Onlinenbanking ausspioniert mit PWS:Win32/Zbot

Tweety87 · 09.01.2013, 11:19

Hallo zusammen,

ich bräuchte dringend Hilfe bezüglich einem Trojanerproblem der meine Onlinebanking Daten ausspioniert hat.

Aufmerksam wurde ich darauf durch meine Bank.
Nach dem Hochfahren des Computers zeigte mir nach einiger Zeit Microsoft Security Essentials auch schon mehre Funde an, nur anscheinend eben schon zu spät.

Erkanntes Element: PWS:Win 32/Zbot
Elemente: file:C:\Users\Viktor\AppData\Roaming\Dynyri\utozhe.exe

Erkanntes Element: Exploit:Java/CVE-2012-1723
Elemente: containerfile:C:\Users\Viktor\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\7a93b684-66c45d07
file:C:\Users\Viktor\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\7a93b684-66c45d07->hw.class
file:C:\Users\Viktor\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\7a93b684-66c45d07->m.class
file:C:\Users\Viktor\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\7a93b684-66c45d07->test.class
file:C:\Users\Viktor\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\7a93b684-66c45d07->vcs.class

Erkanntes Element: PWS:Win32/Zbot.gen!AL
Elemente: file:C:\Users\Viktor\AppData\Roaming\Efreyz\ytetut.exe

Erkanntes Element: PWS:Win32/Fareit
Elemente: file:C:\Users\Viktor\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\7a93b684-6d4c136c

Habe dann diese von Microsoft Security Essentials entfernen lassen.
Meine Frage ist jetzt wie und ob ich überhaupt meinen Computer wieder sauber bekomme oder ob eine Neuinstallation von Windows nötig ist.

Habe gem. Anleitung verschiedene Scans durchgeführt:
- Malwarebytes
- OTL
- Defogger
- gmer

Code:

ATTFilter

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.01.08.13

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Viktor :: VIKTOR-PC [Administrator]

09.01.2013 00:26:06
mbam-log-2013-01-09 (00-26-06).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 575169
Laufzeit: 2 Stunde(n), 51 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Code:

ATTFilter

OTL logfile created on: 09.01.2013 09:38:20 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Viktor\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,89 Gb Total Physical Memory | 4,93 Gb Available Physical Memory | 62,47% Memory free
15,77 Gb Paging File | 12,71 Gb Available in Paging File | 80,58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 297,99 Gb Total Space | 108,38 Gb Free Space | 36,37% Space Free | Partition Type: NTFS
Drive D: | 1862,98 Gb Total Space | 1135,05 Gb Free Space | 60,93% Space Free | Partition Type: NTFS
 
Computer Name: VIKTOR-PC | User Name: Viktor | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - File not found -- 
PRC - [2013.01.09 09:36:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Viktor\Desktop\OTL.exe
PRC - [2013.01.01 20:15:27 | 001,044,816 | ---- | M] (Flexera Software, Inc.) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2012.12.29 00:02:24 | 028,539,392 | ---- | M] (Dropbox, Inc.) -- C:\Users\Viktor\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.10.09 10:53:36 | 004,441,920 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Viktor\AppData\Local\Akamai\netsession_win.exe
PRC - [2012.09.19 21:10:10 | 001,177,536 | R--- | M] (Western Digital ) -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe
PRC - [2012.09.19 21:10:06 | 001,157,056 | R--- | M] (Western Digital ) -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
PRC - [2012.09.19 21:03:58 | 005,236,664 | R--- | M] (Western Digital Technologies, Inc.) -- C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
PRC - [2012.09.19 21:02:48 | 000,248,248 | R--- | M] (Western Digital) -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
PRC - [2012.09.06 04:50:00 | 008,443,832 | ---- | M] (WIBU-SYSTEMS AG) -- C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe
PRC - [2012.09.06 04:50:00 | 002,569,144 | ---- | M] (WIBU-SYSTEMS AG) -- C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
PRC - [2012.07.23 17:32:20 | 001,632,216 | ---- | M] (Autodesk, Inc.) -- C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe
PRC - [2012.06.05 15:54:49 | 001,434,336 | ---- | M] (Plaxis bv) -- C:\Program Files (x86)\Plaxis\PLAXIS Connect\PlaxisUpdater.exe
PRC - [2012.02.29 17:57:26 | 002,306,048 | ---- | M] (Nemetschek SCIA) -- C:\Program Files (x86)\Common Files\Scia\LicenceServer\FlexnetServer\scia\scia.exe
PRC - [2012.02.10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
PRC - [2012.01.31 10:46:56 | 000,019,232 | ---- | M] (Autodesk, Inc.) -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
PRC - [2011.12.01 03:05:00 | 000,089,152 | ---- | M] (Lenovo) -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
PRC - [2011.12.01 03:05:00 | 000,064,576 | ---- | M] (Lenovo Group Limited) -- C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe
PRC - [2011.10.17 15:49:14 | 000,148,768 | ---- | M] (Broadcom Corporation.) -- C:\Programme\ThinkPad\Bluetooth Software\Bluetooth Headset Helper.exe
PRC - [2011.10.03 08:30:32 | 000,098,304 | ---- | M] (Firebird Project) -- C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe
PRC - [2011.10.03 08:30:20 | 003,764,224 | ---- | M] (Firebird Project) -- C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe
PRC - [2011.09.27 13:17:40 | 000,386,408 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\AutoLock\ALCKRESI.exe
PRC - [2011.08.05 18:11:40 | 006,587,728 | ---- | M] (Flexera Software, Inc.) -- C:\Program Files (x86)\Common Files\Scia\LicenceServer\FlexnetServer\lmadmin.exe
PRC - [2011.03.08 13:21:18 | 000,138,168 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\ZOOM\TpScrex.exe
PRC - [2011.03.08 13:20:58 | 000,267,624 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2011.02.07 16:15:38 | 000,210,896 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
PRC - [2011.01.17 10:42:04 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011.01.17 10:42:02 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.12.02 12:55:54 | 000,064,440 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2010.11.24 16:34:24 | 000,045,496 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\micmute.exe
PRC - [2010.11.18 16:47:52 | 000,446,592 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\SysWOW64\SASrv.exe
PRC - [2010.04.07 14:37:38 | 000,093,032 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\VIRTSCRL\lvvsst.exe
PRC - [2010.04.01 14:50:44 | 000,043,960 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\VIRTSCRL\virtscrl.exe
PRC - [2009.03.30 14:00:54 | 000,221,184 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe
PRC - [2008.10.01 17:28:56 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2008.08.13 14:34:08 | 001,891,416 | ---- | M] (GARMIN Corp.) -- C:\Program Files (x86)\Garmin\Training Center\gStart.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.02.20 20:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012.02.20 20:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.09.26 14:22:42 | 002,085,888 | ---- | M] () -- C:\Programme\Lenovo\AutoLock\cv210.dll
MOD - [2011.09.26 14:22:40 | 002,201,088 | ---- | M] () -- C:\Programme\Lenovo\AutoLock\cxcore210.dll
MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
MOD - [2009.02.27 15:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2011.08.11 11:20:42 | 000,045,928 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC)
SRV:64bit: - [2011.03.29 19:15:36 | 000,047,728 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Windows\SysNative\TPHDEXLG64.exe -- (TPHDEXLGSVC)
SRV:64bit: - [2010.12.17 08:18:08 | 000,198,784 | ---- | M] (Conexant Systems Inc.) [Auto | Running] -- C:\Windows\SysNative\CxAudMsg64.exe -- (CxAudMsg)
SRV:64bit: - [2009.12.16 15:44:44 | 003,750,400 | ---- | M] (SafeNet Inc.) [Auto | Running] -- C:\Windows\SysNative\hasplms.exe -- (hasplms)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.01.09 01:17:05 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.01.01 20:15:27 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.12.09 00:54:30 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.11.03 18:53:35 | 001,432,400 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV - [2012.10.19 16:14:08 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.09.19 21:10:10 | 001,177,536 | R--- | M] (Western Digital ) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe -- (WDRulesService)
SRV - [2012.09.19 21:10:06 | 001,157,056 | R--- | M] (Western Digital ) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe -- (WDBackup)
SRV - [2012.09.19 21:02:48 | 000,248,248 | R--- | M] (Western Digital) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe -- (WDDriveService)
SRV - [2012.09.06 04:50:00 | 002,569,144 | ---- | M] (WIBU-SYSTEMS AG) [Auto | Running] -- C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe -- (CodeMeter.exe)
SRV - [2012.02.10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe -- (BBUpdate)
SRV - [2012.02.10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe -- (BBSvc)
SRV - [2012.01.31 10:46:56 | 000,019,232 | ---- | M] (Autodesk, Inc.) [Auto | Running] -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe -- (Autodesk Content Service)
SRV - [2011.12.01 03:05:00 | 000,478,056 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE -- (DozeSvc)
SRV - [2011.12.01 03:05:00 | 000,175,168 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE -- (PwmEWSvc)
SRV - [2011.12.01 03:05:00 | 000,089,152 | ---- | M] (Lenovo) [On_Demand | Running] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE -- (Power Manager DBC Service)
SRV - [2011.10.17 15:48:24 | 000,970,016 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\ThinkPad\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2011.10.03 08:30:32 | 000,098,304 | ---- | M] (Firebird Project) [Auto | Running] -- C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe -- (FirebirdGuardianDefaultInstance)
SRV - [2011.10.03 08:30:20 | 003,764,224 | ---- | M] (Firebird Project) [On_Demand | Running] -- C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe -- (FirebirdServerDefaultInstance)
SRV - [2011.09.27 20:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2011.08.05 18:11:40 | 006,587,728 | ---- | M] (Flexera Software, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Scia\LicenceServer\FlexnetServer\lmadmin.exe -- (lmadmin)
SRV - [2011.07.27 21:04:48 | 001,517,328 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2011.07.27 20:44:18 | 000,844,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2011.07.25 23:18:46 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2011.04.27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Programme\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011.04.27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011.02.07 16:15:38 | 000,210,896 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service)
SRV - [2011.01.17 10:42:04 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011.01.17 10:42:02 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010.12.03 11:00:54 | 000,114,024 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD)
SRV - [2010.12.02 12:55:54 | 000,064,440 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2010.11.24 16:34:24 | 000,045,496 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV - [2010.11.18 16:47:52 | 000,446,592 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\SASrv.exe -- (SAService)
SRV - [2010.05.28 02:14:56 | 001,044,840 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010.04.07 14:37:38 | 000,093,032 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.08.18 11:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.11.17 09:08:13 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012.09.28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.08.21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.06.26 20:38:28 | 000,046,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2012.04.18 14:05:16 | 000,019,304 | ---- | M] (GARMIN Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\grmnusb.sys -- (grmnusb)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.12.01 03:05:00 | 000,031,344 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\DZHDD64.SYS -- (DzHDD64)
DRV:64bit: - [2011.12.01 03:05:00 | 000,014,960 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\TPPWR64V.SYS -- (TPPWRIF)
DRV:64bit: - [2011.10.17 16:24:50 | 000,437,288 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL)
DRV:64bit: - [2011.10.17 16:24:44 | 000,164,392 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2011.10.17 16:24:44 | 000,146,984 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2011.10.17 16:24:44 | 000,039,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2011.10.17 16:24:44 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2011.10.03 15:46:40 | 001,577,088 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2011.09.26 02:40:28 | 012,309,440 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011.09.02 07:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011.09.02 07:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011.08.23 06:12:56 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2011.08.11 11:20:42 | 000,039,024 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV:64bit: - [2011.08.04 15:45:24 | 000,341,680 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
DRV:64bit: - [2011.08.03 17:28:32 | 008,604,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2011.05.25 17:23:00 | 000,101,888 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdxc64.sys -- (risdxc)
DRV:64bit: - [2011.04.27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011.03.29 19:13:40 | 000,139,888 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsX64.sys -- (Shockprf)
DRV:64bit: - [2011.03.29 19:11:48 | 000,023,664 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsHM64.sys -- (TPDIGIMN)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.04 18:18:42 | 000,166,016 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\5U877.sys -- (5U877)
DRV:64bit: - [2011.02.16 16:53:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.10.19 16:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.10.17 18:13:58 | 000,103,224 | ---- | M] (WIBU-SYSTEMS AG) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\WibuKey64.sys -- (WIBUKEY)
DRV:64bit: - [2010.09.07 14:09:34 | 000,015,472 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\smiifx64.sys -- (lenovo.smi)
DRV:64bit: - [2009.09.21 07:07:26 | 000,071,040 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksdf.sys -- (aksdf)
DRV:64bit: - [2009.08.20 06:02:06 | 000,130,816 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksfridge.sys -- (aksfridge)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 00:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.13 09:55:38 | 000,318,464 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hardlock.sys -- (hardlock)
DRV:64bit: - [2007.02.19 06:56:38 | 000,027,136 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\psadd.sys -- (psadd)
DRV:64bit: - [2006.12.12 02:29:02 | 000,097,280 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BrSerIf.sys -- (BrSerIf)
DRV - [2011.05.30 18:21:40 | 000,013,128 | ---- | M] (Authentec Inc.) [Kernel | Auto | Running] -- C:\Programme\ThinkVantage Fingerprint Software\smihlp.sys -- (smihlp)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = hxxp://dnl.crawler.com/support/sa_customize.aspx?TbId=60747
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.crawler.com/search/ie.aspx?tb_id=60747
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=d3834896-af68-4d26-adab-f0407ba202b1&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=d3834896-af68-4d26-adab-f0407ba202b1&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=d3834896-af68-4d26-adab-f0407ba202b1&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 05 46 1E E5 8B 02 CD 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=d3834896-af68-4d26-adab-f0407ba202b1&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=d3834896-af68-4d26-adab-f0407ba202b1&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKCU\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=d3834896-af68-4d26-adab-f0407ba202b1&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}: "URL" = hxxp://www.crawler.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=60747
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={CC607C24-9371-4D00-82BF-15AB78DA9CDF}&mid=8397e39dab2f47d08eec9165b26a0f9d-5d8d1dcd24f02a1afd2f7614b8e09fe51bf8485d&lang=de&ds=od011&pr=sa&d=2012-03-23 19:18:05&v=10.2.0.3&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Web Search"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "hxxp://google.de/"
FF - prefs.js..extensions.enabledAddons: DeviceDetection%40logitech.com:1.24.0.9
FF - prefs.js..extensions.enabledAddons: %7B8AA36F4F-6DC7-4c06-77AF-5035170634FE%7D:2012.02.14
FF - prefs.js..extensions.enabledAddons: %7B5D3F3872-91E9-4d59-AD9F-AA174A3145DD%7D:4.00.33
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..keyword.URL: "hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=d3834896-af68-4d26-adab-f0407ba202b1&affid=111585&searchtype=ds&babsrc=lnkry&q="
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.03.31 20:36:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2012.04.23 16:58:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{5D3F3872-91E9-4d59-AD9F-AA174A3145DD}: C:\Program Files\Logitech\FlowScroll\LogiSmoothFirefoxExt [2012.06.04 08:11:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}: C:\Program Files (x86)\Crawler\Toolbar\firefox\ [2012.08.07 15:17:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.09 00:54:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.09 00:21:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.12.07 00:53:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.03.31 20:36:07 | 000,000,000 | ---D | M]
 
[2012.02.22 23:09:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Viktor\AppData\Roaming\mozilla\Extensions
[2012.10.23 07:30:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Viktor\AppData\Roaming\mozilla\Firefox\Profiles\nxdadjav.default\extensions
[2012.06.04 08:12:59 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\Viktor\AppData\Roaming\mozilla\Firefox\Profiles\nxdadjav.default\extensions\DeviceDetection@logitech.com
[2012.12.05 09:02:10 | 000,002,615 | ---- | M] () -- C:\Users\Viktor\AppData\Roaming\mozilla\firefox\profiles\nxdadjav.default\searchplugins\Web Search.xml
[2012.12.09 00:53:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.06.04 08:11:39 | 000,000,000 | ---D | M] (Logitech Flow Scroll) -- C:\PROGRAM FILES\LOGITECH\FLOWSCROLL\LOGISMOOTHFIREFOXEXT
[2012.04.23 16:58:34 | 000,000,000 | ---D | M] (Citavi Picker) -- C:\PROGRAMDATA\SWISS ACADEMIC SOFTWARE\CITAVI PICKER\FIREFOX
[2012.12.09 00:54:32 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.12.09 00:54:15 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.23 19:17:53 | 000,003,749 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012.12.09 00:54:15 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2007.07.26 12:05:16 | 000,001,329 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\crawlersrch.xml
[2012.12.09 00:54:15 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.12.09 00:54:15 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.12.09 00:54:15 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.12.09 00:54:15 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Logitech Flow Scroll) - {E11DB59D-5008-42ff-9069-535843BC0BE1} - C:\Programme\Logitech\FlowScroll\LogiSmooth.dll (Logitech, Inc.)
O2 - BHO: (&Crawler Toolbar Helper) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll (Crawler.com)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Logitech Flow Scroll) - {E11DB59D-5008-42ff-9069-535843BC0BE1} - C:\Programme\Logitech\FlowScroll\32-bit\LogiSmooth.dll (Logitech, Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll (Crawler.com)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll (Crawler.com)
O4:64bit: - HKLM..\Run: [ALCKRESI.EXE] C:\Programme\Lenovo\AutoLock\ALCKRESI.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [Autodesk Sync] C:\Programme\Autodesk\Autodesk Sync\AdSync.exe (Autodesk, Inc.)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [ForteConfig] C:\Programme\CONEXANT\ForteConfig\fmapp.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft Device Center\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelliType Pro] c:\Program Files\Microsoft Device Center\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [LogiScrollApp] C:\Programme\Logitech\FlowScroll\KhalScroll.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [PSQLLauncher] C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe (Authentec Inc.)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant systems, Inc.)
O4:64bit: - HKLM..\Run: [SpywareTerminatorShield] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe File not found
O4:64bit: - HKLM..\Run: [SpywareTerminatorUpdater] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe File not found
O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [ADSK DLMSession] C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe (Autodesk, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor File not found
O4 - HKLM..\Run: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe (Ricoh co.,Ltd.)
O4 - HKLM..\Run: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe (Western Digital Technologies, Inc.)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Viktor\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [gStart] C:\Program Files (x86)\Garmin\Training Center\gStart.exe (GARMIN Corp.)
O4 - HKCU..\Run: [PlaxisUpdater.exe] C:\Program Files (x86)\Plaxis\PLAXIS Connect\PlaxisUpdater.exe (Plaxis bv)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Viktor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Viktor\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:  = 
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Crawler Search - tbr:iemenu File not found
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Crawler Search - tbr:iemenu File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F0FC983A-FED1-49E9-BFB3-68E8F3DF1677}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\tbr - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll (Crawler.com)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20:64bit: - Winlogon\Notify\psfus: DllName - (C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll) - C:\Programme\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.11.03 16:55:24 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.09 09:36:54 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Viktor\Desktop\OTL.exe
[2013.01.09 09:31:21 | 000,000,000 | ---D | C] -- C:\Users\Viktor\Desktop\Trojaner
[2013.01.09 00:24:49 | 000,000,000 | ---D | C] -- C:\Users\Viktor\AppData\Roaming\Malwarebytes
[2013.01.09 00:23:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.01.09 00:23:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.01.09 00:23:31 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.01.09 00:23:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.01.03 14:02:23 | 000,000,000 | ---D | C] -- C:\Users\Viktor\Documents\E-Plus
[2013.01.01 20:15:36 | 000,000,000 | ---D | C] -- C:\ProgramData\FNP
[2013.01.01 20:15:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Macrovision Shared
[2013.01.01 20:15:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Scia Licence Server
[2013.01.01 20:15:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Scia
[2012.12.19 16:35:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2012.12.15 16:20:16 | 000,000,000 | ---D | C] -- C:\Users\Viktor\Desktop\Fulda Immobilien
[2012.12.15 16:07:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.12.15 16:06:09 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.12.15 16:06:08 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.12.15 16:06:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012.12.15 16:06:08 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2011.02.07 16:15:50 | 000,020,944 | ---- | C] (Intel Corporation) -- C:\Users\Viktor\AppData\Roaming\JomCap.dll
[1 C:\Users\Viktor\Desktop\*.tmp files -> C:\Users\Viktor\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.09 09:36:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Viktor\Desktop\OTL.exe
[2013.01.09 09:35:37 | 000,000,168 | ---- | M] () -- C:\Users\Viktor\defogger_reenable
[2013.01.09 09:34:11 | 000,050,477 | ---- | M] () -- C:\Users\Viktor\Desktop\Defogger.exe
[2013.01.09 09:34:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.01.09 09:27:52 | 000,000,064 | RHS- | M] () -- C:\Windows\SysNative\drivers\vwifibus.winsecurity
[2013.01.09 09:20:41 | 001,619,012 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.01.09 09:20:41 | 000,698,970 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.01.09 09:20:41 | 000,654,248 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.01.09 09:20:41 | 000,149,134 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.01.09 09:20:41 | 000,122,080 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.01.09 09:16:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.01.09 08:58:56 | 000,000,064 | RHS- | M] () -- C:\Windows\SysNative\drivers\WUDFRd.winsecurity
[2013.01.09 00:23:37 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.01.09 00:20:56 | 000,021,984 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.09 00:20:56 | 000,021,984 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.09 00:13:48 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.01.09 00:13:39 | 000,000,000 | -H-- | M] () -- C:\ProgramData\cm-lock
[2013.01.09 00:13:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.09 00:12:53 | 2055,655,423 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.07 18:13:06 | 040,264,095 | ---- | M] () -- C:\Users\Viktor\Desktop\3.pdf
[2013.01.07 18:02:00 | 038,093,666 | ---- | M] () -- C:\Users\Viktor\Desktop\2.pdf
[2013.01.07 17:43:58 | 043,289,253 | ---- | M] () -- C:\Users\Viktor\Desktop\1.pdf
[2013.01.07 00:40:45 | 000,024,610 | ---- | M] () -- C:\Users\Viktor\AppData\Local\recently-used.xbel
[2013.01.05 16:10:50 | 000,001,051 | ---- | M] () -- C:\Users\Viktor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.01.05 16:10:29 | 000,001,021 | ---- | M] () -- C:\Users\Viktor\Desktop\Dropbox.lnk
[2013.01.04 13:35:43 | 000,088,661 | ---- | M] () -- C:\Users\Viktor\Desktop\STB2_-_2_Hoersaaluebung.pdf
[2013.01.01 20:19:19 | 000,001,172 | ---- | M] () -- C:\Users\Viktor\Desktop\SCIA115119.lid
[2013.01.01 20:15:25 | 000,001,321 | ---- | M] () -- C:\Users\Public\Desktop\Scia-Aktivierungsmanager.lnk
[2012.12.20 13:27:35 | 000,001,440 | ---- | M] () -- C:\Users\Viktor\AppData\Local\FriloWebInfo.html
[2012.12.20 11:19:34 | 002,846,325 | ---- | M] () -- C:\Users\Viktor\Desktop\HÜ2_GT3_V04.xmcd
[2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.12.12 00:50:12 | 000,000,205 | -H-- | M] () -- C:\Windows\SysNative\Zeichnung1.dwl2
[2012.12.12 00:50:12 | 000,000,055 | -H-- | M] () -- C:\Windows\SysNative\Zeichnung1.dwl
[1 C:\Users\Viktor\Desktop\*.tmp files -> C:\Users\Viktor\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.01.09 09:35:37 | 000,000,168 | ---- | C] () -- C:\Users\Viktor\defogger_reenable
[2013.01.09 09:34:09 | 000,050,477 | ---- | C] () -- C:\Users\Viktor\Desktop\Defogger.exe
[2013.01.09 00:23:37 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.01.09 00:13:39 | 000,000,000 | -H-- | C] () -- C:\ProgramData\cm-lock
[2013.01.07 18:12:00 | 040,264,095 | ---- | C] () -- C:\Users\Viktor\Desktop\3.pdf
[2013.01.07 18:01:05 | 038,093,666 | ---- | C] () -- C:\Users\Viktor\Desktop\2.pdf
[2013.01.07 17:42:54 | 043,289,253 | ---- | C] () -- C:\Users\Viktor\Desktop\1.pdf
[2013.01.07 10:53:59 | 002,846,325 | ---- | C] () -- C:\Users\Viktor\Desktop\HÜ2_GT3_V04.xmcd
[2013.01.07 00:40:45 | 000,024,610 | ---- | C] () -- C:\Users\Viktor\AppData\Local\recently-used.xbel
[2013.01.04 13:35:41 | 000,088,661 | ---- | C] () -- C:\Users\Viktor\Desktop\STB2_-_2_Hoersaaluebung.pdf
[2013.01.01 20:19:19 | 000,001,172 | ---- | C] () -- C:\Users\Viktor\Desktop\SCIA115119.lid
[2013.01.01 20:15:25 | 000,001,321 | ---- | C] () -- C:\Users\Public\Desktop\Scia-Aktivierungsmanager.lnk
[2012.12.12 00:50:12 | 000,000,205 | -H-- | C] () -- C:\Windows\SysNative\Zeichnung1.dwl2
[2012.12.12 00:50:12 | 000,000,055 | -H-- | C] () -- C:\Windows\SysNative\Zeichnung1.dwl
[2012.12.07 12:35:13 | 000,007,596 | ---- | C] () -- C:\Users\Viktor\AppData\Local\Resmon.ResmonCfg
[2012.11.30 20:14:11 | 000,001,440 | ---- | C] () -- C:\Users\Viktor\AppData\Local\FriloWebInfo.html
[2012.11.30 19:59:41 | 000,001,196 | ---- | C] () -- C:\Users\Viktor\AppData\Local\anzeige.htm
[2012.11.23 19:16:13 | 000,000,058 | ---- | C] () -- C:\Windows\SysWow64\DonationCoder_ScreenshotCaptor_InstallInfo.dat
[2012.11.23 19:16:13 | 000,000,058 | ---- | C] () -- C:\Users\Viktor\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
[2012.11.17 09:10:34 | 659,240,960 | ---- | C] () -- C:\Users\Viktor\MathCad_v15_M005.iso
[2012.08.07 14:12:26 | 004,503,728 | ---- | C] () -- C:\ProgramData\rat_0ybba.pad
[2012.05.07 09:08:49 | 000,000,772 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2012.05.07 09:08:49 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2012.05.07 09:05:26 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2012.05.07 09:05:26 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2012.04.15 16:28:37 | 000,000,007 | ---- | C] () -- C:\Windows\licpas64.ini
[2012.04.15 16:28:37 | 000,000,001 | ---- | C] () -- C:\Windows\licver64.ini
[2012.03.31 20:30:57 | 000,262,710 | ---- | C] () -- C:\Windows\hpwins23.dat
[2012.03.31 20:30:57 | 000,002,075 | ---- | C] () -- C:\Windows\hpwmdl23.dat
[2012.03.31 15:14:20 | 000,001,501 | ---- | C] () -- C:\Windows\hpwmdl23.dat.temp
[2012.03.27 18:37:46 | 000,000,019 | ---- | C] () -- C:\Windows\licdat64.ini
[2012.02.29 12:59:22 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012.02.29 12:59:22 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2012.02.29 12:56:03 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll
[2012.02.23 18:31:01 | 000,000,173 | ---- | C] () -- C:\Users\Viktor\AppData\Local\msmathematics.qat.Viktor
[2012.02.22 21:24:08 | 001,596,906 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.02.22 21:06:32 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012.02.22 21:06:30 | 000,216,000 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012.02.22 21:06:27 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.02.22 21:06:23 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2012.02.22 21:06:20 | 013,903,360 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.01.01 21:43:07 | 000,000,000 | ---D | M] -- C:\Users\Viktor\AppData\Roaming\.anki
[2012.12.03 09:18:15 | 000,000,000 | ---D | M] -- C:\Users\Viktor\AppData\Roaming\Autodesk
[2012.11.17 09:11:12 | 000,000,000 | ---D | M] -- C:\Users\Viktor\AppData\Roaming\DAEMON Tools Lite
[2012.11.23 19:16:13 | 000,000,000 | ---D | M] -- C:\Users\Viktor\AppData\Roaming\DonationCoder
[2013.01.09 09:34:29 | 000,000,000 | ---D | M] -- C:\Users\Viktor\AppData\Roaming\Dropbox
[2013.01.07 14:08:49 | 000,000,000 | ---D | M] -- C:\Users\Viktor\AppData\Roaming\Dynyri
[2013.01.07 16:41:44 | 000,000,000 | ---D | M] -- C:\Users\Viktor\AppData\Roaming\Efreyz
[2012.04.26 11:45:27 | 000,000,000 | ---D | M] -- C:\Users\Viktor\AppData\Roaming\FreePDF
[2012.03.02 14:55:36 | 000,000,000 | ---D | M] -- C:\Users\Viktor\AppData\Roaming\FreeSweetGames
[2012.05.22 19:26:13 | 000,000,000 | ---D | M] -- C:\Users\Viktor\AppData\Roaming\Garmin
[2012.06.04 08:09:57 | 000,000,000 | ---D | M] -- C:\Users\Viktor\AppData\Roaming\Leadertech
[2012.11.17 09:43:21 | 000,000,000 | ---D | M] -- C:\Users\Viktor\AppData\Roaming\Mathsoft
[2012.12.04 17:05:32 | 000,000,000 | ---D | M] -- C:\Users\Viktor\AppData\Roaming\OpenCandy
[2012.11.05 10:17:33 | 000,000,000 | ---D | M] -- C:\Users\Viktor\AppData\Roaming\PC-FAX TX
[2012.12.04 17:05:46 | 000,000,000 | ---D | M] -- C:\Users\Viktor\AppData\Roaming\pdfforge
[2012.06.16 12:26:56 | 000,000,000 | ---D | M] -- C:\Users\Viktor\AppData\Roaming\Plaxis
[2012.11.17 19:10:53 | 000,000,000 | ---D | M] -- C:\Users\Viktor\AppData\Roaming\PTC
[2012.02.22 21:36:04 | 000,000,000 | ---D | M] -- C:\Users\Viktor\AppData\Roaming\PwrMgr
[2012.11.03 14:13:31 | 000,000,000 | ---D | M] -- C:\Users\Viktor\AppData\Roaming\SOFiSTiK
[2012.04.23 17:44:23 | 000,000,000 | ---D | M] -- C:\Users\Viktor\AppData\Roaming\Swiss Academic Software
[2012.02.23 09:31:02 | 000,000,000 | ---D | M] -- C:\Users\Viktor\AppData\Roaming\Thunderbird
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
[2012.02.27 22:06:29 | 000,000,000 | ---D | M](C:\Users\Viktor\Documents\????-??????) -- C:\Users\Viktor\Documents\Кино-Тексты
[2011.10.17 22:30:57 | 000,000,000 | ---D | C](C:\Users\Viktor\Documents\????-??????) -- C:\Users\Viktor\Documents\Кино-Тексты
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 32 bytes -> C:\Windows:CM_6b2aa27ca20226596c1dc014646cff31908105fef30a218b13629f7d56d9fbcb
@Alternate Data Stream - 32 bytes -> C:\Windows:CM_14a6d2d0f70e8a44b92b6ca9e5ce29afcee8e3aa480304222c7482009b99118c

< End of report >

Bin für jede Hilfe und Information im Voraus dankbar.

cosinus · 09.01.2013, 12:41

Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner?
Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!

