Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: win 7 plötzlich seeehr langsam, html/redir.eb.8

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 25.01.2013, 20:07   #1
shopgirl86
 
win 7 plötzlich seeehr langsam, html/redir.eb.8 - Standard

win 7 plötzlich seeehr langsam, html/redir.eb.8



hallo,

es ist freitag und mein pc hat wieder mal ein problem.
seit heute früh ist er plötzlich seeehr langsam, die programme brauchen ewig zum öffnen, die browserseiten auch, zwischendurch friert alles ein, wenn ich schreibe, verzögert sich alles oft so, dass nur 1 von 10 buchstaben oder so genommen wird usw.

malwarebytes hat wohl nichts gefunden:

Code:
ATTFilter
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.01.25.03

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
HP Berlin :: HPBERLIN-PC [Administrator]

25.01.2013 10:04:26
mbam-log-2013-01-25 (10-04-26).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 257511
Laufzeit: 7 Minute(n), 57 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
avira sucht gerade und hat 2 sachen gefunden, 1 davon ist html/redir.eb.8. log kommt, wenn er fertig ist.

OTL.txt:
Code:
ATTFilter
OTL logfile created on: 25.01.2013 19:28:19 - Run 7
OTL by OldTimer - Version 3.2.48.0     Folder = C:\Users\HP Berlin\Desktop\AntiSpyware
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
7,99 Gb Total Physical Memory | 4,93 Gb Available Physical Memory | 61,74% Memory free
11,90 Gb Paging File | 8,88 Gb Available in Paging File | 74,69% Paging File free
Paging file location(s): [Binary data over 100 bytes]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 684,15 Gb Total Space | 488,53 Gb Free Space | 71,41% Space Free | Partition Type: NTFS
Drive D: | 14,39 Gb Total Space | 2,53 Gb Free Space | 17,55% Space Free | Partition Type: NTFS
Drive E: | 698,64 Gb Total Space | 443,06 Gb Free Space | 63,42% Space Free | Partition Type: NTFS
Drive O: | 1396,92 Gb Total Space | 819,15 Gb Free Space | 58,64% Space Free | Partition Type: FAT32
 
Computer Name: HPBERLIN-PC | User Name: HP Berlin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe (ESET)
PRC - C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe ()
PRC - C:\Program Files (x86)\Spamihilator\spamihilator.exe (Michel Krämer)
PRC - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe ()
PRC - C:\Users\HP Berlin\Desktop\AntiSpyware\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe ()
PRC - C:\Program Files (x86)\Belkin\F7D4101\V1\PBN.exe ()
PRC - c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
PRC - c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Brownie\Brnipmon.exe (Brother Industries, Ltd.)
PRC - C:\Program Files (x86)\Brownie\brpjp04a.exe (brother)
PRC - C:\Windows\SysWOW64\bgsvcgen.exe (B.H.A Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe ()
MOD - C:\Program Files (x86)\Spamihilator\sqlite3.dll ()
MOD - C:\Program Files (x86)\Spamihilator\zlib1.dll ()
MOD - C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f92c882fd4e7005c005e208daa04c28d\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\fdeec42fa02f3d789c42be2e33b130eb\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\b2e6d33df15f6ca262db09558982e0f2\Accessibility.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\3060dfcdecbeb8ee65077fb29b217c3d\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\4be2653d1c9804d2ff6e6b66d22764e1\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\500ddd904b1099f95552a81b54223b7f\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\f58ab951b57c8526430486dcf7ee38fd\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe ()
MOD - C:\Program Files (x86)\Belkin\F7D4101\V1\PBN.exe ()
MOD - C:\Program Files (x86)\Belkin\F7D4101\V1\BelkinwcuiDLL.dll ()
MOD - C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvcLib.dll ()
MOD - c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (RealNetworks Downloader Resolver Service) -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe ()
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeActiveFileMonitor10.0) -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (TeamViewer5) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (CVPND) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (WSWNA3100) -- C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe ()
SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (WLANBelkinService) -- C:\Program Files (x86)\Belkin\F7D4101\V1\wlansrv.exe ()
SRV - (getPlusHelper) @C:\Program Files (x86) -- C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
SRV - (ezSharedSvc) -- C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS)
SRV - (bgsvcgen) -- C:\Windows\SysWOW64\bgsvcgen.exe (B.H.A Corporation)
SRV - (AdobeActiveFileMonitor5.0) -- C:\Program Files (x86)\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe ()
SRV - (CCALib8) -- C:\Program Files (x86)\Canon\CAL\CALMAIN.exe (Canon Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (dc3d) MS Hardware Device Detection Driver (USB) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
DRV:64bit: - (CVPNDRVA) -- C:\Windows\SysNative\drivers\CVPNDRVA.sys ()
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (teamviewervpn) -- C:\Windows\SysNative\drivers\teamviewervpn.sys (TeamViewer GmbH)
DRV:64bit: - (CVirtA) -- C:\Windows\SysNative\drivers\CVirtA64.sys (Cisco Systems, Inc.)
DRV:64bit: - (BCMH43XX) -- C:\Windows\SysNative\drivers\bcmwlhigh664.sys (Broadcom Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (DNE) -- C:\Windows\SysNative\drivers\dne64x.sys (Deterministic Networks, Inc.)
DRV:64bit: - (SCMNdisP) -- C:\Windows\SysNative\drivers\SCMNdisP.sys (Windows (R) Codename Longhorn DDK provider)
DRV - ({55662437-DA8C-40c0-AADA-2C816A897A49}) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl (CyberLink Corp.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_AT&c=94&bd=Pavilion&pf=cndt
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{BD45CD95-A9C1-4209-B2ED-4B9B99703F40}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE:64bit: - HKLM\..\SearchScopes\{D56565BD-FD80-481B-8232-1AAE0340DB2B}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1134&query={searchTerms}&invocationType=tb50hpcndtie7-de-at
IE:64bit: - HKLM\..\SearchScopes\{E029F185-AB82-4242-A5F9-8108AE9A16B9}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_AT&c=94&bd=Pavilion&pf=cndt
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550
IE - HKLM\..\SearchScopes\{BD45CD95-A9C1-4209-B2ED-4B9B99703F40}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE - HKLM\..\SearchScopes\{D56565BD-FD80-481B-8232-1AAE0340DB2B}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1134&query={searchTerms}&invocationType=tb50hpcndtie7-de-at
IE - HKLM\..\SearchScopes\{E029F185-AB82-4242-A5F9-8108AE9A16B9}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/calendar/render?hl=de&tab=wc&gsessionid=ZkAmWI3R7rSgxWfTFbMw3Q
IE - HKCU\..\SearchScopes,DefaultScope = {C79569B9-0771-4C65-B14E-845F99A6BCD9}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550
IE - HKCU\..\SearchScopes\{BD45CD95-A9C1-4209-B2ED-4B9B99703F40}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE - HKCU\..\SearchScopes\{C79569B9-0771-4C65-B14E-845F99A6BCD9}: "URL" = hxxp://de.wikipedia.org/wiki/Spezial:Search?search={searchTerms}
IE - HKCU\..\SearchScopes\{D56565BD-FD80-481B-8232-1AAE0340DB2B}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1134&query={searchTerms}&invocationType=tb50hpcndtie7-de-at
IE - HKCU\..\SearchScopes\{E029F185-AB82-4242-A5F9-8108AE9A16B9}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "https://www.google.com/calendar/render?hl=de&tab=wc&gsessionid=ZkAmWI3R7rSgxWfTFbMw3Q|hxxp://www.babyzimmer.de/forumdisplay.php/4-Das-BZ-Forum|hxxp://www.facebook.com/|hxxp://dailydeal.de/gutscheine/berlin/?geo=on"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.51204.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\HP Berlin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ [2013.01.16 10:31:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013.01.18 11:32:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.21 20:47:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.21 20:47:03 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2010.01.04 22:37:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HP Berlin\AppData\Roaming\mozilla\Extensions
[2010.01.04 22:37:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HP Berlin\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.11.01 18:00:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HP Berlin\AppData\Roaming\mozilla\Firefox\Profiles\13la5nka.default\extensions
[2013.01.21 20:47:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.01.21 20:47:03 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013.01.20 18:13:40 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.01.20 18:13:40 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.01.20 18:13:40 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013.01.20 18:13:40 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.01.20 18:13:40 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.01.20 18:13:40 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.06.16 10:44:18 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [boincmgr] C:\Program Files\BOINC\boincmgr.exe (Space Sciences Laboratory)
O4 - HKLM..\Run: [boinctray] C:\Program Files\BOINC\boinctray.exe (Space Sciences Laboratory)
O4 - HKLM..\Run: [BrStsWnd] C:\Program Files (x86)\Brownie\BrstsW64.exe (brother)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [TVTip] C:\Programme\TV Movie\TV Movie ClickFinder\tvstart.exe (E.W.E.-Software)
O4 - Startup: C:\Users\HP Berlin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2013.01.25 19:22:48 | 000,000,000 | -H-D | M]
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O8:64bit: - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html ()
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\HP Berlin\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\HP Berlin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\HP Berlin\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\HP Berlin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab (GMNRev Class)
O16 - DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab (CeWe Color AG & Co. OHG Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab (ScorchPlugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D4010814-8B20-43BB-A662-6A72EBA2F08C}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.25 09:54:33 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\Programs
[2013.01.25 09:12:17 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{3141F689-AF6F-46BD-8ECE-F0CE7AA3E226}
[2013.01.24 18:19:33 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{6DD07A9D-D683-4C78-BF72-ED53F3E19CD8}
[2013.01.23 10:42:55 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{3F4B12DA-8BEE-4B2B-81CD-9BC86C32A61F}
[2013.01.22 22:42:31 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{DC8F48C5-E1E3-4512-8EC7-A89B9CFB0ECB}
[2013.01.22 10:05:23 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{AAF2445B-FE33-405F-98EC-705D4FC9BF11}
[2013.01.21 20:47:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.01.21 19:45:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoScape
[2013.01.21 19:45:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PhotoScape
[2013.01.21 17:39:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
[2013.01.21 17:20:40 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unmechanical
[2013.01.21 17:17:35 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.01.21 17:12:56 | 000,000,000 | ---D | C] -- C:\Unmechanical
[2013.01.21 11:04:55 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{0093E120-A76B-4CA7-A22B-42144FCB2FBA}
[2013.01.20 12:20:45 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{C9AF4388-AC5F-4A12-BE2D-6E255C9F648C}
[2013.01.20 00:20:25 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{2A9731FF-C286-4426-B15B-3715509E2C96}
[2013.01.19 12:20:06 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{0F84E925-CE41-4852-B4F1-DD6A65C24A09}
[2013.01.19 00:19:47 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{FFF01040-5E23-4BA6-A996-15E59043512C}
[2013.01.18 11:32:20 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Roaming\RealNetworks
[2013.01.18 11:32:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RealNetworks
[2013.01.18 11:32:13 | 000,000,000 | ---D | C] -- C:\ProgramData\RealNetworks
[2013.01.18 11:31:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
[2013.01.18 11:31:40 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2013.01.18 11:31:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
[2013.01.18 11:29:28 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{E22035BE-8A1C-4035-96FA-D953BE37994D}
[2013.01.17 14:39:35 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{26A2ABD7-C09C-4949-84EB-1D3BC0D52E23}
[2013.01.16 21:22:49 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{10CDEBC0-9516-45AD-B617-167E78705FE9}
[2013.01.16 10:32:55 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Roaming\TuneUp Software
[2013.01.16 10:32:48 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2013.01.16 10:32:24 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2013.01.16 10:32:24 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013.01.16 10:31:46 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Roaming\OpenCandy
[2013.01.16 10:31:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2013.01.16 10:31:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[2013.01.16 09:22:28 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{B0833CA2-571E-4F50-9B60-B3734321D4E4}
[2013.01.15 12:16:39 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\Documents\RhinoSoft
[2013.01.15 12:08:06 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{8DB237E7-3B8E-4286-A1FB-5B8D44089AF2}
[2013.01.14 15:26:11 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{08E74A41-7E90-4B7B-B19F-E22DC0641B9E}
[2013.01.13 12:07:27 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{3E93FCFE-2BBF-46A3-92E1-3C69641127FB}
[2013.01.13 00:07:07 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{514E49BC-9CEC-4211-9A3C-C994A8A42EF9}
[2013.01.12 12:06:48 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{81B49E22-1280-44A5-A93D-E0CEF2885D8A}
[2013.01.12 00:06:23 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{BEAC72C7-F3C3-44B9-B099-C27FF1B5A464}
[2013.01.11 09:06:44 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{B31D45E5-A91F-450C-9834-76FD5C524D81}
[2013.01.10 21:06:24 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{DB8400D2-DD5F-4520-8790-75A62625E449}
[2013.01.10 09:06:05 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{9C5FC7AA-93B5-4E53-8206-D92BC2ED4468}
[2013.01.09 12:36:22 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{DD65E038-3CFB-48FD-AD6B-C33367B2C862}
[2013.01.08 22:40:34 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{8E6389EA-D07D-4AE6-BE8E-6C81D2D4C5E9}
[2013.01.08 10:40:13 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{3FE22054-CE6C-485F-B336-FBD9A900A3AC}
[2013.01.07 21:38:49 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{5B69C5C7-A253-4A12-A869-4ABFA8054BCA}
[2013.01.07 09:38:29 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{9E7FDCE9-F4AF-4748-8EF0-1629B669BCD5}
[2013.01.06 10:41:39 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{C391AA47-BE2A-4927-B025-AD2901CEF379}
[2013.01.05 22:14:23 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{DAF2F35F-5D1C-4098-B187-A8FF8FE97800}
[2013.01.05 11:49:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013.01.05 10:14:04 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{4B3BDEB1-C7D0-4D99-9F72-FA6558784898}
[2013.01.04 18:17:38 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{6835AF31-7B5A-4B66-AF92-092AD4F6BBF5}
[2012.12.28 09:17:37 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{EF6D371C-2D74-4D81-9321-FE8B48552905}
[2012.12.27 12:04:26 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{04E9E2BC-D110-4F4A-A3F0-594FD615DB65}
[2012.12.27 00:04:03 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{DABE898A-D631-4CED-AADA-10C4F83659EE}
[2 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.25 19:21:56 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.01.25 16:14:22 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.25 16:14:22 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.25 16:13:19 | 000,007,626 | ---- | M] () -- C:\Users\HP Berlin\AppData\Local\Resmon.ResmonCfg
[2013.01.25 16:00:59 | 000,000,794 | ---- | M] () -- C:\Windows\Brownie.ini
[2013.01.25 15:59:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.25 15:59:34 | 2140,467,199 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.25 10:49:12 | 739,675,181 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.01.23 10:41:02 | 000,000,432 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2013.01.21 19:45:30 | 000,001,033 | ---- | M] () -- C:\Users\HP Berlin\Desktop\PhotoScape.lnk
[2013.01.21 17:39:32 | 000,001,108 | ---- | M] () -- C:\Users\Public\Desktop\Picasa 3.lnk
[2013.01.21 17:20:56 | 000,001,781 | ---- | M] () -- C:\Users\Public\Desktop\Unmechanical.lnk
[2013.01.21 17:20:28 | 001,589,518 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.01.21 17:20:28 | 000,696,638 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.01.21 17:20:28 | 000,651,956 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.01.21 17:20:28 | 000,147,934 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.01.21 17:20:28 | 000,120,888 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.01.21 17:20:24 | 001,589,518 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.01.18 11:31:40 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2013.01.16 10:33:12 | 000,001,241 | ---- | M] () -- C:\Users\HP Berlin\Desktop\DVDVideoSoft Free Studio.lnk
[2013.01.14 22:36:28 | 000,033,588 | ---- | M] () -- C:\Users\HP Berlin\Desktop\Notes on Neanderthals.rtf
[2 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.01.25 16:13:19 | 000,007,626 | ---- | C] () -- C:\Users\HP Berlin\AppData\Local\Resmon.ResmonCfg
[2013.01.21 19:45:30 | 000,001,033 | ---- | C] () -- C:\Users\HP Berlin\Desktop\PhotoScape.lnk
[2013.01.21 17:39:32 | 000,001,108 | ---- | C] () -- C:\Users\Public\Desktop\Picasa 3.lnk
[2013.01.21 17:20:56 | 000,001,781 | ---- | C] () -- C:\Users\Public\Desktop\Unmechanical.lnk
[2013.01.16 10:33:12 | 000,001,241 | ---- | C] () -- C:\Users\HP Berlin\Desktop\DVDVideoSoft Free Studio.lnk
[2013.01.14 22:36:28 | 000,033,588 | ---- | C] () -- C:\Users\HP Berlin\Desktop\Notes on Neanderthals.rtf
[2012.12.25 00:12:47 | 000,022,898 | ---- | C] () -- C:\Windows\HL-3070CW.INI
[2012.12.24 20:04:56 | 000,000,153 | ---- | C] () -- C:\Windows\BRVIDEO.INI
[2012.12.24 20:04:56 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
[2012.12.24 20:04:02 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012.12.24 20:03:56 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2012.12.24 20:03:55 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
[2012.12.24 20:00:28 | 000,000,794 | ---- | C] () -- C:\Windows\Brownie.ini
[2012.06.30 21:31:01 | 001,589,518 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.06.16 10:30:21 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.06.16 10:30:21 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.06.16 10:30:21 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.06.16 10:30:21 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.06.16 10:30:21 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.08.23 20:25:53 | 000,074,240 | ---- | C] () -- C:\Windows\AKDeInstall.exe
[2011.06.08 15:51:36 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2011.06.08 15:51:36 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2011.06.08 15:51:36 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2011.06.08 15:51:36 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2011.06.08 15:51:36 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2011.06.08 15:51:36 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2011.06.08 15:51:36 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2011.06.08 15:51:36 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2011.06.08 15:51:36 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2011.06.08 15:51:36 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat
[2011.06.08 15:51:36 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2011.06.08 15:51:36 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2011.06.08 15:51:36 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2011.06.08 15:51:36 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2011.06.08 15:51:36 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2011.06.08 15:51:36 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat
[2011.06.08 15:51:36 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat
[2011.06.08 15:51:36 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2011.06.08 15:51:36 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
 
