenable
[2013.01.02 14:50:51 | 000,050,477 | ---- | C] () -- C:\Users\robert\Desktop\Defogger.exe
[2013.01.02 11:23:59 | 000,001,384 | ---- | C] () -- C:\Users\robert\AppData\Local\recently-used.xbel
[2013.01.02 11:10:58 | 000,234,867 | ---- | C] () -- C:\Users\robert\Desktop\werbelink.jpg
[2013.01.02 10:43:41 | 000,001,107 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.28 13:30:21 | 000,001,790 | ---- | C] () -- C:\Users\robert\Desktop\Odin3 v1.85 - Verknüpfung.lnk
[2012.12.27 21:15:44 | 000,002,160 | ---- | C] () -- C:\{D2B6DB75-945B-402D-A2FB-9676BA44609C}
[2012.12.23 10:24:47 | 000,000,750 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anki.lnk
[2012.12.23 10:24:47 | 000,000,738 | ---- | C] () -- C:\Users\robert\Desktop\Anki.lnk
[2012.12.04 20:23:35 | 000,001,017 | ---- | C] () -- C:\Users\robert\Desktop\BitZipper.lnk
[2012.12.03 16:35:56 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012.12.03 16:35:56 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012.12.03 16:35:56 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll
[2012.12.03 16:35:56 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012.12.03 16:35:54 | 000,112,640 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012.10.10 19:17:52 | 000,037,888 | ---- | C] () -- C:\Users\robert\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.09.18 18:42:21 | 000,761,856 | ---- | C] () -- C:\Windows\SysWow64\FreeImage3.dll
[2012.09.18 18:42:21 | 000,761,856 | ---- | C] () -- C:\Windows\SysWow64\FreeImage.dll
[2012.09.18 18:42:21 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\DVM.dll
[2012.09.18 18:42:21 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\RegisterExe.exe
[2012.07.30 13:16:20 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012.07.30 13:16:18 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012.07.30 13:16:18 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012.07.30 13:16:18 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012.07.30 13:16:18 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012.06.27 12:34:14 | 000,001,565 | ---- | C] () -- C:\Users\robert\AppData\Local\RecConfig.xml
[2012.04.26 20:21:34 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012.04.26 20:21:32 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012.04.26 20:21:31 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.04.26 20:21:30 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2012.04.26 20:21:29 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2012.04.26 19:33:42 | 000,017,776 | ---- | C] () -- C:\Windows\EvtMessage.dll
[2011.11.03 19:24:18 | 000,322,880 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011.02.11 18:45:27 | 001,798,946 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.12.27 10:46:34 | 000,410,399 | ---- | C] () -- C:\Users\robert\adb.exe
[2007.08.13 16:46:00 | 000,155,136 | ---- | C] () -- C:\Users\robert\AppData\Local\lame_enc.dll
[2006.10.26 00:06:48 | 000,064,000 | ---- | C] () -- C:\Users\robert\AppData\Local\vorbisenc.dll
[2006.10.26 00:06:48 | 000,019,456 | ---- | C] () -- C:\Users\robert\AppData\Local\vorbisfile.dll
[2006.10.26 00:06:46 | 000,143,872 | ---- | C] () -- C:\Users\robert\AppData\Local\vorbis.dll
[2006.10.26 00:06:36 | 000,015,872 | ---- | C] () -- C:\Users\robert\AppData\Local\ogg.dll
[2005.08.23 21:34:06 | 000,029,184 | ---- | C] () -- C:\Users\robert\AppData\Local\no23xwrapper.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
         
--- --- ---


OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 03.01.2013 15:32:28 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\robert\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,90 Gb Total Physical Memory | 1,65 Gb Available Physical Memory | 42,36% Memory free
7,79 Gb Paging File | 5,32 Gb Available in Paging File | 68,24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 679,00 Gb Total Space | 554,44 Gb Free Space | 81,66% Space Free | Partition Type: NTFS
 