Zitat:

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.

Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].

Setze den Curser zwischen die CODE-Tags und drücke STRG+V.

Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Tweety87 · 09.01.2013, 20:45

Hallo,

hier sind noch weitere Logs von Scans die ich heute morgen gemacht habe. Funde sind nicht vorhanden soweit ich das beurteilen, oder?

Code:

ATTFilter

OTL Extras logfile created on: 09.01.2013 09:38:20 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Viktor\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,89 Gb Total Physical Memory | 4,93 Gb Available Physical Memory | 62,47% Memory free
15,77 Gb Paging File | 12,71 Gb Available in Paging File | 80,58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 297,99 Gb Total Space | 108,38 Gb Free Space | 36,37% Space Free | Partition Type: NTFS
Drive D: | 1862,98 Gb Total Space | 1135,05 Gb Free Space | 60,93% Space Free | Partition Type: NTFS
 
Computer Name: VIKTOR-PC | User Name: Viktor | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Ö&ffnen als mb-Projekt] -- C:\mb2011\bin64\PMVERS~1.EXE "%1" (mb AEC Software GmbH)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Ö&ffnen als mb-Projekt] -- C:\mb2011\bin64\PMVERS~1.EXE "%1" (mb AEC Software GmbH)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe" = C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe:*:Enabled:CodeMeter Runtime Server -- (WIBU-SYSTEMS AG)
"C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe" = C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe:*:Enabled:CodeMeter Runtime Server -- (WIBU-SYSTEMS AG)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe" = C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe:*:Enabled:CodeMeter Runtime Server -- (WIBU-SYSTEMS AG)
"C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe" = C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe:*:Enabled:CodeMeter Runtime Server -- (WIBU-SYSTEMS AG)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2084964A-92F4-40E4-88CB-DBE56660A300}" = lport=28084 | protocol=17 | dir=in | name=udp 28084 | 
"{262A6E51-CBDB-4ECB-8106-6AA5FC05E288}" = lport=50248 | protocol=6 | dir=in | name=autodesk content service | 
"{2A5D188E-55F2-4041-A22E-FDEE979DBFB1}" = lport=25681 | protocol=17 | dir=in | name=udp 25681 | 
"{459AA974-27F5-4760-923E-E4527CA11CE5}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{47588719-66E4-4C3D-AAC1-B195CEC596FC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{665E3EA0-C433-4CDE-9D24-ABE6A68C3AF4}" = lport=138 | protocol=17 | dir=in | app=system | 
"{6A713EF1-A1E3-4845-9B0A-1030341A350C}" = lport=445 | protocol=6 | dir=in | app=system | 
"{6E9023AD-BB40-4477-87FD-5998BC242233}" = lport=139 | protocol=6 | dir=in | app=system | 
"{718AB364-FAF7-4980-AD5A-B33A31EB162E}" = lport=55377 | protocol=6 | dir=in | name=akamai netsession interface | 
"{735B7681-B062-4AC4-A6D1-918D8FAE593A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{831F7FF3-5B7B-4ACD-AA00-D7B5A092DC7B}" = rport=139 | protocol=6 | dir=out | app=system | 
"{8426BE47-2D89-44C8-9536-21C69C59166A}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{8A035F30-2E33-485A-AED4-34A16F6F5248}" = lport=27278 | protocol=6 | dir=in | name=tcp 27278 | 
"{8D62AA51-2CE3-49EE-9794-A61877CEEB9F}" = rport=445 | protocol=6 | dir=out | app=system | 
"{961BD5DA-1444-4A20-8ADA-B1CA45386595}" = lport=18018 | protocol=6 | dir=in | name=tcp 18018 | 
"{C7FEBF85-EF28-4B2D-B487-C37384F0DBCC}" = rport=137 | protocol=17 | dir=out | app=system | 
"{C8BB30B9-A50E-486B-8FCF-2D4BEE384AFB}" = rport=138 | protocol=17 | dir=out | app=system | 
"{CD18470A-0C84-464E-8050-469E16B5E6CC}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | 
"{EEB06C01-0720-4F20-B361-F438F096A38B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F97E5E2F-B851-47AE-8F31-41C02AA61D2F}" = lport=137 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04EE4B5B-DAA9-4DF9-B024-3AAA8F3D1F30}" = protocol=17 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe | 
"{067CD59F-1572-4F3F-8B2D-9567B1FDFC0B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{08A9C3AB-6671-4A64-A19E-1F46C1A8E4D3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | 
"{0D31A5F3-67B0-4491-8CF4-F24E2E2DDC31}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe | 
"{1BFAC78B-B541-4885-BF22-5C1A1B9F5AB9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{21030D00-DF60-49B9-9A84-32EE4C2F0E6F}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{271D0465-0807-4481-A94A-8CCA0666B84B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{294ACAF8-696C-480D-82AD-33730DB23A30}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe | 
"{2AE753E8-A381-46EE-A3F2-0490B4F68B14}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{31569678-ADB7-4E73-8DB4-D8CC147FA199}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{334014AA-D420-42FA-ABF6-996019825214}" = protocol=6 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe | 
"{3ED6B66E-B223-47B7-A870-ADC469C924B6}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe | 
"{3F026CEE-0813-476B-9D5D-D0680EDD41FD}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{3F82F924-A82D-43FD-BFC2-6C2C52BD7EE7}" = dir=in | app=c:\program files (x86)\codemeter\runtime\bin\codemeter.exe | 
"{414AA99B-70B2-4324-9755-2F6688E51A5D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe | 
"{4185E95D-1945-481B-9631-0D7CA09D6765}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe | 
"{42B165AA-5C35-4A89-A07D-69A7C6D9F9F0}" = protocol=17 | dir=in | app=c:\program files (x86)\codemeter\runtime\bin\codemeter.exe | 
"{468A3F54-50CD-459C-85DA-BE16EEB8A10D}" = protocol=6 | dir=in | app=c:\users\viktor\appdata\roaming\dropbox\bin\dropbox.exe | 
"{4AF8C3FD-96A8-4F78-8FE3-EE4A7A202BD7}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{4DAE56E1-8ACD-4B33-81DC-EDF806C6BA4C}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{4E6689D8-1320-424F-9CED-52026FF5DBDF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{510A1AEF-6601-45BA-B5B0-5F948FE6D9EB}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{51E61745-3D83-4061-8668-92902CF7653E}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{5485A202-9950-4225-89D4-6CCE8E999100}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{573BD4D4-CE45-4F53-ACA7-E1B00377412B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe | 
"{6B003D7B-8340-47A6-9EC7-A77594CF08F4}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{6E5FA775-49D2-4DC7-AB30-E02DACD90654}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{71CCE44B-40F2-41A3-94F9-972349A0583C}" = protocol=6 | dir=in | app=c:\windows\system32\hasplms.exe | 
"{76BA757D-CEC5-40D6-A54E-4F838D867AE5}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{7B2099F4-D924-48BF-8DEA-5824CDA14163}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe | 
"{83208A5B-7BA2-4358-915A-E954F96D7ADD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{851D9907-6BE9-4D9D-98A4-B706C4858AED}" = protocol=17 | dir=in | app=c:\users\viktor\appdata\roaming\dropbox\bin\dropbox.exe | 
"{86256964-2902-4399-877B-AC26B8218A77}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe | 
"{8F712E34-FAC2-4E48-A2E1-48C8EE91B274}" = protocol=17 | dir=in | app=c:\windows\system32\hasplms.exe | 
"{A739D27A-786F-49EC-A759-B3A366720702}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B60A5FD9-830B-482B-8D09-8FD28377DE63}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe | 
"{B7DE59F5-C10B-42A2-A3D6-D6F44BB32699}" = protocol=6 | dir=in | app=c:\program files (x86)\codemeter\runtime\bin\codemeter.exe | 
"{C8ED4721-E7ED-465C-9E6A-3002480A7847}" = dir=in | app=c:\program files (x86)\codemeter\runtime\bin\codemeter.exe | 
"{D65F690A-A57C-4ED4-BB38-D1A7C752064A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | 
"{DE93FA68-90C7-4C35-ACAB-8C39578C25A7}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | 
"{DF1FCEC1-ED91-4B50-9484-B318796F52A1}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{DFA369D7-BD85-4894-9900-557560527F6E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
"{E2A2C0C7-73AB-4B52-B724-00FBD6112543}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe | 
"{E6160DD4-6269-4B1C-9041-EAF81EE242BC}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe | 
"{E8CF5698-D2EB-4385-8C48-65C43A2AC9DC}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe | 
"{E9CC02EE-C2FC-435C-AE84-9B9CE3740208}" = protocol=6 | dir=in | app=c:\program files (x86)\codemeter\runtime\bin\codemeter.exe | 
"{F000843A-87C1-4133-BAA1-E77C3A613796}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{F3A3ED3F-80B6-49A0-BD68-970C18A481AD}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe | 
"{FFC126D2-7BFB-470E-B270-2296775CB84B}" = protocol=17 | dir=in | app=c:\program files (x86)\codemeter\runtime\bin\codemeter.exe | 
"TCP Query User{4FD57CDE-8046-4AE4-AFA5-19BCD9B46966}C:\users\viktor\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\viktor\appdata\local\akamai\netsession_win.exe | 
"TCP Query User{6C38E535-AA39-49F3-8860-EB7C3ED25A66}C:\users\viktor\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\viktor\appdata\local\akamai\netsession_win.exe | 
"TCP Query User{8FC9C31F-74BC-45FE-A052-002DC0E70686}C:\program files (x86)\spyware terminator\spywareterminatorupdate.exe" = protocol=6 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminatorupdate.exe | 
"TCP Query User{925A4A34-BB5A-45B3-AEAC-89A4EA42D7CF}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | 
"TCP Query User{AF02009F-C17D-4B88-A96B-EFE153F24F32}C:\users\viktor\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\viktor\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{19515268-0115-495B-8904-26ECB8E6F69F}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | 
"UDP Query User{2A1B0CE0-D888-4A20-86EB-A68212FDA5C8}C:\users\viktor\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\viktor\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{7C2E750F-62AD-48C3-AD32-FD4C07A8291C}C:\program files (x86)\spyware terminator\spywareterminatorupdate.exe" = protocol=17 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminatorupdate.exe | 
"UDP Query User{BC76EAA5-1DC4-4B62-85BD-4CB7B3CEE041}C:\users\viktor\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\viktor\appdata\local\akamai\netsession_win.exe | 
"UDP Query User{E1B3AC19-E275-427C-A695-95F4403BF534}C:\users\viktor\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\viktor\appdata\local\akamai\netsession_win.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00060000-0000-1004-8002-0000C06B5161}" = WibuKey Setup (WibuKey Remove)
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{25FBDA9A-E868-4B3B-B9FF-D923818511A1}" = Intel(R) PROSet/Wireless WiFi-Software
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{39A04221-294E-4D90-A0F2-CCB1EF15CB56}" = Lenovo Patch Utility 64 bit
"{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage System für aktiven Festplattenschutz
"{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{50F1571C-50F0-2012-2764-C00001022012}" = SOFiSTiK SHARED_182x64
"{50F1571C-50F2-2012-2764-182001022012}" = SOFiPLUS_182x64
"{50F1571C-50FD-2012-2764-182001022012}" = SOFiSTiK 2012 18.2 64Bit Object Enabler
"{5783F2D7-A001-0407-0102-0060B0CE6BBA}" = AutoCAD 2012 - Deutsch
"{5783F2D7-A001-0407-1102-0060B0CE6BBA}" = AutoCAD 2012 Language Pack - Deutsch
"{5783F2D7-B000-0407-0102-0060B0CE6BBA}" = AutoCAD Civil 3D 2013 - Deutsch (German)
"{5783F2D7-B000-0407-1102-0060B0CE6BBA}" = AutoCAD Civil 3D 2013 Language Pack - Deutsch (German)
"{5783F2D7-B000-0407-2102-0060B0CE6BBA}" = AutoCAD Civil 3D 2013 - Deutsch (German)
"{58D79E62-CFC8-4331-8469-3A1B16E1769C}" = HP Officejet 6500 E709 Series
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6FE8A1DA-8CA6-4801-BF0F-0F2FED143FF4}" = WD SmartWare
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{A4F0A579-48BB-4AE2-A8BE-44422DD83DD7}_is1" = WinCADES64-w64 19.03
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{AEF6C676-D7A2-4487-BD4B-1BED17B229B5}" = Microsoft-Maus- und Tastatur-Center
"{BE930E38-7BB3-45B6-85B2-5251F374F844}" = 64 Bit HP CIO Components Installer
"{C2938C94-239C-4156-B245-C5406A4F3E93}" = ThinkVantage Fingerprint Software
"{C6C9D5F7-630C-4125-8C4E-94AF77C1896E}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{CC6C8E0B-51BC-40EF-856D-7172AEC4E60D}" = CodeMeter Runtime Kit v4.50b
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack
"{E224B44B-B5EB-4af3-A80A-A255358E241A}_is1" = ThinkVantage AutoLock
"{E57B7E0A-8BE5-42E2-BE60-C07ED680A063}" = Microsoft Mathematics (64-Bit)
"{EE5F74BC-5CD5-4EF2-86BA-81E6CF46A18F}" = Autodesk Sync
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0)
"AutoCAD 2012 - Deutsch" = AutoCAD 2012 - Deutsch
"AutoCAD Civil 3D 2013 - Deutsch (German)" = AutoCAD Civil 3D 2013 - Deutsch (German)
"CNXT_AUDIO_HDA" = Conexant 20672 SmartAudio HD
"GIMP-2_is1" = GIMP 2.8.2
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"HPOCR" = OCR Software by I.R.I.S. 14.0
"LENOVO.SMIIF" = Lenovo System Interface Driver
"LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Mouse and Keyboard Center" = Microsoft-Maus- und Tastatur-Center
"Microsoft Security Client" = Microsoft Security Essentials
"OnScreenDisplay" = Anzeige am Bildschirm
"Power Management Driver" = ThinkPad Power Management Driver
"ProInst" = Intel PROSet Wireless
"PROSet" = Intel(R) Network Connections Drivers
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"Shop for HP Supplies" = Shop for HP Supplies
"Sn1" = Logitech Flow Scroll 4.0
"sp6" = Logitech SetPoint 6.32
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"VLC media player" = VLC media player 2.0.4
"WinRAR archiver" = WinRAR 4.10 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{0E52A52C-E120-461C-AA1B-21B045BEE842}" = bpd_scan
"{117EBEEB-5DB0-43C8-9FD6-DD583DB152DD}" = Autodesk Material Library 2013
"{129024FF-A6C9-4696-91BC-570C6C05193A}" = Windchill ProductPoint Client Manager
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20A06AF2-55DB-4C69-9E67-FEC5B317901C}" = RSTAB Demo
"{20E970DF-A7B2-4345-9DEB-72213A29645E}" = Brother MFL-Pro Suite MFC-5890CN
"{24E92E7A-6848-4747-A3EA-3AAC0576BE52}" = Lenovo Patch Utility
"{25C64847-B900-48AD-A164-1B4F9B774650}" = System Update
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2D9F8079-7D50-3EFD-B3BD-ED642E4EE756}" = Microsoft Visual Basic PowerPacks 10.0
"{386B1C38-FE41-4638-8C5F-FBE1C0C09E28}" = Ing+ 2011
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3BE02281-FCCF-44BB-8413-AC4A633059EB}" = BPDSoftware
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DBEF603-5CE5-4629-8B79-FAA95CC46915}" = FriloBase
"{50F1571C-0FEA-2012-2732-000001022012}" = ANALYSIS_27
"{50F1571C-0FEA-2012-2732-C00001022012}" = ANALYSIS_27_Common
"{50F1571C-0FEA-2012-2764-000001022012}" = ANALYSIS_27_x64
"{50F1571C-0FEA-2012-2764-C00001022012}" = ANALYSIS_27_x64_Common
"{50F1571C-50F1-2010-2532-000000140401}" = SOFiSTiK Sonar
"{510D2239-6C2E-457B-9590-485EC552D94D}" = Garmin USB Drivers
"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status
"{5C9E850C-6AD4-4AD1-8654-CAA3BAC3213C}" = RFEM Demo
"{606E12B9-641F-4644-A22A-FF38AE980AFD}" = Autodesk Material Library Base Resolution Image Library 2013
"{62F029AB-85F2-0000-866A-9FC0DD99DDBC}" = Autodesk Content Service
"{62F029AB-85F2-0001-866A-9FC0DD99DDBC}" = Autodesk Content Service Language Pack
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65420DC9-306E-4371-905F-F4DC3B418E52}" = Autodesk Material Library Base Resolution Image Library 2012
"{68654483-9629-4CF5-88FF-9FB70B3BECDE}" = ProductContext
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6F545E5E-4595-11E2-93B6-B8AC6F97B88E}" = Google Earth
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{73A62B2A-50D6-4886-8AFA-7FC4DE273C61}" = RSTAB
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7CD43346-A9DA-48ED-B027-11623505CAFE}" = Offerte_L
"{7D542452-84EB-47C0-97BA-735C523AB555}" = Garmin Training Center
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8F0837C2-EE09-4903-88F3-1976FE7FFF4E}" = Autodesk Material Library 2012
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{9049F68E-CFFD-4B0D-AAD5-C5A45E916BC3}" = Frilo.System.Next
"{9294F169-72EE-4D74-AE92-CA25F64B4FF8}" = Fax
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}" = FARO LS 1.1.406.58
"{99F67894-9486-413F-94E1-8B12B1606EAB}" = BPDSoftware_Ini
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CA0DEE4-E84B-466F-9B96-FC255F3A929F}" = Integrated Camera TWAIN
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA787E05-E835-4812-AA3D-4048C8A46587}" = 6500_E709_eDocs
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch
"{AC76D478-1033-0000-3478-000000000004}" = Mathcad PDSi viewable support
"{B2CA6F37-1602-4823-81B5-0384B6888AA6}" = Integrated Camera Driver Installer Package Ver.1.1.0.1147
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter
"{BD62C479-A627-4FBC-80A0-EF83BC27E36C}" = RFEM Demo
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C607265F-86AA-4B42-9F9B-D0ED2E4AACA6}" = 6500_E709a
"{C65ABF2A-1B82-4F34-8C74-E4FE373F3BE4}" = 'PTC Places' Namespace Shell Extension
"{C6D4B05A-EA7E-1027-80EF-C925E740E99C}" = Intel(R) Identity Protection Technology 1.0.74.0
"{CCA78313-443C-4674-81B8-88919D137258}" = Autodesk Download Manager
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{D2506F0B-378D-4B08-94CE-994DBD28E960}" = Dlubal RSTAB 7 Demo
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}" = Bing Bar
"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Energie-Manager
"{DC8F6C78-7231-44A2-B66E-6C4FCB3A3364}" = Mathcad 15 F000
"{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi
"{E592B693-81BE-42D9-B4E4-CABC11C7B101}" = Scia Licence Server
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F53B432E-BD19-4400-BFA0-2BBD16410F8F}" = 6500_E709_Help
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FCFD1AE1-38C2-450E-93B5-A1D5D1D85EE8}" = Dlubal RFEM 4 Demo
"{FE041B02-234C-4AAA-9511-80DF6482A458}" = RICOH_Media_Driver_v2.14.18.01
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"239C9A62-EF89-4B0A-BC27-C6CB0335BC9A_is1" = PLAXIS 2D 2011.02
"4ECE6F26-C64E-40A5-A6B7-F1A1197131E3_is1" = PLAXIS 3D 2011
"8275a46d-086d-470d-8b03-9002305d5451_is1" = PLAXIS Connect
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Anki" = Anki
"Autodesk Content Service" = Autodesk Content Service
"CToolbar_UNINSTALL" = Web Security Guard with Crawler Toolbar
"DAEMON Tools Lite" = DAEMON Tools Lite
"FBDBServer_2_5_is1" = Firebird 2.5.1.26351 (Win32)
"IsoBuster_is1" = IsoBuster 2.8.5
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mathcad PDSi viewable support" = Mathcad PDSi viewable support
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"Mozilla Thunderbird 17.0 (x86 de)" = Mozilla Thunderbird 17.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"ProInst" = Intel PROSet Wireless
"ScreenshotCaptor_is1" = Screenshot Captor 3.08.01
"SOFiSTiK 2012" = SOFiSTiK 2012
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Dropbox" = Dropbox
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 06.01.2013 20:23:35 | Computer Name = Viktor-PC | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2013/01/07 01:23:35.573]: [00000712]: lperrcode->api
 = 1 , lperrcode->code = 2   
 
Error - 06.01.2013 20:23:37 | Computer Name = Viktor-PC | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2013/01/07 01:23:37.074]: [00000712]: lperrcode->api
 = 1 , lperrcode->code = 2   
 
Error - 06.01.2013 20:23:38 | Computer Name = Viktor-PC | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2013/01/07 01:23:38.582]: [00000712]: lperrcode->api
 = 1 , lperrcode->code = 2   
 
Error - 06.01.2013 20:23:40 | Computer Name = Viktor-PC | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2013/01/07 01:23:40.082]: [00000712]: lperrcode->api
 = 1 , lperrcode->code = 2   
 
Error - 06.01.2013 20:23:41 | Computer Name = Viktor-PC | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2013/01/07 01:23:41.582]: [00000712]: lperrcode->api
 = 1 , lperrcode->code = 2   
 
Error - 06.01.2013 20:23:43 | Computer Name = Viktor-PC | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2013/01/07 01:23:43.089]: [00000712]: lperrcode->api
 = 1 , lperrcode->code = 2   
 
Error - 07.01.2013 04:30:37 | Computer Name = Viktor-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 07.01.2013 10:05:54 | Computer Name = Viktor-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 08.01.2013 17:53:24 | Computer Name = Viktor-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 08.01.2013 19:13:39 | Computer Name = Viktor-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 12.10.2012 10:56:11 | Computer Name = Viktor-PC | Source = Schannel | ID = 36887
Description = Es wurde eine schwerwiegende Warnung empfangen: 80.
 
Error - 14.10.2012 11:00:53 | Computer Name = Viktor-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Apple Mobile Device" wurde unerwartet beendet. Dies ist
 bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
 durchgeführt: Neustart des Diensts.
 
Error - 14.10.2012 11:01:35 | Computer Name = Viktor-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Apple Mobile Device" wurde unerwartet beendet. Dies ist
 bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
 durchgeführt: Neustart des Diensts.
 
Error - 14.10.2012 11:02:35 | Computer Name = Viktor-PC | Source = Service Control Manager | ID = 7032
Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden
 des Dienstes "Apple Mobile Device" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen,
 ist fehlgeschlagen. Fehler:   %%1056
 
Error - 16.10.2012 13:35:28 | Computer Name = Viktor-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Autodesk Content Service" wurde unerwartet beendet. Dies
 ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden
 durchgeführt: Neustart des Diensts.
 
Error - 20.10.2012 03:05:57 | Computer Name = Viktor-PC | Source = Microsoft Antimalware | ID = 3002
Description = Fehler in %%860-Echtzeitschutzfunktion.     Funktion: %%835     Fehlercode: 
0x80004005     Fehlerbeschreibung: Unbekannter Fehler      Ursache: %%842
 
Error - 27.10.2012 02:27:36 | Computer Name = Viktor-PC | Source = Microsoft Antimalware | ID = 2001
Description = Fehler in %%860 beim Aktualisieren von Signaturen.     Neue Signaturversion:
      Vorherige Signaturversion: 1.139.517.0     Aktualisierungsquelle: %%859     Aktualisierungsstufe:
 %%853     Quellpfad: hxxp://www.microsoft.com     Signaturtyp: %%800     Aktualisierungstyp: %%803

	Benutzer:
 NT-AUTORITÄT\SYSTEM     Aktuelle Modulversion:      Vorherige Modulversion: 1.1.8904.0     Fehlercode:
 0x80240022     Fehlerbeschreibung: Das Programm kann nicht nach Definitionsupdates suchen.
 
 
Error - 27.10.2012 02:27:36 | Computer Name = Viktor-PC | Source = Microsoft Antimalware | ID = 2001
Description = Fehler in %%860 beim Aktualisieren von Signaturen.     Neue Signaturversion:
      Vorherige Signaturversion: 1.139.517.0     Aktualisierungsquelle: %%859     Aktualisierungsstufe:
 %%853     Quellpfad: hxxp://www.microsoft.com     Signaturtyp: %%800     Aktualisierungstyp: %%803

	Benutzer:
 NT-AUTORITÄT\SYSTEM     Aktuelle Modulversion:      Vorherige Modulversion: 1.1.8904.0     Fehlercode:
 0x80240022     Fehlerbeschreibung: Das Programm kann nicht nach Definitionsupdates suchen.
 
 
Error - 27.10.2012 03:43:54 | Computer Name = Viktor-PC | Source = Microsoft Antimalware | ID = 2001
Description = Fehler in %%860 beim Aktualisieren von Signaturen.     Neue Signaturversion:
      Vorherige Signaturversion: 1.139.517.0     Aktualisierungsquelle: %%859     Aktualisierungsstufe:
 %%852     Quellpfad: hxxp://www.microsoft.com     Signaturtyp: %%800     Aktualisierungstyp: %%803

	Benutzer:
 NT-AUTORITÄT\SYSTEM     Aktuelle Modulversion:      Vorherige Modulversion: 1.1.8904.0     Fehlercode:
 0x8024402c     Fehlerbeschreibung: Unerwartetes Problem bei der Überprüfung auf Updates.
 Informationen zum Installieren von Updates oder zur Problembehandlung finden Sie
 unter "Hilfe und Support". 
 