========== LOP Check ==========
 
[2010.08.31 09:00:39 | 000,000,552 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job
[2012.11.24 09:28:16 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         
OTL extras:

Code:
ATTFilter
OTL Extras logfile created on: 26.11.2012 10:26:48 - Run 6
OTL by OldTimer - Version 3.2.48.0     Folder = C:\Users\HP Berlin\Desktop\AntiSpyware
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
7,99 Gb Total Physical Memory | 5,75 Gb Available Physical Memory | 71,93% Memory free
11,90 Gb Paging File | 9,57 Gb Available in Paging File | 80,43% Paging File free
Paging file location(s): [Binary data over 100 bytes]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 684,15 Gb Total Space | 491,97 Gb Free Space | 71,91% Space Free | Partition Type: NTFS
Drive D: | 14,39 Gb Total Space | 2,53 Gb Free Space | 17,55% Space Free | Partition Type: NTFS
Drive E: | 698,64 Gb Total Space | 504,82 Gb Free Space | 72,26% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive O: | 1396,92 Gb Total Space | 839,31 Gb Free Space | 60,08% Space Free | Partition Type: FAT32
 
Computer Name: HPBERLIN-PC | User Name: HP Berlin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\SCHLECKER\SCHLECKER Foto Digital Service\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [SCHLECKER Foto Digital Service] -- "C:\Program Files (x86)\SCHLECKER\SCHLECKER Foto Digital Service\SCHLECKER Foto Digital Service.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\SCHLECKER\SCHLECKER Foto Digital Service\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [SCHLECKER Foto Digital Service] -- "C:\Program Files (x86)\SCHLECKER\SCHLECKER Foto Digital Service\SCHLECKER Foto Digital Service.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
"DisableUnicastResponsesToMulticastBroadcast" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\fotobuch\Designer 2.0\Designer.exe" = C:\Program Files (x86)\fotobuch\Designer 2.0\Designer.exe:*:Designer.exe -- ()
"C:\Program Files (x86)\fotobuch\Designer 2.0\Designer.exe" = C:\Program Files (x86)\fotobuch\Designer 2.0\Designer.exe:*:Designer.exe -- ()
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A6723F1-3AA5-4178-A134-378DFD45C9DD}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{2F5FB749-1B56-4F53-8ADB-1AE77AC19E15}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{30F7E1EA-4ACC-4B21-90F4-3266647E4E0B}" = lport=139 | protocol=6 | dir=in | app=system | 
"{37982EEA-E668-4804-983F-16B4ECADA90A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{3FE195CA-DACC-45C3-A17B-B519D76A3FA6}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{445CAABC-9528-4371-BE02-38A95611AD55}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{46198814-B7C6-442B-84A0-9915B1F345AF}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{4F7C2CFA-DF80-45BF-A619-7FD42A20FF3C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{57C75115-701B-4DDB-A8D3-C6C2FC0E73F2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{5C139211-916A-4472-B674-4F9588905141}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{66C05EB8-41FA-432B-978B-F81DD97BD24C}" = lport=445 | protocol=6 | dir=in | app=system | 
"{73AB7051-BCB8-4F39-8850-013CBE62F07E}" = rport=139 | protocol=6 | dir=out | app=system | 
"{7B127F56-E23A-40B6-A3E1-0BFBE18201C4}" = lport=137 | protocol=17 | dir=in | app=system | 
"{7B8EB3BD-48B0-410B-BB7B-729068BF66AD}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{7B915E9C-D0BD-497E-96FC-7D73C7A094F5}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{7EAF5E7C-22AA-425E-9236-D9AE254B7768}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{893E1496-5BAF-4611-B4F3-35F6958A15AF}" = rport=445 | protocol=6 | dir=out | app=system | 
"{A11796D3-B610-4572-B96B-B5733AD49081}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A789C1F8-BDA6-4E11-AB15-94B64B29EAEC}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B99B63A6-6704-4806-A31A-CBD27FF86385}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C46FD838-F370-4FB8-9BBD-BFE2BB3D21AE}" = rport=138 | protocol=17 | dir=out | app=system | 
"{D570279A-C23E-45E3-98B9-6293B8109E35}" = rport=137 | protocol=17 | dir=out | app=system | 
"{D83548CD-891C-4AF8-A147-227D4CEEBE80}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F3DCE4C2-A6BA-40DF-A559-C756A07A84E2}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{FC62FB21-724A-4002-8F9B-45D678464F21}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{FF93FBAD-D33D-44A0-8823-5E1F2B265085}" = lport=138 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00426580-9ED5-4086-84F4-BCD2D955E7D3}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{04157473-AD19-427C-A1EC-E2E2B8A5B405}" = protocol=6 | dir=in | app=c:\program files\spamihilator\cdcc.exe | 
"{06011756-9F1E-488C-8488-0BEFA68DB070}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{0E644D02-DA0A-4740-97A5-1DFC549EBB46}" = protocol=17 | dir=in | app=c:\program files\spamihilator\dccproc.exe | 
"{1038B6B3-8008-4289-91FA-BB024639C61F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{1246896F-3FB6-4B4A-AE7E-76A6D712B4BD}" = protocol=6 | dir=in | app=c:\program files\spamihilator\dccproc.exe | 
"{49D25E51-A077-455D-BBFD-EFDDE6F92F4F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{4A6B2281-4B33-4A87-B3D4-C1FC43DEAEA8}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{5D9632EA-5BF4-47E5-BA2E-A24ADBA0F1EA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{62C37E21-43C8-45B1-9CCF-948FC7DC5C14}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{6FD5C595-8E48-45E4-ABD5-E063803224B1}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{73E77AE3-AB57-48D1-A9EC-557C04A8C3F3}" = protocol=17 | dir=in | app=c:\program files\spamihilator\spamihilator.exe | 
"{75E23F31-B9E5-4DB8-AFFF-79297D1D67F2}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{7AC716B8-197A-465E-A9B9-04815AC0B2C8}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{88EE2069-9573-4CF0-9FA2-B178C3A5849E}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{89F109EA-945C-48CA-8C36-1810DD70A418}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{8BB68255-F14C-48C0-A050-AA89F03C896A}" = protocol=6 | dir=in | app=c:\program files\spamihilator\spamihilator.exe | 
"{9ACDEE99-9124-4EFE-B3AA-AF8F9D5BE477}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{9D04A4BE-A3FB-40C5-B433-60432A99EA17}" = protocol=17 | dir=in | app=c:\program files\spamihilator\cdcc.exe | 
"{9E39D92A-B621-4941-AE43-902B9C4FBEE1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{9F5CD7B7-9201-45E5-942F-F93CAA8E8ECF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{9FFDAA89-1AB4-46DC-B94C-8FFE4C74FB54}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{AD814EF6-5D1A-427D-8497-13D08AA46E31}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{ADAAE05A-71EB-4674-A1C2-72D8370ED6EE}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{C5F1BEA8-0071-44F1-AA8A-E83DBF173EED}" = protocol=6 | dir=out | app=system | 
"{CA37F01F-C9E8-4534-BE0C-5819A8AB164F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{CBFBAAD6-7115-40EE-94B9-9CE0054EF007}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{CD11C58A-E577-48D9-B13F-31E458643A14}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{D112E899-0A10-4EDF-8B84-7032A3705F11}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{DD37C8FA-FBA3-4D7C-BEEC-AED4EB6E5D57}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{EEA85D8E-D5B6-489E-A41B-6642922D4302}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{F8AC9631-8608-4EEB-A96B-B424083CC915}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"TCP Query User{102458A7-93BA-4D2D-B502-45DF3BB2900A}C:\users\hp berlin\appdata\roaming\biyva\myasi.exe" = protocol=6 | dir=in | app=c:\users\hp berlin\appdata\roaming\biyva\myasi.exe | 
"TCP Query User{84C1C32E-56CB-4A32-B885-A62A7503272E}C:\program files (x86)\macromedia\dreamweaver 4\dreamweaver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\macromedia\dreamweaver 4\dreamweaver.exe | 
"TCP Query User{A5A45BC6-9DCF-4B5B-A37A-EA078AEC33B8}C:\users\hp berlin\appdata\roaming\biyva\myasi.exe" = protocol=6 | dir=in | app=c:\users\hp berlin\appdata\roaming\biyva\myasi.exe | 
"TCP Query User{E52E0D2E-1531-4222-BDA3-D944DD821488}C:\program files (x86)\ws_ftp pro\wsftppro.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ws_ftp pro\wsftppro.exe | 
"UDP Query User{541FCEAC-C572-4E00-962C-F65FB624CE20}C:\program files (x86)\macromedia\dreamweaver 4\dreamweaver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\macromedia\dreamweaver 4\dreamweaver.exe | 
"UDP Query User{7DC7B10E-DB97-4F83-88FD-6ECF7E8525C0}C:\program files (x86)\ws_ftp pro\wsftppro.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ws_ftp pro\wsftppro.exe | 
"UDP Query User{E869A862-D593-4352-B36B-50FBC58E2511}C:\users\hp berlin\appdata\roaming\biyva\myasi.exe" = protocol=17 | dir=in | app=c:\users\hp berlin\appdata\roaming\biyva\myasi.exe | 
"UDP Query User{FA483786-E7FA-404E-9D26-E6AC6A497359}C:\users\hp berlin\appdata\roaming\biyva\myasi.exe" = protocol=17 | dir=in | app=c:\users\hp berlin\appdata\roaming\biyva\myasi.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{2128559D-BBCD-4744-87F0-7C0CD5CFB464}" = Windows Live Family Safety
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26280024-DFB7-4967-90DB-7F9C6660D01E}" = HP MediaSmart SmartMenu
"{26F481C6-8DBE-4F8B-9D8D-715081C23ADE}" = Adobe Premiere Elements 10
"{2BF35D84-6377-4F70-9F39-97CF67E67FFF}" = Microsoft IntelliPoint 8.0
"{3BBD5B14-D5E1-4863-946F-BE91A2B0C3AE}" = Spamihilator 1.0.0 (64-Bit)
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3DAE9A67-DD8D-4EDB-91F7-7B5132B1864D}" = SmartSound Premiere Elements 10 x64 Plugin
"{467D5E81-8349-4892-9E81-C3674ED8E451}" = Cisco Systems VPN Client 5.0.07.0290
"{48F04AD2-77E9-45F3-8A4F-F5D38E519F02}" = BOINC
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98C8DF59-BE5F-4EC2-9B12-FD2A54928EDB}" = Microsoft IntelliType Pro 8.0
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"GPL Ghostscript 9.05" = GPL Ghostscript
"GSview 5.0" = GSview 5.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"OfficeTrial" = Testversion von Microsoft Office Home and Student 2007
"PC-Doctor for Windows" = Hardwarediagnosetools
"PremElem100" = Adobe Premiere Elements 10
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{11D08055-939C-432b-98C3-E072478A0CD7}" = PSE10 STI Installer
"{13702021-43FB-480C-912F-D9B74A538288}" = OpenProj
"{15F02176-0D12-4FAF-B2CD-2767C7781427}" = Google SketchUp 8
"{1D273D91-D7D5-4036-8B84-EB4615FF5F81}" = SmartSound Sonicfire Pro 5
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1E9A9E08-0366-45EE-9B66-51852F8D9812}" = Open Workbench
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{22D3A614-482C-444A-932C-9DA1B8ECDFD2}" = Elements 10 Organizer
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{25569723-DC5A-4467-A639-79535BF01B71}" = Adobe Help Center 2.1
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = HP MediaSmart Movie Themes
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = PowerRecover
"{4F46FDB9-B906-47BF-B3D5-C62E01B3C5EE}" = HP Support Assistant
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5B295588-59C1-4386-9F85-BB4BEDCB0D22}" = HP Customer Experience Enhancements
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{868291A4-229E-4795-B0B0-E60E87AF53CD}" = Sibelius Scorch (ActiveX Only)
"{88E62BD7-A532-48F6-8428-D949BB93A2D7}" = Play Wireless USB Adapter
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{959282E3-55A9-49D8-B885-D27CF8A2FD82}" = PHOTOfunSTUDIO 5.0 HD Edition
"{969E11AA-8F3A-F162-1A5A-0965E216B6CE}" = Adobe Download Assistant
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9F06F464-479A-403E-AF92-70CBB8D674A1}" = PRE10STI64Installer
"{A127C3C0-055E-38CF-B38F-1E85F8BBBFFE}" = Adobe Community Help
"{A1A2ACDC-0C22-4EB1-B958-1898A93DAF28}" = TV Movie ClickFinder
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{A7B609FB-83D8-4FC3-8477-1BC65ECFE85B}" = Adobe Photoshop Elements 5.0
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{ABDA9912-5D00-11D4-BAE7-9367CA097955}" = Macromedia Dreamweaver 4
"{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch
"{AD708DF0-9F04-4CB3-821A-85804A833B4D}" = ArcSoft Camera Suite
"{ADFB7C0D-854E-4FDA-8861-9447F182AEF9}" = Dynamic Draw 5.4
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}" = HP Advisor
"{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}" = HP Support Information
"{C2425F91-1F7B-4037-9A05-9F290184798D}" = NETGEAR WNA3100 wireless USB 2.0 adapter
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C611CF88-969D-43E6-A877-D6D6439DD081}" = HP Remote Solution
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0194539-8118-4FD7-8ABA-912B2D479B48}" = Ulead Photo Explorer 6.0
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{D765F1CE-5AE5-4C47-B134-AE58AC474740}" = OpenOffice.org 3.1
"{DB780B85-B4B5-4864-A49C-9B706B169C93}" = TIPCI
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DD6C316A-FE75-4FBB-9D22-4C1920232B72}" = LightScribe System Software
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{ECE80888-45E5-46FD-8E0C-FEF3648847BB}" = Sibelius Scorch (all browsers)
"{EE549AF9-8FAA-4584-83B2-ECF1BC9DC1FF}" = Adobe Photoshop Elements 10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}" = HP Setup
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"8781-9705-0578-2960" = Medienmanager 1.3.0
"8BF2152B-6835-4FF3-A2EC-5BDAB46DCDFF_is1" = Accord CD Ripper Free 6.3.2
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Photoshop Elements 10" = Adobe Photoshop Elements 10
"Adobe Photoshop Elements 5" = Adobe Photoshop Elements 5.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.9
"Astrorix Gold" = Astrorix Gold
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.11 (Unicode)
"Aura Video Converter_is1" = Aura Video Converter 1.2.3
"Aura4You Software Manager_is1" = Aura4You Software Manager 1.0.1
"Avira AntiVir Desktop" = Avira Free Antivirus
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Carlton Books Demo" = Carlton Books Demo
"CassetteMate" = CassetteMate
"Cell_Biology_Interactive" = Cell Biology Interactive
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"CSCLIB" = Canon Camera Support Core Library
"Cuber Extreme" = Cuber Extreme
"Designer 2.0_is1" = Designer 2.0
"EasyBits Magic Desktop" = Magic Desktop
"EOS Utility" = Canon Utilities EOS Utility
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.30
"FFsim" = Feuerwehr-Simulator 2010
"FileZilla Client" = FileZilla Client 3.5.3
"Free 3D Video Maker_is1" = Free 3D Video Maker version 1.0.1.426
"Free 3GP Video Converter_is1" = Free 3GP Video Converter version 3.7.26.602
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free Audio CD to MP3 Converter_is1" = Free Audio CD to MP3 Converter version 1.3.12.1228
"Free Audio Converter_is1" = Free Audio Converter version 2.2.9
"Free Audio Dub_is1" = Free Audio Dub version 1.7.9.602
"Free DVD Video Converter_is1" = Free DVD Video Converter version 2.0.11.1005
"Free Video Dub_is1" = Free Video Dub version 1.8.12.602
"Free Video Flip and Rotate_is1" = Free Video Flip and Rotate version 1.8.12.602
"Free Video to Flash Converter_is1" = Free Video to Flash Converter version 4.7.25.602
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.3
"HandBrake" = HandBrake 0.9.6
"HijackThis" = HijackThis 2.0.2
"HP Remote Solution" = HP Remote Solution
"InstallShield_{1D273D91-D7D5-4036-8B84-EB4615FF5F81}" = SmartSound Sonicfire Pro 5
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = HP MediaSmart Movie Themes
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{88E62BD7-A532-48F6-8428-D949BB93A2D7}" = Play Wireless USB Adapter
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DB780B85-B4B5-4864-A49C-9B706B169C93}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"IrfanView" = IrfanView (remove only)
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"MultitrackStudio_is1" = MultitrackStudio Lite 6.0
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"PDF reDirect" = PDF reDirect (remove only)
"phase-6" = phase-6 2.3.1a
"PhotoStitch" = Canon Utilities PhotoStitch
"PixelNet Foto Client" = PixelNet Foto Client 4.8
"Rainlendar2" = Rainlendar2 (remove only)
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealPlayer 12.0" = RealPlayer
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"SCHLECKER Foto Digital Service" = SCHLECKER Foto Digital Service
"Scratch" = Scratch
"StarBall_is1" = Star Ball
"TeamViewer 5" = TeamViewer 5
"TFA_Nexus" = TFA_Nexus
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.10
"WildTangent hp Master Uninstall" = HP Games
"WildTangent wildgames Master Uninstall" = WildTangent-Spiele
"WinFuture xp-Iso-Builder 3_is1" = WinFuture xp-Iso-Builder 3.0.8
"WinGimp-2.0_is1" = GIMP 2.6.10
"WinLiveSuite" = Windows Live Essentials
"Winsyntax" = Winsyntax 2.0
"WMBackup-BackupfürWindowsMail" = WMBackup - Windows Mail Backup
"WS_FTP Pro" = Ipswitch WS_FTP Pro
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-165768795-3393855570-1586056821-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{EE20E438-B675-4421-AB07-928F0EC9FB22}_is1" = Albelli Fotobücher
"Dropbox" = Dropbox
"UnityWebPlayer" = Unity Web Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 25.11.2012 13:21:03 | Computer Name = HPBerlin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 25.11.2012 13:21:03 | Computer Name = HPBerlin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 25.11.2012 13:21:03 | Computer Name = HPBerlin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 25.11.2012 13:23:02 | Computer Name = HPBerlin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 25.11.2012 13:23:02 | Computer Name = HPBerlin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 25.11.2012 13:23:02 | Computer Name = HPBerlin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 25.11.2012 13:23:02 | Computer Name = HPBerlin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 25.11.2012 13:23:02 | Computer Name = HPBerlin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 25.11.2012 13:23:02 | Computer Name = HPBerlin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 25.11.2012 13:23:02 | Computer Name = HPBerlin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 25.11.2012 13:23:02 | Computer Name = HPBerlin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
[ System Events ]
Error - 24.11.2012 19:30:06 | Computer Name = HPBerlin-PC | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
 lautet: 10.
 