Computer Name: ROBERT_DELL | User Name: robert | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01FD7212-B892-405C-8F28-7B4F1940C7BB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{05D16A9A-A4D1-483C-8133-76F11091AFE0}" = lport=445 | protocol=6 | dir=in | app=system | 
"{08B1EB2B-9A15-4B4C-8666-B5EE2771CE9B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{0CEE36EF-BE28-4A65-9104-183D27F1DB19}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{0D9A2AB4-6CD6-4D18-81AF-3DF287EAF8D2}" = lport=61117 | protocol=17 | dir=in | name=trend micro client/server security agent - broadcast | 
"{11625F1A-13A2-4AAD-AE8F-D382202ECB65}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{1B6F22D0-048D-4A58-B401-942B2915E2EA}" = rport=139 | protocol=6 | dir=out | app=system | 
"{1F9939A5-FB91-4F03-9E4F-83AD6C608223}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{2610A42F-F1B2-4C47-920C-C509C8139DD1}" = rport=138 | protocol=17 | dir=out | app=system | 
"{2675F5E8-E08D-4086-A2BE-5A30B281ADB6}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{27CA3FA0-3398-4D61-BB68-01FCBCDC2C10}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{2CD2A44B-7F4B-417B-BDA1-90CFEA3DB7B5}" = lport=61116 | protocol=6 | dir=in | name=trend micro client/server security agent - update | 
"{2E5C8B8A-518B-478E-97D4-A7EF857C5D08}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{4FD59A85-8330-44F1-B0D1-632AC49CAB48}" = lport=5432 | protocol=6 | dir=in | name=postgres | 
"{5F268CD6-D32F-4C2E-885B-C9C7EAB665B6}" = lport=21112 | protocol=6 | dir=in | name=trend micro client/server security agent listener | 
"{61AE4471-C963-4715-87FE-3E61CA015FA0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{63E6CFA1-6F8B-4563-B35E-1B487B0E1712}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7181A2CB-3829-4BB3-BF5B-6D8FFE057BC1}" = lport=137 | protocol=17 | dir=in | app=system | 
"{729694C9-9FCE-4F70-A0EC-7CBD839D3E1E}" = rport=445 | protocol=6 | dir=out | app=system | 
"{812F392F-0796-469F-8508-2982CC9DBEDE}" = lport=61116 | protocol=6 | dir=in | name=trend micro client/server security agent - update | 
"{858D9DC1-0EFD-4A22-91A2-2D7D20AA1C25}" = lport=138 | protocol=17 | dir=in | app=system | 
"{92E7F044-4E4C-442C-BA85-43ECBE10FB6A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{96A4AB93-3CED-42F6-97D0-93EED8FEBE02}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{A8D9645C-47A9-4AE4-957C-40838A859222}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{A95E8B74-9FDE-4ACF-B543-65596DB02BAD}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{AEAE4315-FE39-4ABA-8434-46F095AEBAC0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{C9970573-F46D-45EF-A6FD-E01547BB9C0B}" = lport=61117 | protocol=17 | dir=in | name=trend micro client/server security agent - broadcast | 
"{C99EE0F8-E41B-41CF-B2F9-2A2548C13C2A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{CFE2729A-205C-4AE8-AD43-939D81ADC4EE}" = lport=139 | protocol=6 | dir=in | app=system | 
"{D4C87B6C-B4A0-426D-B4B0-105BD81C9E68}" = rport=137 | protocol=17 | dir=out | app=system | 
"{D50F0291-53A8-4F68-A23B-4284C4985726}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06AC1AF2-315D-407C-8B98-13C970B71AFF}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe | 
"{103FAEB8-2A85-4C35-89B6-B7F01CA8B75D}" = dir=in | app=c:\program files (x86)\file type assistant\tsassist.exe | 
"{15B0DC4B-2401-4BC6-9EED-1D93FE013E9E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{18610147-5C43-4CF6-83D1-1C131CE80B7A}" = protocol=17 | dir=in | app=c:\users\robert\appdata\roaming\dropbox\bin\dropbox.exe | 
"{1FDA0919-BE88-4486-BE16-951663EB9207}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{20E111E6-8314-490E-A6DC-490F818E8C06}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{2282EAB2-66D5-49A5-9F74-534669289725}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{3713AFA6-4C3F-4FE5-8281-33412F9199F0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{3AC5BB90-50A4-48CD-B23D-44CBEF0F95B4}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{490161FF-041F-4F5A-B82B-9784CC94C398}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4A1E2B84-76CF-4DB0-9FE0-6D2D0661F6F8}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{4CB19DF4-858B-4331-ABA3-50E9A18A4E26}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{50DE9D0E-B34A