Error - 27.10.2012 05:34:11 | Computer Name = Viktor-PC | Source = Microsoft Antimalware | ID = 2001
Description = Fehler in %%860 beim Aktualisieren von Signaturen.     Neue Signaturversion:
      Vorherige Signaturversion: 1.139.517.0     Aktualisierungsquelle: %%859     Aktualisierungsstufe:
 %%852     Quellpfad: hxxp://www.microsoft.com     Signaturtyp: %%800     Aktualisierungstyp: %%803

	Benutzer:
 NT-AUTORITÄT\SYSTEM     Aktuelle Modulversion:      Vorherige Modulversion: 1.1.8904.0     Fehlercode:
 0x8024402c     Fehlerbeschreibung: Unerwartetes Problem bei der Überprüfung auf Updates.
 Informationen zum Installieren von Updates oder zur Problembehandlung finden Sie
 unter "Hilfe und Support". 
 
 
< End of report >

Code:

ATTFilter

GMER 2.0.18444 - hxxp://www.gmer.net
Rootkit scan 2013-01-09 10:44:50
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 HITACHI_HTS543232A7A384 rev.ES2ZB70B 298,09GB
Running: gmer-2.0.18444.exe; Driver: C:\Users\Viktor\AppData\Local\Temp\ufdiypow.sys


---- User code sections - GMER 2.0 ----

.text    C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[2072] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17      0000000074861401 2 bytes [86, 74]
.text    C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[2072] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17        0000000074861419 2 bytes [86, 74]
.text    C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[2072] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17      0000000074861431 2 bytes [86, 74]
.text    C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[2072] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42      000000007486144a 2 bytes [86, 74]
.text    ...                                                                                                                                                   * 9
.text    C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[2072] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17         00000000748614dd 2 bytes [86, 74]
.text    C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[2072] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17  00000000748614f5 2 bytes [86, 74]
.text    C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[2072] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17         000000007486150d 2 bytes [86, 74]
.text    C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[2072] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17  0000000074861525 2 bytes [86, 74]
.text    C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[2072] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17        000000007486153d 2 bytes [86, 74]
.text    C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[2072] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17             0000000074861555 2 bytes [86, 74]
.text    C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[2072] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17      000000007486156d 2 bytes [86, 74]
.text    C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[2072] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17        0000000074861585 2 bytes [86, 74]
.text    C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[2072] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17           000000007486159d 2 bytes [86, 74]
.text    C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[2072] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17        00000000748615b5 2 bytes [86, 74]
.text    C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[2072] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17      00000000748615cd 2 bytes [86, 74]
.text    C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[2072] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20  00000000748616b2 2 bytes [86, 74]
.text    C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[2072] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31  00000000748616bd 2 bytes [86, 74]
.text    C:\Windows\system32\hasplms.exe[2448] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                         0000000074861401 2 bytes [86, 74]
.text    C:\Windows\system32\hasplms.exe[2448] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                           0000000074861419 2 bytes [86, 74]
.text    C:\Windows\system32\hasplms.exe[2448] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                         0000000074861431 2 bytes [86, 74]
.text    C:\Windows\system32\hasplms.exe[2448] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                         000000007486144a 2 bytes [86, 74]
.text    ...                                                                                                                                                   * 9
.text    C:\Windows\system32\hasplms.exe[2448] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                            00000000748614dd 2 bytes [86, 74]
.text    C:\Windows\system32\hasplms.exe[2448] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                     00000000748614f5 2 bytes [86, 74]
.text    C:\Windows\system32\hasplms.exe[2448] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                            000000007486150d 2 bytes [86, 74]
.text    C:\Windows\system32\hasplms.exe[2448] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                     0000000074861525 2 bytes [86, 74]
.text    C:\Windows\system32\hasplms.exe[2448] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                           000000007486153d 2 bytes [86, 74]
.text    C:\Windows\system32\hasplms.exe[2448] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                0000000074861555 2 bytes [86, 74]
.text    C:\Windows\system32\hasplms.exe[2448] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                         000000007486156d 2 bytes [86, 74]
.text    C:\Windows\system32\hasplms.exe[2448] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                           0000000074861585 2 bytes [86, 74]
.text    C:\Windows\system32\hasplms.exe[2448] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                              000000007486159d 2 bytes [86, 74]
.text    C:\Windows\system32\hasplms.exe[2448] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                           00000000748615b5 2 bytes [86, 74]
.text    C:\Windows\system32\hasplms.exe[2448] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                         00000000748615cd 2 bytes [86, 74]
.text    C:\Windows\system32\hasplms.exe[2448] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                     00000000748616b2 2 bytes [86, 74]
.text    C:\Windows\system32\hasplms.exe[2448] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                     00000000748616bd 2 bytes [86, 74]
.text    C:\Program Files (x86)\Common Files\Scia\LicenceServer\FlexnetServer\lmadmin.exe[2644] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17        0000000074861401 2 bytes [86, 74]
.text    C:\Program Files (x86)\Common Files\Scia\LicenceServer\FlexnetServer\lmadmin.exe[2644] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17          0000000074861419 2 bytes [86, 74]
.text    C:\Program Files (x86)\Common Files\Scia\LicenceServer\FlexnetServer\lmadmin.exe[2644] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17        0000000074861431 2 bytes [86, 74]
.text    C:\Program Files (x86)\Common Files\Scia\LicenceServer\FlexnetServer\lmadmin.exe[2644] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42        000000007486144a 2 bytes [86, 74]
.text    ...                                                                                                                                                   * 9
.text    C:\Program Files (x86)\Common Files\Scia\LicenceServer\FlexnetServer\lmadmin.exe[2644] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17           00000000748614dd 2 bytes [86, 74]
.text    C:\Program Files (x86)\Common Files\Scia\LicenceServer\FlexnetServer\lmadmin.exe[2644] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17    00000000748614f5 2 bytes [86, 74]
.text    C:\Program Files (x86)\Common Files\Scia\LicenceServer\FlexnetServer\lmadmin.exe[2644] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17           000000007486150d 2 bytes [86, 74]
.text    C:\Program Files (x86)\Common Files\Scia\LicenceServer\FlexnetServer\lmadmin.exe[2644] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17    0000000074861525 2 bytes [86, 74]
.text    C:\Program Files (x86)\Common Files\Scia\LicenceServer\FlexnetServer\lmadmin.exe[2644] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17          000000007486153d 2 bytes [86, 74]
.text    C:\Program Files (x86)\Common Files\Scia\LicenceServer\FlexnetServer\lmadmin.exe[2644] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17               0000000074861555 2 bytes [86, 74]
.text    C:\Program Files (x86)\Common Files\Scia\LicenceServer\FlexnetServer\lmadmin.exe[2644] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17        000000007486156d 2 bytes [86, 74]
.text    C:\Program Files (x86)\Common Files\Scia\LicenceServer\FlexnetServer\lmadmin.exe[2644] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17          0000000074861585 2 bytes [86, 74]
.text    C:\Program Files (x86)\Common Files\Scia\LicenceServer\FlexnetServer\lmadmin.exe[2644] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17             000000007486159d 2 bytes [86, 74]
.text    C:\Program Files (x86)\Common Files\Scia\LicenceServer\FlexnetServer\lmadmin.exe[2644] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17          00000000748615b5 2 bytes [86, 74]
.text    C:\Program Files (x86)\Common Files\Scia\LicenceServer\FlexnetServer\lmadmin.exe[2644] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17        00000000748615cd 2 bytes [86, 74]
.text    C:\Program Files (x86)\Common Files\Scia\LicenceServer\FlexnetServer\lmadmin.exe[2644] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20    00000000748616b2 2 bytes [86, 74]
.text    C:\Program Files (x86)\Common Files\Scia\LicenceServer\FlexnetServer\lmadmin.exe[2644] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31    00000000748616bd 2 bytes [86, 74]
.text    C:\Program Files (x86)\Common Files\Scia\LicenceServer\FlexnetServer\scia\scia.exe[2928] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17      0000000074861401 2 bytes [86, 74]
.text    C:\Program Files (x86)\Common Files\Scia\LicenceServer\FlexnetServer\scia\scia.exe[2928] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17        0000000074861419 2 bytes [86, 74]
.text    C:\Program Files (x86)\Common Files\Scia\LicenceServer\FlexnetServer\scia\scia.exe[2928] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17      0000000074861431 2 bytes [86, 74]
.text    C:\Program Files (x86)\Common Files\Scia\LicenceServer\FlexnetServer\scia\scia.exe[2928] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42      000000007486144a 2 bytes [86, 74]
.text    ...                                                                                                                                                   * 9
.text    C:\Program Files (x86)\Common Files\Scia\LicenceServer\FlexnetServer\scia\scia.exe[2928] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17         00000000748614dd 2 bytes [86, 74]
.text    C:\Program Files (x86)\Common Files\Scia\LicenceServer\FlexnetServer\scia\scia.exe[2928] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17  00000000748614f5 2 bytes [86, 74]
.text    C:\Program Files (x86)\Common Files\Scia\LicenceServer\FlexnetServer\scia\scia.exe[2928] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17         000000007486150d 2 bytes [86, 74]
.text    C:\Program Files (x86)\Common Files\Scia\LicenceServer\FlexnetServer\scia\scia.exe[2928] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17  0000000074861525 2 bytes [86, 74]
.text    C:\Program Files (x86)\Common Files\Scia\LicenceServer\FlexnetServer\scia\scia.exe[2928] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17        000000007486153d 2 bytes [86, 74]
.text    C:\Program Files (x86)\Common Files\Scia\LicenceServer\FlexnetServer\scia\scia.exe[2928] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17             0000000074861555 2 bytes [86, 74]
.text    C:\Program Files (x86)\Common Files\Scia\LicenceServer\FlexnetServer\scia\scia.exe[2928] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17      000000007486156d 2 bytes [86, 74]
.text    C:\Program Files (x86)\Common Files\Scia\LicenceServer\FlexnetServer\scia\scia.exe[2928] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17        0000000074861585 2 bytes [86, 74]
.text    C:\Program Files (x86)\Common Files\Scia\LicenceServer\FlexnetServer\scia\scia.exe[2928] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17           000000007486159d 2 bytes [86, 74]
.text    C:\Program Files (x86)\Common Files\Scia\LicenceServer\FlexnetServer\scia\scia.exe[2928] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17        00000000748615b5 2 bytes [86, 74]
.text    C:\Program Files (x86)\Common Files\Scia\LicenceServer\FlexnetServer\scia\scia.exe[2928] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17      00000000748615cd 2 bytes [86, 74]
.text    C:\Program Files (x86)\Common Files\Scia\LicenceServer\FlexnetServer\scia\scia.exe[2928] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20  00000000748616b2 2 bytes [86, 74]
.text    C:\Program Files (x86)\Common Files\Scia\LicenceServer\FlexnetServer\scia\scia.exe[2928] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31  00000000748616bd 2 bytes [86, 74]
.text    C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[3424] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17                              0000000074861401 2 bytes [86, 74]
.text    C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[3424] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17                                0000000074861419 2 bytes [86, 74]
.text    C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[3424] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17                              0000000074861431 2 bytes [86, 74]
.text    C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[3424] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42                              000000007486144a 2 bytes [86, 74]
.text    ...                                                                                                                                                   * 9
.text    C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[3424] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17                                 00000000748614dd 2 bytes [86, 74]
.text    C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[3424] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17                          00000000748614f5 2 bytes [86, 74]
.text    C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[3424] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17                                 000000007486150d 2 bytes [86, 74]
.text    C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[3424] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17                          0000000074861525 2 bytes [86, 74]
.text    C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[3424] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17                                000000007486153d 2 bytes [86, 74]
.text    C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[3424] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17                                     0000000074861555 2 bytes [86, 74]
.text    C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[3424] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17                              000000007486156d 2 bytes [86, 74]
.text    C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[3424] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17                                0000000074861585 2 bytes [86, 74]
.text    C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[3424] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17                                   000000007486159d 2 bytes [86, 74]
.text    C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[3424] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17                                00000000748615b5 2 bytes [86, 74]
.text    C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[3424] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17                              00000000748615cd 2 bytes [86, 74]
.text    C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[3424] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20                          00000000748616b2 2 bytes [86, 74]
.text    C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[3424] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31                          00000000748616bd 2 bytes [86, 74]
.text    C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe[3892] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                           0000000074861401 2 bytes [86, 74]
.text    C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe[3892] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                             0000000074861419 2 bytes [86, 74]
.text    C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe[3892] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                           0000000074861431 2 bytes [86, 74]
.text    C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe[3892] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                           000000007486144a 2 bytes [86, 74]
.text    ...                                                                                                                                                   * 9
.text    C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe[3892] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                              00000000748614dd 2 bytes [86, 74]
.text    C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe[3892] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                       00000000748614f5 2 bytes [86, 74]
.text    C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe[3892] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                              000000007486150d 2 bytes [86, 74]
.text    C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe[3892] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                       0000000074861525 2 bytes [86, 74]
.text    C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe[3892] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                             000000007486153d 2 bytes [86, 74]
.text    C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe[3892] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                  0000000074861555 2 bytes [86, 74]
.text    C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe[3892] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                           000000007486156d 2 bytes [86, 74]
.text    C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe[3892] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                             0000000074861585 2 bytes [86, 74]
.text    C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe[3892] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                000000007486159d 2 bytes [86, 74]
.text    C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe[3892] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                             00000000748615b5 2 bytes [86, 74]
.text    C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe[3892] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                           00000000748615cd 2 bytes [86, 74]
.text    C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe[3892] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                       00000000748616b2 2 bytes [86, 74]
.text    C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe[3892] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                       00000000748616bd 2 bytes [86, 74]
.text    C:\Program Files (x86)\Plaxis\PLAXIS Connect\PlaxisUpdater.exe[5272] C:\Windows\syswow64\kernel32.dll!CreateThread + 28                               0000000074ee34c1 4 bytes {CALL 0xffffffff8b6d3038}
.text    C:\Program Files (x86)\Plaxis\PLAXIS Connect\PlaxisUpdater.exe[5272] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                          0000000074861401 2 bytes [86, 74]
.text    C:\Program Files (x86)\Plaxis\PLAXIS Connect\PlaxisUpdater.exe[5272] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                            0000000074861419 2 bytes [86, 74]
.text    C:\Program Files (x86)\Plaxis\PLAXIS Connect\PlaxisUpdater.exe[5272] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                          0000000074861431 2 bytes [86, 74]
.text    C:\Program Files (x86)\Plaxis\PLAXIS Connect\PlaxisUpdater.exe[5272] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                          000000007486144a 2 bytes [86, 74]
.text    ...                                                                                                                                                   * 9
.text    C:\Program Files (x86)\Plaxis\PLAXIS Connect\PlaxisUpdater.exe[5272] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                             00000000748614dd 2 bytes [86, 74]
.text    C:\Program Files (x86)\Plaxis\PLAXIS Connect\PlaxisUpdater.exe[5272] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                      00000000748614f5 2 bytes [86, 74]
.text    C:\Program Files (x86)\Plaxis\PLAXIS Connect\PlaxisUpdater.exe[5272] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                             000000007486150d 2 bytes [86, 74]
.text    C:\Program Files (x86)\Plaxis\PLAXIS Connect\PlaxisUpdater.exe[5272] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                      0000000074861525 2 bytes [86, 74]
.text    C:\Program Files (x86)\Plaxis\PLAXIS Connect\PlaxisUpdater.exe[5272] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                            000000007486153d 2 bytes [86, 74]
.text    C:\Program Files (x86)\Plaxis\PLAXIS Connect\PlaxisUpdater.exe[5272] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                 0000000074861555 2 bytes [86, 74]
.text    C:\Program Files (x86)\Plaxis\PLAXIS Connect\PlaxisUpdater.exe[5272] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                          000000007486156d 2 bytes [86, 74]
.text    C:\Program Files (x86)\Plaxis\PLAXIS Connect\PlaxisUpdater.exe[5272] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                            0000000074861585 2 bytes [86, 74]
.text    C:\Program Files (x86)\Plaxis\PLAXIS Connect\PlaxisUpdater.exe[5272] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                               000000007486159d 2 bytes [86, 74]
.text    C:\Program Files (x86)\Plaxis\PLAXIS Connect\PlaxisUpdater.exe[5272] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                            00000000748615b5 2 bytes [86, 74]
.text    C:\Program Files (x86)\Plaxis\PLAXIS Connect\PlaxisUpdater.exe[5272] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                          00000000748615cd 2 bytes [86, 74]
.text    C:\Program Files (x86)\Plaxis\PLAXIS Connect\PlaxisUpdater.exe[5272] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                      00000000748616b2 2 bytes [86, 74]
.text    C:\Program Files (x86)\Plaxis\PLAXIS Connect\PlaxisUpdater.exe[5272] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                      00000000748616bd 2 bytes [86, 74]
.text    C:\Program Files (x86)\Skype\Phone\Skype.exe[5280] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                            0000000074861401 2 bytes [86, 74]
.text    C:\Program Files (x86)\Skype\Phone\Skype.exe[5280] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                              0000000074861419 2 bytes [86, 74]
.text    C:\Program Files (x86)\Skype\Phone\Skype.exe[5280] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                            0000000074861431 2 bytes [86, 74]
.text    C:\Program Files (x86)\Skype\Phone\Skype.exe[5280] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                            000000007486144a 2 bytes [86, 74]
.text    ...                                                                                                                                                   * 9
.text    C:\Program Files (x86)\Skype\Phone\Skype.exe[5280] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                               00000000748614dd 2 bytes [86, 74]
.text    C:\Program Files (x86)\Skype\Phone\Skype.exe[5280] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                        00000000748614f5 2 bytes [86, 74]
.text    C:\Program Files (x86)\Skype\Phone\Skype.exe[5280] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                               000000007486150d 2 bytes [86, 74]
.text    C:\Program Files (x86)\Skype\Phone\Skype.exe[5280] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                        0000000074861525 2 bytes [86, 74]
.text    C:\Program Files (x86)\Skype\Phone\Skype.exe[5280] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                              000000007486153d 2 bytes [86, 74]
.text    C:\Program Files (x86)\Skype\Phone\Skype.exe[5280] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                   0000000074861555 2 bytes [86, 74]
.text    C:\Program Files (x86)\Skype\Phone\Skype.exe[5280] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                            000000007486156d 2 bytes [86, 74]
.text    C:\Program Files (x86)\Skype\Phone\Skype.exe[5280] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                              0000000074861585 2 bytes [86, 74]
.text    C:\Program Files (x86)\Skype\Phone\Skype.exe[5280] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                 000000007486159d 2 bytes [86, 74]
.text    C:\Program Files (x86)\Skype\Phone\Skype.exe[5280] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                              00000000748615b5 2 bytes [86, 74]
.text    C:\Program Files (x86)\Skype\Phone\Skype.exe[5280] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                            00000000748615cd 2 bytes [86, 74]
.text    C:\Program Files (x86)\Skype\Phone\Skype.exe[5280] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                        00000000748616b2 2 bytes [86, 74]
.text    C:\Program Files (x86)\Skype\Phone\Skype.exe[5280] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                        00000000748616bd 2 bytes [86, 74]
.text    C:\Users\Viktor\AppData\Local\Akamai\netsession_win.exe[5328] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                 0000000074861401 2 bytes [86, 74]
.text    C:\Users\Viktor\AppData\Local\Akamai\netsession_win.exe[5328] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                   0000000074861419 2 bytes [86, 74]
.text    C:\Users\Viktor\AppData\Local\Akamai\netsession_win.exe[5328] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                 0000000074861431 2 bytes [86, 74]
.text    C:\Users\Viktor\AppData\Local\Akamai\netsession_win.exe[5328] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                 000000007486144a 2 bytes [86, 74]
.text    ...                                                                                                                                                   * 9
.text    C:\Users\Viktor\AppData\Local\Akamai\netsession_win.exe[5328] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                    00000000748614dd 2 bytes [86, 74]
.text    C:\Users\Viktor\AppData\Local\Akamai\netsession_win.exe[5328] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                             00000000748614f5 2 bytes [86, 74]
.text    C:\Users\Viktor\AppData\Local\Akamai\netsession_win.exe[5328] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                    000000007486150d 2 bytes [86, 74]
.text    C:\Users\Viktor\AppData\Local\Akamai\netsession_win.exe[5328] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                             0000000074861525 2 bytes [86, 74]
.text    C:\Users\Viktor\AppData\Local\Akamai\netsession_win.exe[5328] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                   000000007486153d 2 bytes [86, 74]
.text    C:\Users\Viktor\AppData\Local\Akamai\netsession_win.exe[5328] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                        0000000074861555 2 bytes [86, 74]
.text    C:\Users\Viktor\AppData\Local\Akamai\netsession_win.exe[5328] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                 000000007486156d 2 bytes [86, 74]
.text    C:\Users\Viktor\AppData\Local\Akamai\netsession_win.exe[5328] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                   0000000074861585 2 bytes [86, 74]
.text    C:\Users\Viktor\AppData\Local\Akamai\netsession_win.exe[5328] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                      000000007486159d 2 bytes [86, 74]
.text    C:\Users\Viktor\AppData\Local\Akamai\netsession_win.exe[5328] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                   00000000748615b5 2 bytes [86, 74]
.text    C:\Users\Viktor\AppData\Local\Akamai\netsession_win.exe[5328] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                 00000000748615cd 2 bytes [86, 74]
.text    C:\Users\Viktor\AppData\Local\Akamai\netsession_win.exe[5328] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                             00000000748616b2 2 bytes [86, 74]
.text    C:\Users\Viktor\AppData\Local\Akamai\netsession_win.exe[5328] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                             00000000748616bd 2 bytes [86, 74]
.text    C:\Users\Viktor\AppData\Local\Akamai\netsession_win.exe[5700] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                 0000000074861401 2 bytes [86, 74]
.text    C:\Users\Viktor\AppData\Local\Akamai\netsession_win.exe[5700] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                   0000000074861419 2 bytes [86, 74]
.text    C:\Users\Viktor\AppData\Local\Akamai\netsession_win.exe[5700] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                 0000000074861431 2 bytes [86, 74]
.text    C:\Users\Viktor\AppData\Local\Akamai\netsession_win.exe[5700] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                 000000007486144a 2 bytes [86, 74]
.text    ...                                                                                                                                                   * 9
.text    C:\Users\Viktor\AppData\Local\Akamai\netsession_win.exe[5700] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                    00000000748614dd 2 bytes [86, 74]
.text    C:\Users\Viktor\AppData\Local\Akamai\netsession_win.exe[5700] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                             00000000748614f5 2 bytes [86, 74]
.text    C:\Users\Viktor\AppData\Local\Akamai\netsession_win.exe[5700] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                    000000007486150d 2 bytes [86, 74]
.text    C:\Users\Viktor\AppData\Local\Akamai\netsession_win.exe[5700] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                             0000000074861525 2 bytes [86, 74]
.text    C:\Users\Viktor\AppData\Local\Akamai\netsession_win.exe[5700] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                   000000007486153d 2 bytes [86, 74]
.text    C:\Users\Viktor\AppData\Local\Akamai\netsession_win.exe[5700] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                        0000000074861555 2 bytes [86, 74]
.text    C:\Users\Viktor\AppData\Local\Akamai\netsession_win.exe[5700] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                 000000007486156d 2 bytes [86, 74]
.text    C:\Users\Viktor\AppData\Local\Akamai\netsession_win.exe[5700] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                   0000000074861585 2 bytes [86, 74]
.text    C:\Users\Viktor\AppData\Local\Akamai\netsession_win.exe[5700] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                      000000007486159d 2 bytes [86, 74]
.text    C:\Users\Viktor\AppData\Local\Akamai\netsession_win.exe[5700] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                   00000000748615b5 2 bytes [86, 74]
.text    C:\Users\Viktor\AppData\Local\Akamai\netsession_win.exe[5700] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                 00000000748615cd 2 bytes [86, 74]
.text    C:\Users\Viktor\AppData\Local\Akamai\netsession_win.exe[5700] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                             00000000748616b2 2 bytes [86, 74]
.text    C:\Users\Viktor\AppData\Local\Akamai\netsession_win.exe[5700] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                             00000000748616bd 2 bytes [86, 74]
.text    C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[5960] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                     0000000074861401 2 bytes [86, 74]
.text    C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[5960] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                       0000000074861419 2 bytes [86, 74]
.text    C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[5960] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                     0000000074861431 2 bytes [86, 74]
.text    C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[5960] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                     000000007486144a 2 bytes [86, 74]
.text    ...                                                                                                                                                   * 9
.text    C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[5960] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                        00000000748614dd 2 bytes [86, 74]
.text    C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[5960] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                 00000000748614f5 2 bytes [86, 74]
.text    C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[5960] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                        000000007486150d 2 bytes [86, 74]
.text    C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[5960] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                 0000000074861525 2 bytes [86, 74]
.text    C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[5960] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                       000000007486153d 2 bytes [86, 74]
.text    C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[5960] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                            0000000074861555 2 bytes [86, 74]
.text    C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[5960] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                     000000007486156d 2 bytes [86, 74]
.text    C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[5960] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                       0000000074861585 2 bytes [86, 74]
.text    C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[5960] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                          000000007486159d 2 bytes [86, 74]
.text    C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[5960] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                       00000000748615b5 2 bytes [86, 74]
.text    C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[5960] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                     00000000748615cd 2 bytes [86, 74]
.text    C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[5960] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                 00000000748616b2 2 bytes [86, 74]
.text    C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[5960] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                 00000000748616bd 2 bytes [86, 74]
.text    C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[6112] C:\Windows\syswow64\PsApi.dll!GetModuleFileNameExW + 17                            0000000074861401 2 bytes [86, 74]
.text    C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[6112] C:\Windows\syswow64\PsApi.dll!EnumProcessModules + 17                              0000000074861419 2 bytes [86, 74]
.text    C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[6112] C:\Windows\syswow64\PsApi.dll!GetModuleInformation + 17                            0000000074861431 2 bytes [86, 74]
.text    C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[6112] C:\Windows\syswow64\PsApi.dll!GetModuleInformation + 42                            000000007486144a 2 bytes [86, 74]
.text    ...                                                                                                                                                   * 9
.text    C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[6112] C:\Windows\syswow64\PsApi.dll!EnumDeviceDrivers + 17                               00000000748614dd 2 bytes [86, 74]
.text    C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[6112] C:\Windows\syswow64\PsApi.dll!GetDeviceDriverBaseNameA + 17                        00000000748614f5 2 bytes [86, 74]
.text    C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[6112] C:\Windows\syswow64\PsApi.dll!QueryWorkingSetEx + 17                               000000007486150d 2 bytes [86, 74]
.text    C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[6112] C:\Windows\syswow64\PsApi.dll!GetDeviceDriverBaseNameW + 17                        0000000074861525 2 bytes [86, 74]
.text    C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[6112] C:\Windows\syswow64\PsApi.dll!GetModuleBaseNameW + 17                              000000007486153d 2 bytes [86, 74]
.text    C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[6112] C:\Windows\syswow64\PsApi.dll!EnumProcesses + 17                                   0000000074861555 2 bytes [86, 74]
.text    C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[6112] C:\Windows\syswow64\PsApi.dll!GetProcessMemoryInfo + 17                            000000007486156d 2 bytes [86, 74]
.text    C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[6112] C:\Windows\syswow64\PsApi.dll!GetPerformanceInfo + 17                              0000000074861585 2 bytes [86, 74]
.text    C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[6112] C:\Windows\syswow64\PsApi.dll!QueryWorkingSet + 17                                 000000007486159d 2 bytes [86, 74]
.text    C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[6112] C:\Windows\syswow64\PsApi.dll!GetModuleBaseNameA + 17                              00000000748615b5 2 bytes [86, 74]
.text    C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[6112] C:\Windows\syswow64\PsApi.dll!GetModuleFileNameExA + 17                            00000000748615cd 2 bytes [86, 74]
.text    C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[6112] C:\Windows\syswow64\PsApi.dll!GetProcessImageFileNameW + 20                        00000000748616b2 2 bytes [86, 74]
.text    C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[6112] C:\Windows\syswow64\PsApi.dll!GetProcessImageFileNameW + 31                        00000000748616bd 2 bytes [86, 74]
.text    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[6132] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                              0000000074861401 2 bytes [86, 74]
.text    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[6132] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                0000000074861419 2 bytes [86, 74]
.text    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[6132] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                              0000000074861431 2 bytes [86, 74]
.text    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[6132] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                              000000007486144a 2 bytes [86, 74]
.text    ...                                                                                                                                                   * 9
.text    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[6132] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                 00000000748614dd 2 bytes [86, 74]
.text    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[6132] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                          00000000748614f5 2 bytes [86, 74]
.text    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[6132] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                 000000007486150d 2 bytes [86, 74]
.text    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[6132] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                          0000000074861525 2 bytes [86, 74]
.text    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[6132] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                000000007486153d 2 bytes [86, 74]
.text    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[6132] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                     0000000074861555 2 bytes [86, 74]
.text    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[6132] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                              000000007486156d 2 bytes [86, 74]
.text    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[6132] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                0000000074861585 2 bytes [86, 74]
.text    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[6132] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                   000000007486159d 2 bytes [86, 74]
.text    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[6132] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                00000000748615b5 2 bytes [86, 74]
.text    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[6132] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                              00000000748615cd 2 bytes [86, 74]
.text    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[6132] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                          00000000748616b2 2 bytes [86, 74]
.text    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[6132] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                          00000000748616bd 2 bytes [86, 74]
.text    C:\Users\Viktor\AppData\Roaming\Dropbox\bin\Dropbox.exe[1208] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExW + 17                                 0000000074861401 2 bytes [86, 74]
.text    C:\Users\Viktor\AppData\Roaming\Dropbox\bin\Dropbox.exe[1208] C:\Windows\syswow64\Psapi.dll!EnumProcessModules + 17                                   0000000074861419 2 bytes [86, 74]
.text    C:\Users\Viktor\AppData\Roaming\Dropbox\bin\Dropbox.exe[1208] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 17                                 0000000074861431 2 bytes [86, 74]
.text    C:\Users\Viktor\AppData\Roaming\Dropbox\bin\Dropbox.exe[1208] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 42                                 000000007486144a 2 bytes [86, 74]
.text    ...                                                                                                                                                   * 9
.text    C:\Users\Viktor\AppData\Roaming\Dropbox\bin\Dropbox.exe[1208] C:\Windows\syswow64\Psapi.dll!EnumDeviceDrivers + 17                                    00000000748614dd 2 bytes [86, 74]
.text    C:\Users\Viktor\AppData\Roaming\Dropbox\bin\Dropbox.exe[1208] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameA + 17                             00000000748614f5 2 bytes [86, 74]
.text    C:\Users\Viktor\AppData\Roaming\Dropbox\bin\Dropbox.exe[1208] C:\Windows\syswow64\Psapi.dll!QueryWorkingSetEx + 17                                    000000007486150d 2 bytes [86, 74]
.text    C:\Users\Viktor\AppData\Roaming\Dropbox\bin\Dropbox.exe[1208] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameW + 17                             0000000074861525 2 bytes [86, 74]
.text    C:\Users\Viktor\AppData\Roaming\Dropbox\bin\Dropbox.exe[1208] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameW + 17                                   000000007486153d 2 bytes [86, 74]
.text    C:\Users\Viktor\AppData\Roaming\Dropbox\bin\Dropbox.exe[1208] C:\Windows\syswow64\Psapi.dll!EnumProcesses + 17                                        0000000074861555 2 bytes [86, 74]
.text    C:\Users\Viktor\AppData\Roaming\Dropbox\bin\Dropbox.exe[1208] C:\Windows\syswow64\Psapi.dll!GetProcessMemoryInfo + 17                                 000000007486156d 2 bytes [86, 74]
.text    C:\Users\Viktor\AppData\Roaming\Dropbox\bin\Dropbox.exe[1208] C:\Windows\syswow64\Psapi.dll!GetPerformanceInfo + 17                                   0000000074861585 2 bytes [86, 74]
.text    C:\Users\Viktor\AppData\Roaming\Dropbox\bin\Dropbox.exe[1208] C:\Windows\syswow64\Psapi.dll!QueryWorkingSet + 17                                      000000007486159d 2 bytes [86, 74]
.text    C:\Users\Viktor\AppData\Roaming\Dropbox\bin\Dropbox.exe[1208] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameA + 17                                   00000000748615b5 2 bytes [86, 74]
.text    C:\Users\Viktor\AppData\Roaming\Dropbox\bin\Dropbox.exe[1208] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExA + 17                                 00000000748615cd 2 bytes [86, 74]
.text    C:\Users\Viktor\AppData\Roaming\Dropbox\bin\Dropbox.exe[1208] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 20                             00000000748616b2 2 bytes [86, 74]
.text    C:\Users\Viktor\AppData\Roaming\Dropbox\bin\Dropbox.exe[1208] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 31                             00000000748616bd 2 bytes [86, 74]
.text    C:\Windows\SysWOW64\RunDll32.exe[2232] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                        0000000074861401 2 bytes [86, 74]
.text    C:\Windows\SysWOW64\RunDll32.exe[2232] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                          0000000074861419 2 bytes [86, 74]
.text    C:\Windows\SysWOW64\RunDll32.exe[2232] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                        0000000074861431 2 bytes [86, 74]
.text    C:\Windows\SysWOW64\RunDll32.exe[2232] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                        000000007486144a 2 bytes [86, 74]
.text    ...                                                                                                                                                   * 9
.text    C:\Windows\SysWOW64\RunDll32.exe[2232] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                           00000000748614dd 2 bytes [86, 74]
.text    C:\Windows\SysWOW64\RunDll32.exe[2232] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                    00000000748614f5 2 bytes [86, 74]
.text    C:\Windows\SysWOW64\RunDll32.exe[2232] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                           000000007486150d 2 bytes [86, 74]
.text    C:\Windows\SysWOW64\RunDll32.exe[2232] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                    0000000074861525 2 bytes [86, 74]
.text    C:\Windows\SysWOW64\RunDll32.exe[2232] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                          000000007486153d 2 bytes [86, 74]
.text    C:\Windows\SysWOW64\RunDll32.exe[2232] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                               0000000074861555 2 bytes [86, 74]
.text    C:\Windows\SysWOW64\RunDll32.exe[2232] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                        000000007486156d 2 bytes [86, 74]
.text    C:\Windows\SysWOW64\RunDll32.exe[2232] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                          0000000074861585 2 bytes [86, 74]
.text    C:\Windows\SysWOW64\RunDll32.exe[2232] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                             000000007486159d 2 bytes [86, 74]
.text    C:\Windows\SysWOW64\RunDll32.exe[2232] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                          00000000748615b5 2 bytes [86, 74]
.text    C:\Windows\SysWOW64\RunDll32.exe[2232] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                        00000000748615cd 2 bytes [86, 74]
.text    C:\Windows\SysWOW64\RunDll32.exe[2232] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                    00000000748616b2 2 bytes [86, 74]
.text    C:\Windows\SysWOW64\RunDll32.exe[2232] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                    00000000748616bd 2 bytes [86, 74]
.text    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[5608] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                              0000000074861401 2 bytes [86, 74]
.text    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[5608] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                0000000074861419 2 bytes [86, 74]
.text    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[5608] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                              0000000074861431 2 bytes [86, 74]
.text    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[5608] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                              000000007486144a 2 bytes [86, 74]
.text    ...                                                                                                                                                   * 9
.text    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[5608] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                 00000000748614dd 2 bytes [86, 74]
.text    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[5608] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                          00000000748614f5 2 bytes [86, 74]
.text    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[5608] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                 000000007486150d 2 bytes [86, 74]
.text    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[5608] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                          0000000074861525 2 bytes [86, 74]
.text    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[5608] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                000000007486153d 2 bytes [86, 74]
.text    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[5608] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                     0000000074861555 2 bytes [86, 74]
.text    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[5608] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                              000000007486156d 2 bytes [86, 74]
.text    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[5608] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                0000000074861585 2 bytes [86, 74]
.text    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[5608] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                   000000007486159d 2 bytes [86, 74]
.text    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[5608] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                00000000748615b5 2 bytes [86, 74]
.text    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[5608] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                              00000000748615cd 2 bytes [86, 74]
.text    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[5608] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                          00000000748616b2 2 bytes [86, 74]
.text    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[5608] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                          00000000748616bd 2 bytes [86, 74]
.text    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[5648] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                              0000000074861401 2 bytes [86, 74]
.text    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[5648] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                0000000074861419 2 bytes [86, 74]
.text    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[5648] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                              0000000074861431 2 bytes [86, 74]
.text    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[5648] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                              000000007486144a 2 bytes [86, 74]
.text    ...                                                                                                                                                   * 9
.text    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[5648] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                 00000000748614dd 2 bytes [86, 74]
.text    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[5648] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                          00000000748614f5 2 bytes [86, 74]
.text    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[5648] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                 000000007486150d 2 bytes [86, 74]
.text    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[5648] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                          0000000074861525 2 bytes [86, 74]
.text    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[5648] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                000000007486153d 2 bytes [86, 74]
.text    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[5648] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                     0000000074861555 2 bytes [86, 74]
.text    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[5648] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                              000000007486156d 2 bytes [86, 74]
.text    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[5648] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                0000000074861585 2 bytes [86, 74]
.text    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[5648] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                   000000007486159d 2 bytes [86, 74]
.text    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[5648] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                00000000748615b5 2 bytes [86, 74]
.text    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[5648] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                              00000000748615cd 2 bytes [86, 74]
.text    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[5648] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                          00000000748616b2 2 bytes [86, 74]
.text    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[5648] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                          00000000748616bd 2 bytes [86, 74]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6396] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17          0000000074861401 2 bytes [86, 74]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6396] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17            0000000074861419 2 bytes [86, 74]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6396] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17          0000000074861431 2 bytes [86, 74]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6396] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42          000000007486144a 2 bytes [86, 74]
.text    ...                                                                                                                                                   * 9
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6396] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17             00000000748614dd 2 bytes [86, 74]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6396] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17      00000000748614f5 2 bytes [86, 74]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6396] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17             000000007486150d 2 bytes [86, 74]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6396] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17      0000000074861525 2 bytes [86, 74]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6396] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17            000000007486153d 2 bytes [86, 74]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6396] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                 0000000074861555 2 bytes [86, 74]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6396] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17          000000007486156d 2 bytes [86, 74]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6396] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17            0000000074861585 2 bytes [86, 74]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6396] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17               000000007486159d 2 bytes [86, 74]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6396] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17            00000000748615b5 2 bytes [86, 74]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6396] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17          00000000748615cd 2 bytes [86, 74]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6396] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20      00000000748616b2 2 bytes [86, 74]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6396] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31      00000000748616bd 2 bytes [86, 74]
.text    C:\Users\Viktor\Desktop\gmer-2.0.18444.exe[2596] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                              0000000074861401 2 bytes [86, 74]
.text    C:\Users\Viktor\Desktop\gmer-2.0.18444.exe[2596] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                0000000074861419 2 bytes [86, 74]
.text    C:\Users\Viktor\Desktop\gmer-2.0.18444.exe[2596] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                              0000000074861431 2 bytes [86, 74]
.text    C:\Users\Viktor\Desktop\gmer-2.0.18444.exe[2596] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                              000000007486144a 2 bytes [86, 74]
.text    ...                                                                                                                                                   * 9
.text    C:\Users\Viktor\Desktop\gmer-2.0.18444.exe[2596] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                 00000000748614dd 2 bytes [86, 74]
.text    C:\Users\Viktor\Desktop\gmer-2.0.18444.exe[2596] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                          00000000748614f5 2 bytes [86, 74]
.text    C:\Users\Viktor\Desktop\gmer-2.0.18444.exe[2596] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                 000000007486150d 2 bytes [86, 74]
.text    C:\Users\Viktor\Desktop\gmer-2.0.18444.exe[2596] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                          0000000074861525 2 bytes [86, 74]
.text    C:\Users\Viktor\Desktop\gmer-2.0.18444.exe[2596] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                000000007486153d 2 bytes [86, 74]
.text    C:\Users\Viktor\Desktop\gmer-2.0.18444.exe[2596] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                     0000000074861555 2 bytes [86, 74]
.text    C:\Users\Viktor\Desktop\gmer-2.0.18444.exe[2596] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                              000000007486156d 2 bytes [86, 74]
.text    C:\Users\Viktor\Desktop\gmer-2.0.18444.exe[2596] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                0000000074861585 2 bytes [86, 74]
.text    C:\Users\Viktor\Desktop\gmer-2.0.18444.exe[2596] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                   000000007486159d 2 bytes [86, 74]
.text    C:\Users\Viktor\Desktop\gmer-2.0.18444.exe[2596] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                00000000748615b5 2 bytes [86, 74]
.text    C:\Users\Viktor\Desktop\gmer-2.0.18444.exe[2596] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                              00000000748615cd 2 bytes [86, 74]
.text    C:\Users\Viktor\Desktop\gmer-2.0.18444.exe[2596] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                          00000000748616b2 2 bytes [86, 74]
.text    C:\Users\Viktor\Desktop\gmer-2.0.18444.exe[2596] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                          00000000748616bd 2 bytes [86, 74]