Error - 24.11.2012 19:30:06 | Computer Name = HPBerlin-PC | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
 lautet: 10.
 
Error - 24.11.2012 19:30:06 | Computer Name = HPBerlin-PC | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
 lautet: 10.
 
Error - 24.11.2012 19:30:06 | Computer Name = HPBerlin-PC | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
 lautet: 10.
 
Error - 25.11.2012 05:37:10 | Computer Name = HPBerlin-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Belkin WLAN service erreicht.
 
Error - 25.11.2012 05:37:10 | Computer Name = HPBerlin-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Belkin WLAN service" wurde aufgrund folgenden Fehlers 
nicht gestartet:   %%1053
 
Error - 26.11.2012 04:54:21 | Computer Name = HPBerlin-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Belkin WLAN service erreicht.
 
Error - 26.11.2012 04:54:21 | Computer Name = HPBerlin-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Belkin WLAN service" wurde aufgrund folgenden Fehlers 
nicht gestartet:   %%1053
 
Error - 26.11.2012 05:21:11 | Computer Name = HPBerlin-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Belkin WLAN service erreicht.
 
Error - 26.11.2012 05:21:11 | Computer Name = HPBerlin-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Belkin WLAN service" wurde aufgrund folgenden Fehlers 
nicht gestartet:   %%1053
 
 
< End of report >
         


was schlagt ihr vor?
neben avira läuft auch gerade ESET.

welche programme soll ich noch drüberlaufen lassen?

danke,
shopgirl

Alt 25.01.2013, 20:08   #2
shopgirl86
 
win 7 plötzlich seeehr langsam, html/redir.eb.8 - Standard

win 7 plötzlich seeehr langsam, html/redir.eb.8



Hat oben keinen Platz mehr gehabt:

TDSS Killer:
Code:
ATTFilter
15:19:47.0636 5456  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
15:19:47.0823 5456  ============================================================
15:19:47.0823 5456  Current date / time: 2012/11/23 15:19:47.0823
15:19:47.0823 5456  SystemInfo:
15:19:47.0823 5456  
15:19:47.0823 5456  OS Version: 6.1.7600 ServicePack: 0.0
15:19:47.0823 5456  Product type: Workstation
15:19:47.0823 5456  ComputerName: HPBERLIN-PC
15:19:47.0823 5456  UserName: HP Berlin
15:19:47.0823 5456  Windows directory: C:\Windows
15:19:47.0823 5456  System windows directory: C:\Windows
15:19:47.0823 5456  Running under WOW64
15:19:47.0823 5456  Processor architecture: Intel x64
15:19:47.0823 5456  Number of processors: 8
15:19:47.0823 5456  Page size: 0x1000
15:19:47.0823 5456  Boot type: Normal boot
15:19:47.0823 5456  ============================================================
15:19:48.0228 5456  Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:19:48.0244 5456  Drive \Device\Harddisk1\DR1 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:19:48.0244 5456  Drive \Device\Harddisk2\DR2 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:19:48.0260 5456  ============================================================
15:19:48.0260 5456  \Device\Harddisk0\DR0:
15:19:48.0260 5456  MBR partitions:
15:19:48.0260 5456  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
15:19:48.0260 5456  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x5584C800
15:19:48.0260 5456  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x5587F000, BlocksNum 0x1CC6800
15:19:48.0260 5456  \Device\Harddisk1\DR1:
15:19:48.0260 5456  MBR partitions:
15:19:48.0260 5456  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x575452C2
15:19:48.0260 5456  \Device\Harddisk2\DR2:
15:19:48.0260 5456  MBR partitions:
15:19:48.0260 5456  \Device\Harddisk2\DR2\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0xAEA86702
15:19:48.0260 5456  ============================================================
15:19:48.0275 5456  C: <-> \Device\Harddisk0\DR0\Partition2
15:19:48.0291 5456  E: <-> \Device\Harddisk1\DR1\Partition1
15:19:48.0338 5456  D: <-> \Device\Harddisk0\DR0\Partition3
15:19:48.0338 5456  O: <-> \Device\Harddisk2\DR2\Partition1
15:19:48.0338 5456  ============================================================
15:19:48.0338 5456  Initialize success
15:19:48.0338 5456  ============================================================
15:19:53.0564 0488  ============================================================
15:19:53.0564 0488  Scan started
15:19:53.0564 0488  Mode: Manual; SigCheck; TDLFS; 
15:19:53.0564 0488  ============================================================
15:19:54.0437 0488  ================ Scan system memory ========================
15:19:54.0437 0488  System memory - ok
15:19:54.0437 0488  ================ Scan services =============================
15:19:54.0593 0488  [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
15:19:54.0718 0488  1394ohci - ok
15:19:54.0734 0488  [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI            C:\Windows\system32\DRIVERS\ACPI.sys
15:19:54.0749 0488  ACPI - ok
15:19:54.0749 0488  [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi         C:\Windows\system32\DRIVERS\acpipmi.sys
15:19:54.0843 0488  AcpiPmi - ok
15:19:54.0983 0488  [ 047BD1EB681453A7FE492A71802AC9F3 ] AdobeActiveFileMonitor10.0 C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
15:19:54.0999 0488  AdobeActiveFileMonitor10.0 - ok
15:19:55.0092 0488  [ 177FF6608B48638D4066726F3A3F8444 ] AdobeActiveFileMonitor5.0 C:\Program Files (x86)\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
15:19:55.0139 0488  AdobeActiveFileMonitor5.0 ( UnsignedFile.Multi.Generic ) - warning
15:19:55.0139 0488  AdobeActiveFileMonitor5.0 - detected UnsignedFile.Multi.Generic (1)
15:19:55.0186 0488  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
15:19:55.0217 0488  adp94xx - ok
15:19:55.0264 0488  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
15:19:55.0295 0488  adpahci - ok
15:19:55.0311 0488  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
15:19:55.0326 0488  adpu320 - ok
15:19:55.0358 0488  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
15:19:55.0498 0488  AeLookupSvc - ok
15:19:55.0529 0488  [ B9384E03479D2506BC924C16A3DB87BC ] AFD             C:\Windows\system32\drivers\afd.sys
15:19:55.0607 0488  AFD - ok
15:19:55.0654 0488  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\DRIVERS\agp440.sys
15:19:55.0670 0488  agp440 - ok
15:19:55.0716 0488  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
15:19:55.0779 0488  ALG - ok
15:19:55.0794 0488  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\DRIVERS\aliide.sys
15:19:55.0810 0488  aliide - ok
15:19:55.0826 0488  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\DRIVERS\amdide.sys
15:19:55.0841 0488  amdide - ok
15:19:55.0872 0488  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
15:19:55.0904 0488  AmdK8 - ok
15:19:55.0935 0488  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
15:19:55.0966 0488  AmdPPM - ok
15:19:55.0982 0488  [ 7A4B413614C055935567CF88A9734D38 ] amdsata         C:\Windows\system32\DRIVERS\amdsata.sys
15:19:55.0997 0488  amdsata - ok
15:19:56.0044 0488  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
15:19:56.0075 0488  amdsbs - ok
15:19:56.0106 0488  [ B4AD0CACBAB298671DD6F6EF7E20679D ] amdxata         C:\Windows\system32\DRIVERS\amdxata.sys
15:19:56.0122 0488  amdxata - ok
15:19:56.0200 0488  [ 0A1CC583E8147004E4AD4625D7FBF88C ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
15:19:56.0231 0488  AntiVirSchedulerService - ok
15:19:56.0262 0488  [ C9A36EF935ACED86AEDF93E97E606911 ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
15:19:56.0309 0488  AntiVirService - ok
15:19:56.0325 0488  [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID           C:\Windows\system32\drivers\appid.sys
15:19:56.0434 0488  AppID - ok
15:19:56.0450 0488  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
15:19:56.0496 0488  AppIDSvc - ok
15:19:56.0528 0488  [ D065BE66822847B7F127D1F90158376E ] Appinfo         C:\Windows\System32\appinfo.dll
15:19:56.0590 0488  Appinfo - ok
15:19:56.0668 0488  [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:19:56.0699 0488  Apple Mobile Device - ok
15:19:56.0762 0488  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
15:19:56.0777 0488  arc - ok
15:19:56.0808 0488  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
15:19:56.0808 0488  arcsas - ok
15:19:56.0918 0488  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
15:19:56.0964 0488  aspnet_state - ok
15:19:56.0996 0488  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
15:19:57.0089 0488  AsyncMac - ok
15:19:57.0120 0488  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\DRIVERS\atapi.sys
15:19:57.0136 0488  atapi - ok
15:19:57.0167 0488  [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:19:57.0214 0488  AudioEndpointBuilder - ok
15:19:57.0230 0488  [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv        C:\Windows\System32\Audiosrv.dll
15:19:57.0261 0488  AudioSrv - ok
15:19:57.0323 0488  [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
15:19:57.0386 0488  avgntflt - ok
15:19:57.0417 0488  [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
15:19:57.0448 0488  avipbb - ok
15:19:57.0479 0488  [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
15:19:57.0495 0488  avkmgr - ok
15:19:57.0510 0488  [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
15:19:57.0604 0488  AxInstSV - ok
15:19:57.0620 0488  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
15:19:57.0698 0488  b06bdrv - ok
15:19:57.0713 0488  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
15:19:57.0760 0488  b57nd60a - ok
15:19:57.0822 0488  [ E49110A58A32E9450356686A95DD7763 ] BCMH43XX        C:\Windows\system32\DRIVERS\bcmwlhigh664.sys
15:19:57.0869 0488  BCMH43XX - ok
15:19:57.0885 0488  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
15:19:57.0947 0488  BDESVC - ok
15:19:57.0963 0488  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
15:19:58.0025 0488  Beep - ok
15:19:58.0056 0488  [ 4992C609A6315671463E30F6512BC022 ] BFE             C:\Windows\System32\bfe.dll
15:19:58.0103 0488  BFE - ok
15:19:58.0212 0488  [ ACC9C8C560C567FAD6F79C977AB2EA09 ] bgsvcgen        C:\Windows\SysWOW64\bgsvcgen.exe
15:19:58.0244 0488  bgsvcgen - ok
15:19:58.0290 0488  [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS            C:\Windows\system32\qmgr.dll
15:19:58.0368 0488  BITS - ok
15:19:58.0400 0488  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
15:19:58.0431 0488  blbdrive - ok
15:19:58.0509 0488  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
15:19:58.0540 0488  Bonjour Service - ok
15:19:58.0571 0488  [ 91CE0D3DC57DD377E690A2D324022B08 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
15:19:58.0618 0488  bowser - ok
15:19:58.0649 0488  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:19:58.0696 0488  BrFiltLo - ok
15:19:58.0712 0488  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:19:58.0743 0488  BrFiltUp - ok
15:19:58.0758 0488  [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
15:19:58.0852 0488  BridgeMP - ok
15:19:58.0899 0488  [ 94FBC06F294D58D02361918418F996E3 ] Browser         C:\Windows\System32\browser.dll
15:19:58.0930 0488  Browser - ok
15:19:58.0946 0488  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
15:19:58.0977 0488  Brserid - ok
15:19:58.0992 0488  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
15:19:59.0024 0488  BrSerWdm - ok
15:19:59.0039 0488  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
15:19:59.0055 0488  BrUsbMdm - ok
15:19:59.0086 0488  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
15:19:59.0133 0488  BrUsbSer - ok
15:19:59.0148 0488  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
15:19:59.0211 0488  BTHMODEM - ok
15:19:59.0242 0488  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
15:19:59.0320 0488  bthserv - ok
15:19:59.0382 0488  catchme - ok
15:19:59.0445 0488  [ 5753532C476B83119D85AA43B1B10AB3 ] CCALib8         C:\Program Files (x86)\Canon\CAL\CALMAIN.exe
15:19:59.0507 0488  CCALib8 ( UnsignedFile.Multi.Generic ) - warning
15:19:59.0507 0488  CCALib8 - detected UnsignedFile.Multi.Generic (1)
15:19:59.0538 0488  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
15:19:59.0585 0488  cdfs - ok
15:19:59.0601 0488  [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
15:19:59.0632 0488  cdrom - ok
15:19:59.0679 0488  [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc     C:\Windows\System32\certprop.dll
15:19:59.0741 0488  CertPropSvc - ok
15:19:59.0757 0488  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
15:19:59.0788 0488  circlass - ok
15:19:59.0819 0488  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
15:19:59.0850 0488  CLFS - ok
15:19:59.0897 0488  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:19:59.0928 0488  clr_optimization_v2.0.50727_32 - ok
15:19:59.0960 0488  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:19:59.0991 0488  clr_optimization_v2.0.50727_64 - ok
15:20:00.0053 0488  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:20:00.0084 0488  clr_optimization_v4.0.30319_32 - ok
15:20:00.0131 0488  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:20:00.0178 0488  clr_optimization_v4.0.30319_64 - ok
15:20:00.0194 0488  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
15:20:00.0225 0488  CmBatt - ok
15:20:00.0256 0488  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\DRIVERS\cmdide.sys
15:20:00.0272 0488  cmdide - ok
15:20:00.0287 0488  [ F95FD4CB7DA00BA2A63CE9F6B5C053E1 ] CNG             C:\Windows\system32\Drivers\cng.sys
15:20:00.0318 0488  CNG - ok
15:20:00.0350 0488  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
15:20:00.0365 0488  Compbatt - ok
15:20:00.0381 0488  [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
15:20:00.0412 0488  CompositeBus - ok
15:20:00.0428 0488  COMSysApp - ok
15:20:00.0443 0488  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
15:20:00.0459 0488  crcdisk - ok
15:20:00.0490 0488  [ 8C57411B66282C01533CB776F98AD384 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
15:20:00.0537 0488  CryptSvc - ok
15:20:00.0584 0488  [ 44BDDEB03C84A1C993C992FFB5700357 ] CVirtA          C:\Windows\system32\DRIVERS\CVirtA64.sys
15:20:00.0599 0488  CVirtA - ok
15:20:00.0677 0488  [ 66257CB4E4FB69887CDDC71663741435 ] CVPND           C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
15:20:00.0708 0488  CVPND - ok
15:20:00.0771 0488  [ CC8E52DAA9826064BA464DBE531F2BB5 ] CVPNDRVA        C:\Windows\system32\Drivers\CVPNDRVA.sys
15:20:00.0771 0488  CVPNDRVA - ok
15:20:00.0833 0488  [ 23D4B856725F5FC3C4F410C150AB107B ] dc3d            C:\Windows\system32\DRIVERS\dc3d.sys
15:20:00.0849 0488  dc3d - ok
15:20:00.0896 0488  [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch      C:\Windows\system32\rpcss.dll
15:20:00.0942 0488  DcomLaunch - ok
15:20:00.0974 0488  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
15:20:01.0020 0488  defragsvc - ok
15:20:01.0036 0488  [ 3F1DC527070ACB87E40AFE46EF6DA749 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
15:20:01.0083 0488  DfsC - ok
15:20:01.0114 0488  [ CE3B9562D997F69B330D181A8875960F ] Dhcp            C:\Windows\system32\dhcpcore.dll
15:20:01.0208 0488  Dhcp - ok
15:20:01.0239 0488  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
15:20:01.0286 0488  discache - ok
15:20:01.0317 0488  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
15:20:01.0348 0488  Disk - ok
15:20:01.0395 0488  [ 05CB5910B3CA6019FC3CCA815EE06FFB ] DNE             C:\Windows\system32\DRIVERS\dne64x.sys
15:20:01.0410 0488  DNE - ok
15:20:01.0426 0488  [ 676108C4E3AA6F6B34633748BD0BEBD9 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
15:20:01.0488 0488  Dnscache - ok
15:20:01.0520 0488  [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc         C:\Windows\System32\dot3svc.dll
15:20:01.0535 0488  dot3svc - ok
15:20:01.0551 0488  [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS             C:\Windows\system32\dps.dll
15:20:01.0566 0488  DPS - ok
15:20:01.0613 0488  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
15:20:01.0629 0488  drmkaud - ok
15:20:01.0644 0488  [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
15:20:01.0676 0488  DXGKrnl - ok
15:20:01.0691 0488  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
15:20:01.0722 0488  EapHost - ok
15:20:01.0800 0488  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
15:20:01.0910 0488  ebdrv - ok
15:20:01.0941 0488  [ 0793F40B9B8A1BDD266296409DBD91EA ] EFS             C:\Windows\System32\lsass.exe
15:20:01.0988 0488  EFS - ok
15:20:02.0066 0488  [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
15:20:02.0144 0488  ehRecvr - ok
15:20:02.0175 0488  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
15:20:02.0253 0488  ehSched - ok
15:20:02.0284 0488  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
15:20:02.0315 0488  elxstor - ok
15:20:02.0315 0488  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\DRIVERS\errdev.sys
15:20:02.0346 0488  ErrDev - ok
15:20:02.0378 0488  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
15:20:02.0409 0488  EventSystem - ok
15:20:02.0440 0488  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
15:20:02.0487 0488  exfat - ok
15:20:02.0534 0488  ezSharedSvc - ok
15:20:02.0534 0488  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
15:20:02.0580 0488  fastfat - ok
15:20:02.0643 0488  [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax             C:\Windows\system32\fxssvc.exe
15:20:02.0705 0488  Fax - ok
15:20:02.0721 0488  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
15:20:02.0768 0488  fdc - ok
15:20:02.0799 0488  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
15:20:02.0877 0488  fdPHost - ok
15:20:02.0892 0488  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
15:20:02.0924 0488  FDResPub - ok
15:20:02.0924 0488  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
15:20:02.0939 0488  FileInfo - ok
15:20:02.0955 0488  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
15:20:03.0002 0488  Filetrace - ok
15:20:03.0017 0488  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
15:20:03.0033 0488  flpydisk - ok
15:20:03.0048 0488  [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
15:20:03.0064 0488  FltMgr - ok
15:20:03.0080 0488  [ BC00505CFDA789ED3BE95D2FF38C4875 ] FontCache       C:\Windows\system32\FntCache.dll
15:20:03.0158 0488  FontCache - ok
15:20:03.0204 0488  [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:20:03.0236 0488  FontCache3.0.0.0 - ok
15:20:03.0251 0488  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
15:20:03.0282 0488  FsDepends - ok
15:20:03.0314 0488  [ 07DA62C960DDCCC2D35836AEAB4FC578 ] fssfltr         C:\Windows\system32\DRIVERS\fssfltr.sys
15:20:03.0329 0488  fssfltr - ok
15:20:03.0392 0488  [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc          C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
15:20:03.0454 0488  fsssvc - ok
15:20:03.0470 0488  [ E95EF8547DE20CF0603557C0CF7A9462 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
15:20:03.0485 0488  Fs_Rec - ok
15:20:03.0532 0488  [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
15:20:03.0579 0488  fvevol - ok
15:20:03.0594 0488  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
15:20:03.0610 0488  gagp30kx - ok
15:20:03.0657 0488  [ E53EE18A21C025DEABCFE0F72FC481BB ] GameConsoleService C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
15:20:03.0672 0488  GameConsoleService - ok
15:20:03.0704 0488  [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:20:03.0719 0488  GEARAspiWDM - ok
15:20:03.0766 0488  [ 9599A713E1776B8F69300FC9008F33C1 ] getPlusHelper   C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll
15:20:03.0828 0488  getPlusHelper - ok
15:20:03.0844 0488  [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc           C:\Windows\System32\gpsvc.dll
15:20:03.0891 0488  gpsvc - ok
15:20:03.0938 0488  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:20:03.0969 0488  gupdate - ok
15:20:03.0984 0488  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:20:04.0000 0488  gupdatem - ok
15:20:04.0031 0488  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
15:20:04.0094 0488  hcw85cir - ok
15:20:04.0094 0488  [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
15:20:04.0140 0488  HDAudBus - ok
15:20:04.0140 0488  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
15:20:04.0172 0488  HidBatt - ok
15:20:04.0172 0488  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
15:20:04.0203 0488  HidBth - ok
15:20:04.0218 0488  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
15:20:04.0250 0488  HidIr - ok
15:20:04.0281 0488  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\System32\hidserv.dll
15:20:04.0343 0488  hidserv - ok
15:20:04.0359 0488  [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
15:20:04.0406 0488  HidUsb - ok
15:20:04.0421 0488  [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc          C:\Windows\system32\kmsvc.dll
15:20:04.0468 0488  hkmsvc - ok