-466B-B4F4-265EF36EA39C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{61932536-4F37-48EE-84D2-CEDBF5B520E8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{634397A4-C095-4877-8266-2836058300DC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6B6D9C28-5859-4453-99A4-CF4578BD063B}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{7F4B074C-070C-498F-B96E-E8BBF110F29D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{8AAE6F45-4423-4BDF-B792-0A281C8553EB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{9C9CD5F1-A6BB-4456-A84D-7EC56432F919}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{A64E3343-FACF-4A3C-9180-A57D69C9CD37}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A719B87C-9D0E-48D4-B72A-7E5FD265A33A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{ACD6C0DA-1F15-43C5-ACD1-7FDAB40DD9B5}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{AEDB5308-6F25-417B-A449-9E0FAA909A6B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{B585E355-EDC3-405B-BA19-E8CC1C0C3ED2}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{C91D3CC9-5E20-42D9-B6A8-CAD27C2A7DA9}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{CD2A34F9-3D82-4A26-8FBC-CC38CCF62BA7}" = dir=in | app=c:\program files (x86)\phraseexpress\phraseexpress.exe | 
"{CEAB01BB-311B-4D32-8BDE-0F428F1DB903}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D1249906-BECC-4995-9894-062409D0464A}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{DE0B7580-A5A5-4B20-810B-166F8F90FDDF}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{F5C256D5-E477-4696-939D-6C94599A281B}" = protocol=6 | dir=in | app=c:\users\robert\appdata\roaming\dropbox\bin\dropbox.exe | 
"{F8115FBB-44EC-4100-A778-4F1768FA4B55}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe | 
"{FB2ECA17-AFE4-41A3-8937-CC9255E672E3}" = protocol=6 | dir=out | app=system | 
"TCP Query User{027B807D-4B61-4B9C-B9E8-31C4C8B442A5}C:\program files (x86)\pacificpoker\bin\poker.exe" = protocol=6 | dir=in | app=c:\program files (x86)\pacificpoker\bin\poker.exe | 
"TCP Query User{56175F55-9711-41E7-A437-C47FB6CAEE45}C:\users\robert\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\robert\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{617ADD1D-579E-473F-8EFF-7A991BB6CADA}C:\windows\syswow64\java.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\java.exe | 
"TCP Query User{D4C50EFB-8D66-4785-88F2-1FAFECA12CE7}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{E0624968-418C-4B1E-BFB4-E3F46F3970E9}C:\program files (x86)\open source\developer tools for upnp technologies\device spy.exe" = protocol=6 | dir=in | app=c:\program files (x86)\open source\developer tools for upnp technologies\device spy.exe | 
"UDP Query User{138560D3-6D1A-4A6B-835A-F6B9DB23C204}C:\users\robert\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\robert\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{333AE265-BD9E-4BD6-A1F1-86256F5B1169}C:\windows\syswow64\java.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\java.exe | 
"UDP Query User{506D3312-36BF-4CE8-B562-F59E6B3FFDAB}C:\program files (x86)\open source\developer tools for upnp technologies\device spy.exe" = protocol=17 | dir=in | app=c:\program files (x86)\open source\developer tools for upnp technologies\device spy.exe | 
"UDP Query User{7A1D3AE2-45D8-4F50-BE8C-7814F3B1B468}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{CCC83377-A58A-463D-AC00-51C96E8CD07C}C:\program files (x86)\pacificpoker\bin\poker.exe" = protocol=17 | dir=in | app=c:\program files (x86)\pacificpoker\bin\poker.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{10AAF056-7792-497A-ACAF-3BF002196574}" = Validity Sensors DDK
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX430_series" = Canon MX430 series MP Drivers
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86417009FF}" = Java 7 Update 9 (64-bit)
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{50B4B603-A4C6-4739-AE96-6C76A0F8A388}" = Dell Backup and Recovery Manager
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}" = Microsoft SQL Server Native Client
"{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 285.77
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 285.77
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 285.77