---- Threads - GMER 2.0 ----

Thread   C:\Windows\SysWOW64\ntdll.dll [2996:3076]                                                                                                             00000000001988c8
Thread   C:\Windows\SysWOW64\ntdll.dll [2996:3088]                                                                                                             000000007189388c
Thread   C:\Windows\SysWOW64\ntdll.dll [2996:3092]                                                                                                             0000000071937698
Thread   C:\Windows\SysWOW64\ntdll.dll [2996:3172]                                                                                                             00000000001860b0
Thread   C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [3516:3524]                                                                    000000007189388c
Thread   C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [3516:3528]                                                                    0000000071937698
Thread   C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [3516:3668]                                                                    00000000718465e2
Thread   C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [3516:3900]                                                                    0000000071937698
Thread   C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [3516:3904]                                                                    0000000071937698
Thread   C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [3516:3912]                                                                    0000000071937698
Thread   C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [3516:6924]                                                                    0000000071937698
---- Processes - GMER 2.0 ----

Library  ? (*** suspicious ***) @ C:\Windows\SysWOW64\ntdll.dll [2996]                                                                                         0000000074880000
Library  ? (*** suspicious ***) @ C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [3516]                                                0000000074e00000

---- Registry - GMER 2.0 ----

Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\402cf48ee66e                                                                           
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\402cf48ee66e (not active ControlSet)                                                       

---- EOF - GMER 2.0 ----

cosinus · 10.01.2013, 00:06

Code:

ATTFilter

64bit- Professional Service Pack 1

Warum bitte eine Professional Edition für Windows? Wer braucht das als Heimanwender?
Ist das rein zufällig ein Büro-/Firmen-PC? Oder ein Uni-Rechner?

Tweety87 · 10.01.2013, 16:49

Der Rechner ist Privat. Windows wurde aber als Studentenlizenz heruntergeladen. Macht das denn diesbezüglich einen Unterschied?

Gruß

cosinus · 10.01.2013, 21:03

Ja, denn wir haben besondere Richtlinien bei Firmen-PCs aber das trifft hier ja nicht zu.

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.

Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.
Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.
Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!
Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!
Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.

Malwarebytes Anti-Rootkit

Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Entpacke das Archiv auf deinem Desktop.
Im neu erstellten Ordner starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Tweety87 · 11.01.2013, 00:20

Code:

ATTFilter

Malwarebytes Anti-Rootkit 1.01.0.1011
www.malwarebytes.org

Database version: v2013.01.10.12

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
xxx :: xxx-PC [administrator]

11.01.2013 00:13:37
mbar-log-2013-01-11 (00-13-37).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 34467
Time elapsed: 21 minute(s), 43 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

cosinus · 11.01.2013, 11:03

1. aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!

Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

2. TDSS-Killer

Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

Tweety87 · 11.01.2013, 14:51

Hallo,

also ich habe beide Scans durchgeführt.
Bei ersten Versuch des aswMBR kam folgende Fehlermeldung:

avast! Antirootkit funktioniert nicht mehr

Das Programm wird aufgrund eines Problems nicht richtig
ausgeführt. Das Programm wird geschlossen und Sie werden
benachrichtigt, wenn eine Lösung verfügbar ist.

Danach habe ich wie von dir gepostet beim Drop-Down-Menü bei AV scan "none" ausgewählt und erneut den Scan gestartet. Diesmal ging er durch.

Code:

ATTFilter

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-11 14:26:20
-----------------------------
14:26:20.916    OS Version: Windows x64 6.1.7601 Service Pack 1
14:26:20.916    Number of processors: 4 586 0x2A07
14:26:20.916    ComputerName: xxx-PC  UserName: xxx
14:26:22.315    Initialize success
14:26:29.175    AVAST engine defs: 13011100
14:26:49.110    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
14:26:49.112    Disk 0 Vendor: HITACHI_HTS543232A7A384 ES2ZB70B Size: 305245MB BusType: 11
14:26:49.149    Disk 0 MBR read successfully
14:26:49.151    Disk 0 MBR scan
14:26:49.154    Disk 0 Windows 7 default MBR code
14:26:49.200    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
14:26:49.239    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       305143 MB offset 206848
14:26:49.348    Disk 0 scanning C:\Windows\system32\drivers
14:26:59.247    Service scanning
14:27:39.899    Modules scanning
14:27:39.905    Disk 0 trace - called modules:
14:27:39.927    ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 
14:27:39.930    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80077a3060]
14:27:39.934    3 CLASSPNP.SYS[fffff8800186843f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800749d060]
14:27:39.938    Scan finished successfully
14:28:28.035    Disk 0 MBR has been saved successfully to "C:\Users\xxx\Desktop\MBR.dat"
14:28:28.039    The log file has been saved successfully to "C:\Users\xxx\Desktop\aswMBR.txt"

Code:

ATTFilter

14:35:50.0148 4136  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
14:35:50.0379 4136  ============================================================
14:35:50.0379 4136  Current date / time: 2013/01/11 14:35:50.0379
14:35:50.0379 4136  SystemInfo:
14:35:50.0379 4136  
14:35:50.0379 4136  OS Version: 6.1.7601 ServicePack: 1.0
14:35:50.0380 4136  Product type: Workstation
14:35:50.0380 4136  ComputerName: xxx-PC
14:35:50.0380 4136  UserName: xxx
14:35:50.0380 4136  Windows directory: C:\Windows
14:35:50.0380 4136  System windows directory: C:\Windows
14:35:50.0380 4136  Running under WOW64
14:35:50.0380 4136  Processor architecture: Intel x64
14:35:50.0380 4136  Number of processors: 4
14:35:50.0380 4136  Page size: 0x1000
14:35:50.0380 4136  Boot type: Normal boot
14:35:50.0380 4136  ============================================================
14:35:51.0477 4136  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:35:51.0487 4136  ============================================================
14:35:51.0487 4136  \Device\Harddisk0\DR0:
14:35:51.0487 4136  MBR partitions:
14:35:51.0487 4136  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
14:35:51.0487 4136  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x253FB800
14:35:51.0487 4136  ============================================================
14:35:51.0520 4136  C: <-> \Device\Harddisk0\DR0\Partition2
14:35:51.0520 4136  ============================================================
14:35:51.0520 4136  Initialize success
14:35:51.0520 4136  ============================================================
14:35:59.0890 1100  ============================================================
14:35:59.0890 1100  Scan started
14:35:59.0890 1100  Mode: Manual; SigCheck; TDLFS; 
14:35:59.0890 1100  ============================================================
14:36:00.0576 1100  ================ Scan system memory ========================
14:36:00.0576 1100  System memory - ok
14:36:00.0577 1100  ================ Scan services =============================
14:36:00.0720 1100  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
14:36:00.0801 1100  1394ohci - ok
14:36:00.0859 1100  [ F4AF97702BAD85BFEF64B9A557F11B6F ] 5U877           C:\Windows\system32\DRIVERS\5U877.sys
14:36:00.0908 1100  5U877 - ok
14:36:00.0935 1100  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
14:36:00.0950 1100  ACPI - ok
14:36:00.0989 1100  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
14:36:01.0064 1100  AcpiPmi - ok
14:36:01.0166 1100  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
14:36:01.0175 1100  AdobeARMservice - ok
14:36:01.0302 1100  [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:36:01.0314 1100  AdobeFlashPlayerUpdateSvc - ok
14:36:01.0354 1100  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
14:36:01.0371 1100  adp94xx - ok
14:36:01.0430 1100  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
14:36:01.0444 1100  adpahci - ok
14:36:01.0464 1100  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
14:36:01.0476 1100  adpu320 - ok
14:36:01.0501 1100  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
14:36:01.0626 1100  AeLookupSvc - ok
14:36:01.0675 1100  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
14:36:01.0744 1100  AFD - ok
14:36:01.0768 1100  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
14:36:01.0777 1100  agp440 - ok
14:36:01.0827 1100  [ 95BC4330FA44240CA00C641A73C7E62D ] aksdf           C:\Windows\system32\drivers\aksdf.sys
14:36:01.0872 1100  aksdf - ok
14:36:01.0902 1100  [ E2E5CF34D6C56ACE5E986969A3D9B0B5 ] aksfridge       C:\Windows\system32\drivers\aksfridge.sys
14:36:01.0964 1100  aksfridge - ok
14:36:01.0992 1100  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
14:36:02.0028 1100  ALG - ok
14:36:02.0057 1100  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
14:36:02.0065 1100  aliide - ok
14:36:02.0074 1100  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
14:36:02.0082 1100  amdide - ok
14:36:02.0095 1100  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
14:36:02.0131 1100  AmdK8 - ok
14:36:02.0135 1100  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
14:36:02.0166 1100  AmdPPM - ok
14:36:02.0220 1100  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
14:36:02.0229 1100  amdsata - ok
14:36:02.0263 1100  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
14:36:02.0274 1100  amdsbs - ok
14:36:02.0309 1100  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
14:36:02.0317 1100  amdxata - ok
14:36:02.0346 1100  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
14:36:02.0474 1100  AppID - ok
14:36:02.0499 1100  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
14:36:02.0553 1100  AppIDSvc - ok
14:36:02.0599 1100  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
14:36:02.0652 1100  Appinfo - ok
14:36:02.0745 1100  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:36:02.0753 1100  Apple Mobile Device - ok
14:36:02.0816 1100  [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt         C:\Windows\System32\appmgmts.dll
14:36:02.0846 1100  AppMgmt - ok
14:36:02.0871 1100  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
14:36:02.0880 1100  arc - ok
14:36:02.0909 1100  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
14:36:02.0918 1100  arcsas - ok
14:36:03.0038 1100  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
14:36:03.0051 1100  aspnet_state - ok
14:36:03.0090 1100  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
14:36:03.0141 1100  AsyncMac - ok
14:36:03.0175 1100  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
14:36:03.0183 1100  atapi - ok
14:36:03.0226 1100  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:36:03.0286 1100  AudioEndpointBuilder - ok
14:36:03.0295 1100  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
14:36:03.0331 1100  AudioSrv - ok
14:36:03.0444 1100  [ F431DC5D94F4B2FDBC927655D8A9B10E ] Autodesk Content Service C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
14:36:03.0452 1100  Autodesk Content Service - ok
14:36:03.0483 1100  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
14:36:03.0569 1100  AxInstSV - ok
14:36:03.0618 1100  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
14:36:03.0657 1100  b06bdrv - ok
14:36:03.0698 1100  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
14:36:03.0751 1100  b57nd60a - ok
14:36:03.0938 1100  [ A2494901E7226B356B8C1005C45F1C5F ] BBSvc           C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe
14:36:03.0950 1100  BBSvc - ok
14:36:03.0974 1100  [ 63B1CBBAE4790B5BAC98F01BF9449722 ] BBUpdate        C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
14:36:03.0987 1100  BBUpdate - ok
14:36:04.0016 1100  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
14:36:04.0050 1100  BDESVC - ok
14:36:04.0088 1100  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
14:36:04.0137 1100  Beep - ok
14:36:04.0194 1100  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
14:36:04.0255 1100  BFE - ok
14:36:04.0309 1100  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
14:36:04.0379 1100  BITS - ok
14:36:04.0421 1100  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
14:36:04.0453 1100  blbdrive - ok
14:36:04.0550 1100  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
14:36:04.0564 1100  Bonjour Service - ok
14:36:04.0594 1100  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
14:36:04.0638 1100  bowser - ok
14:36:04.0674 1100  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
14:36:04.0710 1100  BrFiltLo - ok
14:36:04.0713 1100  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
14:36:04.0725 1100  BrFiltUp - ok
14:36:04.0758 1100  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
14:36:04.0771 1100  Browser - ok
14:36:04.0813 1100  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
14:36:04.0848 1100  Brserid - ok
14:36:04.0903 1100  [ 34F6C504B150F99DAE69D7073D2A4DF4 ] BrSerIf         C:\Windows\system32\DRIVERS\BrSerIf.sys
14:36:04.0936 1100  BrSerIf - ok
14:36:04.0984 1100  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
14:36:05.0022 1100  BrSerWdm - ok
14:36:05.0048 1100  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
14:36:05.0155 1100  BrUsbMdm - ok
14:36:05.0292 1100  [ 601CB966FFFEBC6806626DC8E7AA0EF2 ] BrUsbSer        C:\Windows\system32\DRIVERS\BrUsbSer.sys
14:36:05.0347 1100  BrUsbSer - ok
14:36:05.0385 1100  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
14:36:05.0433 1100  BthEnum - ok
14:36:05.0466 1100  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
14:36:05.0494 1100  BTHMODEM - ok
14:36:05.0536 1100  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
14:36:05.0572 1100  BthPan - ok
14:36:05.0616 1100  [ 64C198198501F7560EE41D8D1EFA7952 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
14:36:05.0656 1100  BTHPORT - ok
14:36:05.0694 1100  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
14:36:05.0726 1100  bthserv - ok
14:36:05.0737 1100  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
14:36:05.0763 1100  BTHUSB - ok
14:36:05.0807 1100  [ F8CFAFBD5BF8B3DDB0D3C2943A5AF8CE ] BTWAMPFL        C:\Windows\system32\DRIVERS\btwampfl.sys
14:36:05.0825 1100  BTWAMPFL - ok
14:36:05.0866 1100  [ 24BFF9D75310F3059EE44F38BF0DE0B2 ] btwaudio        C:\Windows\system32\drivers\btwaudio.sys
14:36:05.0875 1100  btwaudio - ok
14:36:05.0906 1100  [ 858B305ADE425732CFF9DED182F94FB8 ] btwavdt         C:\Windows\system32\drivers\btwavdt.sys
14:36:05.0916 1100  btwavdt - ok
14:36:05.0994 1100  [ 6EF8CC2F2FDA2098089A33F43F4E019D ] btwdins         C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
14:36:06.0018 1100  btwdins - ok
14:36:06.0049 1100  [ B9354F9F111C64F2495B60F1E24CB453 ] btwl2cap        C:\Windows\system32\DRIVERS\btwl2cap.sys
14:36:06.0056 1100  btwl2cap - ok
14:36:06.0086 1100  [ 3BD876387D6C538690300F9EC198856B ] btwrchid        C:\Windows\system32\DRIVERS\btwrchid.sys
14:36:06.0092 1100  btwrchid - ok
14:36:06.0119 1100  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
14:36:06.0177 1100  cdfs - ok
14:36:06.0219 1100  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
14:36:06.0230 1100  cdrom - ok
14:36:06.0261 1100  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
14:36:06.0321 1100  CertPropSvc - ok
14:36:06.0347 1100  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
14:36:06.0377 1100  circlass - ok
14:36:06.0418 1100  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
14:36:06.0433 1100  CLFS - ok
14:36:06.0497 1100  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:36:06.0505 1100  clr_optimization_v2.0.50727_32 - ok
14:36:06.0540 1100  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:36:06.0548 1100  clr_optimization_v2.0.50727_64 - ok
14:36:06.0619 1100  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:36:06.0628 1100  clr_optimization_v4.0.30319_32 - ok
14:36:06.0643 1100  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:36:06.0652 1100  clr_optimization_v4.0.30319_64 - ok
14:36:06.0674 1100  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
14:36:06.0705 1100  CmBatt - ok
14:36:06.0728 1100  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
14:36:06.0736 1100  cmdide - ok
14:36:06.0778 1100  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
14:36:06.0800 1100  CNG - ok
14:36:06.0855 1100  [ 8DE541B4CFA281A204BAA3EA2109809E ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys
14:36:06.0891 1100  CnxtHdAudService - ok
14:36:07.0051 1100  [ A458AB24FB839DDD40B30DB8A7EF52EC ] CodeMeter.exe   C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
14:36:07.0093 1100  CodeMeter.exe - ok
14:36:07.0120 1100  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
14:36:07.0128 1100  Compbatt - ok
14:36:07.0161 1100  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
14:36:07.0198 1100  CompositeBus - ok
14:36:07.0218 1100  COMSysApp - ok
14:36:07.0240 1100  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
14:36:07.0248 1100  crcdisk - ok
14:36:07.0297 1100  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
14:36:07.0329 1100  CryptSvc - ok
14:36:07.0372 1100  [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC             C:\Windows\system32\drivers\csc.sys
14:36:07.0433 1100  CSC - ok
14:36:07.0467 1100  [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService      C:\Windows\System32\cscsvc.dll
14:36:07.0511 1100  CscService - ok
14:36:07.0562 1100  [ 9D0D050170D47E778B624A28C90F23DE ] CxAudMsg        C:\Windows\system32\CxAudMsg64.exe
14:36:07.0571 1100  CxAudMsg - ok
14:36:07.0616 1100  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
14:36:07.0678 1100  DcomLaunch - ok
14:36:07.0708 1100  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
14:36:07.0762 1100  defragsvc - ok
14:36:07.0790 1100  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
14:36:07.0847 1100  DfsC - ok
14:36:07.0900 1100  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
14:36:07.0973 1100  Dhcp - ok
14:36:08.0010 1100  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
14:36:08.0063 1100  discache - ok
14:36:08.0100 1100  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
14:36:08.0109 1100  Disk - ok
14:36:08.0131 1100  [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc           C:\Windows\system32\drivers\dmvsc.sys
14:36:08.0158 1100  dmvsc - ok
14:36:08.0211 1100  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
14:36:08.0239 1100  Dnscache - ok
14:36:08.0288 1100  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
14:36:08.0338 1100  dot3svc - ok
14:36:08.0405 1100  [ B42ED0320C6E41102FDE0005154849BB ] Dot4            C:\Windows\system32\DRIVERS\Dot4.sys
14:36:08.0439 1100  Dot4 - ok
14:36:08.0486 1100  [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print       C:\Windows\system32\DRIVERS\Dot4Prt.sys
14:36:08.0518 1100  Dot4Print - ok
14:36:08.0581 1100  [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb         C:\Windows\system32\DRIVERS\dot4usb.sys
14:36:08.0609 1100  dot4usb - ok
14:36:08.0676 1100  [ 277247B79DA2230D0C3AEB83E6CD8CA7 ] DozeSvc         C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE
14:36:08.0691 1100  DozeSvc - ok
14:36:08.0758 1100  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
14:36:08.0815 1100  DPS - ok
14:36:08.0857 1100  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
14:36:08.0884 1100  drmkaud - ok
14:36:08.0949 1100  [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01     C:\Windows\system32\DRIVERS\dtsoftbus01.sys
14:36:08.0960 1100  dtsoftbus01 - ok
14:36:08.0996 1100  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
14:36:09.0023 1100  DXGKrnl - ok
14:36:09.0056 1100  [ CE4CFFD9F64B86BCEB1C343FC9924D72 ] DzHDD64         C:\Windows\system32\DRIVERS\DzHDD64.sys
14:36:09.0063 1100  DzHDD64 - ok
14:36:09.0098 1100  [ 992F625B74C675087B5629FC79ABA55B ] e1cexpress      C:\Windows\system32\DRIVERS\e1c62x64.sys
14:36:09.0111 1100  e1cexpress - ok
14:36:09.0146 1100  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
14:36:09.0202 1100  EapHost - ok
14:36:09.0291 1100  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
14:36:09.0362 1100  ebdrv - ok
14:36:09.0402 1100  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
14:36:09.0437 1100  EFS - ok
14:36:09.0508 1100  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
14:36:09.0549 1100  ehRecvr - ok
14:36:09.0585 1100  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
14:36:09.0620 1100  ehSched - ok
14:36:09.0667 1100  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
14:36:09.0685 1100  elxstor - ok
14:36:09.0695 1100  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
14:36:09.0728 1100  ErrDev - ok
14:36:09.0785 1100  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
14:36:09.0840 1100  EventSystem - ok
14:36:09.0925 1100  [ E3A96D5AE6E5C7B5472011BA77353368 ] EvtEng          C:\Program Files\Intel\WiFi\bin\EvtEng.exe
14:36:09.0960 1100  EvtEng - ok
14:36:09.0979 1100  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
14:36:10.0012 1100  exfat - ok
14:36:10.0037 1100  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
14:36:10.0091 1100  fastfat - ok
14:36:10.0135 1100  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
14:36:10.0171 1100  Fax - ok
14:36:10.0193 1100  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
14:36:10.0228 1100  fdc - ok
14:36:10.0251 1100  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
14:36:10.0283 1100  fdPHost - ok
14:36:10.0295 1100  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
14:36:10.0347 1100  FDResPub - ok
14:36:10.0381 1100  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
14:36:10.0390 1100  FileInfo - ok
14:36:10.0399 1100  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
14:36:10.0451 1100  Filetrace - ok
14:36:10.0541 1100  [ A50878D4C50DA72EDCA919162624AA28 ] FirebirdGuardianDefaultInstance C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe
14:36:10.0544 1100  FirebirdGuardianDefaultInstance ( UnsignedFile.Multi.Generic ) - warning
14:36:10.0545 1100  FirebirdGuardianDefaultInstance - detected UnsignedFile.Multi.Generic (1)
14:36:10.0623 1100  [ 7D22E48510A807062210E20E17AAB97D ] FirebirdServerDefaultInstance C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe
14:36:10.0736 1100  FirebirdServerDefaultInstance ( UnsignedFile.Multi.Generic ) - warning
14:36:10.0736 1100  FirebirdServerDefaultInstance - detected UnsignedFile.Multi.Generic (1)
14:36:10.0821 1100  [ ACEFEEA621DCA62EFB7A7EEA59F5E91B ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
14:36:10.0844 1100  FLEXnet Licensing Service - ok
14:36:10.0916 1100  [ 64AB6F28047744B9B19C97459C2AB31B ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
14:36:10.0947 1100  FLEXnet Licensing Service 64 - ok
14:36:10.0973 1100  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
14:36:10.0983 1100  flpydisk - ok
14:36:11.0001 1100  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
14:36:11.0014 1100  FltMgr - ok
14:36:11.0053 1100  [ B4447F606BB19FD8AD0BAFB59B90F5D9 ] FontCache       C:\Windows\system32\FntCache.dll
14:36:11.0115 1100  FontCache - ok
14:36:11.0163 1100  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:36:11.0170 1100  FontCache3.0.0.0 - ok
14:36:11.0201 1100  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
14:36:11.0209 1100  FsDepends - ok
14:36:11.0263 1100  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
14:36:11.0271 1100  Fs_Rec - ok
14:36:11.0296 1100  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
14:36:11.0311 1100  fvevol - ok
14:36:11.0328 1100  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
14:36:11.0337 1100  gagp30kx - ok
14:36:11.0386 1100  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:36:11.0392 1100  GEARAspiWDM - ok
14:36:11.0442 1100  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
14:36:11.0483 1100  gpsvc - ok
14:36:11.0511 1100  [ B9893A68032A6D9ADDB5B98287C630F7 ] grmnusb         C:\Windows\system32\drivers\grmnusb.sys
14:36:11.0517 1100  grmnusb - ok
14:36:11.0596 1100  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:36:11.0604 1100  gupdate - ok
14:36:11.0608 1100  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:36:11.0615 1100  gupdatem - ok
14:36:11.0666 1100  [ 78FAD9117E4527F2CA82259DA10F40BD ] hardlock        C:\Windows\system32\drivers\hardlock.sys
14:36:11.0693 1100  hardlock - ok
14:36:11.0696 1100  hasplms - ok
14:36:11.0713 1100  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
14:36:11.0738 1100  hcw85cir - ok
14:36:11.0800 1100  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:36:11.0840 1100  HdAudAddService - ok
14:36:11.0872 1100  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
14:36:11.0901 1100  HDAudBus - ok
14:36:11.0927 1100  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
14:36:11.0956 1100  HidBatt - ok
14:36:11.0976 1100  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
14:36:12.0014 1100  HidBth - ok
14:36:12.0053 1100  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
14:36:12.0065 1100  HidIr - ok
14:36:12.0088 1100  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
14:36:12.0143 1100  hidserv - ok
14:36:12.0200 1100  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
14:36:12.0211 1100  HidUsb - ok
14:36:12.0240 1100  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
14:36:12.0291 1100  hkmsvc - ok
14:36:12.0321 1100  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
14:36:12.0334 1100  HomeGroupListener - ok
14:36:12.0364 1100  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
14:36:12.0396 1100  HomeGroupProvider - ok
14:36:12.0530 1100  [ 97AAC45A375168C6A2297BEEB9692E31 ] hpqcxs08        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
14:36:12.0540 1100  hpqcxs08 - ok
14:36:12.0589 1100  [ 19A4FB67B1C97EA18EDFF44340973CD9 ] hpqddsvc        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
14:36:12.0597 1100  hpqddsvc - ok
14:36:12.0618 1100  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
14:36:12.0627 1100  HpSAMD - ok
14:36:12.0739 1100  [ 1BE48B0542C91487BB8A94BF2278F55D ] HPSLPSVC        C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
14:36:12.0764 1100  HPSLPSVC - ok
14:36:12.0795 1100  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
14:36:12.0856 1100  HTTP - ok
14:36:12.0901 1100  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
14:36:12.0909 1100  hwpolicy - ok
14:36:12.0927 1100  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
14:36:12.0938 1100  i8042prt - ok
14:36:12.0975 1100  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
14:36:12.0991 1100  iaStorV - ok
14:36:13.0030 1100  [ 2151176DB657AEFF9B873D23380C3F5B ] IBMPMDRV        C:\Windows\system32\DRIVERS\ibmpmdrv.sys
14:36:13.0036 1100  IBMPMDRV - ok
14:36:13.0050 1100  [ C76A67AED080538D420550C903696788 ] IBMPMSVC        C:\Windows\system32\ibmpmsvc.exe
14:36:13.0056 1100  IBMPMSVC - ok
14:36:13.0098 1100  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:36:13.0121 1100  idsvc - ok
14:36:13.0356 1100  [ 978D876A581D57E0DE6437674EB0014D ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
14:36:13.0695 1100  igfx - ok
14:36:13.0720 1100  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
14:36:13.0728 1100  iirsp - ok
14:36:13.0769 1100  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
14:36:13.0832 1100  IKEEXT - ok
14:36:13.0882 1100  [ AE594CC17C33AC146739494615E14851 ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
14:36:13.0937 1100  IntcDAud - ok
14:36:13.0967 1100  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
14:36:13.0975 1100  intelide - ok
14:36:13.0998 1100  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
14:36:14.0026 1100  intelppm - ok
14:36:14.0066 1100  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
14:36:14.0098 1100  IPBusEnum - ok
14:36:14.0115 1100  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:36:14.0145 1100  IpFilterDriver - ok
14:36:14.0185 1100  [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
14:36:14.0240 1100  iphlpsvc - ok
14:36:14.0273 1100  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
14:36:14.0300 1100  IPMIDRV - ok
14:36:14.0325 1100  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
14:36:14.0377 1100  IPNAT - ok
14:36:14.0480 1100  [ 0F261EC4F514926177C70C1832374231 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
14:36:14.0498 1100  iPod Service - ok
14:36:14.0535 1100  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
14:36:14.0572 1100  IRENUM - ok
14:36:14.0597 1100  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
14:36:14.0606 1100  isapnp - ok
14:36:14.0620 1100  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
14:36:14.0633 1100  iScsiPrt - ok
14:36:14.0728 1100  [ 6FAF199FDFFDD2376973143C3E012765 ] jhi_service     C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
14:36:14.0738 1100  jhi_service - ok
14:36:14.0770 1100  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
14:36:14.0778 1100  kbdclass - ok
14:36:14.0800 1100  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
14:36:14.0831 1100  kbdhid - ok
14:36:14.0834 1100  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
14:36:14.0843 1100  KeyIso - ok
14:36:14.0878 1100  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
14:36:14.0887 1100  KSecDD - ok
14:36:14.0895 1100  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
14:36:14.0906 1100  KSecPkg - ok
14:36:14.0928 1100  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
14:36:14.0979 1100  ksthunk - ok
14:36:15.0019 1100  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
14:36:15.0073 1100  KtmRm - ok
14:36:15.0139 1100  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
14:36:15.0191 1100  LanmanServer - ok
14:36:15.0229 1100  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:36:15.0278 1100  LanmanWorkstation - ok
14:36:15.0400 1100  [ 7772DFAB22611050B79504E671B06E6E ] LBTServ         C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
14:36:15.0414 1100  LBTServ - ok
14:36:15.0477 1100  [ FCE735941DA27929DBFC1918F286FFD8 ] LENOVO.MICMUTE  C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
14:36:15.0483 1100  LENOVO.MICMUTE - ok
14:36:15.0512 1100  [ 2B9D8555DC004E240082D18E7725CE20 ] lenovo.smi      C:\Windows\system32\DRIVERS\smiifx64.sys
14:36:15.0518 1100  lenovo.smi - ok
14:36:15.0526 1100  [ 6F2CC57EB5836D2AC9BD37F3554D55F8 ] Lenovo.VIRTSCRLSVC C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
14:36:15.0532 1100  Lenovo.VIRTSCRLSVC - ok
14:36:15.0581 1100  [ 241F2648ADF090E2A10095BD6D6F5DCB ] LHidFilt        C:\Windows\system32\DRIVERS\LHidFilt.Sys
14:36:15.0589 1100  LHidFilt - ok
14:36:15.0620 1100  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
14:36:15.0677 1100  lltdio - ok
14:36:15.0712 1100  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
14:36:15.0748 1100  lltdsvc - ok
14:36:15.0915 1100  [ 29EE4A8F677216056822982F87441DDD ] lmadmin         C:\Program Files (x86)\Common Files\Scia\LicenceServer\FlexnetServer\lmadmin.exe
14:36:16.0102 1100  lmadmin - ok
14:36:16.0128 1100  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
14:36:16.0175 1100  lmhosts - ok
14:36:16.0205 1100  [ 342ED5A4B3326014438F36D22D803737 ] LMouFilt        C:\Windows\system32\DRIVERS\LMouFilt.Sys
14:36:16.0213 1100  LMouFilt - ok
14:36:16.0267 1100  [ 97F9EAAC985A663394CD8F54DCD3E73A ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
14:36:16.0279 1100  LMS - ok
14:36:16.0315 1100  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
14:36:16.0325 1100  LSI_FC - ok
14:36:16.0337 1100  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
14:36:16.0347 1100  LSI_SAS - ok
14:36:16.0360 1100  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
14:36:16.0369 1100  LSI_SAS2 - ok
14:36:16.0390 1100  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
14:36:16.0400 1100  LSI_SCSI - ok
14:36:16.0432 1100  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
14:36:16.0480 1100  luafv - ok
14:36:16.0518 1100  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
14:36:16.0545 1100  Mcx2Svc - ok
14:36:16.0574 1100  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
14:36:16.0583 1100  megasas - ok
14:36:16.0612 1100  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
14:36:16.0625 1100  MegaSR - ok
14:36:16.0652 1100  [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
14:36:16.0660 1100  MEIx64 - ok
14:36:16.0711 1100  Microsoft SharePoint Workspace Audit Service - ok
14:36:16.0762 1100  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
14:36:16.0838 1100  MMCSS - ok
14:36:16.0862 1100  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
14:36:16.0913 1100  Modem - ok
14:36:16.0941 1100  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
14:36:16.0974 1100  monitor - ok
14:36:17.0009 1100  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
14:36:17.0018 1100  mouclass - ok
14:36:17.0053 1100  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
14:36:17.0079 1100  mouhid - ok
14:36:17.0106 1100  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
14:36:17.0115 1100  mountmgr - ok
14:36:17.0177 1100  [ ADFDD84260C9F66789F8E8061E9BD3A6 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
14:36:17.0187 1100  MozillaMaintenance - ok
14:36:17.0246 1100  [ C177A7EBF5E8A0B596F618870516CAB8 ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
14:36:17.0258 1100  MpFilter - ok
14:36:17.0271 1100  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
14:36:17.0282 1100  mpio - ok
14:36:17.0297 1100  [ 8FBF6B31FE8AF1833D93C5913D5B4D55 ] MpNWMon         C:\Windows\system32\DRIVERS\MpNWMon.sys
14:36:17.0304 1100  MpNWMon - ok
14:36:17.0331 1100  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
14:36:17.0364 1100  mpsdrv - ok
14:36:17.0403 1100  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
14:36:17.0446 1100  MpsSvc - ok
14:36:17.0462 1100  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
14:36:17.0498 1100  MRxDAV - ok
14:36:17.0532 1100  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
14:36:17.0586 1100  mrxsmb - ok
14:36:17.0602 1100  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:36:17.0615 1100  mrxsmb10 - ok
14:36:17.0627 1100  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:36:17.0637 1100  mrxsmb20 - ok
14:36:17.0664 1100  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
14:36:17.0673 1100  msahci - ok
14:36:17.0692 1100  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
14:36:17.0702 1100  msdsm - ok
14:36:17.0717 1100  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
14:36:17.0748 1100  MSDTC - ok
14:36:17.0789 1100  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
14:36:17.0838 1100  Msfs - ok
14:36:17.0881 1100  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
14:36:17.0929 1100  mshidkmdf - ok
14:36:17.0950 1100  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
14:36:17.0958 1100  msisadrv - ok
14:36:17.0989 1100  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
14:36:18.0045 1100  MSiSCSI - ok
14:36:18.0048 1100  msiserver - ok
14:36:18.0082 1100  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
14:36:18.0137 1100  MSKSSRV - ok
14:36:18.0211 1100  [ 157E9E498206A3366BAA7E4697BDD947 ] MsMpSvc         c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
14:36:18.0219 1100  MsMpSvc - ok
14:36:18.0251 1100  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
14:36:18.0306 1100  MSPCLOCK - ok
14:36:18.0327 1100  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
14:36:18.0380 1100  MSPQM - ok
14:36:18.0409 1100  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
14:36:18.0424 1100  MsRPC - ok
14:36:18.0447 1100  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
14:36:18.0456 1100  mssmbios - ok
14:36:18.0490 1100  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
14:36:18.0542 1100  MSTEE - ok
14:36:18.0545 1100  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
14:36:18.0554 1100  MTConfig - ok
14:36:18.0583 1100  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
14:36:18.0592 1100  Mup - ok
14:36:18.0622 1100  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
14:36:18.0680 1100  napagent - ok
14:36:18.0728 1100  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
14:36:18.0766 1100  NativeWifiP - ok
14:36:18.0813 1100  [ C38B8AE57F78915905064A9A24DC1586 ] NDIS            C:\Windows\system32\drivers\ndis.sys
14:36:18.0838 1100  NDIS - ok
14:36:18.0879 1100  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
14:36:18.0932 1100  NdisCap - ok
14:36:18.0968 1100  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
14:36:18.0999 1100  NdisTapi - ok
14:36:19.0027 1100  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
14:36:19.0077 1100  Ndisuio - ok
14:36:19.0110 1100  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
14:36:19.0166 1100  NdisWan - ok
14:36:19.0197 1100  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
14:36:19.0227 1100  NDProxy - ok
14:36:19.0298 1100  [ DC6530A291D4BDF6DF399F1F128E7F8F ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
14:36:19.0328 1100  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
14:36:19.0328 1100  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
14:36:19.0375 1100  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
14:36:19.0424 1100  NetBIOS - ok
14:36:19.0447 1100  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
14:36:19.0480 1100  NetBT - ok
14:36:19.0492 1100  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
14:36:19.0502 1100  Netlogon - ok
14:36:19.0540 1100  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
14:36:19.0598 1100  Netman - ok
14:36:19.0653 1100  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:36:19.0663 1100  NetMsmqActivator - ok
14:36:19.0666 1100  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:36:19.0674 1100  NetPipeActivator - ok
14:36:19.0703 1100  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
14:36:19.0758 1100  netprofm - ok
14:36:19.0787 1100  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:36:19.0795 1100  NetTcpActivator - ok
14:36:19.0798 1100  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:36:19.0806 1100  NetTcpPortSharing - ok
14:36:19.0991 1100  [ 50AD7F7040C22BB7CAA59A0880875A21 ] NETwNs64        C:\Windows\system32\DRIVERS\NETwNs64.sys
14:36:20.0204 1100  NETwNs64 - ok
14:36:20.0236 1100  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
14:36:20.0245 1100  nfrd960 - ok
14:36:20.0278 1100  [ 5F7D72CBCDD025AF1F38FDEEE5646968 ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
14:36:20.0285 1100  NisDrv - ok
14:36:20.0305 1100  [ 566DDD5D82520DA01D75F81428AC4C38 ] NisSrv          c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
14:36:20.0318 1100  NisSrv - ok
14:36:20.0355 1100  [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc          C:\Windows\System32\nlasvc.dll
14:36:20.0409 1100  NlaSvc - ok
14:36:20.0447 1100  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
14:36:20.0479 1100  Npfs - ok
14:36:20.0506 1100  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
14:36:20.0561 1100  nsi - ok
14:36:20.0582 1100  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
14:36:20.0632 1100  nsiproxy - ok
14:36:20.0688 1100  [ A2F74975097F52A00745F9637451FDD8 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
14:36:20.0727 1100  Ntfs - ok
14:36:20.0758 1100  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
14:36:20.0807 1100  Null - ok
14:36:20.0866 1100  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
14:36:20.0876 1100  nvraid - ok
14:36:20.0888 1100  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
14:36:20.0899 1100  nvstor - ok
14:36:20.0930 1100  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
14:36:20.0940 1100  nv_agp - ok
14:36:20.0969 1100  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
14:36:20.0994 1100  ohci1394 - ok
14:36:21.0077 1100  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:36:21.0086 1100  ose - ok
14:36:21.0215 1100  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
14:36:21.0357 1100  osppsvc - ok
14:36:21.0382 1100  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
14:36:21.0417 1100  p2pimsvc - ok
14:36:21.0449 1100  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
14:36:21.0464 1100  p2psvc - ok
14:36:21.0487 1100  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
14:36:21.0519 1100  Parport - ok
14:36:21.0552 1100  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
14:36:21.0561 1100  partmgr - ok
14:36:21.0589 1100  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
14:36:21.0625 1100  PcaSvc - ok
14:36:21.0659 1100  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
14:36:21.0670 1100  pci - ok
14:36:21.0685 1100  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
14:36:21.0693 1100  pciide - ok
14:36:21.0709 1100  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
14:36:21.0720 1100  pcmcia - ok
14:36:21.0747 1100  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
14:36:21.0756 1100  pcw - ok
14:36:21.0775 1100  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
14:36:21.0834 1100  PEAUTH - ok
14:36:21.0884 1100  [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
14:36:21.0930 1100  PeerDistSvc - ok
14:36:22.0023 1100  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
14:36:22.0033 1100  PerfHost - ok
14:36:22.0077 1100  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
14:36:22.0149 1100  pla - ok
14:36:22.0208 1100  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
14:36:22.0245 1100  PlugPlay - ok
14:36:22.0346 1100  [ 71F62C51DFDFBC04C83C5C64B2B8058E ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
14:36:22.0375 1100  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
14:36:22.0375 1100  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
14:36:22.0401 1100  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
14:36:22.0411 1100  PNRPAutoReg - ok
14:36:22.0426 1100  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
14:36:22.0439 1100  PNRPsvc - ok
14:36:22.0489 1100  [ 32D374C60778253B81FA76C2FE19E155 ] Point64         C:\Windows\system32\DRIVERS\point64.sys
14:36:22.0498 1100  Point64 - ok
14:36:22.0519 1100  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
14:36:22.0577 1100  PolicyAgent - ok
14:36:22.0618 1100  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
14:36:22.0670 1100  Power - ok
14:36:22.0744 1100  [ EBF8A077BE308C0C6D55D90F89A43547 ] Power Manager DBC Service C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
14:36:22.0754 1100  Power Manager DBC Service - ok
14:36:22.0854 1100  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
14:36:22.0938 1100  PptpMiniport - ok
14:36:22.0967 1100  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
14:36:22.0995 1100  Processor - ok
14:36:23.0034 1100  [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc         C:\Windows\system32\profsvc.dll
14:36:23.0088 1100  ProfSvc - ok
14:36:23.0114 1100  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
14:36:23.0124 1100  ProtectedStorage - ok
14:36:23.0148 1100  [ 4A768FB063A38B0A78AD97617D3A04F5 ] psadd           C:\Windows\system32\DRIVERS\psadd.sys
14:36:23.0200 1100  psadd - ok
14:36:23.0228 1100  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
14:36:23.0286 1100  Psched - ok
14:36:23.0322 1100  [ 254DE0E4FB8822CA9E5495DCAC3BF11C ] PwmEWSvc        C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE
14:36:23.0332 1100  PwmEWSvc - ok
14:36:23.0395 1100  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
14:36:23.0431 1100  ql2300 - ok
14:36:23.0452 1100  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
14:36:23.0462 1100  ql40xx - ok
14:36:23.0500 1100  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
14:36:23.0525 1100  QWAVE - ok
14:36:23.0540 1100  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
14:36:23.0571 1100  QWAVEdrv - ok
14:36:23.0592 1100  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
14:36:23.0649 1100  RasAcd - ok
14:36:23.0684 1100  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
14:36:23.0716 1100  RasAgileVpn - ok
14:36:23.0746 1100  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
14:36:23.0797 1100  RasAuto - ok
14:36:23.0836 1100  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
14:36:23.0886 1100  Rasl2tp - ok
14:36:23.0931 1100  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
14:36:23.0987 1100  RasMan - ok
14:36:24.0029 1100  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
14:36:24.0084 1100  RasPppoe - ok
14:36:24.0112 1100  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
14:36:24.0168 1100  RasSstp - ok
14:36:24.0198 1100  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
14:36:24.0252 1100  rdbss - ok
14:36:24.0287 1100  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
14:36:24.0299 1100  rdpbus - ok
14:36:24.0322 1100  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
14:36:24.0353 1100  RDPCDD - ok
14:36:24.0388 1100  [ 1B6163C503398B23FF8B939C67747683 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
14:36:24.0399 1100  RDPDR - ok
14:36:24.0429 1100  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
14:36:24.0484 1100  RDPENCDD - ok
14:36:24.0520 1100  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
14:36:24.0551 1100  RDPREFMP - ok
14:36:24.0587 1100  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
14:36:24.0614 1100  RDPWD - ok
14:36:24.0657 1100  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
14:36:24.0669 1100  rdyboost - ok
14:36:24.0709 1100  [ FD11C1287D38A46FB72353E14D50089C ] RegSrvc         C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
14:36:24.0731 1100  RegSrvc - ok
14:36:24.0752 1100  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
14:36:24.0805 1100  RemoteAccess - ok
14:36:24.0838 1100  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
14:36:24.0888 1100  RemoteRegistry - ok
14:36:24.0926 1100  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
14:36:24.0962 1100  RFCOMM - ok
14:36:25.0000 1100  [ 5A227511ED22DDFEDF7EF7323C8F7D2F ] risdxc          C:\Windows\system32\DRIVERS\risdxc64.sys
14:36:25.0049 1100  risdxc - ok
14:36:25.0073 1100  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
14:36:25.0129 1100  RpcEptMapper - ok
14:36:25.0165 1100  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
14:36:25.0200 1100  RpcLocator - ok
14:36:25.0239 1100  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
14:36:25.0275 1100  RpcSs - ok
14:36:25.0295 1100  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
14:36:25.0327 1100  rspndr - ok
14:36:25.0356 1100  [ E60C0A09F997826C7627B244195AB581 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
14:36:25.0385 1100  s3cap - ok
14:36:25.0414 1100  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
14:36:25.0424 1100  SamSs - ok
14:36:25.0426 1100  SAService - ok
14:36:25.0440 1100  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
14:36:25.0449 1100  sbp2port - ok
14:36:25.0477 1100  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
14:36:25.0511 1100  SCardSvr - ok
14:36:25.0532 1100  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
14:36:25.0582 1100  scfilter - ok
14:36:25.0637 1100  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
14:36:25.0708 1100  Schedule - ok
14:36:25.0740 1100  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
14:36:25.0770 1100  SCPolicySvc - ok
14:36:25.0803 1100  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
14:36:25.0840 1100  SDRSVC - ok
14:36:25.0880 1100  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
14:36:25.0928 1100  secdrv - ok
14:36:25.0961 1100  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
14:36:25.0992 1100  seclogon - ok
14:36:26.0020 1100  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
14:36:26.0072 1100  SENS - ok
14:36:26.0093 1100  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
14:36:26.0121 1100  SensrSvc - ok
14:36:26.0146 1100  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\drivers\serenum.sys
14:36:26.0172 1100  Serenum - ok
14:36:26.0218 1100  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\drivers\serial.sys
14:36:26.0246 1100  Serial - ok
14:36:26.0268 1100  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
14:36:26.0295 1100  sermouse - ok
14:36:26.0332 1100  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
14:36:26.0364 1100  SessionEnv - ok
14:36:26.0393 1100  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
14:36:26.0405 1100  sffdisk - ok
14:36:26.0408 1100  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
14:36:26.0445 1100  sffp_mmc - ok
14:36:26.0448 1100  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
14:36:26.0460 1100  sffp_sd - ok
14:36:26.0463 1100  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
14:36:26.0478 1100  sfloppy - ok
14:36:26.0521 1100  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
14:36:26.0557 1100  SharedAccess - ok
14:36:26.0585 1100  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:36:26.0641 1100  ShellHWDetection - ok
14:36:26.0682 1100  [ C3F190562FE82EFDA7CCEF305EBAD3E3 ] Shockprf        C:\Windows\system32\DRIVERS\Apsx64.sys
14:36:26.0690 1100  Shockprf - ok
14:36:26.0706 1100  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
14:36:26.0714 1100  SiSRaid2 - ok
14:36:26.0733 1100  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
14:36:26.0741 1100  SiSRaid4 - ok
14:36:26.0783 1100  [ B866E8C5ED1DCBEA72285BA4107892C2 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
14:36:26.0791 1100  SkypeUpdate - ok
14:36:26.0810 1100  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
14:36:26.0842 1100  Smb - ok
14:36:26.0875 1100  [ 3BC2844AF786CA422CC31D505ACFA9F2 ] smihlp          C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys
14:36:26.0881 1100  smihlp - ok
14:36:26.0920 1100  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
14:36:26.0950 1100  SNMPTRAP - ok
14:36:26.0970 1100  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
14:36:26.0978 1100  spldr - ok
14:36:26.0995 1100  [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler         C:\Windows\System32\spoolsv.exe
14:36:27.0031 1100  Spooler - ok
14:36:27.0111 1100  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
14:36:27.0240 1100  sppsvc - ok
14:36:27.0260 1100  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
14:36:27.0293 1100  sppuinotify - ok
14:36:27.0327 1100  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
14:36:27.0386 1100  srv - ok
14:36:27.0407 1100  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
14:36:27.0422 1100  srv2 - ok
14:36:27.0446 1100  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
14:36:27.0457 1100  srvnet - ok
14:36:27.0504 1100  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
14:36:27.0539 1100  SSDPSRV - ok
14:36:27.0546 1100  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
14:36:27.0579 1100  SstpSvc - ok
14:36:27.0597 1100  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
14:36:27.0606 1100  stexstor - ok
14:36:27.0641 1100  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
14:36:27.0681 1100  stisvc - ok
14:36:27.0722 1100  [ 7785DC213270D2FC066538DAF94087E7 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
14:36:27.0730 1100  storflt - ok
14:36:27.0761 1100  [ C40841817EF57D491F22EB103DA587CC ] StorSvc         C:\Windows\system32\storsvc.dll
14:36:27.0792 1100  StorSvc - ok
14:36:27.0832 1100  [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
14:36:27.0841 1100  storvsc - ok
14:36:27.0885 1100  [ 6EA2F517373771CAC5188E82617C9C0B ] SUService       C:\Program Files (x86)\Lenovo\System Update\SUService.exe
14:36:27.0914 1100  SUService ( UnsignedFile.Multi.Generic ) - warning
14:36:27.0914 1100  SUService - detected UnsignedFile.Multi.Generic (1)
14:36:27.0948 1100  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
14:36:27.0956 1100  swenum - ok
14:36:27.0981 1100  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
14:36:28.0048 1100  swprv - ok
14:36:28.0100 1100  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
14:36:28.0159 1100  SysMain - ok
14:36:28.0193 1100  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:36:28.0210 1100  TabletInputService - ok
14:36:28.0228 1100  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
14:36:28.0283 1100  TapiSrv - ok
14:36:28.0324 1100  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
14:36:28.0356 1100  TBS - ok
14:36:28.0428 1100  [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
14:36:28.0472 1100  Tcpip - ok
14:36:28.0528 1100  [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
14:36:28.0563 1100  TCPIP6 - ok
14:36:28.0587 1100  [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
14:36:28.0642 1100  tcpipreg - ok
14:36:28.0666 1100  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
14:36:28.0708 1100  TDPIPE - ok
14:36:28.0762 1100  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
14:36:28.0787 1100  TDTCP - ok
14:36:28.0820 1100  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
14:36:28.0851 1100  tdx - ok
14:36:28.0876 1100  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
14:36:28.0885 1100  TermDD - ok
14:36:28.0916 1100  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
14:36:28.0983 1100  TermService - ok
14:36:29.0011 1100  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
14:36:29.0026 1100  Themes - ok
14:36:29.0051 1100  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
14:36:29.0083 1100  THREADORDER - ok
14:36:29.0095 1100  [ 1BB77ECCBFA3675B1EE8D6D6D37A1E1E ] TPDIGIMN        C:\Windows\system32\DRIVERS\ApsHM64.sys
14:36:29.0102 1100  TPDIGIMN - ok
14:36:29.0140 1100  [ 88F81D810FF16AC65B02643DAF308D4F ] TPHDEXLGSVC     C:\Windows\system32\TPHDEXLG64.exe
14:36:29.0147 1100  TPHDEXLGSVC - ok
14:36:29.0202 1100  [ 63626012E44CAAA162677B57B6DCB542 ] TPHKLOAD        C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
14:36:29.0210 1100  TPHKLOAD - ok
14:36:29.0225 1100  [ 9E6E4A9789F76593CC5A6A5AF8FC5929 ] TPHKSVC         C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
14:36:29.0231 1100  TPHKSVC - ok
14:36:29.0273 1100  [ DBCC20C02E8A3E43B03C304A4E40A84F ] TPM             C:\Windows\system32\drivers\tpm.sys
14:36:29.0283 1100  TPM - ok
14:36:29.0312 1100  [ 7165B5A9B4867F64A6D6935F57D4196B ] TPPWRIF         C:\Windows\system32\drivers\Tppwr64v.sys
14:36:29.0319 1100  TPPWRIF - ok
14:36:29.0351 1100  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
14:36:29.0408 1100  TrkWks - ok
14:36:29.0470 1100  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:36:29.0525 1100  TrustedInstaller - ok
14:36:29.0553 1100  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
14:36:29.0609 1100  tssecsrv - ok
14:36:29.0637 1100  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
14:36:29.0664 1100  TsUsbFlt - ok
14:36:29.0667 1100  [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
14:36:29.0677 1100  TsUsbGD - ok
14:36:29.0714 1100  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
14:36:29.0762 1100  tunnel - ok
14:36:29.0788 1100  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
14:36:29.0797 1100  uagp35 - ok
14:36:29.0828 1100  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
14:36:29.0876 1100  udfs - ok
14:36:29.0910 1100  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
14:36:29.0948 1100  UI0Detect - ok
14:36:29.0973 1100  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
14:36:29.0982 1100  uliagpkx - ok
14:36:30.0012 1100  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
14:36:30.0038 1100  umbus - ok
14:36:30.0063 1100  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
14:36:30.0096 1100  UmPass - ok
14:36:30.0141 1100  [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService    C:\Windows\System32\umrdp.dll
14:36:30.0175 1100  UmRdpService - ok
14:36:30.0284 1100  [ A69CD6BDB82872999D2E46F9324ADA83 ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
14:36:30.0340 1100  UNS - ok
14:36:30.0376 1100  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
14:36:30.0435 1100  upnphost - ok
14:36:30.0493 1100  [ 43228F8EDD1B0BCDD3145AD246E63D39 ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
14:36:30.0503 1100  USBAAPL64 - ok
14:36:30.0527 1100  [ 19AD7990C0B67E48DAC5B26F99628223 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
14:36:30.0555 1100  usbccgp - ok
14:36:30.0601 1100  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
14:36:30.0640 1100  usbcir - ok
14:36:30.0686 1100  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
14:36:30.0727 1100  usbehci - ok
14:36:30.0805 1100  [ 8B892002D7B79312821169A14317AB86 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
14:36:30.0841 1100  usbhub - ok
14:36:30.0881 1100  [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
14:36:30.0908 1100  usbohci - ok
14:36:30.0941 1100  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
14:36:30.0970 1100  usbprint - ok
14:36:31.0003 1100  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
14:36:31.0015 1100  usbscan - ok
14:36:31.0042 1100  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:36:31.0072 1100  USBSTOR - ok
14:36:31.0103 1100  [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
14:36:31.0130 1100  usbuhci - ok
14:36:31.0174 1100  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
14:36:31.0210 1100  usbvideo - ok
14:36:31.0251 1100  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
14:36:31.0305 1100  UxSms - ok
14:36:31.0327 1100  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
14:36:31.0336 1100  VaultSvc - ok
14:36:31.0356 1100  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
14:36:31.0365 1100  vdrvroot - ok
14:36:31.0391 1100  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
14:36:31.0430 1100  vds - ok
14:36:31.0451 1100  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
14:36:31.0487 1100  vga - ok
14:36:31.0510 1100  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
14:36:31.0577 1100  VgaSave - ok
14:36:31.0589 1100  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
14:36:31.0610 1100  vhdmp - ok
14:36:31.0624 1100  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
14:36:31.0633 1100  viaide - ok
14:36:31.0677 1100  [ 86EA3E79AE350FEA5331A1303054005F ] vmbus           C:\Windows\system32\drivers\vmbus.sys
14:36:31.0718 1100  vmbus - ok
14:36:31.0731 1100  [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
14:36:31.0757 1100  VMBusHID - ok
14:36:31.0782 1100  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
14:36:31.0792 1100  volmgr - ok
14:36:31.0811 1100  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
14:36:31.0826 1100  volmgrx - ok
14:36:31.0849 1100  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
14:36:31.0863 1100  volsnap - ok
14:36:31.0878 1100  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
14:36:31.0888 1100  vsmraid - ok
14:36:31.0942 1100  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
14:36:31.0997 1100  VSS - ok
14:36:32.0029 1100  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
14:36:32.0063 1100  vwifibus - ok
14:36:32.0082 1100  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
14:36:32.0116 1100  vwififlt - ok
14:36:32.0153 1100  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
14:36:32.0191 1100  W32Time - ok
14:36:32.0212 1100  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
14:36:32.0249 1100  WacomPen - ok
14:36:32.0295 1100  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
14:36:32.0347 1100  WANARP - ok
14:36:32.0350 1100  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
14:36:32.0381 1100  Wanarpv6 - ok
14:36:32.0436 1100  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
14:36:32.0488 1100  wbengine - ok
14:36:32.0536 1100  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
14:36:32.0553 1100  WbioSrvc - ok
14:36:32.0570 1100  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
14:36:32.0615 1100  wcncsvc - ok
14:36:32.0643 1100  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:36:32.0672 1100  WcsPlugInService - ok
14:36:32.0704 1100  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
14:36:32.0712 1100  Wd - ok
14:36:32.0831 1100  [ 96C4C98FE4866C16FC64E4578A0AA975 ] WDBackup        C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
14:36:32.0857 1100  WDBackup - ok
14:36:32.0907 1100  [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM         C:\Windows\system32\DRIVERS\wdcsam64.sys
14:36:32.0915 1100  WDC_SAM - ok
14:36:32.0969 1100  [ 80F8944EA183004D6EDCBBDCEC166404 ] WDDriveService  C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
14:36:32.0978 1100  WDDriveService - ok
14:36:32.0999 1100  [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
14:36:33.0018 1100  Wdf01000 - ok
14:36:33.0042 1100  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
14:36:33.0076 1100  WdiServiceHost - ok
14:36:33.0079 1100  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
14:36:33.0095 1100  WdiSystemHost - ok
14:36:33.0194 1100  [ FD2D1C60CDBDFAB63EF182539D8FFC2D ] WDRulesService  C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe
14:36:33.0220 1100  WDRulesService - ok
14:36:33.0247 1100  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
14:36:33.0283 1100  WebClient - ok
14:36:33.0309 1100  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
14:36:33.0345 1100  Wecsvc - ok
14:36:33.0359 1100  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
14:36:33.0393 1100  wercplsupport - ok
14:36:33.0427 1100  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
14:36:33.0460 1100  WerSvc - ok
14:36:33.0492 1100  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
14:36:33.0523 1100  WfpLwf - ok
14:36:33.0589 1100  [ F27BD4135954690B9C2C24258CACA933 ] WIBUKEY         C:\Windows\system32\DRIVERS\WibuKey64.sys
14:36:33.0596 1100  WIBUKEY - ok
14:36:33.0614 1100  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
14:36:33.0623 1100  WIMMount - ok
14:36:33.0635 1100  WinDefend - ok
14:36:33.0640 1100  WinHttpAutoProxySvc - ok
14:36:33.0689 1100  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
14:36:33.0723 1100  Winmgmt - ok
14:36:33.0783 1100  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
14:36:33.0844 1100  WinRM - ok
14:36:33.0891 1100  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUSB.sys
14:36:33.0930 1100  WinUsb - ok
14:36:33.0970 1100  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
14:36:33.0998 1100  Wlansvc - ok
14:36:34.0095 1100  [ 98F138897EF4246381D197CB81846D62 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:36:34.0145 1100  wlidsvc - ok
14:36:34.0164 1100  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
14:36:34.0190 1100  WmiAcpi - ok
14:36:34.0227 1100  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
14:36:34.0260 1100  wmiApSrv - ok
14:36:34.0301 1100  WMPNetworkSvc - ok
14:36:34.0322 1100  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
14:36:34.0332 1100  WPCSvc - ok
14:36:34.0347 1100  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
14:36:34.0361 1100  WPDBusEnum - ok
14:36:34.0389 1100  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
14:36:34.0420 1100  ws2ifsl - ok
14:36:34.0452 1100  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
14:36:34.0488 1100  wscsvc - ok
14:36:34.0491 1100  WSearch - ok
14:36:34.0570 1100  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
14:36:34.0625 1100  wuauserv - ok
14:36:34.0642 1100  [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
14:36:34.0690 1100  WudfPf - ok
14:36:34.0725 1100  [ CF8D590BE3373029D57AF80914190682 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
14:36:34.0774 1100  WUDFRd - ok
14:36:34.0806 1100  [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
14:36:34.0839 1100  wudfsvc - ok
14:36:34.0852 1100  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
14:36:34.0894 1100  WwanSvc - ok
14:36:34.0923 1100  ================ Scan global ===============================
14:36:34.0949 1100  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
14:36:34.0983 1100  [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
14:36:34.0990 1100  [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
14:36:35.0019 1100  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
14:36:35.0033 1100  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
14:36:35.0036 1100  [Global] - ok
14:36:35.0037 1100  ================ Scan MBR ==================================
14:36:35.0047 1100  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
14:36:35.0385 1100  \Device\Harddisk0\DR0 - ok
14:36:35.0386 1100  ================ Scan VBR ==================================
14:36:35.0387 1100  [ 6C55925E0337B26AD922739C43104DBC ] \Device\Harddisk0\DR0\Partition1
14:36:35.0389 1100  \Device\Harddisk0\DR0\Partition1 - ok
14:36:35.0418 1100  [ 00317CB4F5514715EE571DC5325A1212 ] \Device\Harddisk0\DR0\Partition2
14:36:35.0419 1100  \Device\Harddisk0\DR0\Partition2 - ok
14:36:35.0420 1100  ============================================================
14:36:35.0420 1100  Scan finished
14:36:35.0420 1100  ============================================================
14:36:35.0427 7184  Detected object count: 5
14:36:35.0427 7184  Actual detected object count: 5
14:37:39.0396 7184  FirebirdGuardianDefaultInstance ( UnsignedFile.Multi.Generic ) - skipped by user
14:37:39.0396 7184  FirebirdGuardianDefaultInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:37:39.0397 7184  FirebirdServerDefaultInstance ( UnsignedFile.Multi.Generic ) - skipped by user
14:37:39.0397 7184  FirebirdServerDefaultInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:37:39.0398 7184  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
14:37:39.0398 7184  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:37:39.0399 7184  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
14:37:39.0399 7184  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:37:39.0400 7184  SUService ( UnsignedFile.Multi.Generic ) - skipped by user
14:37:39.0400 7184  SUService ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus · 11.01.2013, 17:21