15:20:04.0499 0488  [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:20:04.0530 0488  HomeGroupListener - ok
15:20:04.0562 0488  [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:20:04.0577 0488  HomeGroupProvider - ok
15:20:04.0624 0488  [ 0141816A095A3F5A83FFA5B4A47B8023 ] HP Health Check Service C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
15:20:04.0655 0488  HP Health Check Service ( UnsignedFile.Multi.Generic ) - warning
15:20:04.0655 0488  HP Health Check Service - detected UnsignedFile.Multi.Generic (1)
15:20:04.0686 0488  [ FDF273A845F1FFCCEADF363AAF47582F ] hpqwmiex        C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
15:20:04.0718 0488  hpqwmiex - ok
15:20:04.0733 0488  [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD          C:\Windows\system32\DRIVERS\HpSAMD.sys
15:20:04.0749 0488  HpSAMD - ok
15:20:04.0780 0488  [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
15:20:04.0827 0488  HTTP - ok
15:20:04.0827 0488  [ F17766A19145F111856378DF337A5D79 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
15:20:04.0842 0488  hwpolicy - ok
15:20:04.0858 0488  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
15:20:04.0874 0488  i8042prt - ok
15:20:04.0936 0488  [ 7548066DF68A8A1A56B043359F915F37 ] IAANTMON        C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
15:20:04.0967 0488  IAANTMON - ok
15:20:04.0998 0488  [ 1D004CB1DA6323B1F55CAEF7F94B61D9 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
15:20:05.0030 0488  iaStor - ok
15:20:05.0045 0488  [ D83EFB6FD45DF9D55E9A1AFC63640D50 ] iaStorV         C:\Windows\system32\DRIVERS\iaStorV.sys
15:20:05.0092 0488  iaStorV - ok
15:20:05.0139 0488  [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:20:05.0201 0488  idsvc - ok
15:20:05.0217 0488  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
15:20:05.0232 0488  iirsp - ok
15:20:05.0264 0488  [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT          C:\Windows\System32\ikeext.dll
15:20:05.0326 0488  IKEEXT - ok
15:20:05.0404 0488  [ 3C4B4EE54FEBB09F7E9F58776DE96DCA ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
15:20:05.0451 0488  IntcAzAudAddService - ok
15:20:05.0466 0488  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\DRIVERS\intelide.sys
15:20:05.0482 0488  intelide - ok
15:20:05.0513 0488  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
15:20:05.0544 0488  intelppm - ok
15:20:05.0560 0488  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
15:20:05.0607 0488  IPBusEnum - ok
15:20:05.0638 0488  [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:20:05.0654 0488  IpFilterDriver - ok
15:20:05.0685 0488  [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
15:20:05.0732 0488  iphlpsvc - ok
15:20:05.0763 0488  [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV         C:\Windows\system32\DRIVERS\IPMIDrv.sys
15:20:05.0794 0488  IPMIDRV - ok
15:20:05.0825 0488  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
15:20:05.0856 0488  IPNAT - ok
15:20:05.0919 0488  [ 50D6CCC6FF5561F9F56946B3E6164FB8 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
15:20:05.0966 0488  iPod Service - ok
15:20:05.0966 0488  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
15:20:05.0981 0488  IRENUM - ok
15:20:05.0997 0488  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\DRIVERS\isapnp.sys
15:20:05.0997 0488  isapnp - ok
15:20:06.0028 0488  [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
15:20:06.0044 0488  iScsiPrt - ok
15:20:06.0059 0488  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
15:20:06.0075 0488  kbdclass - ok
15:20:06.0090 0488  [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
15:20:06.0106 0488  kbdhid - ok
15:20:06.0137 0488  [ 0793F40B9B8A1BDD266296409DBD91EA ] KeyIso          C:\Windows\system32\lsass.exe
15:20:06.0168 0488  KeyIso - ok
15:20:06.0184 0488  [ E8B6FCC9C83535C67F835D407620BD27 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
15:20:06.0200 0488  KSecDD - ok
15:20:06.0215 0488  [ A8C63880EF6F4D3FEC7B616B9C060215 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
15:20:06.0231 0488  KSecPkg - ok
15:20:06.0231 0488  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
15:20:06.0278 0488  ksthunk - ok
15:20:06.0309 0488  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
15:20:06.0387 0488  KtmRm - ok
15:20:06.0418 0488  [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer    C:\Windows\System32\srvsvc.dll
15:20:06.0465 0488  LanmanServer - ok
15:20:06.0496 0488  [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:20:06.0543 0488  LanmanWorkstation - ok
15:20:06.0590 0488  [ 108333981C841EB0FF198AA5DFCF3D3B ] LightScribeService c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
15:20:06.0636 0488  LightScribeService ( UnsignedFile.Multi.Generic ) - warning
15:20:06.0636 0488  LightScribeService - detected UnsignedFile.Multi.Generic (1)
15:20:06.0668 0488  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
15:20:06.0730 0488  lltdio - ok
15:20:06.0746 0488  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
15:20:06.0808 0488  lltdsvc - ok
15:20:06.0824 0488  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
15:20:06.0855 0488  lmhosts - ok
15:20:06.0870 0488  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
15:20:06.0886 0488  LSI_FC - ok
15:20:06.0886 0488  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
15:20:06.0902 0488  LSI_SAS - ok
15:20:06.0902 0488  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:20:06.0917 0488  LSI_SAS2 - ok
15:20:06.0933 0488  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:20:06.0948 0488  LSI_SCSI - ok
15:20:06.0964 0488  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
15:20:07.0011 0488  luafv - ok
15:20:07.0042 0488  [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
15:20:07.0073 0488  Mcx2Svc - ok
15:20:07.0104 0488  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
15:20:07.0120 0488  megasas - ok
15:20:07.0136 0488  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
15:20:07.0151 0488  MegaSR - ok
15:20:07.0214 0488  Microsoft SharePoint Workspace Audit Service - ok
15:20:07.0229 0488  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
15:20:07.0323 0488  MMCSS - ok
15:20:07.0338 0488  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
15:20:07.0385 0488  Modem - ok
15:20:07.0401 0488  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
15:20:07.0432 0488  monitor - ok
15:20:07.0463 0488  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
15:20:07.0479 0488  mouclass - ok
15:20:07.0479 0488  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
15:20:07.0510 0488  mouhid - ok
15:20:07.0541 0488  [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
15:20:07.0557 0488  mountmgr - ok
15:20:07.0572 0488  [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio            C:\Windows\system32\DRIVERS\mpio.sys
15:20:07.0588 0488  mpio - ok
15:20:07.0604 0488  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
15:20:07.0650 0488  mpsdrv - ok
15:20:07.0666 0488  [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc          C:\Windows\system32\mpssvc.dll
15:20:07.0713 0488  MpsSvc - ok
15:20:07.0728 0488  [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
15:20:07.0760 0488  MRxDAV - ok
15:20:07.0775 0488  [ 767A4C3BCF9410C286CED15A2DB17108 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
15:20:07.0838 0488  mrxsmb - ok
15:20:07.0853 0488  [ 920EE0FF995FCFDEB08C41605A959E1C ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:20:07.0884 0488  mrxsmb10 - ok
15:20:07.0884 0488  [ 740D7EA9D72C981510A5292CF6ADC941 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:20:07.0900 0488  mrxsmb20 - ok
15:20:07.0916 0488  [ 5C37497276E3B3A5488B23A326A754B7 ] msahci          C:\Windows\system32\DRIVERS\msahci.sys
15:20:07.0931 0488  msahci - ok
15:20:07.0947 0488  [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm           C:\Windows\system32\DRIVERS\msdsm.sys
15:20:07.0962 0488  msdsm - ok
15:20:07.0978 0488  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
15:20:07.0978 0488  MSDTC - ok
15:20:07.0994 0488  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
15:20:08.0025 0488  Msfs - ok
15:20:08.0040 0488  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
15:20:08.0072 0488  mshidkmdf - ok
15:20:08.0103 0488  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\DRIVERS\msisadrv.sys
15:20:08.0118 0488  msisadrv - ok
15:20:08.0150 0488  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
15:20:08.0181 0488  MSiSCSI - ok
15:20:08.0181 0488  msiserver - ok
15:20:08.0196 0488  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
15:20:08.0228 0488  MSKSSRV - ok
15:20:08.0243 0488  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
15:20:08.0290 0488  MSPCLOCK - ok
15:20:08.0306 0488  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
15:20:08.0337 0488  MSPQM - ok
15:20:08.0368 0488  [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
15:20:08.0384 0488  MsRPC - ok
15:20:08.0384 0488  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
15:20:08.0399 0488  mssmbios - ok
15:20:08.0399 0488  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
15:20:08.0446 0488  MSTEE - ok
15:20:08.0462 0488  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
15:20:08.0508 0488  MTConfig - ok
15:20:08.0540 0488  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
15:20:08.0540 0488  Mup - ok
15:20:08.0586 0488  [ 4987E079A4530FA737A128BE54B63B12 ] napagent        C:\Windows\system32\qagentRT.dll
15:20:08.0633 0488  napagent - ok
15:20:08.0664 0488  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
15:20:08.0696 0488  NativeWifiP - ok
15:20:08.0742 0488  [ CAD515DBD07D082BB317D9928CE8962C ] NDIS            C:\Windows\system32\drivers\ndis.sys
15:20:08.0758 0488  NDIS - ok
15:20:08.0774 0488  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
15:20:08.0805 0488  NdisCap - ok
15:20:08.0820 0488  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
15:20:08.0852 0488  NdisTapi - ok
15:20:08.0852 0488  [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
15:20:08.0914 0488  Ndisuio - ok
15:20:08.0945 0488  [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
15:20:08.0976 0488  NdisWan - ok
15:20:08.0992 0488  [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
15:20:09.0054 0488  NDProxy - ok
15:20:09.0086 0488  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
15:20:09.0117 0488  NetBIOS - ok
15:20:09.0117 0488  [ 9162B273A44AB9DCE5B44362731D062A ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
15:20:09.0164 0488  NetBT - ok
15:20:09.0179 0488  [ 0793F40B9B8A1BDD266296409DBD91EA ] Netlogon        C:\Windows\system32\lsass.exe
15:20:09.0179 0488  Netlogon - ok
15:20:09.0210 0488  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
15:20:09.0242 0488  Netman - ok
15:20:09.0273 0488  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:20:09.0288 0488  NetMsmqActivator - ok
15:20:09.0304 0488  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:20:09.0304 0488  NetPipeActivator - ok
15:20:09.0335 0488  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
15:20:09.0382 0488  netprofm - ok
15:20:09.0398 0488  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:20:09.0398 0488  NetTcpActivator - ok
15:20:09.0398 0488  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:20:09.0413 0488  NetTcpPortSharing - ok
15:20:09.0444 0488  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
15:20:09.0460 0488  nfrd960 - ok
15:20:09.0507 0488  [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc          C:\Windows\System32\nlasvc.dll
15:20:09.0569 0488  NlaSvc - ok
15:20:09.0585 0488  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
15:20:09.0600 0488  Npfs - ok
15:20:09.0616 0488  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
15:20:09.0647 0488  nsi - ok
15:20:09.0663 0488  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
15:20:09.0725 0488  nsiproxy - ok
15:20:09.0756 0488  [ 356698A13C4630D5B31C37378D469196 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
15:20:09.0803 0488  Ntfs - ok
15:20:09.0803 0488  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
15:20:09.0850 0488  Null - ok
15:20:10.0068 0488  [ F0FBFE1E29FF233B0E000054C1FB968A ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:20:10.0178 0488  nvlddmkm - ok
15:20:10.0209 0488  [ 3E38712941E9BB4DDBEE00AFFE3FED3D ] nvraid          C:\Windows\system32\DRIVERS\nvraid.sys
15:20:10.0224 0488  nvraid - ok
15:20:10.0256 0488  [ 477DC4D6DEB99BE37084C9AC6D013DA1 ] nvstor          C:\Windows\system32\DRIVERS\nvstor.sys
15:20:10.0271 0488  nvstor - ok
15:20:10.0302 0488  [ 4E70B5247914426722621180B8764514 ] nvsvc           C:\Windows\system32\nvvsvc.exe
15:20:10.0318 0488  nvsvc - ok
15:20:10.0349 0488  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\DRIVERS\nv_agp.sys
15:20:10.0365 0488  nv_agp - ok
15:20:10.0365 0488  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
15:20:10.0396 0488  ohci1394 - ok
15:20:10.0458 0488  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:20:10.0474 0488  ose - ok
15:20:10.0614 0488  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:20:10.0708 0488  osppsvc - ok
15:20:10.0724 0488  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
15:20:10.0786 0488  p2pimsvc - ok
15:20:10.0802 0488  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
15:20:10.0817 0488  p2psvc - ok
15:20:10.0848 0488  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
15:20:10.0848 0488  Parport - ok
15:20:10.0864 0488  [ 7DAA117143316C4A1537E074A5A9EAF0 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
15:20:10.0880 0488  partmgr - ok
15:20:10.0895 0488  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
15:20:10.0926 0488  PcaSvc - ok
15:20:10.0958 0488  [ F36F6504009F2FB0DFD1B17A116AD74B ] pci             C:\Windows\system32\DRIVERS\pci.sys
15:20:10.0973 0488  pci - ok
15:20:10.0989 0488  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\DRIVERS\pciide.sys
15:20:10.0989 0488  pciide - ok
15:20:11.0004 0488  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
15:20:11.0020 0488  pcmcia - ok
15:20:11.0036 0488  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
15:20:11.0036 0488  pcw - ok
15:20:11.0067 0488  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
15:20:11.0129 0488  PEAUTH - ok
15:20:11.0207 0488  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
15:20:11.0238 0488  PerfHost - ok
15:20:11.0301 0488  [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla             C:\Windows\system32\pla.dll
15:20:11.0394 0488  pla - ok
15:20:11.0457 0488  [ 23157D583244400E1D7FBAEE2E4B31B7 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
15:20:11.0504 0488  PlugPlay - ok
15:20:11.0519 0488  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
15:20:11.0535 0488  PNRPAutoReg - ok
15:20:11.0550 0488  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
15:20:11.0566 0488  PNRPsvc - ok
15:20:11.0597 0488  [ B23F79E41E30ED500586151A9EF27D8F ] Point64         C:\Windows\system32\DRIVERS\point64.sys
15:20:11.0597 0488  Point64 - ok
15:20:11.0628 0488  [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
15:20:11.0691 0488  PolicyAgent - ok
15:20:11.0722 0488  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
15:20:11.0753 0488  Power - ok
15:20:11.0784 0488  [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
15:20:11.0831 0488  PptpMiniport - ok
15:20:11.0847 0488  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
15:20:11.0878 0488  Processor - ok
15:20:11.0909 0488  [ F381975E1F4346DE875CB07339CE8D3A ] ProfSvc         C:\Windows\system32\profsvc.dll
15:20:11.0972 0488  ProfSvc - ok
15:20:12.0003 0488  [ 0793F40B9B8A1BDD266296409DBD91EA ] ProtectedStorage C:\Windows\system32\lsass.exe
15:20:12.0003 0488  ProtectedStorage - ok
15:20:12.0018 0488  [ EE992183BD8EAEFD9973F352E587A299 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
15:20:12.0050 0488  Psched - ok
15:20:12.0081 0488  [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64        C:\Windows\system32\Drivers\PxHlpa64.sys
15:20:12.0096 0488  PxHlpa64 - ok
15:20:12.0143 0488  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
15:20:12.0206 0488  ql2300 - ok
15:20:12.0221 0488  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
15:20:12.0221 0488  ql40xx - ok
15:20:12.0252 0488  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
15:20:12.0268 0488  QWAVE - ok
15:20:12.0284 0488  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
15:20:12.0284 0488  QWAVEdrv - ok
15:20:12.0315 0488  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
15:20:12.0330 0488  RasAcd - ok
15:20:12.0362 0488  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
15:20:12.0393 0488  RasAgileVpn - ok
15:20:12.0393 0488  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
15:20:12.0455 0488  RasAuto - ok
15:20:12.0486 0488  [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
15:20:12.0549 0488  Rasl2tp - ok
15:20:12.0564 0488  [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan          C:\Windows\System32\rasmans.dll
15:20:12.0611 0488  RasMan - ok
15:20:12.0642 0488  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
15:20:12.0689 0488  RasPppoe - ok
15:20:12.0705 0488  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
15:20:12.0736 0488  RasSstp - ok
15:20:12.0767 0488  [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
15:20:12.0845 0488  rdbss - ok
15:20:12.0876 0488  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
15:20:12.0876 0488  rdpbus - ok
15:20:12.0892 0488  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
15:20:12.0923 0488  RDPCDD - ok
15:20:12.0923 0488  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
15:20:12.0970 0488  RDPENCDD - ok
15:20:12.0986 0488  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
15:20:13.0017 0488  RDPREFMP - ok
15:20:13.0017 0488  [ 8A3E6BEA1C53EA6177FE2B6EBA2C80D7 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
15:20:13.0079 0488  RDPWD - ok
15:20:13.0095 0488  [ 634B9A2181D98F15941236886164EC8B ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
15:20:13.0110 0488  rdyboost - ok
15:20:13.0126 0488  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
15:20:13.0157 0488  RemoteAccess - ok
15:20:13.0188 0488  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
15:20:13.0235 0488  RemoteRegistry - ok
15:20:13.0251 0488  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
15:20:13.0282 0488  RpcEptMapper - ok
15:20:13.0298 0488  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
15:20:13.0329 0488  RpcLocator - ok
15:20:13.0360 0488  [ 7266972E86890E2B30C0C322E906B027 ] RpcSs           C:\Windows\system32\rpcss.dll
15:20:13.0407 0488  RpcSs - ok
15:20:13.0422 0488  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
15:20:13.0469 0488  rspndr - ok
15:20:13.0516 0488  [ 91296F0B2653281B2F11E0FCE56AA427 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
15:20:13.0532 0488  RTL8167 - ok
15:20:13.0547 0488  [ 0793F40B9B8A1BDD266296409DBD91EA ] SamSs           C:\Windows\system32\lsass.exe
15:20:13.0563 0488  SamSs - ok
15:20:13.0578 0488  [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port        C:\Windows\system32\DRIVERS\sbp2port.sys