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.5.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.24.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B636C9B9-A3F2-4DCE-ADCC-72E095018385}" = Microsoft SQL Server VSS Writer
"{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Überwachungstool für die Intel® Turbo-Boost-Technik 2.0
"{C0C2D40A-1231-46FA-8F02-B45E6BF2036A}" = DigitalPersona Fingerprint Software 5.20
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"DW WLAN Card" = DW WLAN Card
"GIMP-2_is1" = GIMP 2.8.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"PC-Doctor for Windows" = Dell Support Center
"Stellarium_is1" = Stellarium 0.11.4
"VaudiX" = 
"VLC media player" = VLC media player 2.0.4
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F7ACD8E-66FC-4C14-90B4-9C457CC73D63}" = Developer Tools for UPnP Technologies
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress
"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{47EA4DDF-FD99-46B3-846C-9F3F315268AD}" = ICM Trainer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C454033-8240-425E-A170-1C648FCB74FD}" = PokerStrategy.com Equilab
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{58D379F7-62BC-4748-8237-FE071ECE797C}" = Microsoft SQL Server 2005 Tools
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{5C2F3077-DBF4-4931-8186-26A6161B29C3}" = CambridgeSoft ChemDraw ActiveX Enterprise Constant 12.0
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{681002C6-5019-81A2-7871-A43754F71E56}" = 
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{87434D51-51DB-4109-B68F-A829ECDCF380}" = AccelerometerP11
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.4) MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B0F9497C-52B4-4686-8E73-74D866BBDF59}" = Microsoft SQL Server 2005 (CSSQL05)
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B93BC257-3F73-47B1-B68D-597C6878C8E7}" = CambridgeSoft ChemBioDraw Ultra 12.0
"{BED0B8A2-2986-49F8-90D6-FA008D37A3D2}" = Trend Micro Client/Server Security Agent
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CBCF6C86-4738-4A84-9C2C-331804DCEB9B}" = LibreOffice 3.6
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E773E0B9-6ABE-4F9E-816C-56B2DD8613B9}" = CambridgeSoft Activation Client
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter
"{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F596E368-2A1D-4896-AB37-C81BFA4DD011}" = CambridgeSoft ENotebook 12.02
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"7-Zip" = 7-Zip 9.20
"888poker" = 888poker
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Anki" = Anki
"Argumentative" = Argumentative
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"Canon MX430 series Benutzerregistrierung" = Canon MX430 series Benutzerregistrierung
"Canon MX430 series On-screen Manual" = Canon MX430 series On-screen Manual
"Canon_IJ_Network_Scanner_Selector_EX" = Canon IJ Network Scanner Selector EX
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon My Printer
"Convert Image To PDF_is1" = Convert Image To PDF
"Dell Webcam Central" = Dell Webcam Central
"DivX Setup" = DivX Setup
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.34.1015
"GanttProject" = GanttProject
"HoldemManager2" = Holdem Manager 2
"Inkscape" = Inkscape 0.48.1 
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5
"jdownloader09" = JDownloader 0.9
"jMemorize" = jMemorize
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 9.5.5
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"MestReNova LITE" = MestReNova LITE 5.2.5-5780
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"Mozilla Thunderbird 17.0 (x86 de)" = Mozilla Thunderbird 17.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 5.1" = Canon MP Navigator EX 5.1
"NAV" = Norton AntiVirus
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"PartyPoker" = PartyPoker
"PhraseExpress_is1" = PhraseExpress v8.0.156
"PokerStars" = PokerStars
"PostgreSQL 8.4" = PostgreSQL 8.4
"Scribus 1.4.1" = Scribus 1.4.1
"SP_09de8db5" = 
"Speed Dial Utility" = Canon Kurzwahlprogramm
"TrueCrypt" = TrueCrypt
"Trusted Software Assistant_is1" = File Type Assistant
"win2day Poker " = win2day Poker
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"WinDirStat" = WinDirStat 1.1.2
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 02.01.2013 07:04:07 | Computer Name = robert_dell | Source = WinMgmt | ID = 10
Description = 
 