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Tweety87 · 11.01.2013, 17:47

Code:

ATTFilter

ComboFix 13-01-11.01 - xxx 11.01.2013  17:31:17.1.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.8075.5836 [GMT 1:00]
ausgeführt von:: c:\users\xxx\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
 ADS - Windows: deleted 64 bytes in 2 streams. 
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\programdata\FriloUnzipProtocol.txt
c:\programdata\rat_0ybba.pad
c:\programdata\Roaming
c:\users\xxx\AppData\Roaming\JomCap.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-12-11 bis 2013-01-11  ))))))))))))))))))))))))))))))
.
.
2013-01-11 16:39 . 2013-01-11 16:39	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-01-11 13:42 . 2012-11-08 17:24	9125352	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4EA0FA11-2E79-42B3-8A92-A4499E50F12A}\mpengine.dll
2013-01-09 11:39 . 2012-11-14 07:11	182816	----a-w-	c:\program files\Internet Explorer\sqmapi.dll
2013-01-09 11:38 . 2012-12-16 17:11	46080	----a-w-	c:\windows\system32\atmlib.dll
2013-01-09 11:38 . 2012-12-16 14:45	367616	----a-w-	c:\windows\system32\atmfd.dll
2013-01-09 11:38 . 2012-12-16 14:13	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2013-01-09 11:38 . 2012-12-16 14:13	295424	----a-w-	c:\windows\SysWow64\atmfd.dll
2013-01-09 10:52 . 2012-11-20 05:48	307200	----a-w-	c:\windows\system32\ncrypt.dll
2013-01-09 10:52 . 2012-11-20 04:51	220160	----a-w-	c:\windows\SysWow64\ncrypt.dll
2013-01-09 10:52 . 2012-11-01 05:43	2002432	----a-w-	c:\windows\system32\msxml6.dll
2013-01-09 10:52 . 2012-11-01 05:43	1882624	----a-w-	c:\windows\system32\msxml3.dll
2013-01-09 10:52 . 2012-11-01 04:47	1389568	----a-w-	c:\windows\SysWow64\msxml6.dll
2013-01-09 10:52 . 2012-11-01 04:47	1236992	----a-w-	c:\windows\SysWow64\msxml3.dll
2013-01-09 10:52 . 2012-11-23 03:13	68608	----a-w-	c:\windows\system32\taskhost.exe
2013-01-09 10:50 . 2012-11-23 03:26	3149824	----a-w-	c:\windows\system32\win32k.sys
2013-01-08 23:29 . 2013-01-09 08:50	--------	d-----w-	c:\program files (x86)\Mozilla Thunderbird
2013-01-08 23:24 . 2013-01-08 23:24	--------	d-----w-	c:\users\Viktor\AppData\Roaming\Malwarebytes
2013-01-08 23:23 . 2013-01-08 23:23	--------	d-----w-	c:\programdata\Malwarebytes
2013-01-08 23:23 . 2013-01-08 23:23	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2013-01-08 23:23 . 2012-12-14 15:49	24176	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-01-01 19:15 . 2013-01-01 19:15	--------	d-----w-	c:\programdata\FNP
2013-01-01 19:15 . 2013-01-01 19:15	--------	d-----w-	c:\program files (x86)\Common Files\Macrovision Shared
2013-01-01 19:15 . 2013-01-01 19:15	--------	d-----w-	c:\program files (x86)\Common Files\Scia
2012-12-15 15:06 . 2012-12-15 15:06	--------	d-----w-	c:\program files\iPod
2012-12-15 15:06 . 2012-12-15 15:07	--------	d-----w-	c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-12-15 15:06 . 2012-12-15 15:07	--------	d-----w-	c:\program files\iTunes
2012-12-15 15:06 . 2012-12-15 15:07	--------	d-----w-	c:\program files (x86)\iTunes
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-09 00:17 . 2012-03-31 14:35	697864	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-09 00:17 . 2012-02-23 10:46	74248	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-16 16:31 . 2012-02-22 21:44	67599240	----a-w-	c:\windows\system32\MRT.exe
2012-12-03 08:04 . 2012-06-04 07:09	18960	----a-w-	c:\windows\system32\drivers\LNonPnP.sys
2012-11-28 18:34 . 2012-11-28 18:34	972264	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{36244D50-E431-4CB0-84EA-DD05538215DC}\gapaengine.dll
2012-11-17 08:08 . 2012-11-17 08:08	283200	----a-w-	c:\windows\system32\drivers\dtsoftbus01.sys
2012-11-08 17:24 . 2012-02-23 21:25	9125352	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-10-28 17:32 . 2012-12-04 16:05	103936	----a-w-	c:\windows\system32\pdfcmon.dll
2012-10-15 07:02 . 2012-10-15 07:02	65536	----a-r-	c:\users\xxx\AppData\Roaming\Microsoft\Installer\{7CD43346-A9DA-48ED-B027-11623505CAFE}\ProductIcon.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\Viktor\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\Viktor\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\Viktor\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\Viktor\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"gStart"="c:\program files (x86)\Garmin\Training Center\gStart.exe" [2008-08-13 1891416]
"PlaxisUpdater.exe"="c:\program files (x86)\Plaxis\PLAXIS Connect\PlaxisUpdater.exe" [2012-06-05 1434336]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-11-09 17877168]
"Akamai NetSession Interface"="c:\users\Viktor\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RotateImage"="c:\program files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe" [2008-10-30 55808]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2011-12-01 1631808]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"ADSK DLMSession"="c:\program files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe" [2012-07-23 1632216]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-10-01 640376]
"WD Quick View"="c:\program files (x86)\Western Digital\WD Quick View\WDDMStatus.exe" [2012-09-19 5236664]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
.
c:\users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\xxx\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-12-29 28539392]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2011-10-17 1213216]
CodeMeter Control Center.lnk - c:\program files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe [2012-9-6 8443832]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2010-5-28 276328]
Windchill ProductPoint Client Manager.lnk - c:\windows\Installer\{129024FF-A6C9-4696-91BC-570C6C05193A}\_F5BCEE176F60B4DABC6DF8.exe [2012-11-17 1406]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages	REG_MULTI_SZ   	scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-10-19 160944]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 DozeSvc;Lenovo Doze Mode Service;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2011-12-01 478056]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-11-03 1432400]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 84864]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2012-06-26 46176]
R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [2011-12-01 175168]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2011-02-16 14464]
S0 DzHDD64;DzHDD64;c:\windows\System32\DRIVERS\DzHDD64.sys [2011-12-01 31344]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [2011-03-29 23664]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-11-17 283200]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [2010-09-07 15472]
S2 aksdf;aksdf;c:\windows\system32\drivers\aksdf.sys [2009-09-21 71040]
S2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2012-01-31 19232]
S2 CodeMeter.exe;CodeMeter Runtime Server;c:\program files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe [2012-09-06 2569144]
S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe [2010-12-17 198784]
S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe [2011-10-03 98304]
S2 hasplms;Sentinel HASP License Manager;c:\windows\system32\hasplms.exe  -run [x]
S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-07 210896]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2010-11-24 45496]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2010-04-07 93032]
S2 lmadmin;lmadmin;c:\program files (x86)\Common Files\Scia\LicenceServer\FlexnetServer\lmadmin.exe [2011-08-05 6587728]
S2 risdxc;risdxc;c:\windows\system32\DRIVERS\risdxc64.sys [2011-05-25 101888]
S2 SAService;Conexant SmartAudio service;c:\windows\system32\SAsrv.exe [x]
S2 smihlp;SMI Helper Driver (smihlp);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [2011-05-30 13128]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2010-12-03 114024]
S2 TPHKSVC;Anzeige am Bildschirm;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2010-12-02 64440]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-01-17 2656280]
S2 WDBackup;WD Backup;c:\program files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [2012-09-19 1157056]
S2 WDDriveService;WD Drive Manager;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [2012-09-19 248248]
S2 WDRulesService;WD Rules;c:\program files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe [2012-09-19 1177536]
S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [2011-03-04 166016]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]
S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2011-10-17 437288]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-10-17 39976]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe [2011-10-03 3764224]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-08-23 317440]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 40832]
S3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2011-12-01 89152]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 06303038
*NewlyCreated* - ASWMBR
*Deregistered* - 06303038
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 00:17]
.
2013-01-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-03 14:29]
.
2013-01-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-03 14:29]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\Viktor\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\Viktor\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\Viktor\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\Viktor\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ALCKRESI.EXE"="c:\program files\Lenovo\AutoLock\ALCKRESI.EXE" [2011-09-27 386408]
"PSQLLauncher"="c:\program files\ThinkVantage Fingerprint Software\launcher.exe" [2011-07-14 85832]
"ForteConfig"="c:\program files\Conexant\ForteConfig\fmapp.exe" [2010-10-26 49056]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032]
"TpShocks"="TpShocks.exe" [2011-03-29 380776]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-03 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-03 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-03 416024]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
"LogiScrollApp"="c:\program files\Logitech\FlowScroll\KhalScroll.exe" [2012-02-08 166680]
"IntelliType Pro"="c:\program files\Microsoft Device Center\itype.exe" [2012-06-26 1464928]
"IntelliPoint"="c:\program files\Microsoft Device Center\ipoint.exe" [2012-06-26 2004584]
"Autodesk Sync"="c:\program files\Autodesk\Autodesk Sync\AdSync.exe" [2012-02-05 415680]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;<local>
uSearchAssistant = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=d3834896-af68-4d26-adab-f0407ba202b1&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
mSearchAssistant = hxxp://www.crawler.com/search/ie.aspx?tb_id=60747
mCustomizeSearch = hxxp://dnl.crawler.com/support/sa_customize.aspx?TbId=60747
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Crawler Search - tbr:iemenu
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.2.1
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~2\Crawler\Toolbar\ctbr.dll
FF - ProfilePath - c:\users\Viktor\AppData\Roaming\Mozilla\Firefox\Profiles\nxdadjav.default\
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - hxxp://google.de/
FF - prefs.js: keyword.URL - hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=d3834896-af68-4d26-adab-f0407ba202b1&affid=111585&searchtype=ds&babsrc=lnkry&q=
FF - ExtSQL: !HIDDEN! 2012-03-31 21:36; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM-Run-SpywareTerminatorShield - c:\program files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
HKLM-Run-SpywareTerminatorUpdater - c:\program files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-01-11  17:41:54
ComboFix-quarantined-files.txt  2013-01-11 16:41
.
Vor Suchlauf: 18 Verzeichnis(se), 145.668.247.552 Bytes frei
Nach Suchlauf: 23 Verzeichnis(se), 154.338.979.840 Bytes frei
.
- - End Of File - - 54B5563216EC73E2CF8669A08CB84FC9

cosinus · 11.01.2013, 19:52

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Suche.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)

Tweety87 · 11.01.2013, 20:00

Code:

ATTFilter

# AdwCleaner v2.105 - Datei am 11/01/2013 um 19:56:56 erstellt
# Aktualisiert am 08/01/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : xxx - xxx-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\xxx\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
Datei Gefunden : C:\Program Files (x86)\Mozilla Firefox\searchplugins\crawlersrch.xml
Datei Gefunden : C:\Users\Viktor\AppData\Roaming\Mozilla\Firefox\Profiles\nxdadjav.default\searchplugins\Web Search.xml
Ordner Gefunden : C:\Program Files (x86)\Crawler
Ordner Gefunden : C:\Users\xxx\AppData\Roaming\OpenCandy
Ordner Gefunden : C:\Users\xxx\AppData\Roaming\pdfforge

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\CToolbar
Schlüssel Gefunden : HKCU\Software\IGearSettings
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Crawler Search
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\ctbcommon.Buttons
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\ctbr.R404Pro
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CToolbar.TB4Client
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CToolbar.TB4Script
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CToolbar.TB4Server
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\tbr
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{506F578A-91E1-46CE-830F-E2F4268E9966}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{E79BB61D-7F1A-41DF-8AD0-402795E3B566}
Schlüssel Gefunden : HKLM\Software\CToolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\Crawler
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{183643C8-EE67-4574-9A38-927852E34163}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1DDA201E-5B42-4352-933E-21A92B297E3B}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4D25FB7A-8902-4291-960E-9ADA051CFBBF}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{54ECA872-DB2A-4C6B-BBB2-F3777C6786CC}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{8736C681-37A0-40C6-A0F0-4C083409151C}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{01C78433-6FDF-4E5A-A82D-B535C32E03DF}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{41349826-5C7F-4BF0-8279-5DAF1DE6E9AE}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{604EA016-1EDE-41E6-A23E-76CF8F2A4808}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B3BA5582-79A9-464D-A7FA-711C5888C6E9}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E9BBD270-4B87-4EE2-912F-6635674986C0}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\CToolbar_UNINSTALL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{01C78433-6FDF-4E5A-A82D-B535C32E03DF}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{41349826-5C7F-4BF0-8279-5DAF1DE6E9AE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{604EA016-1EDE-41E6-A23E-76CF8F2A4808}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{B3BA5582-79A9-464D-A7FA-711C5888C6E9}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E9BBD270-4B87-4EE2-912F-6635674986C0}
Schlüssel Gefunden : HKU\S-1-5-21-1557816566-3373599751-1062272910-1000\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gefunden : HKU\S-1-5-21-1557816566-3373599751-1062272910-1000\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Schlüssel Gefunden : HKU\S-1-5-21-1557816566-3373599751-1062272910-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{4B3803EA-5230-4DC3-A7FC-33638F3D3542}]
Wert Gefunden : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{4B3803EA-5230-4DC3-A7FC-33638F3D3542}]
Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{4B3803EA-5230-4DC3-A7FC-33638F3D3542}]
Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

[HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=d3834896-af68-4d26-adab-f0407ba202b1&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
[HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=d3834896-af68-4d26-adab-f0407ba202b1&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://www.crawler.com/search/ie.aspx?tb_id=60747
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - CustomizeSearch] = hxxp://dnl.crawler.com/support/sa_customize.aspx?TbId=60747
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - SearchAssistant] = hxxp://www.crawler.com/search/ie.aspx?tb_id=60747
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - CustomizeSearch] = hxxp://dnl.crawler.com/support/sa_customize.aspx?TbId=60747

-\\ Mozilla Firefox v18.0 (de)

Datei : C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\nxdadjav.default\prefs.js

Gefunden : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Gefunden : user_pref("browser.search.selectedEngine", "Web Search");
Gefunden : user_pref("keyword.URL", "hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=d3834896-af68[...]