15:20:13.0594 0488  sbp2port - ok
15:20:13.0625 0488  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
15:20:13.0656 0488  SCardSvr - ok
15:20:13.0672 0488  [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
15:20:13.0734 0488  scfilter - ok
15:20:13.0766 0488  [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule        C:\Windows\system32\schedsvc.dll
15:20:13.0812 0488  Schedule - ok
15:20:13.0875 0488  [ 6011CDF54BB6F4C69F38FACCDAD73D7E ] SCMNdisP        C:\Windows\system32\DRIVERS\scmndisp.sys
15:20:13.0890 0488  SCMNdisP - ok
15:20:13.0937 0488  [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc     C:\Windows\System32\certprop.dll
15:20:13.0968 0488  SCPolicySvc - ok
15:20:13.0984 0488  [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
15:20:14.0046 0488  SDRSVC - ok
15:20:14.0062 0488  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
15:20:14.0109 0488  secdrv - ok
15:20:14.0109 0488  [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon        C:\Windows\system32\seclogon.dll
15:20:14.0140 0488  seclogon - ok
15:20:14.0171 0488  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\system32\sens.dll
15:20:14.0234 0488  SENS - ok
15:20:14.0265 0488  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
15:20:14.0312 0488  SensrSvc - ok
15:20:14.0327 0488  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
15:20:14.0343 0488  Serenum - ok
15:20:14.0358 0488  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
15:20:14.0405 0488  Serial - ok
15:20:14.0421 0488  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
15:20:14.0468 0488  sermouse - ok
15:20:14.0483 0488  [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv      C:\Windows\system32\sessenv.dll
15:20:14.0546 0488  SessionEnv - ok
15:20:14.0561 0488  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\DRIVERS\sffdisk.sys
15:20:14.0608 0488  sffdisk - ok
15:20:14.0624 0488  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\DRIVERS\sffp_mmc.sys
15:20:14.0655 0488  sffp_mmc - ok
15:20:14.0670 0488  [ 178298F767FE638C9FEDCBDEF58BB5E4 ] sffp_sd         C:\Windows\system32\DRIVERS\sffp_sd.sys
15:20:14.0702 0488  sffp_sd - ok
15:20:14.0733 0488  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
15:20:14.0764 0488  sfloppy - ok
15:20:14.0811 0488  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
15:20:14.0858 0488  SharedAccess - ok
15:20:14.0873 0488  [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:20:14.0904 0488  ShellHWDetection - ok
15:20:14.0936 0488  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:20:14.0951 0488  SiSRaid2 - ok
15:20:14.0982 0488  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
15:20:14.0998 0488  SiSRaid4 - ok
15:20:15.0014 0488  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
15:20:15.0060 0488  Smb - ok
15:20:15.0092 0488  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
15:20:15.0138 0488  SNMPTRAP - ok
15:20:15.0154 0488  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
15:20:15.0170 0488  spldr - ok
15:20:15.0185 0488  [ F8E1FA03CB70D54A9892AC88B91D1E7B ] Spooler         C:\Windows\System32\spoolsv.exe
15:20:15.0248 0488  Spooler - ok
15:20:15.0310 0488  [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc          C:\Windows\system32\sppsvc.exe
15:20:15.0419 0488  sppsvc - ok
15:20:15.0435 0488  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
15:20:15.0482 0488  sppuinotify - ok
15:20:15.0497 0488  [ DE6F5658DA951C4BC8E498570B5B0D5F ] srv             C:\Windows\system32\DRIVERS\srv.sys
15:20:15.0528 0488  srv - ok
15:20:15.0575 0488  [ 4D33D59C0B930C523D29F9BD40CDA9D2 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
15:20:15.0606 0488  srv2 - ok
15:20:15.0638 0488  [ 5A663FD67049267BC5C3F3279E631FFB ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
15:20:15.0653 0488  srvnet - ok
15:20:15.0669 0488  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
15:20:15.0716 0488  SSDPSRV - ok
15:20:15.0731 0488  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
15:20:15.0762 0488  SstpSvc - ok
15:20:15.0778 0488  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
15:20:15.0778 0488  stexstor - ok
15:20:15.0794 0488  [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc          C:\Windows\System32\wiaservc.dll
15:20:15.0809 0488  stisvc - ok
15:20:15.0825 0488  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
15:20:15.0825 0488  swenum - ok
15:20:15.0840 0488  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
15:20:15.0872 0488  swprv - ok
15:20:15.0918 0488  [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain         C:\Windows\system32\sysmain.dll
15:20:15.0981 0488  SysMain - ok
15:20:15.0996 0488  [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:20:16.0012 0488  TabletInputService - ok
15:20:16.0043 0488  [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv         C:\Windows\System32\tapisrv.dll
15:20:16.0090 0488  TapiSrv - ok
15:20:16.0090 0488  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
15:20:16.0137 0488  TBS - ok
15:20:16.0184 0488  [ 90A2D722CF64D911879D6C4A4F802A4D ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
15:20:16.0230 0488  Tcpip - ok
15:20:16.0277 0488  [ 90A2D722CF64D911879D6C4A4F802A4D ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
15:20:16.0324 0488  TCPIP6 - ok
15:20:16.0340 0488  [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
15:20:16.0371 0488  tcpipreg - ok
15:20:16.0386 0488  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
15:20:16.0433 0488  TDPIPE - ok
15:20:16.0449 0488  [ E4245BDA3190A582D55ED09E137401A9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
15:20:16.0464 0488  TDTCP - ok
15:20:16.0480 0488  [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
15:20:16.0511 0488  tdx - ok
15:20:16.0605 0488  [ 5624ACD0B7900BEABBD329443A4F4454 ] TeamViewer5     C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
15:20:16.0636 0488  TeamViewer5 - ok
15:20:16.0667 0488  [ F5520DBB47C60EE83024B38720ABDA24 ] teamviewervpn   C:\Windows\system32\DRIVERS\teamviewervpn.sys
15:20:16.0667 0488  teamviewervpn - ok
15:20:16.0683 0488  [ C448651339196C0E869A355171875522 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
15:20:16.0698 0488  TermDD - ok
15:20:16.0730 0488  [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService     C:\Windows\System32\termsrv.dll
15:20:16.0792 0488  TermService - ok
15:20:16.0823 0488  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
15:20:16.0839 0488  Themes - ok
15:20:16.0870 0488  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
15:20:16.0917 0488  THREADORDER - ok
15:20:16.0932 0488  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
15:20:16.0964 0488  TrkWks - ok
15:20:17.0026 0488  [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:20:17.0057 0488  TrustedInstaller - ok
15:20:17.0088 0488  [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
15:20:17.0151 0488  tssecsrv - ok
15:20:17.0166 0488  [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
15:20:17.0213 0488  tunnel - ok
15:20:17.0244 0488  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
15:20:17.0260 0488  uagp35 - ok
15:20:17.0276 0488  [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
15:20:17.0307 0488  udfs - ok
15:20:17.0322 0488  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
15:20:17.0338 0488  UI0Detect - ok
15:20:17.0354 0488  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\DRIVERS\uliagpkx.sys
15:20:17.0354 0488  uliagpkx - ok
15:20:17.0369 0488  [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
15:20:17.0385 0488  umbus - ok
15:20:17.0416 0488  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
15:20:17.0432 0488  UmPass - ok
15:20:17.0447 0488  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
15:20:17.0463 0488  upnphost - ok
15:20:17.0494 0488  [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
15:20:17.0510 0488  USBAAPL64 - ok
15:20:17.0541 0488  [ 77B01BC848298223A95D4EC23E1785A1 ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
15:20:17.0556 0488  usbaudio - ok
15:20:17.0588 0488  [ B26AFB54A534D634523C4FB66765B026 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
15:20:17.0619 0488  usbccgp - ok
15:20:17.0634 0488  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\DRIVERS\usbcir.sys
15:20:17.0681 0488  usbcir - ok
15:20:17.0697 0488  [ 2EA4AFF7BE7EB4632E3AA8595B0803B5 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
15:20:17.0728 0488  usbehci - ok
15:20:17.0759 0488  [ 4C9042B8DF86C1E8E6240C218B99B39B ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
15:20:17.0806 0488  usbhub - ok
15:20:17.0822 0488  [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
15:20:17.0853 0488  usbohci - ok
15:20:17.0868 0488  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
15:20:17.0900 0488  usbprint - ok
15:20:17.0931 0488  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
15:20:17.0946 0488  usbscan - ok
15:20:17.0962 0488  [ 080D3820DA6C046BE82FC8B45A893E83 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:20:17.0993 0488  USBSTOR - ok
15:20:18.0009 0488  [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
15:20:18.0024 0488  usbuhci - ok
15:20:18.0040 0488  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
15:20:18.0087 0488  UxSms - ok
15:20:18.0102 0488  [ 0793F40B9B8A1BDD266296409DBD91EA ] VaultSvc        C:\Windows\system32\lsass.exe
15:20:18.0102 0488  VaultSvc - ok
15:20:18.0134 0488  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\DRIVERS\vdrvroot.sys
15:20:18.0134 0488  vdrvroot - ok
15:20:18.0165 0488  [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds             C:\Windows\System32\vds.exe
15:20:18.0212 0488  vds - ok
15:20:18.0243 0488  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
15:20:18.0258 0488  vga - ok
15:20:18.0274 0488  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
15:20:18.0321 0488  VgaSave - ok
15:20:18.0352 0488  [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp           C:\Windows\system32\DRIVERS\vhdmp.sys
15:20:18.0352 0488  vhdmp - ok
15:20:18.0368 0488  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\DRIVERS\viaide.sys
15:20:18.0368 0488  viaide - ok
15:20:18.0383 0488  [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr          C:\Windows\system32\DRIVERS\volmgr.sys
15:20:18.0399 0488  volmgr - ok
15:20:18.0414 0488  [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
15:20:18.0430 0488  volmgrx - ok
15:20:18.0446 0488  [ 58F82EED8CA24B461441F9C3E4F0BF5C ] volsnap         C:\Windows\system32\DRIVERS\volsnap.sys
15:20:18.0461 0488  volsnap - ok
15:20:18.0477 0488  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
15:20:18.0492 0488  vsmraid - ok
15:20:18.0539 0488  [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS             C:\Windows\system32\vssvc.exe
15:20:18.0617 0488  VSS - ok
15:20:18.0633 0488  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
15:20:18.0648 0488  vwifibus - ok
15:20:18.0695 0488  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
15:20:18.0711 0488  vwififlt - ok
15:20:18.0742 0488  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
15:20:18.0758 0488  vwifimp - ok
15:20:18.0773 0488  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
15:20:18.0804 0488  W32Time - ok
15:20:18.0820 0488  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
15:20:18.0851 0488  WacomPen - ok
15:20:18.0882 0488  [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
15:20:18.0960 0488  WANARP - ok
15:20:18.0960 0488  [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
15:20:18.0976 0488  Wanarpv6 - ok
15:20:19.0023 0488  [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine        C:\Windows\system32\wbengine.exe
15:20:19.0101 0488  wbengine - ok
15:20:19.0116 0488  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
15:20:19.0148 0488  WbioSrvc - ok
15:20:19.0163 0488  [ 8321C2CA3B62B61B293CDA3451984468 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
15:20:19.0194 0488  wcncsvc - ok
15:20:19.0194 0488  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:20:19.0226 0488  WcsPlugInService - ok
15:20:19.0241 0488  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
15:20:19.0257 0488  Wd - ok
15:20:19.0288 0488  [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
15:20:19.0304 0488  Wdf01000 - ok
15:20:19.0319 0488  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
15:20:19.0350 0488  WdiServiceHost - ok
15:20:19.0366 0488  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
15:20:19.0397 0488  WdiSystemHost - ok
15:20:19.0413 0488  [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient       C:\Windows\System32\webclnt.dll
15:20:19.0460 0488  WebClient - ok
15:20:19.0475 0488  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
15:20:19.0506 0488  Wecsvc - ok
15:20:19.0522 0488  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
15:20:19.0584 0488  wercplsupport - ok
15:20:19.0600 0488  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
15:20:19.0647 0488  WerSvc - ok
15:20:19.0662 0488  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
15:20:19.0678 0488  WfpLwf - ok
15:20:19.0694 0488  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
15:20:19.0694 0488  WIMMount - ok
15:20:19.0709 0488  WinDefend - ok
15:20:19.0709 0488  WinHttpAutoProxySvc - ok
15:20:19.0756 0488  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
15:20:19.0772 0488  Winmgmt - ok
15:20:19.0818 0488  [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM           C:\Windows\system32\WsmSvc.dll
15:20:19.0912 0488  WinRM - ok
15:20:19.0959 0488  [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
15:20:19.0990 0488  WinUsb - ok
15:20:20.0052 0488  [ 0F695800783C3F9E577B94BF1E71D95A ] WLANBelkinService C:\Program Files (x86)\Belkin\F7D4101\V1\wlansrv.exe
15:20:20.0068 0488  WLANBelkinService ( UnsignedFile.Multi.Generic ) - warning
15:20:20.0068 0488  WLANBelkinService - detected UnsignedFile.Multi.Generic (1)
15:20:20.0084 0488  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
15:20:20.0146 0488  Wlansvc - ok
15:20:20.0255 0488  [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:20:20.0318 0488  wlidsvc - ok
15:20:20.0333 0488  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
15:20:20.0364 0488  WmiAcpi - ok
15:20:20.0380 0488  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
15:20:20.0427 0488  wmiApSrv - ok
15:20:20.0427 0488  WMPNetworkSvc - ok
15:20:20.0458 0488  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
15:20:20.0489 0488  WPCSvc - ok
15:20:20.0520 0488  [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
15:20:20.0536 0488  WPDBusEnum - ok
15:20:20.0567 0488  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
15:20:20.0614 0488  ws2ifsl - ok
15:20:20.0630 0488  [ 8F9F3969933C02DA96EB0F84576DB43E ] wscsvc          C:\Windows\system32\wscsvc.dll
15:20:20.0676 0488  wscsvc - ok
15:20:20.0676 0488  WSearch - ok
15:20:20.0723 0488  [ 76FBEFAB6677AF9C498116F1AAEA8BDB ] WSWNA3100       C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe
15:20:20.0770 0488  WSWNA3100 ( UnsignedFile.Multi.Generic ) - warning
15:20:20.0770 0488  WSWNA3100 - detected UnsignedFile.Multi.Generic (1)
15:20:20.0832 0488  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
15:20:20.0910 0488  wuauserv - ok
15:20:20.0926 0488  [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
15:20:20.0957 0488  WudfPf - ok
15:20:20.0988 0488  [ 3B197AF0FFF08AA66B6B2241CA538D64 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
15:20:21.0051 0488  WUDFRd - ok
15:20:21.0066 0488  [ B551D6637AA0E132C18AC6E504F7B79B ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
15:20:21.0144 0488  wudfsvc - ok
15:20:21.0160 0488  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
15:20:21.0207 0488  WwanSvc - ok
15:20:21.0300 0488  [ 74983ADDCA2D9618512C088D856D6615 ] {55662437-DA8C-40c0-AADA-2C816A897A49} c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl
15:20:21.0300 0488  {55662437-DA8C-40c0-AADA-2C816A897A49} - ok
15:20:21.0332 0488  ================ Scan global ===============================
15:20:21.0347 0488  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
15:20:21.0363 0488  [ B200DECA2186858595A97FBE63E896CC ] C:\Windows\system32\winsrv.dll
15:20:21.0363 0488  [ B200DECA2186858595A97FBE63E896CC ] C:\Windows\system32\winsrv.dll
15:20:21.0394 0488  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
15:20:21.0410 0488  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
15:20:21.0425 0488  [Global] - ok
15:20:21.0425 0488  ================ Scan MBR ==================================
15:20:21.0425 0488  [ 353F71FFD05627A1E79698548889C581 ] \Device\Harddisk0\DR0
15:20:21.0628 0488  \Device\Harddisk0\DR0 - ok
15:20:21.0628 0488  [ 4606A12AED5E4CE105136C6C9C8EA568 ] \Device\Harddisk1\DR1
15:20:21.0706 0488  \Device\Harddisk1\DR1 - ok
15:20:21.0722 0488  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk2\DR2
15:20:22.0689 0488  \Device\Harddisk2\DR2 - ok
15:20:22.0689 0488  ================ Scan VBR ==================================
15:20:22.0704 0488  [ CD4044DC58EE61929C177AF7FA813318 ] \Device\Harddisk0\DR0\Partition1
15:20:22.0704 0488  \Device\Harddisk0\DR0\Partition1 - ok
15:20:22.0720 0488  [ 5FA5CDF5485FB8FD38C82997B94A4E67 ] \Device\Harddisk0\DR0\Partition2
15:20:22.0720 0488  \Device\Harddisk0\DR0\Partition2 - ok
15:20:22.0736 0488  [ CF22E3603587FC318B0C0F172036F534 ] \Device\Harddisk0\DR0\Partition3
15:20:22.0751 0488  \Device\Harddisk0\DR0\Partition3 - ok
15:20:22.0751 0488  [ D2081CB93FE1B3D64A5AAAF7417E4E7A ] \Device\Harddisk1\DR1\Partition1
15:20:22.0751 0488  \Device\Harddisk1\DR1\Partition1 - ok
15:20:22.0751 0488  [ 24C33367AF2B127B146B79558F096340 ] \Device\Harddisk2\DR2\Partition1
15:20:22.0751 0488  \Device\Harddisk2\DR2\Partition1 - ok
15:20:22.0751 0488  ============================================================
15:20:22.0751 0488  Scan finished
15:20:22.0751 0488  ============================================================
15:20:22.0767 5972  Detected object count: 6
15:20:22.0767 5972  Actual detected object count: 6
15:20:32.0439 5972  AdobeActiveFileMonitor5.0 ( UnsignedFile.Multi.Generic ) - skipped by user
15:20:32.0439 5972  AdobeActiveFileMonitor5.0 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:20:32.0439 5972  CCALib8 ( UnsignedFile.Multi.Generic ) - skipped by user
15:20:32.0439 5972  CCALib8 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:20:32.0439 5972  HP Health Check Service ( UnsignedFile.Multi.Generic ) - skipped by user
15:20:32.0439 5972  HP Health Check Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:20:32.0439 5972  LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
15:20:32.0439 5972  LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:20:32.0439 5972  WLANBelkinService ( UnsignedFile.Multi.Generic ) - skipped by user
15:20:32.0439 5972  WLANBelkinService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:20:32.0439 5972  WSWNA3100 ( UnsignedFile.Multi.Generic ) - skipped by user
15:20:32.0439 5972  WSWNA3100 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:23:20.0129 3112  Deinitialize success
         