Error - 02.01.2013 09:57:47 | Computer Name = robert_dell | Source = PostgreSQL | ID = 0
Description = 2013-01-02 14:57:47 CETFATAL:  the database system is starting up 
 
Error - 02.01.2013 09:57:48 | Computer Name = robert_dell | Source = PostgreSQL | ID = 0
Description = 2013-01-02 14:57:48 CETFATAL:  the database system is starting up 
 
Error - 02.01.2013 09:58:58 | Computer Name = robert_dell | Source = WinMgmt | ID = 10
Description = 
 
Error - 03.01.2013 07:07:25 | Computer Name = robert_dell | Source = PostgreSQL | ID = 0
Description = 2013-01-03 12:07:25 CETFATAL:  the database system is starting up 
 
Error - 03.01.2013 07:08:56 | Computer Name = robert_dell | Source = WinMgmt | ID = 10
Description = 
 
Error - 03.01.2013 10:27:17 | Computer Name = robert_dell | Source = PostgreSQL | ID = 0
Description = 2013-01-03 15:27:17 CETFATAL:  the database system is starting up 
 
Error - 03.01.2013 10:27:42 | Computer Name = robert_dell | Source = WinMgmt | ID = 10
Description = 
 
Error - 03.01.2013 11:06:37 | Computer Name = robert_dell | Source = PostgreSQL | ID = 0
Description = 2013-01-03 16:06:37 CETERROR:  relation "readsettings" already exists
2013-01-03
 16:06:37 CETSTATEMENT:  CREATE TABLE readsettings   (     lastid bigint,     lasttournament
 bigint,     databaseversion text,     lastomahacash bigint,     lastomahatournament bigint
	)
	WITH
 (     OIDS=FALSE   );   ALTER TABLE readsettings OWNER TO postgres;      insert into readsettings
 values(0,0,'12',0,0); 
 
Error - 03.01.2013 11:06:37 | Computer Name = robert_dell | Source = PostgreSQL | ID = 0
Description = 2013-01-03 16:06:37 CETERROR:  relation "notecaddy_data" already exists
2013-01-03
 16:06:37 CETSTATEMENT:  CREATE TABLE notecaddy_data   (    player_id integer NOT NULL,
		data
 text,    CONSTRAINT ncd PRIMARY KEY (player_id)   );   ALTER TABLE notecaddy_data OWNER TO
 postgres; 
 
[ System Events ]
Error - 01.01.2013 18:17:18 | Computer Name = robert_dell | Source = DCOM | ID = 10010
Description = 
 
Error - 02.01.2013 04:03:01 | Computer Name = robert_dell | Source = DCOM | ID = 10016
Description = 
 
Error - 02.01.2013 05:21:33 | Computer Name = robert_dell | Source = DCOM | ID = 10016
Description = 
 
Error - 02.01.2013 05:52:13 | Computer Name = robert_dell | Source = DCOM | ID = 10016
Description = 
 
Error - 02.01.2013 05:52:17 | Computer Name = robert_dell | Source = DCOM | ID = 10010
Description = 
 
Error - 02.01.2013 07:04:04 | Computer Name = robert_dell | Source = DCOM | ID = 10016
Description = 
 
Error - 02.01.2013 09:59:01 | Computer Name = robert_dell | Source = DCOM | ID = 10016
Description = 
 
Error - 02.01.2013 09:59:20 | Computer Name = robert_dell | Source = WMPNetworkSvc | ID = 866300
Description = 
 
Error - 03.01.2013 07:08:35 | Computer Name = robert_dell | Source = DCOM | ID = 10016
Description = 
 
Error - 03.01.2013 10:28:13 | Computer Name = robert_dell | Source = DCOM | ID = 10016
Description = 
 
 
< End of report >
         
--- --- ---

Alt 03.01.2013, 17:27   #10
Psychotic
/// Malwareteam
 
Werbelinks in Browser - Pop-ups - Standard

Werbelinks in Browser - Pop-ups



Schritt 1: Fix mit OTL

  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die Textbox.
Code:
ATTFilter
:OTL
MOD - C:\Users\robert\AppData\Local\Temp\d6ebea43-a7f6-428d-ab33-ddb1ea1983ec\CliSecureRT.dll ()
IE - HKCU\..\SearchScopes\{FCEF7658-2F66-43AC-BB1C-217AB5970356}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=4E6E978F-28F6-43A5-B32A-1D1B9203B10D&apn_sauid=11269212-1435-4A62-9BA6-FDFB33429FB8
O2 - BHO: (Vaudix Class) - {D1D3E22B-DB53-9064-7038-F10FC553AE1F} - C:\ProgramData\Vaudix\509f1b2003f0c.ocx ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
[2012.07.30 13:16:20 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
:COMMANDS
[emptytemp]
         