*************************

AdwCleaner[R1].txt - [8739 octets] - [11/01/2013 19:56:56]

########## EOF - C:\AdwCleaner[R1].txt - [8799 octets] ##########

cosinus · 11.01.2013, 21:04

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Löschen.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x=fortlaufende Nummer)

Danach eine Kontrolle mit OTL bitte:

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Setze oben mittig den Haken bei Scanne alle Benutzer
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles in CODE-Tags hier in den Thread.

Tweety87 · 11.01.2013, 21:50

Code:

ATTFilter

# AdwCleaner v2.105 - Datei am 11/01/2013 um 21:13:37 erstellt
# Aktualisiert am 08/01/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : xxx - xxx-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\xxx\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\crawlersrch.xml
Datei Gelöscht : C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\nxdadjav.default\searchplugins\Web Search.xml
Ordner Gelöscht : C:\Program Files (x86)\Crawler
Ordner Gelöscht : C:\Users\xxx\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Users\xxx\AppData\Roaming\pdfforge

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\CToolbar
Schlüssel Gelöscht : HKCU\Software\IGearSettings
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Crawler Search
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ctbcommon.Buttons
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ctbr.R404Pro
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CToolbar.TB4Client
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CToolbar.TB4Script
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CToolbar.TB4Server
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\tbr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{506F578A-91E1-46CE-830F-E2F4268E9966}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E79BB61D-7F1A-41DF-8AD0-402795E3B566}
Schlüssel Gelöscht : HKLM\Software\CToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\Crawler
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{183643C8-EE67-4574-9A38-927852E34163}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1DDA201E-5B42-4352-933E-21A92B297E3B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4D25FB7A-8902-4291-960E-9ADA051CFBBF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{54ECA872-DB2A-4C6B-BBB2-F3777C6786CC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{8736C681-37A0-40C6-A0F0-4C083409151C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{01C78433-6FDF-4E5A-A82D-B535C32E03DF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{41349826-5C7F-4BF0-8279-5DAF1DE6E9AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{604EA016-1EDE-41E6-A23E-76CF8F2A4808}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B3BA5582-79A9-464D-A7FA-711C5888C6E9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E9BBD270-4B87-4EE2-912F-6635674986C0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\CToolbar_UNINSTALL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{01C78433-6FDF-4E5A-A82D-B535C32E03DF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{41349826-5C7F-4BF0-8279-5DAF1DE6E9AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{604EA016-1EDE-41E6-A23E-76CF8F2A4808}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B3BA5582-79A9-464D-A7FA-711C5888C6E9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E9BBD270-4B87-4EE2-912F-6635674986C0}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{4B3803EA-5230-4DC3-A7FC-33638F3D3542}]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{4B3803EA-5230-4DC3-A7FC-33638F3D3542}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{4B3803EA-5230-4DC3-A7FC-33638F3D3542}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=d3834896-af68-4d26-adab-f0407ba202b1&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms} --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=d3834896-af68-4d26-adab-f0407ba202b1&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms} --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://www.crawler.com/search/ie.aspx?tb_id=60747 --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - CustomizeSearch] = hxxp://dnl.crawler.com/support/sa_customize.aspx?TbId=60747 --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - SearchAssistant] = hxxp://www.crawler.com/search/ie.aspx?tb_id=60747 --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - CustomizeSearch] = hxxp://dnl.crawler.com/support/sa_customize.aspx?TbId=60747 --> hxxp://www.google.com

-\\ Mozilla Firefox v18.0 (de)

Datei : C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\nxdadjav.default\prefs.js

Gelöscht : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Gelöscht : user_pref("browser.search.selectedEngine", "Web Search");
Gelöscht : user_pref("keyword.URL", "hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=d3834896-af68[...]

*************************

AdwCleaner[R1].txt - [8844 octets] - [11/01/2013 19:56:56]
AdwCleaner[S1].txt - [8531 octets] - [11/01/2013 21:13:37]

########## EOF - C:\AdwCleaner[S1].txt - [8591 octets] ##########

Code:

ATTFilter

OTL logfile created on: 11.01.2013 21:27:05 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\xxx\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,89 Gb Total Physical Memory | 6,01 Gb Available Physical Memory | 76,21% Memory free
15,77 Gb Paging File | 13,72 Gb Available in Paging File | 87,03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 297,99 Gb Total Space | 143,47 Gb Free Space | 48,14% Space Free | Partition Type: NTFS
 
Computer Name: xxx-PC | User Name: xxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC -  File not found
PRC - C:\Users\xxx\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Flexera Software, Inc.)
PRC - C:\Users\xxx\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Users\xxx\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
PRC - C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe (Western Digital )
PRC - C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe (Western Digital )
PRC - C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe (Western Digital Technologies, Inc.)
PRC - C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe (Western Digital)
PRC - C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe (WIBU-SYSTEMS AG)
PRC - C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe (WIBU-SYSTEMS AG)
PRC - C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe (Autodesk, Inc.)
PRC - C:\Program Files (x86)\Plaxis\PLAXIS Connect\PlaxisUpdater.exe (Plaxis bv)
PRC - C:\Program Files (x86)\Common Files\Scia\LicenceServer\FlexnetServer\scia\scia.exe (Nemetschek SCIA)
PRC - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe (Microsoft Corporation.)
PRC - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe (Microsoft Corporation.)
PRC - C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe (Autodesk, Inc.)
PRC - C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE (Lenovo)
PRC - C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe (Lenovo Group Limited)
PRC - C:\Programme\ThinkPad\Bluetooth Software\Bluetooth Headset Helper.exe (Broadcom Corporation.)
PRC - C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe (Firebird Project)
PRC - C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe (Firebird Project)
PRC - C:\Programme\Lenovo\AutoLock\ALCKRESI.exe (Lenovo Group Limited)
PRC - C:\Program Files (x86)\Common Files\Scia\LicenceServer\FlexnetServer\lmadmin.exe (Flexera Software, Inc.)
PRC - C:\Program Files (x86)\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\ZOOM\TpScrex.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited)
PRC - C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited)
PRC - C:\Windows\SysWOW64\SASrv.exe (Conexant Systems, Inc.)
PRC - C:\Programme\Lenovo\VIRTSCRL\lvvsst.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\VIRTSCRL\virtscrl.exe (Lenovo Group Limited)
PRC - C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe (Brother Industries, Ltd.)
PRC - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files (x86)\Garmin\Training Center\gStart.exe (GARMIN Corp.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Programme\Lenovo\AutoLock\cv210.dll ()
MOD - C:\Programme\Lenovo\AutoLock\cxcore210.dll ()
MOD - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf ()
MOD - C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (IBMPMSVC) -- C:\Windows\SysNative\ibmpmsvc.exe (Lenovo.)
SRV:64bit: - (TPHDEXLGSVC) -- C:\Windows\SysNative\TPHDEXLG64.exe (Lenovo.)
SRV:64bit: - (CxAudMsg) -- C:\Windows\SysNative\CxAudMsg64.exe (Conexant Systems Inc.)
SRV:64bit: - (hasplms) -- C:\Windows\SysNative\hasplms.exe (SafeNet Inc.)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Flexera Software, Inc.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (FLEXnet Licensing Service 64) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Flexera Software, Inc.)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (WDRulesService) -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe (Western Digital )
SRV - (WDBackup) -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe (Western Digital )
SRV - (WDDriveService) -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe (Western Digital)
SRV - (CodeMeter.exe) -- C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe (WIBU-SYSTEMS AG)
SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe (Microsoft Corporation.)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe (Microsoft Corporation.)
SRV - (Autodesk Content Service) -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe (Autodesk, Inc.)
SRV - (DozeSvc) -- C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE (Lenovo.)
SRV - (PwmEWSvc) -- C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE (Lenovo Group Limited)
SRV - (Power Manager DBC Service) -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE (Lenovo)
SRV - (btwdins) -- C:\Programme\ThinkPad\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (FirebirdGuardianDefaultInstance) -- C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe (Firebird Project)
SRV - (FirebirdServerDefaultInstance) -- C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe (Firebird Project)
SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (lmadmin) -- C:\Program Files (x86)\Common Files\Scia\LicenceServer\FlexnetServer\lmadmin.exe (Flexera Software, Inc.)
SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (SUService) -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Intel Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (TPHKLOAD) -- C:\Programme\Lenovo\HOTKEY\tphkload.exe (Lenovo Group Limited)
SRV - (TPHKSVC) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
SRV - (LENOVO.MICMUTE) -- C:\Programme\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited)
SRV - (SAService) -- C:\Windows\SysWOW64\SASrv.exe (Conexant Systems, Inc.)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (Lenovo.VIRTSCRLSVC) -- C:\Programme\Lenovo\VIRTSCRL\lvvsst.exe (Lenovo Group Limited)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (grmnusb) -- C:\Windows\SysNative\drivers\grmnusb.sys (GARMIN Corp.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (DzHDD64) -- C:\Windows\SysNative\drivers\DZHDD64.SYS (Lenovo.)
DRV:64bit: - (TPPWRIF) -- C:\Windows\SysNative\drivers\TPPWR64V.SYS (Lenovo Group Limited)
DRV:64bit: - (BTWAMPFL) -- C:\Windows\SysNative\drivers\btwampfl.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (IBMPMDRV) -- C:\Windows\SysNative\drivers\ibmpmdrv.sys (Lenovo.)
DRV:64bit: - (e1cexpress) -- C:\Windows\SysNative\drivers\e1c62x64.sys (Intel Corporation)
DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation)
DRV:64bit: - (risdxc) -- C:\Windows\SysNative\drivers\risdxc64.sys (REDC)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (Shockprf) -- C:\Windows\SysNative\drivers\ApsX64.sys (Lenovo.)
DRV:64bit: - (TPDIGIMN) -- C:\Windows\SysNative\drivers\ApsHM64.sys (Lenovo.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (5U877) -- C:\Windows\SysNative\drivers\5U877.sys (Ricoh co.,Ltd.)
DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (WIBUKEY) -- C:\Windows\SysNative\drivers\WibuKey64.sys (WIBU-SYSTEMS AG)
DRV:64bit: - (lenovo.smi) -- C:\Windows\SysNative\drivers\smiifx64.sys (Lenovo Group Limited)
DRV:64bit: - (aksdf) -- C:\Windows\SysNative\drivers\aksdf.sys (Aladdin Knowledge Systems Ltd.)
DRV:64bit: - (aksfridge) -- C:\Windows\SysNative\drivers\aksfridge.sys (Aladdin Knowledge Systems Ltd.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (hardlock) -- C:\Windows\SysNative\drivers\hardlock.sys (Aladdin Knowledge Systems Ltd.)
DRV:64bit: - (psadd) -- C:\Windows\SysNative\drivers\psadd.sys (Lenovo (United States) Inc.)
DRV:64bit: - (BrSerIf) -- C:\Windows\SysNative\drivers\BrSerIf.sys (Brother Industries Ltd.)
DRV - (smihlp) -- C:\Programme\ThinkVantage Fingerprint Software\smihlp.sys (Authentec Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-1557816566-3373599751-1062272910-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
IE - HKU\S-1-5-21-1557816566-3373599751-1062272910-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-1557816566-3373599751-1062272910-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 05 46 1E E5 8B 02 CD 01  [binary data]
IE - HKU\S-1-5-21-1557816566-3373599751-1062272910-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com
IE - HKU\S-1-5-21-1557816566-3373599751-1062272910-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com
IE - HKU\S-1-5-21-1557816566-3373599751-1062272910-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-1557816566-3373599751-1062272910-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1557816566-3373599751-1062272910-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1557816566-3373599751-1062272910-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "hxxp://google.de/"
FF - prefs.js..extensions.enabledAddons: DeviceDetection%40logitech.com:1.24.0.9
FF - prefs.js..extensions.enabledAddons: %7B8AA36F4F-6DC7-4c06-77AF-5035170634FE%7D:2012.02.14
FF - prefs.js..extensions.enabledAddons: %7B5D3F3872-91E9-4d59-AD9F-AA174A3145DD%7D:4.00.33
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.03.31 20:36:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2012.04.23 16:58:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{5D3F3872-91E9-4d59-AD9F-AA174A3145DD}: C:\Program Files\Logitech\FlowScroll\LogiSmoothFirefoxExt [2012.06.04 08:11:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.11 14:59:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.11 14:59:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.01.09 00:29:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.03.31 20:36:07 | 000,000,000 | ---D | M]
 
[2012.02.22 23:09:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\Extensions
[2012.10.23 07:30:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\nxdadjav.default\extensions
[2012.06.04 08:12:59 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\Viktor\AppData\Roaming\mozilla\Firefox\Profiles\nxdadjav.default\extensions\DeviceDetection@logitech.com
[2013.01.11 14:59:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.06.04 08:11:39 | 000,000,000 | ---D | M] (Logitech Flow Scroll) -- C:\PROGRAM FILES\LOGITECH\FLOWSCROLL\LOGISMOOTHFIREFOXEXT
[2012.04.23 16:58:34 | 000,000,000 | ---D | M] (Citavi Picker) -- C:\PROGRAMDATA\SWISS ACADEMIC SOFTWARE\CITAVI PICKER\FIREFOX
[2013.01.11 14:59:58 | 000,262,704 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.12.09 00:54:15 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.12.09 00:54:15 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.12.09 00:54:15 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.12.09 00:54:15 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.12.09 00:54:15 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.12.09 00:54:15 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2013.01.11 17:39:35 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Logitech Flow Scroll) - {E11DB59D-5008-42ff-9069-535843BC0BE1} - C:\Programme\Logitech\FlowScroll\LogiSmooth.dll (Logitech, Inc.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Logitech Flow Scroll) - {E11DB59D-5008-42ff-9069-535843BC0BE1} - C:\Programme\Logitech\FlowScroll\32-bit\LogiSmooth.dll (Logitech, Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O4:64bit: - HKLM..\Run: [ALCKRESI.EXE] C:\Programme\Lenovo\AutoLock\ALCKRESI.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [Autodesk Sync] C:\Programme\Autodesk\Autodesk Sync\AdSync.exe (Autodesk, Inc.)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [ForteConfig] C:\Programme\CONEXANT\ForteConfig\fmapp.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft Device Center\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelliType Pro] c:\Program Files\Microsoft Device Center\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [LogiScrollApp] C:\Programme\Logitech\FlowScroll\KhalScroll.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [PSQLLauncher] C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe (Authentec Inc.)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant systems, Inc.)
O4:64bit: - HKLM..\Run: [SpywareTerminatorShield] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe File not found
O4:64bit: - HKLM..\Run: [SpywareTerminatorUpdater] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe File not found
O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [ADSK DLMSession] C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe (Autodesk, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor File not found
O4 - HKLM..\Run: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe (Ricoh co.,Ltd.)
O4 - HKLM..\Run: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe (Western Digital Technologies, Inc.)
O4 - HKU\S-1-5-21-1557816566-3373599751-1062272910-1000..\Run: [Akamai NetSession Interface] C:\Users\Viktor\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-1557816566-3373599751-1062272910-1000..\Run: [gStart] C:\Program Files (x86)\Garmin\Training Center\gStart.exe (GARMIN Corp.)
O4 - HKU\S-1-5-21-1557816566-3373599751-1062272910-1000..\Run: [PlaxisUpdater.exe] C:\Program Files (x86)\Plaxis\PLAXIS Connect\PlaxisUpdater.exe (Plaxis bv)
O4 - Startup: C:\Users\Viktor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Viktor\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1557816566-3373599751-1062272910-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1557816566-3373599751-1062272910-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:  = 
O7 - HKU\S-1-5-21-1557816566-3373599751-1062272910-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1557816566-3373599751-1062272910-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F0FC983A-FED1-49E9-BFB3-68E8F3DF1677}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20:64bit: - Winlogon\Notify\psfus: DllName - (C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll) - C:\Programme\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.11.03 16:55:24 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.11 19:55:40 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.01.11 17:29:35 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.01.11 17:29:35 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.01.11 17:29:35 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.01.11 17:29:32 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013.01.11 17:29:30 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.01.11 17:29:05 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.01.11 17:24:54 | 005,020,603 | R--- | C] (Swearware) -- C:\Users\xxx\Desktop\ComboFix.exe
[2013.01.11 14:59:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.01.11 14:32:08 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Viktor\Desktop\tdsskiller.exe
[2013.01.11 14:14:26 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Viktor\Desktop\aswMBR.exe
[2013.01.10 23:45:20 | 000,000,000 | ---D | C] -- C:\Users\xxx\Desktop\mbar
[2013.01.09 12:39:20 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.01.09 12:39:20 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.01.09 12:39:19 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.01.09 12:39:19 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.01.09 12:39:19 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.01.09 12:39:18 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.01.09 12:39:18 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.01.09 12:39:18 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.01.09 12:39:17 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.01.09 12:39:17 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.01.09 12:39:17 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.01.09 12:39:17 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.01.09 12:39:16 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.01.09 12:39:16 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.01.09 12:39:15 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.01.09 12:38:55 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2013.01.09 12:38:55 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2013.01.09 12:38:55 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2013.01.09 12:38:54 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2013.01.09 11:53:34 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013.01.09 11:53:33 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2013.01.09 11:53:33 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2013.01.09 11:53:33 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2013.01.09 11:53:33 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013.01.09 11:53:33 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013.01.09 11:53:33 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013.01.09 11:53:33 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2013.01.09 11:53:32 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013.01.09 11:53:32 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2013.01.09 11:53:32 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013.01.09 11:53:32 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013.01.09 11:53:32 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013.01.09 11:53:32 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013.01.09 11:53:32 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013.01.09 11:53:32 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013.01.09 11:53:32 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013.01.09 11:53:32 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013.01.09 11:53:32 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013.01.09 11:53:32 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013.01.09 11:53:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013.01.09 11:53:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013.01.09 11:53:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013.01.09 11:53:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013.01.09 11:53:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013.01.09 11:53:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013.01.09 11:53:31 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013.01.09 11:53:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013.01.09 11:53:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013.01.09 11:53:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013.01.09 11:53:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013.01.09 11:53:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013.01.09 11:53:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013.01.09 11:53:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013.01.09 11:53:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013.01.09 11:53:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013.01.09 11:53:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013.01.09 11:53:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013.01.09 11:53:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.01.09 11:53:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.01.09 11:53:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013.01.09 11:53:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013.01.09 11:53:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013.01.09 11:53:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013.01.09 11:53:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013.01.09 11:53:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013.01.09 11:53:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013.01.09 11:53:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013.01.09 11:53:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013.01.09 11:53:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013.01.09 11:53:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013.01.09 11:53:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013.01.09 11:53:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013.01.09 11:53:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013.01.09 11:53:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013.01.09 11:53:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013.01.09 11:53:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013.01.09 11:53:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013.01.09 11:53:30 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013.01.09 11:53:30 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013.01.09 11:53:30 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013.01.09 11:53:30 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013.01.09 11:53:30 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013.01.09 11:53:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013.01.09 11:53:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013.01.09 11:53:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013.01.09 11:53:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013.01.09 11:53:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013.01.09 11:53:30 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013.01.09 11:53:21 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll
[2013.01.09 11:53:21 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll
[2013.01.09 11:53:11 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013.01.09 11:53:11 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013.01.09 11:52:34 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2013.01.09 11:52:03 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe
[2013.01.09 09:36:54 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Viktor\Desktop\OTL.exe
[2013.01.09 09:31:21 | 000,000,000 | ---D | C] -- C:\Users\xxx\Desktop\Trojaner
[2013.01.09 00:29:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2013.01.09 00:24:49 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Malwarebytes
[2013.01.09 00:23:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.01.09 00:23:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.01.09 00:23:31 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.01.09 00:23:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.01.03 14:02:23 | 000,000,000 | ---D | C] -- C:\Users\xxx\Documents\E-Plus
[2013.01.01 20:15:36 | 000,000,000 | ---D | C] -- C:\ProgramData\FNP
[2013.01.01 20:15:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Macrovision Shared
[2013.01.01 20:15:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Scia Licence Server
[2013.01.01 20:15:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Scia
[2012.12.19 16:35:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2012.12.15 16:20:16 | 000,000,000 | ---D | C] -- C:\Users\xxx\Desktop\Immobilien
[2012.12.15 16:07:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.12.15 16:06:09 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.12.15 16:06:08 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.12.15 16:06:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012.12.15 16:06:08 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[1 C:\Users\xxx\Desktop\*.tmp files -> C:\Users\xxx\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.11 21:23:19 | 000,021,984 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.11 21:23:19 | 000,021,984 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.11 21:21:06 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.01.11 21:16:16 | 000,000,064 | RHS- | M] () -- C:\Windows\SysNative\drivers\WUDFRd.winsecurity
[2013.01.11 21:16:15 | 000,000,064 | RHS- | M] () -- C:\Windows\SysNative\drivers\vwifibus.winsecurity
[2013.01.11 21:16:14 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.01.11 21:16:07 | 000,000,000 | -H-- | M] () -- C:\ProgramData\cm-lock
[2013.01.11 21:15:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.11 21:15:17 | 2055,655,423 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.11 20:34:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.01.11 19:55:11 | 000,554,087 | ---- | M] () -- C:\Users\xxx\Desktop\adwcleaner.exe
[2013.01.11 17:39:35 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.01.11 17:25:27 | 005,020,603 | R--- | M] (Swearware) -- C:\Users\xxx\Desktop\ComboFix.exe
[2013.01.11 16:11:36 | 001,619,012 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.01.11 16:11:36 | 000,698,970 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.01.11 16:11:36 | 000,654,248 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.01.11 16:11:36 | 000,149,134 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.01.11 16:11:36 | 000,122,080 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.01.11 14:32:27 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Viktor\Desktop\tdsskiller.exe
[2013.01.11 14:28:28 | 000,000,512 | ---- | M] () -- C:\Users\xxx\Desktop\MBR.dat
[2013.01.11 14:15:32 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\xxx\Desktop\aswMBR.exe
[2013.01.10 23:44:32 | 013,485,902 | ---- | M] () -- C:\Users\xxx\Desktop\mbar-1.01.0.1011.zip
[2013.01.10 22:15:39 | 000,015,889 | ---- | M] () -- C:\Users\xxx\AppData\Local\recently-used.xbel
[2013.01.09 13:06:08 | 000,427,808 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.01.09 13:05:17 | 1095,230,265 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.01.09 12:49:34 | 001,596,906 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.01.09 10:00:26 | 000,365,568 | ---- | M] () -- C:\Users\xxx\Desktop\gmer-2.0.18444.exe
[2013.01.09 09:36:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe
[2013.01.09 09:35:37 | 000,000,168 | ---- | M] () -- C:\Users\xxx\defogger_reenable
[2013.01.09 09:34:11 | 000,050,477 | ---- | M] () -- C:\Users\xxx\Desktop\Defogger.exe
[2013.01.09 01:17:04 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.01.09 01:17:04 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.01.09 00:23:37 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.01.07 18:13:06 | 040,264,095 | ---- | M] () -- C:\Users\xxx\Desktop\3.pdf
[2013.01.07 18:02:00 | 038,093,666 | ---- | M] () -- C:\Users\xxx\Desktop\2.pdf
[2013.01.07 17:43:58 | 043,289,253 | ---- | M] () -- C:\Users\xxx\Desktop\1.pdf
[2013.01.05 16:10:50 | 000,001,051 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.01.05 16:10:29 | 000,001,021 | ---- | M] () -- C:\Users\xxx\Desktop\Dropbox.lnk
[2013.01.01 20:19:19 | 000,001,172 | ---- | M] () -- C:\Users\xxx\Desktop\SCIA115119.lid
[2013.01.01 20:15:25 | 000,001,321 | ---- | M] () -- C:\Users\Public\Desktop\Scia-Aktivierungsmanager.lnk
[2012.12.20 13:27:35 | 000,001,440 | ---- | M] () -- C:\Users\xxx\AppData\Local\FriloWebInfo.html
[2012.12.16 18:11:22 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012.12.16 15:45:03 | 000,367,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012.12.16 15:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012.12.16 15:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[1 C:\Users\xxx\Desktop\*.tmp files -> C:\Users\xxx\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.01.11 21:16:07 | 000,000,000 | -H-- | C] () -- C:\ProgramData\cm-lock
[2013.01.11 19:55:02 | 000,554,087 | ---- | C] () -- C:\Users\xxx\Desktop\adwcleaner.exe
[2013.01.11 17:29:35 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.01.11 17:29:35 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.01.11 17:29:35 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.01.11 17:29:35 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.01.11 17:29:35 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.01.11 14:28:28 | 000,000,512 | ---- | C] () -- C:\Users\xxx\Desktop\MBR.dat
[2013.01.10 23:43:20 | 013,485,902 | ---- | C] () -- C:\Users\xxx\Desktop\mbar-1.01.0.1011.zip
[2013.01.10 22:15:39 | 000,015,889 | ---- | C] () -- C:\Users\xxx\AppData\Local\recently-used.xbel
[2013.01.09 10:00:25 | 000,365,568 | ---- | C] () -- C:\Users\xxx\Desktop\gmer-2.0.18444.exe
[2013.01.09 09:35:37 | 000,000,168 | ---- | C] () -- C:\Users\xxx\defogger_reenable
[2013.01.09 09:34:09 | 000,050,477 | ---- | C] () -- C:\Users\xxx\Desktop\Defogger.exe
[2013.01.09 00:23:37 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.01.07 18:12:00 | 040,264,095 | ---- | C] () -- C:\Users\xxx\Desktop\3.pdf
[2013.01.07 18:01:05 | 038,093,666 | ---- | C] () -- C:\Users\xxx\Desktop\2.pdf
[2013.01.07 17:42:54 | 043,289,253 | ---- | C] () -- C:\Users\xxxr\Desktop\1.pdf
[2013.01.01 20:19:19 | 000,001,172 | ---- | C] () -- C:\Users\xxx\Desktop\SCIA115119.lid
[2013.01.01 20:15:25 | 000,001,321 | ---- | C] () -- C:\Users\Public\Desktop\Scia-Aktivierungsmanager.lnk
[2012.12.07 12:35:13 | 000,007,596 | ---- | C] () -- C:\Users\xxx\AppData\Local\Resmon.ResmonCfg
[2012.11.30 20:14:11 | 000,001,440 | ---- | C] () -- C:\Users\xxx\AppData\Local\FriloWebInfo.html
[2012.11.30 19:59:41 | 000,001,196 | ---- | C] () -- C:\Users\xxx\AppData\Local\anzeige.htm
[2012.11.23 19:16:13 | 000,000,058 | ---- | C] () -- C:\Windows\SysWow64\DonationCoder_ScreenshotCaptor_InstallInfo.dat
[2012.11.23 19:16:13 | 000,000,058 | ---- | C] () -- C:\Users\xxx\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
[2012.11.17 09:10:34 | 659,240,960 | ---- | C] () -- C:\Users\xxx\MathCad_v15_M005.iso
[2012.05.07 09:08:49 | 000,000,772 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2012.05.07 09:08:49 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2012.05.07 09:05:26 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2012.05.07 09:05:26 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2012.04.15 16:28:37 | 000,000,007 | ---- | C] () -- C:\Windows\licpas64.ini
[2012.04.15 16:28:37 | 000,000,001 | ---- | C] () -- C:\Windows\licver64.ini
[2012.03.31 20:30:57 | 000,262,710 | ---- | C] () -- C:\Windows\hpwins23.dat
[2012.03.31 20:30:57 | 000,002,075 | ---- | C] () -- C:\Windows\hpwmdl23.dat
[2012.03.31 15:14:20 | 000,001,501 | ---- | C] () -- C:\Windows\hpwmdl23.dat.temp
[2012.03.27 18:37:46 | 000,000,019 | ---- | C] () -- C:\Windows\licdat64.ini
[2012.02.29 12:59:22 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012.02.29 12:59:22 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2012.02.29 12:56:03 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll
[2012.02.23 18:31:01 | 000,000,173 | ---- | C] () -- C:\Users\xxx\AppData\Local\msmathematics.qat.Viktor
[2012.02.22 21:24:08 | 001,596,906 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.02.22 21:06:32 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012.02.22 21:06:30 | 000,216,000 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012.02.22 21:06:27 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.02.22 21:06:23 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2012.02.22 21:06:20 | 013,903,360 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Files - Unicode (All) ==========
[2012.02.27 22:06:29 | 000,000,000 | ---D | M](C:\Users\xxx\Documents\????-??????) -- C:\Users\xxx\Documents\Кино-Тексты
[2011.10.17 22:30:57 | 000,000,000 | ---D | C](C:\Users\xxx\Documents\????-??????) -- C:\Users\xxx\Documents\Кино-Тексты
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 32 bytes -> C:\Windows:CM_6b2aa27ca20226596c1dc014646cff31908105fef30a218b13629f7d56d9fbcb
@Alternate Data Stream - 32 bytes -> C:\Windows:CM_14a6d2d0f70e8a44b92b6ca9e5ce29afcee8e3aa480304222c7482009b99118c