Avira ist fertig:

Code:
ATTFilter

Avira Free Antivirus
Report file date: Freitag, 25. Jänner 2013  16:17

Scanning for 4721264 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available.

Licensee        : Avira Free Antivirus
Serial number   : 0000149996-ADJIE-0000001
Platform        : Windows 7 Home Premium
Windows version : (plain)  [6.1.7600]
Boot mode       : Normally booted
Username        : HP Berlin
Computer name   : HPBERLIN-PC

Version information:
BUILD.DAT       : 12.0.0.1125          Bytes  02.05.2012 17:40:00
AVSCAN.EXE      : 12.3.0.15     466896 Bytes  01.05.2012 22:48:51
AVSCAN.DLL      : 12.3.0.15      54736 Bytes  02.05.2012 13:31:39
LUKE.DLL        : 12.3.0.15      68304 Bytes  01.05.2012 23:31:47
AVSCPLR.DLL     : 12.3.0.14      97032 Bytes  01.05.2012 22:13:36
AVREG.DLL       : 12.3.0.17     232200 Bytes  20.06.2012 11:28:33
VBASE000.VDF    : 7.10.0.0    19875328 Bytes  06.11.2009 18:18:34
VBASE001.VDF    : 7.11.0.0    13342208 Bytes  14.12.2010 23:23:21
VBASE002.VDF    : 7.11.19.170 14374912 Bytes  20.12.2011 23:32:24
VBASE003.VDF    : 7.11.21.238  4472832 Bytes  01.02.2012 09:58:50
VBASE004.VDF    : 7.11.26.44   4329472 Bytes  28.03.2012 10:43:53
VBASE005.VDF    : 7.11.34.116  4034048 Bytes  29.06.2012 17:36:28
VBASE006.VDF    : 7.11.41.250  4902400 Bytes  06.09.2012 17:54:49
VBASE007.VDF    : 7.11.50.230  3904512 Bytes  22.11.2012 18:23:18
VBASE008.VDF    : 7.11.55.142  2214912 Bytes  03.01.2013 16:56:09
VBASE009.VDF    : 7.11.55.143     2048 Bytes  03.01.2013 16:56:09
VBASE010.VDF    : 7.11.55.144     2048 Bytes  03.01.2013 16:56:09
VBASE011.VDF    : 7.11.55.145     2048 Bytes  03.01.2013 16:56:09
VBASE012.VDF    : 7.11.55.146     2048 Bytes  03.01.2013 16:56:09
VBASE013.VDF    : 7.11.55.196   260096 Bytes  04.01.2013 16:56:09
VBASE014.VDF    : 7.11.56.23    206848 Bytes  07.01.2013 17:58:57
VBASE015.VDF    : 7.11.56.83    186880 Bytes  08.01.2013 17:58:58
VBASE016.VDF    : 7.11.56.145   135168 Bytes  09.01.2013 18:55:14
VBASE017.VDF    : 7.11.56.211   139776 Bytes  11.01.2013 18:55:15
VBASE018.VDF    : 7.11.57.11    153088 Bytes  13.01.2013 18:55:14
VBASE019.VDF    : 7.11.57.75    165888 Bytes  15.01.2013 18:55:34
VBASE020.VDF    : 7.11.57.163   190976 Bytes  17.01.2013 18:55:15
VBASE021.VDF    : 7.11.57.219   119808 Bytes  18.01.2013 18:55:14
VBASE022.VDF    : 7.11.58.7     167936 Bytes  21.01.2013 18:55:25
VBASE023.VDF    : 7.11.58.49    140288 Bytes  22.01.2013 18:55:24
VBASE024.VDF    : 7.11.58.119   137728 Bytes  24.01.2013 18:55:27
VBASE025.VDF    : 7.11.58.120     2048 Bytes  24.01.2013 18:55:27
VBASE026.VDF    : 7.11.58.121     2048 Bytes  24.01.2013 18:55:27
VBASE027.VDF    : 7.11.58.122     2048 Bytes  24.01.2013 18:55:27
VBASE028.VDF    : 7.11.58.123     2048 Bytes  24.01.2013 18:55:27
VBASE029.VDF    : 7.11.58.124     2048 Bytes  24.01.2013 18:55:28
VBASE030.VDF    : 7.11.58.125     2048 Bytes  24.01.2013 18:55:28
VBASE031.VDF    : 7.11.58.140    27136 Bytes  24.01.2013 18:55:28
Engine version  : 8.2.10.238
AEVDF.DLL       : 8.1.2.10      102772 Bytes  11.07.2012 14:40:48
AESCRIPT.DLL    : 8.1.4.84      467322 Bytes  24.01.2013 18:55:32
AESCN.DLL       : 8.1.10.0      131445 Bytes  13.12.2012 19:30:20
AESBX.DLL       : 8.2.5.12      606578 Bytes  20.06.2012 11:28:32
AERDL.DLL       : 8.2.0.88      643444 Bytes  10.01.2013 18:55:19
AEPACK.DLL      : 8.3.1.2       819574 Bytes  20.12.2012 19:30:15
AEOFFICE.DLL    : 8.1.2.50      201084 Bytes  05.11.2012 18:14:21
AEHEUR.DLL      : 8.1.4.182    5706104 Bytes  24.01.2013 18:55:31
AEHELP.DLL      : 8.1.25.2      258423 Bytes  14.10.2012 20:03:03
AEGEN.DLL       : 8.1.6.16      434549 Bytes  24.01.2013 18:55:28
AEEXP.DLL       : 8.3.0.14      188788 Bytes  24.01.2013 18:55:32
AEEMU.DLL       : 8.1.3.2       393587 Bytes  11.07.2012 14:40:41
AECORE.DLL      : 8.1.30.0      201079 Bytes  13.12.2012 19:30:19
AEBB.DLL        : 8.1.1.4        53619 Bytes  05.11.2012 18:14:17
AVWINLL.DLL     : 12.3.0.15      27344 Bytes  01.05.2012 22:59:21
AVPREF.DLL      : 12.3.0.15      51920 Bytes  01.05.2012 22:44:31
AVREP.DLL       : 12.3.0.15     179208 Bytes  01.05.2012 22:13:35
AVARKT.DLL      : 12.3.0.15     211408 Bytes  01.05.2012 22:21:32
AVEVTLOG.DLL    : 12.3.0.15     169168 Bytes  01.05.2012 22:28:49
SQLITE3.DLL     : 3.7.0.1       398288 Bytes  16.04.2012 21:11:02
AVSMTP.DLL      : 12.3.0.15      63440 Bytes  01.05.2012 22:51:35
NETNT.DLL       : 12.3.0.15      17104 Bytes  01.05.2012 23:33:29
RCIMAGE.DLL     : 12.3.0.15    4450000 Bytes  02.05.2012 00:03:52
RCTEXT.DLL      : 12.3.0.15      96720 Bytes  02.05.2012 13:40:44

Configuration settings for the scan:
Jobname.............................: Manual Selection
Configuration file..................: C:\ProgramData\Avira\AntiVir Desktop\PROFILES\folder.avp
Logging.............................: default
Primary action......................: Interactive
Secondary action....................: Ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, 
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: Intelligent file selection
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: Complete
Deviating risk categories...........: +PCK,+PFS,+SPR,