  • Schliesse bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread



Schritt 2: MBAM



Downloade Dir bitte Malwarebytes
  • Installiere das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere Quick-Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 03.01.2013, 19:22   #11
bazzzingah
 
Werbelinks in Browser - Pop-ups - Standard

Werbelinks in Browser - Pop-ups



Code:
ATTFilter
All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FCEF7658-2F66-43AC-BB1C-217AB5970356}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FCEF7658-2F66-43AC-BB1C-217AB5970356}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D1D3E22B-DB53-9064-7038-F10FC553AE1F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D1D3E22B-DB53-9064-7038-F10FC553AE1F}\ deleted successfully.
C:\ProgramData\Vaudix\509f1b2003f0c.ocx moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
C:\Windows\MusiccityDownload.exe moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: postgres
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: robert
->Temp folder emptied: 81210320 bytes
->Temporary Internet Files folder emptied: 92780731 bytes
->Java cache emptied: 8312955 bytes
->FireFox cache emptied: 69954417 bytes
->Flash cache emptied: 969 bytes
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3232516 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 723536 bytes
 
Total Files Cleaned = 244,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 01032013_181737

Files\Folders moved on Reboot...
C:\Users\robert\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\tm_icrcL_A606D985_38CA_41ab_BCD9_60F771CF800D scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         
Code:
ATTFilter
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.01.03.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
robert :: ROBERT_DELL [Administrator]

03.01.2013 19:13:50
mbam-log-2013-01-03 (19-13-50).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 252854
Laufzeit: 3 Minute(n), 4 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
keine Funde durch Malwarebytes

Alt 04.01.2013, 16:10   #12
Psychotic
/// Malwareteam
 
Werbelinks in Browser - Pop-ups - Standard

Werbelinks in Browser - Pop-ups



Wie verhält sich der Rechner?
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 04.01.2013, 16:30   #13
bazzzingah
 
Werbelinks in Browser - Pop-ups - Standard

Werbelinks in Browser - Pop-ups



Sieht alles sehr gut aus! Ich glaube er hats geschafft.

Vielen Dank für die kompetente Hilfe!!!

Alt 07.01.2013, 07:20   #14
Psychotic
/// Malwareteam
 
Werbelinks in Browser - Pop-ups - Standard

Werbelinks in Browser - Pop-ups



Sieht ganz gut aus - kontrollieren wir alles nochmal!


Schritt 1: MBAM vollständig


Downloade Dir bitte Malwarebytes
  • Installiere das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere Vollständigen Scan durchführen und drücke auf Scannen. (Hinweis: Alle Festplatten anhaken!)
  • Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.



Schritt 2: ESET


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Schritt 3: adwCleaner



Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:AdwCleaner[S1].txt.
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 17.01.2013, 16:00   #15
bazzzingah
 
Werbelinks in Browser - Pop-ups - Standard

Werbelinks in Browser - Pop-ups



Hallo! Sorry, hab irgendwie komplett auf den Beitrag hier vergessen...

Ich kann leider die für den zweiten Schritt erforderliche Datei nicht finden. - esetsmartinstaller_enu.exe

Hier mal die beiden anderen Log-Files:

Code:
ATTFilter
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.01.16.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
robert :: ROBERT_DELL [Administrator]

16.01.2013 13:15:49
mbam-log-2013-01-16 (13-15-49).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 898830
Laufzeit: 4 Stunde(n), 54 Minute(n), 21 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Code:
ATTFilter
# AdwCleaner v2.105 - Datei am 17/01/2013 um 15:47:44 erstellt
# Aktualisiert am 08/01/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : robert - ROBERT_DELL
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\robert\Downloads\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gefunden : C:\ProgramData\APN
Ordner Gefunden : C:\ProgramData\boost_interprocess
Ordner Gefunden : C:\Users\robert\AppData\LocalLow\boost_interprocess

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKLM\Software\Description

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v19.0 (de)

Datei : C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\clrglzif.default\prefs.js

Gefunden : user_pref("extensions.DivXWebPlayer@divx.com.install-event-fired", true);
Gefunden : user_pref("extensions.enabledAddons", "DivXWebPlayer%40divx.com:2.0.2.039,testpilot%40labs.mozilla.c[...]