< End of report >

Code:

ATTFilter

OTL Extras logfile created on: 11.01.2013 21:27:05 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\xxx\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,89 Gb Total Physical Memory | 6,01 Gb Available Physical Memory | 76,21% Memory free
15,77 Gb Paging File | 13,72 Gb Available in Paging File | 87,03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 297,99 Gb Total Space | 143,47 Gb Free Space | 48,14% Space Free | Partition Type: NTFS
 
Computer Name: xxx-PC | User Name: xxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1557816566-3373599751-1062272910-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Ö&ffnen als mb-Projekt] -- C:\mb2011\bin64\PMVERS~1.EXE "%1" (mb AEC Software GmbH)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Ö&ffnen als mb-Projekt] -- C:\mb2011\bin64\PMVERS~1.EXE "%1" (mb AEC Software GmbH)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe" = C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe:*:Enabled:CodeMeter Runtime Server -- (WIBU-SYSTEMS AG)
"C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe" = C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe:*:Enabled:CodeMeter Runtime Server -- (WIBU-SYSTEMS AG)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe" = C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe:*:Enabled:CodeMeter Runtime Server -- (WIBU-SYSTEMS AG)
"C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe" = C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe:*:Enabled:CodeMeter Runtime Server -- (WIBU-SYSTEMS AG)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2084964A-92F4-40E4-88CB-DBE56660A300}" = lport=28084 | protocol=17 | dir=in | name=udp 28084 | 
"{214906CD-CCF8-41F4-85CF-DA8A340C5D1F}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | 
"{262A6E51-CBDB-4ECB-8106-6AA5FC05E288}" = lport=50248 | protocol=6 | dir=in | name=autodesk content service | 
"{2A5D188E-55F2-4041-A22E-FDEE979DBFB1}" = lport=25681 | protocol=17 | dir=in | name=udp 25681 | 
"{459AA974-27F5-4760-923E-E4527CA11CE5}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{47588719-66E4-4C3D-AAC1-B195CEC596FC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{665E3EA0-C433-4CDE-9D24-ABE6A68C3AF4}" = lport=138 | protocol=17 | dir=in | app=system | 
"{6A713EF1-A1E3-4845-9B0A-1030341A350C}" = lport=445 | protocol=6 | dir=in | app=system | 
"{6E9023AD-BB40-4477-87FD-5998BC242233}" = lport=139 | protocol=6 | dir=in | app=system | 
"{735B7681-B062-4AC4-A6D1-918D8FAE593A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{831F7FF3-5B7B-4ACD-AA00-D7B5A092DC7B}" = rport=139 | protocol=6 | dir=out | app=system | 
"{8426BE47-2D89-44C8-9536-21C69C59166A}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{8A035F30-2E33-485A-AED4-34A16F6F5248}" = lport=27278 | protocol=6 | dir=in | name=tcp 27278 | 
"{8D62AA51-2CE3-49EE-9794-A61877CEEB9F}" = rport=445 | protocol=6 | dir=out | app=system | 
"{961BD5DA-1444-4A20-8ADA-B1CA45386595}" = lport=18018 | protocol=6 | dir=in | name=tcp 18018 | 
"{C7FEBF85-EF28-4B2D-B487-C37384F0DBCC}" = rport=137 | protocol=17 | dir=out | app=system | 
"{C8BB30B9-A50E-486B-8FCF-2D4BEE384AFB}" = rport=138 | protocol=17 | dir=out | app=system | 
"{CDD7E307-F897-4A60-A157-DE61D27AF539}" = lport=49218 | protocol=6 | dir=in | name=akamai netsession interface | 
"{EEB06C01-0720-4F20-B361-F438F096A38B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F97E5E2F-B851-47AE-8F31-41C02AA61D2F}" = lport=137 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04EE4B5B-DAA9-4DF9-B024-3AAA8F3D1F30}" = protocol=17 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe | 
"{067CD59F-1572-4F3F-8B2D-9567B1FDFC0B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{08A9C3AB-6671-4A64-A19E-1F46C1A8E4D3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | 
"{0D31A5F3-67B0-4491-8CF4-F24E2E2DDC31}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe | 
"{1BFAC78B-B541-4885-BF22-5C1A1B9F5AB9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{21030D00-DF60-49B9-9A84-32EE4C2F0E6F}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{271D0465-0807-4481-A94A-8CCA0666B84B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{294ACAF8-696C-480D-82AD-33730DB23A30}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe | 
"{2AE753E8-A381-46EE-A3F2-0490B4F68B14}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{31569678-ADB7-4E73-8DB4-D8CC147FA199}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{334014AA-D420-42FA-ABF6-996019825214}" = protocol=6 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe | 
"{3ED6B66E-B223-47B7-A870-ADC469C924B6}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe | 
"{3F026CEE-0813-476B-9D5D-D0680EDD41FD}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{3F82F924-A82D-43FD-BFC2-6C2C52BD7EE7}" = dir=in | app=c:\program files (x86)\codemeter\runtime\bin\codemeter.exe | 
"{414AA99B-70B2-4324-9755-2F6688E51A5D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe | 
"{4185E95D-1945-481B-9631-0D7CA09D6765}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe | 
"{42B165AA-5C35-4A89-A07D-69A7C6D9F9F0}" = protocol=17 | dir=in | app=c:\program files (x86)\codemeter\runtime\bin\codemeter.exe | 
"{468A3F54-50CD-459C-85DA-BE16EEB8A10D}" = protocol=6 | dir=in | app=c:\users\viktor\appdata\roaming\dropbox\bin\dropbox.exe | 
"{4AF8C3FD-96A8-4F78-8FE3-EE4A7A202BD7}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{4DAE56E1-8ACD-4B33-81DC-EDF806C6BA4C}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{4E6689D8-1320-424F-9CED-52026FF5DBDF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{510A1AEF-6601-45BA-B5B0-5F948FE6D9EB}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{51E61745-3D83-4061-8668-92902CF7653E}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{5485A202-9950-4225-89D4-6CCE8E999100}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{573BD4D4-CE45-4F53-ACA7-E1B00377412B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe | 
"{6B003D7B-8340-47A6-9EC7-A77594CF08F4}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{6E5FA775-49D2-4DC7-AB30-E02DACD90654}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{71CCE44B-40F2-41A3-94F9-972349A0583C}" = protocol=6 | dir=in | app=c:\windows\system32\hasplms.exe | 
"{76BA757D-CEC5-40D6-A54E-4F838D867AE5}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{7B2099F4-D924-48BF-8DEA-5824CDA14163}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe | 
"{83208A5B-7BA2-4358-915A-E954F96D7ADD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{851D9907-6BE9-4D9D-98A4-B706C4858AED}" = protocol=17 | dir=in | app=c:\users\viktor\appdata\roaming\dropbox\bin\dropbox.exe | 
"{86256964-2902-4399-877B-AC26B8218A77}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe | 
"{8F712E34-FAC2-4E48-A2E1-48C8EE91B274}" = protocol=17 | dir=in | app=c:\windows\system32\hasplms.exe | 
"{A739D27A-786F-49EC-A759-B3A366720702}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B60A5FD9-830B-482B-8D09-8FD28377DE63}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe | 
"{B7DE59F5-C10B-42A2-A3D6-D6F44BB32699}" = protocol=6 | dir=in | app=c:\program files (x86)\codemeter\runtime\bin\codemeter.exe | 
"{C8ED4721-E7ED-465C-9E6A-3002480A7847}" = dir=in | app=c:\program files (x86)\codemeter\runtime\bin\codemeter.exe | 
"{D65F690A-A57C-4ED4-BB38-D1A7C752064A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | 
"{DE93FA68-90C7-4C35-ACAB-8C39578C25A7}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | 
"{DF1FCEC1-ED91-4B50-9484-B318796F52A1}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{DFA369D7-BD85-4894-9900-557560527F6E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
"{E2A2C0C7-73AB-4B52-B724-00FBD6112543}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe | 
"{E6160DD4-6269-4B1C-9041-EAF81EE242BC}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe | 
"{E8CF5698-D2EB-4385-8C48-65C43A2AC9DC}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe | 
"{E9CC02EE-C2FC-435C-AE84-9B9CE3740208}" = protocol=6 | dir=in | app=c:\program files (x86)\codemeter\runtime\bin\codemeter.exe | 
"{F000843A-87C1-4133-BAA1-E77C3A613796}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{F3A3ED3F-80B6-49A0-BD68-970C18A481AD}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe | 
"{FFC126D2-7BFB-470E-B270-2296775CB84B}" = protocol=17 | dir=in | app=c:\program files (x86)\codemeter\runtime\bin\codemeter.exe | 
"TCP Query User{4FD57CDE-8046-4AE4-AFA5-19BCD9B46966}C:\users\xxx\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\xxx\appdata\local\akamai\netsession_win.exe | 
"TCP Query User{6C38E535-AA39-49F3-8860-EB7C3ED25A66}C:\users\xxx\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\xxx\appdata\local\akamai\netsession_win.exe | 
"TCP Query User{8FC9C31F-74BC-45FE-A052-002DC0E70686}C:\program files (x86)\spyware terminator\spywareterminatorupdate.exe" = protocol=6 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminatorupdate.exe | 
"TCP Query User{925A4A34-BB5A-45B3-AEAC-89A4EA42D7CF}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | 
"TCP Query User{AF02009F-C17D-4B88-A96B-EFE153F24F32}C:\users\xxx\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\xxx\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{19515268-0115-495B-8904-26ECB8E6F69F}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | 
"UDP Query User{2A1B0CE0-D888-4A20-86EB-A68212FDA5C8}C:\users\xxx\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\xxx\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{7C2E750F-62AD-48C3-AD32-FD4C07A8291C}C:\program files (x86)\spyware terminator\spywareterminatorupdate.exe" = protocol=17 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminatorupdate.exe | 
"UDP Query User{BC76EAA5-1DC4-4B62-85BD-4CB7B3CEE041}C:\users\xxx\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\xxx\appdata\local\akamai\netsession_win.exe | 
"UDP Query User{E1B3AC19-E275-427C-A695-95F4403BF534}C:\users\xxx\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\xxx\appdata\local\akamai\netsession_win.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00060000-0000-1004-8002-0000C06B5161}" = WibuKey Setup (WibuKey Remove)
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{25FBDA9A-E868-4B3B-B9FF-D923818511A1}" = Intel(R) PROSet/Wireless WiFi-Software
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{39A04221-294E-4D90-A0F2-CCB1EF15CB56}" = Lenovo Patch Utility 64 bit
"{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage System für aktiven Festplattenschutz
"{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{50F1571C-50F0-2012-2764-C00001022012}" = SOFiSTiK SHARED_182x64
"{50F1571C-50F2-2012-2764-182001022012}" = SOFiPLUS_182x64
"{50F1571C-50FD-2012-2764-182001022012}" = SOFiSTiK 2012 18.2 64Bit Object Enabler
"{5783F2D7-A001-0407-0102-0060B0CE6BBA}" = AutoCAD 2012 - Deutsch
"{5783F2D7-A001-0407-1102-0060B0CE6BBA}" = AutoCAD 2012 Language Pack - Deutsch
"{5783F2D7-B000-0407-0102-0060B0CE6BBA}" = AutoCAD Civil 3D 2013 - Deutsch (German)
"{5783F2D7-B000-0407-1102-0060B0CE6BBA}" = AutoCAD Civil 3D 2013 Language Pack - Deutsch (German)
"{5783F2D7-B000-0407-2102-0060B0CE6BBA}" = AutoCAD Civil 3D 2013 - Deutsch (German)
"{58D79E62-CFC8-4331-8469-3A1B16E1769C}" = HP Officejet 6500 E709 Series
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6FE8A1DA-8CA6-4801-BF0F-0F2FED143FF4}" = WD SmartWare
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{A4F0A579-48BB-4AE2-A8BE-44422DD83DD7}_is1" = WinCADES64-w64 19.03
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{AEF6C676-D7A2-4487-BD4B-1BED17B229B5}" = Microsoft-Maus- und Tastatur-Center
"{BE930E38-7BB3-45B6-85B2-5251F374F844}" = 64 Bit HP CIO Components Installer
"{C2938C94-239C-4156-B245-C5406A4F3E93}" = ThinkVantage Fingerprint Software
"{C6C9D5F7-630C-4125-8C4E-94AF77C1896E}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{CC6C8E0B-51BC-40EF-856D-7172AEC4E60D}" = CodeMeter Runtime Kit v4.50b
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack
"{E224B44B-B5EB-4af3-A80A-A255358E241A}_is1" = ThinkVantage AutoLock
"{E57B7E0A-8BE5-42E2-BE60-C07ED680A063}" = Microsoft Mathematics (64-Bit)
"{EE5F74BC-5CD5-4EF2-86BA-81E6CF46A18F}" = Autodesk Sync
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0)
"AutoCAD 2012 - Deutsch" = AutoCAD 2012 - Deutsch
"AutoCAD Civil 3D 2013 - Deutsch (German)" = AutoCAD Civil 3D 2013 - Deutsch (German)
"CNXT_AUDIO_HDA" = Conexant 20672 SmartAudio HD
"GIMP-2_is1" = GIMP 2.8.2
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"HPOCR" = OCR Software by I.R.I.S. 14.0
"LENOVO.SMIIF" = Lenovo System Interface Driver
"LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Mouse and Keyboard Center" = Microsoft-Maus- und Tastatur-Center
"Microsoft Security Client" = Microsoft Security Essentials
"OnScreenDisplay" = Anzeige am Bildschirm
"Power Management Driver" = ThinkPad Power Management Driver
"ProInst" = Intel PROSet Wireless
"PROSet" = Intel(R) Network Connections Drivers
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"Shop for HP Supplies" = Shop for HP Supplies
"Sn1" = Logitech Flow Scroll 4.0
"sp6" = Logitech SetPoint 6.32
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"VLC media player" = VLC media player 2.0.4
"WinRAR archiver" = WinRAR 4.10 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{0E52A52C-E120-461C-AA1B-21B045BEE842}" = bpd_scan
"{117EBEEB-5DB0-43C8-9FD6-DD583DB152DD}" = Autodesk Material Library 2013
"{129024FF-A6C9-4696-91BC-570C6C05193A}" = Windchill ProductPoint Client Manager
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20A06AF2-55DB-4C69-9E67-FEC5B317901C}" = RSTAB Demo
"{20E970DF-A7B2-4345-9DEB-72213A29645E}" = Brother MFL-Pro Suite MFC-5890CN
"{24E92E7A-6848-4747-A3EA-3AAC0576BE52}" = Lenovo Patch Utility
"{25C64847-B900-48AD-A164-1B4F9B774650}" = System Update
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2D9F8079-7D50-3EFD-B3BD-ED642E4EE756}" = Microsoft Visual Basic PowerPacks 10.0
"{386B1C38-FE41-4638-8C5F-FBE1C0C09E28}" = Ing+ 2011
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3BE02281-FCCF-44BB-8413-AC4A633059EB}" = BPDSoftware
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DBEF603-5CE5-4629-8B79-FAA95CC46915}" = FriloBase
"{50F1571C-0FEA-2012-2732-000001022012}" = ANALYSIS_27
"{50F1571C-0FEA-2012-2732-C00001022012}" = ANALYSIS_27_Common
"{50F1571C-0FEA-2012-2764-000001022012}" = ANALYSIS_27_x64
"{50F1571C-0FEA-2012-2764-C00001022012}" = ANALYSIS_27_x64_Common
"{50F1571C-50F1-2010-2532-000000140401}" = SOFiSTiK Sonar
"{510D2239-6C2E-457B-9590-485EC552D94D}" = Garmin USB Drivers
"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status
"{5C9E850C-6AD4-4AD1-8654-CAA3BAC3213C}" = RFEM Demo
"{606E12B9-641F-4644-A22A-FF38AE980AFD}" = Autodesk Material Library Base Resolution Image Library 2013
"{62F029AB-85F2-0000-866A-9FC0DD99DDBC}" = Autodesk Content Service
"{62F029AB-85F2-0001-866A-9FC0DD99DDBC}" = Autodesk Content Service Language Pack
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65420DC9-306E-4371-905F-F4DC3B418E52}" = Autodesk Material Library Base Resolution Image Library 2012
"{68654483-9629-4CF5-88FF-9FB70B3BECDE}" = ProductContext
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6F545E5E-4595-11E2-93B6-B8AC6F97B88E}" = Google Earth
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{73A62B2A-50D6-4886-8AFA-7FC4DE273C61}" = RSTAB
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7CD43346-A9DA-48ED-B027-11623505CAFE}" = Offerte_L
"{7D542452-84EB-47C0-97BA-735C523AB555}" = Garmin Training Center
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8F0837C2-EE09-4903-88F3-1976FE7FFF4E}" = Autodesk Material Library 2012
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{9049F68E-CFFD-4B0D-AAD5-C5A45E916BC3}" = Frilo.System.Next
"{9294F169-72EE-4D74-AE92-CA25F64B4FF8}" = Fax
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}" = FARO LS 1.1.406.58
"{99F67894-9486-413F-94E1-8B12B1606EAB}" = BPDSoftware_Ini
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CA0DEE4-E84B-466F-9B96-FC255F3A929F}" = Integrated Camera TWAIN
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA787E05-E835-4812-AA3D-4048C8A46587}" = 6500_E709_eDocs
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch
"{AC76D478-1033-0000-3478-000000000004}" = Mathcad PDSi viewable support
"{B2CA6F37-1602-4823-81B5-0384B6888AA6}" = Integrated Camera Driver Installer Package Ver.1.1.0.1147
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter
"{BD62C479-A627-4FBC-80A0-EF83BC27E36C}" = RFEM Demo
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C607265F-86AA-4B42-9F9B-D0ED2E4AACA6}" = 6500_E709a
"{C65ABF2A-1B82-4F34-8C74-E4FE373F3BE4}" = 'PTC Places' Namespace Shell Extension
"{C6D4B05A-EA7E-1027-80EF-C925E740E99C}" = Intel(R) Identity Protection Technology 1.0.74.0
"{CCA78313-443C-4674-81B8-88919D137258}" = Autodesk Download Manager
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{D2506F0B-378D-4B08-94CE-994DBD28E960}" = Dlubal RSTAB 7 Demo
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}" = Bing Bar
"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Energie-Manager
"{DC8F6C78-7231-44A2-B66E-6C4FCB3A3364}" = Mathcad 15 F000
"{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi
"{E592B693-81BE-42D9-B4E4-CABC11C7B101}" = Scia Licence Server
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F53B432E-BD19-4400-BFA0-2BBD16410F8F}" = 6500_E709_Help
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FCFD1AE1-38C2-450E-93B5-A1D5D1D85EE8}" = Dlubal RFEM 4 Demo
"{FE041B02-234C-4AAA-9511-80DF6482A458}" = RICOH_Media_Driver_v2.14.18.01
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"239C9A62-EF89-4B0A-BC27-C6CB0335BC9A_is1" = PLAXIS 2D 2011.02
"4ECE6F26-C64E-40A5-A6B7-F1A1197131E3_is1" = PLAXIS 3D 2011
"8275a46d-086d-470d-8b03-9002305d5451_is1" = PLAXIS Connect
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Anki" = Anki
"Autodesk Content Service" = Autodesk Content Service
"DAEMON Tools Lite" = DAEMON Tools Lite
"FBDBServer_2_5_is1" = Firebird 2.5.1.26351 (Win32)
"IsoBuster_is1" = IsoBuster 2.8.5
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mathcad PDSi viewable support" = Mathcad PDSi viewable support
"Mozilla Firefox 18.0 (x86 de)" = Mozilla Firefox 18.0 (x86 de)
"Mozilla Thunderbird 17.0.2 (x86 de)" = Mozilla Thunderbird 17.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"ProInst" = Intel PROSet Wireless
"ScreenshotCaptor_is1" = Screenshot Captor 3.08.01
"SOFiSTiK 2012" = SOFiSTiK 2012
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1557816566-3373599751-1062272910-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Dropbox" = Dropbox
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 11.01.2013 12:56:19 | Computer Name = xxx-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 11.01.2013 12:56:19 | Computer Name = xxx-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3058
 
Error - 11.01.2013 12:56:19 | Computer Name = xxx-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3058
 
Error - 11.01.2013 13:18:02 | Computer Name = xxx-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 11.01.2013 13:18:02 | Computer Name = xxx-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1306337
 
Error - 11.01.2013 13:18:02 | Computer Name = xxx-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1306337
 
Error - 11.01.2013 13:44:59 | Computer Name = xxx-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 11.01.2013 13:44:59 | Computer Name = xxx-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1092
 
Error - 11.01.2013 13:44:59 | Computer Name = xxx-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1092
 
Error - 11.01.2013 16:16:04 | Computer Name = xxx-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 12.10.2012 10:56:11 | Computer Name = xxx-PC | Source = Schannel | ID = 36887
Description = Es wurde eine schwerwiegende Warnung empfangen: 80.
 
Error - 14.10.2012 11:00:53 | Computer Name = xxx-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Apple Mobile Device" wurde unerwartet beendet. Dies ist
 bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
 durchgeführt: Neustart des Diensts.
 
Error - 14.10.2012 11:01:35 | Computer Name = xxx-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Apple Mobile Device" wurde unerwartet beendet. Dies ist
 bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
 durchgeführt: Neustart des Diensts.
 
Error - 14.10.2012 11:02:35 | Computer Name = xxx-PC | Source = Service Control Manager | ID = 7032
Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden
 des Dienstes "Apple Mobile Device" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen,
 ist fehlgeschlagen. Fehler:   %%1056
 
Error - 16.10.2012 13:35:28 | Computer Name = xxx-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Autodesk Content Service" wurde unerwartet beendet. Dies
 ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden
 durchgeführt: Neustart des Diensts.
 
Error - 20.10.2012 03:05:57 | Computer Name = xxx-PC | Source = Microsoft Antimalware | ID = 3002
Description = Fehler in %%860-Echtzeitschutzfunktion.     Funktion: %%835     Fehlercode: 
0x80004005     Fehlerbeschreibung: Unbekannter Fehler      Ursache: %%842
 
Error - 27.10.2012 02:27:36 | Computer Name = xxx-PC | Source = Microsoft Antimalware | ID = 2001
Description = Fehler in %%860 beim Aktualisieren von Signaturen.     Neue Signaturversion:
      Vorherige Signaturversion: 1.139.517.0     Aktualisierungsquelle: %%859     Aktualisierungsstufe:
 %%853     Quellpfad: hxxp://www.microsoft.com     Signaturtyp: %%800     Aktualisierungstyp: %%803

	Benutzer:
 NT-AUTORITÄT\SYSTEM     Aktuelle Modulversion:      Vorherige Modulversion: 1.1.8904.0     Fehlercode:
 0x80240022     Fehlerbeschreibung: Das Programm kann nicht nach Definitionsupdates suchen.
 
 
Error - 27.10.2012 02:27:36 | Computer Name = xxx-PC | Source = Microsoft Antimalware | ID = 2001
Description = Fehler in %%860 beim Aktualisieren von Signaturen.     Neue Signaturversion:
      Vorherige Signaturversion: 1.139.517.0     Aktualisierungsquelle: %%859     Aktualisierungsstufe:
 %%853     Quellpfad: hxxp://www.microsoft.com     Signaturtyp: %%800     Aktualisierungstyp: %%803

	Benutzer:
 NT-AUTORITÄT\SYSTEM     Aktuelle Modulversion:      Vorherige Modulversion: 1.1.8904.0     Fehlercode:
 0x80240022     Fehlerbeschreibung: Das Programm kann nicht nach Definitionsupdates suchen.
 
 
Error - 27.10.2012 03:43:54 | Computer Name = xxx-PC | Source = Microsoft Antimalware | ID = 2001
Description = Fehler in %%860 beim Aktualisieren von Signaturen.     Neue Signaturversion:
      Vorherige Signaturversion: 1.139.517.0     Aktualisierungsquelle: %%859     Aktualisierungsstufe:
 %%852     Quellpfad: hxxp://www.microsoft.com     Signaturtyp: %%800     Aktualisierungstyp: %%803

	Benutzer:
 NT-AUTORITÄT\SYSTEM     Aktuelle Modulversion:      Vorherige Modulversion: 1.1.8904.0     Fehlercode:
 0x8024402c     Fehlerbeschreibung: Unerwartetes Problem bei der Überprüfung auf Updates.
 Informationen zum Installieren von Updates oder zur Problembehandlung finden Sie
 unter "Hilfe und Support". 
 
Error - 27.10.2012 05:34:11 | Computer Name = xxx-PC | Source = Microsoft Antimalware | ID = 2001
Description = Fehler in %%860 beim Aktualisieren von Signaturen.     Neue Signaturversion:
      Vorherige Signaturversion: 1.139.517.0     Aktualisierungsquelle: %%859     Aktualisierungsstufe:
 %%852     Quellpfad: hxxp://www.microsoft.com     Signaturtyp: %%800     Aktualisierungstyp: %%803

	Benutzer:
 NT-AUTORITÄT\SYSTEM     Aktuelle Modulversion:      Vorherige Modulversion: 1.1.8904.0     Fehlercode:
 0x8024402c     Fehlerbeschreibung: Unerwartetes Problem bei der Überprüfung auf Updates.
 Informationen zum Installieren von Updates oder zur Problembehandlung finden Sie
 unter "Hilfe und Support". 
 
 
< End of report >

10.01.2013, 00:06	#4
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Onlinenbanking ausspioniert mit PWS:Win32/Zbot Code: ATTFilter 64bit- Professional Service Pack 1 Warum bitte eine Professional Edition für Windows? Wer braucht das als Heimanwender? Ist das rein zufällig ein Büro-/Firmen-PC? Oder ein Uni-Rechner? __________________ Logfiles bitte immer in CODE-Tags posten

Onlinenbanking ausspioniert mit PWS:Win32/Zbot

Log-Analyse und Auswertung: Onlinenbanking ausspioniert mit PWS:Win32/Zbot