*************************

AdwCleaner[R1].txt - [1280 octets] - [02/01/2013 10:17:45]
AdwCleaner[R2].txt - [1175 octets] - [17/01/2013 15:47:44]
AdwCleaner[S1].txt - [5903 octets] - [27/12/2012 22:42:54]
AdwCleaner[S2].txt - [1342 octets] - [02/01/2013 10:18:57]
AdwCleaner[S3].txt - [1387 octets] - [03/01/2013 15:25:39]

########## EOF - C:\AdwCleaner[R2].txt - [1415 octets] ##########
         

Antwort

Themen zu Werbelinks in Browser - Pop-ups
browser, firefox, foren, gesuch, gesucht, liste, listen, malwarebytes, mauszeiger, norton, pop-up, pop-ups, popup, poste, spybot, thema, werbelinks




Ähnliche Themen: Werbelinks in Browser - Pop-ups


  1. Laptop langsam und überall Werbelinks
    Plagegeister aller Art und deren Bekämpfung - 25.02.2015 (9)
  2. Windows 8 / "Feun2Save": Nur noch Werbelinks usw. im Browser; Browser öffnet sich von alleine
    Log-Analyse und Auswertung - 06.10.2014 (18)
  3. Werbelinks und -filme auf Firefox
    Log-Analyse und Auswertung - 13.09.2014 (14)
  4. Win8.1: Firefox: ständige neue Werbefenster und Werbelinks im Text
    Plagegeister aller Art und deren Bekämpfung - 04.05.2014 (41)
  5. Win8.1: Firefox: ständige neue Werbefenster und Werbelinks im Text
    Plagegeister aller Art und deren Bekämpfung - 07.04.2014 (17)
  6. Windows8: Werbelinks im Text auf diversen Internetseiten
    Log-Analyse und Auswertung - 18.03.2014 (15)
  7. Win7: (Popup-)Werbung und blaue, doppelt unterstrichene Werbelinks
    Log-Analyse und Auswertung - 13.03.2014 (7)
  8. Win8: Grün unterstrichene Wörter mit Werbelinks und Pop-Ups
    Plagegeister aller Art und deren Bekämpfung - 03.03.2014 (13)
  9. zweifelhafte Werbelinks in mit Google Chrome geöffneten Seiten
    Log-Analyse und Auswertung - 02.03.2014 (5)
  10. Pop-Ups und Werbelinks im Firefox
    Plagegeister aller Art und deren Bekämpfung - 03.02.2014 (9)
  11. Windows 7: Penetrante Werbung und Werbelinks (überall!) im Browser!
    Log-Analyse und Auswertung - 19.11.2013 (16)
  12. Werbelinks und Popups
    Plagegeister aller Art und deren Bekämpfung - 13.10.2013 (3)
  13. Nervige Werbelinks in firefox
    Alles rund um Windows - 06.10.2013 (1)
  14. Beim Googeln weiterleitung auf Werbelinks
    Plagegeister aller Art und deren Bekämpfung - 23.03.2013 (19)
  15. Verlangsamtes System und unterstrichene Werbelinks in sämtlichen Texten, off- und online.
    Log-Analyse und Auswertung - 23.03.2013 (8)
  16. Werbelinks auf beinahe allen Seiten
    Log-Analyse und Auswertung - 06.02.2013 (2)
  17. Internet Explorer öffnen falsche Links bzw. Werbelinks
    Log-Analyse und Auswertung - 24.03.2007 (6)

Zum Thema Werbelinks in Browser - Pop-ups - Hallo! Ich habe im Browser ständig irgendwelche Werbelinks, bei denen sich beim Berühren mit dem Mauszeiger ein Popup öffnet. Dies sieht so aus: hxxp://img717.imageshack.us/img717/3949/werbelink.jpg Hier poste ich, weil ich das - Werbelinks in Browser - Pop-ups...
Archiv
Du betrachtest: Werbelinks in Browser - Pop-ups auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.