Start of the scan: Freitag, 25. Jänner 2013  16:17

Starting master boot sector scan:
Master boot sector HD0
    [INFO]      No virus was found!
    [INFO]      Please restart the search with Administrator rights
Master boot sector HD1
    [INFO]      No virus was found!
    [INFO]      Please restart the search with Administrator rights
Master boot sector HD2
    [INFO]      No virus was found!
    [INFO]      Please restart the search with Administrator rights
Master boot sector HD3
    [INFO]      No virus was found!
Master boot sector HD4
    [INFO]      No virus was found!
Master boot sector HD5
    [INFO]      No virus was found!
Master boot sector HD6
    [INFO]      No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
    [INFO]      No virus was found!
    [INFO]      Please restart the search with Administrator rights
C:\Program Files (x86)\Handbrake\uninst.exe
  [WARNING]   Invalid end of file

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'recordingmanager.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'wlcomm.exe' - '1' Module(s) have been scanned
Scan process 'wlmail.exe' - '1' Module(s) have been scanned
Scan process 'brpjp04a.exe' - '1' Module(s) have been scanned
Scan process 'CLMLSvc.exe' - '1' Module(s) have been scanned
Scan process 'DVDAgent.exe' - '1' Module(s) have been scanned
Scan process 'Brnipmon.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'spamihilator.exe' - '1' Module(s) have been scanned
Scan process 'PBN.exe' - '1' Module(s) have been scanned
Scan process 'tvtip.exe' - '1' Module(s) have been scanned
  Module is OK -> <C:\Programme\TV Movie ClickFinder\tvtip.exe>
  [WARNING]   The file could not be opened!
  [NOTE]      The file does not exist!
  [NOTE]      Process 'tvtip.exe' was terminated
Scan process 'WNA3100.exe' - '1' Module(s) have been scanned
Scan process 'MSOSYNC.EXE' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned

Starting the file scan:

Begin scan in 'C:\' <HP>
C:\Program Files (x86)\Handbrake\uninst.exe
  [WARNING]   Invalid end of file
C:\Users\HP Berlin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\11C4WIHN\tvbilder-001-20130125[1].cftv
  [WARNING]   The file is password protected
C:\Users\HP Berlin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\11C4WIHN\tvbilder-002-20130207[1].cftv
  [WARNING]   The file is password protected
C:\Users\HP Berlin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\11C4WIHN\tvbilder-006-20130203[1].cftv
  [WARNING]   The file is password protected
C:\Users\HP Berlin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\11C4WIHN\tvbilder-010-20130207[1].cftv
  [WARNING]   The file is password protected
C:\Users\HP Berlin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\11C4WIHN\tvbilder-109-20130206[1].cftv
  [WARNING]   The file is password protected
C:\Users\HP Berlin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\11C4WIHN\tvbilder-190-20130207[1].cftv
  [WARNING]   The file is password protected
C:\Users\HP Berlin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\11C4WIHN\tvbilder-511-20130207[1].cftv
  [WARNING]   The file is password protected
C:\Users\HP Berlin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\11C4WIHN\tvbilder-541-20130129[1].cftv
  [WARNING]   The file is password protected
C:\Users\HP Berlin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\11C4WIHN\tvbilder-565-20130207[1].cftv
  [WARNING]   The file is password protected
C:\Users\HP Berlin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\11C4WIHN\tvbilder-593-20130207[1].cftv
  [WARNING]   The file is password protected
C:\Users\HP Berlin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\11C4WIHN\tvbilder-625-20130201[1].cftv
  [WARNING]   The file is password protected
C:\Users\HP Berlin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\11C4WIHN\tvbilder-625-20130207[1].cftv
  [WARNING]   The file is password protected
C:\Users\HP Berlin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\11C4WIHN\tvbilder-671-20130207[1].cftv
  [WARNING]   The file is password protected
C:\Users\HP Berlin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\11C4WIHN\tvbilder-672-20130207[1].cftv
  [WARNING]   The file is password protected
C:\Users\HP Berlin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\11C4WIHN\tvdaten-premium-038[1].cftv
  [WARNING]   The file is password protected
C:\Users\HP Berlin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\11C4WIHN\tvdaten-premium-118[1].cftv
  [WARNING]   The file is password protected
C:\Users\HP Berlin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\11C4WIHN\tvdaten-premium-206[1].cftv
  [WARNING]   The file is password protected
C:\Users\HP Berlin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\11C4WIHN\tvdaten-premium-512[1].cftv
  [WARNING]   The file is password protected
C:\Users\HP Berlin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\11C4WIHN\tvdaten-premium-513[1].cftv
  [WARNING]   The file is password protected
C:\Users\HP Berlin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\11C4WIHN\tvdaten-premium-583[1].cftv
  [WARNING]   The file is password protected
C:\Users\HP Berlin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\11C4WIHN\tvdaten-premium-621[1].cftv
  [WARNING]   The file is password protected
C:\Users\HP Berlin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\11C4WIHN\tvdaten-premium-663[1].cftv
  [WARNING]   The file is password protected
C:\Users\HP Berlin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\11C4WIHN\tvdaten-premium-675[1].cftv
  [WARNING]   The file is password protected
C:\Users\HP Berlin\AppData\Local\Microsoft\Windows Live Mail\Kobel (kons 51a\Sent Items\125228EB-000006CE.eml
  [WARNING]   The file is password protected
C:\Users\HP Berlin\AppData\Local\Microsoft\Windows Live Mail\Kobel (kons 51a\Sent Items\16DB4C5D-0000070F.eml
  [WARNING]   The file is password protected
C:\Users\HP Berlin\AppData\Local\Microsoft\Windows Live Mail\Kobel (kons 51a\Sent Items\79F22B86-0000070D.eml
  [WARNING]   The file is password protected
C:\Users\HP Berlin\AppData\Roaming\Apple Computer\MobileSync\Backup\7720b8c952392fc87ea77801483cf6b01eb02f98-20110907-220740\0a9ce9b42efcbc7aa54ffebe58bb82cd080a1696
  [WARNING]   The file is password protected
C:\Users\HP Berlin\AppData\Roaming\Apple Computer\MobileSync\Backup\7720b8c952392fc87ea77801483cf6b01eb02f98-20110907-220740\85cc27fbce264aadfdab8fc9e618d3429ee24940
  [WARNING]   The file is password protected
C:\Users\HP Berlin\AppData\Roaming\Apple Computer\MobileSync\Backup\7720b8c952392fc87ea77801483cf6b01eb02f98-20111113-171954\0a9ce9b42efcbc7aa54ffebe58bb82cd080a1696
  [WARNING]   The file is password protected
C:\Users\HP Berlin\AppData\Roaming\Apple Computer\MobileSync\Backup\7720b8c952392fc87ea77801483cf6b01eb02f98-20111113-171954\85cc27fbce264aadfdab8fc9e618d3429ee24940
  [WARNING]   The file is password protected
C:\Users\HP Berlin\AppData\Roaming\Apple Computer\MobileSync\Backup\7720b8c952392fc87ea77801483cf6b01eb02f98-20111113-175130\0a9ce9b42efcbc7aa54ffebe58bb82cd080a1696
  [WARNING]   The file is password protected
C:\Users\HP Berlin\AppData\Roaming\Apple Computer\MobileSync\Backup\7720b8c952392fc87ea77801483cf6b01eb02f98-20111113-175130\85cc27fbce264aadfdab8fc9e618d3429ee24940
  [WARNING]   The file is password protected
C:\Users\HP Berlin\AppData\Roaming\Apple Computer\MobileSync\Backup\7720b8c952392fc87ea77801483cf6b01eb02f98-20111113-181205\0a9ce9b42efcbc7aa54ffebe58bb82cd080a1696
  [WARNING]   The file is password protected
C:\Users\HP Berlin\AppData\Roaming\Apple Computer\MobileSync\Backup\7720b8c952392fc87ea77801483cf6b01eb02f98-20111113-181205\85cc27fbce264aadfdab8fc9e618d3429ee24940
  [WARNING]   The file is password protected
C:\Users\HP Berlin\AppData\Roaming\Apple Computer\MobileSync\Backup\dc11c0ccf27644db194fc798c077d27af5b38f49\0a9ce9b42efcbc7aa54ffebe58bb82cd080a1696
  [WARNING]   The file is password protected
C:\Users\HP Berlin\AppData\Roaming\Apple Computer\MobileSync\Backup\dc11c0ccf27644db194fc798c077d27af5b38f49\85cc27fbce264aadfdab8fc9e618d3429ee24940
  [WARNING]   The file is password protected
C:\Users\HP Berlin\AppData\Roaming\Spamihilator\messages\0000011301.msg
  [0] Archive type: MIME
  --> Download het formulier.html
      [DETECTION] Contains recognition pattern of the PHISH/PayPal.DU phishing file/email
C:\Users\HP Berlin\AppData\Roaming\Spamihilator\messages\0000011391.msg
  [0] Archive type: MIME
  --> Efax_Corporate.htm
      [DETECTION] Contains recognition pattern of the HTML/Redir.EB.8 HTML script virus
C:\Users\HP Berlin\Downloads\avira_free_antivirus_en.exe
  [WARNING]   The file is password protected
C:\Users\HP Berlin\Downloads\avira_free_antivirus_en2012.exe
  [WARNING]   The file is password protected
C:\Users\HP Berlin\Downloads\iPhone2,1_4.0_8A293_Restore.zip
  [WARNING]   Invalid compressed data
C:\Users\HP Berlin\Music\iTunes\iTunes Media\Mobile Applications\CubeMaze 1.0.ipa
  [WARNING]   The file is password protected
C:\Users\HP Berlin\Music\iTunes\iTunes Media\Mobile Applications\Graz Touch 1.0 1.ipa
  [WARNING]   Possible archive bomb: the maximum unpack size has been reached.
C:\Windows\SoftwareDistribution\Download\044b75a9933a066fe2c94660a1436533\BITDBAA.tmp
  [WARNING]   No further files can be extracted from this archive. The archive will be closed
C:\Windows\SoftwareDistribution\Download\a9520bb77cd0ee0b6665b8f795e49beb\BITEB75.tmp
  [WARNING]   No further files can be extracted from this archive. The archive will be closed
C:\Windows\SoftwareDistribution\Download\ba409842c7b3a802bd8c413fad78027a\BITE09F.tmp
  [WARNING]   Invalid compressed data
C:\Windows\SoftwareDistribution\Download\bf14795a62e8af76f4b31f9b6a358abb\BITD62A.tmp
  [WARNING]   No further files can be extracted from this archive. The archive will be closed
C:\Windows\SoftwareDistribution\Download\c6f0f2de850502132a245b023b1f92f3\BITE806.tmp
  [WARNING]   No further files can be extracted from this archive. The archive will be closed
C:\Windows\SoftwareDistribution\Download\c8287a0e7781ce3ea6ab559e9e350639\BITDC86.tmp
  [WARNING]   No further files can be extracted from this archive. The archive will be closed
C:\Windows\SoftwareDistribution\Download\cdc8c829f02b1b4d5d3261ff549c4bcf\BITDE00.tmp
  [WARNING]   No further files can be extracted from this archive. The archive will be closed
C:\Windows\SoftwareDistribution\Download\ec0520ea2782b9e5ef3a9768e55fa20f\BITE72A.tmp
  [WARNING]   No further files can be extracted from this archive. The archive will be closed

Beginning disinfection:
C:\Users\HP Berlin\AppData\Roaming\Spamihilator\messages\0000011391.msg
  [DETECTION] Contains recognition pattern of the HTML/Redir.EB.8 HTML script virus
  [NOTE]      The file was moved to the quarantine directory under the name '57fa56ca.qua'.
C:\Users\HP Berlin\AppData\Roaming\Spamihilator\messages\0000011301.msg
  [DETECTION] Contains recognition pattern of the PHISH/PayPal.DU phishing file/email
  [NOTE]      The file was moved to the quarantine directory under the name '4f6d796d.qua'.


End of the scan: Freitag, 25. Jänner 2013  22:24
Used time:  5:13:27 Hour(s)

The scan has been done completely.

  57223 Scanned directories
 2685233 Files were scanned
      2 Viruses and/or unwanted programs were found
      0 Files were classified as suspicious
      0 Files were deleted
      0 Viruses and unwanted programs were repaired
      2 Files were moved to quarantine
      0 Files were renamed
      1 Files cannot be scanned
 2685230 Files not concerned
 154167 Archives were scanned
     52 Warnings
      3 Notes
         
__________________


Alt 26.01.2013, 09:07   #3
t'john
/// Helfer-Team
 
win 7 plötzlich seeehr langsam, html/redir.eb.8 - Standard

win 7 plötzlich seeehr langsam, html/redir.eb.8





Das sind SPAM Mails, harmlos.

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).



danach:

Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Entpacke das Archiv auf deinem Desktop.
  • Im neu erstellten Ordner starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________
__________________

Alt 26.01.2013, 10:21   #4
shopgirl86
 
win 7 plötzlich seeehr langsam, html/redir.eb.8 - Standard

win 7 plötzlich seeehr langsam, html/redir.eb.8



hallo t'john,

danke, dass du dich meines problems annimmst :-)

here das logfile vom adwcleaner:
Code:
ATTFilter
# AdwCleaner v2.108 - Datei am 26/01/2013 um 09:41:52 erstellt
# Aktualisiert am 24/01/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium  (64 bits)
# Benutzer : HP Berlin - HPBERLIN-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\HP Berlin\Downloads\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\Users\HP Berlin\AppData\Roaming\OpenCandy

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16455

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v18.0.1 (de)

Datei : C:\Users\HP Berlin\AppData\Roaming\Mozilla\Firefox\Profiles\13la5nka.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [1620 octets] - [23/11/2012 22:07:43]
AdwCleaner[R2].txt - [1549 octets] - [26/01/2013 09:40:06]
AdwCleaner[S1].txt - [1172 octets] - [26/11/2012 10:11:31]
AdwCleaner[S2].txt - [1323 octets] - [26/01/2013 09:41:52]

########## EOF - C:\AdwCleaner[S2].txt - [1383 octets] ##########
         

mbar log:
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.01.0.1016
www.malwarebytes.org

Database version: v2013.01.26.04

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
HP Berlin :: HPBERLIN-PC [administrator]

26.01.2013 10:10:07
mbar-log-2013-01-26 (10-10-07).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 33000
Time elapsed: 11 minute(s), 23 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         
und jetzt? ganz fit scheint er noch nicht zu sein.

danke,
shopgirl

hm, nach dem neustart ist das win7 hochgefahren, aber nach auswahl des kontos wurde er bald schwarz (wann, weiß ich nicht). abschalten, nochmal hochfahren, hat geklappt, aber er lädt die programme noch immer sehr langsam. wenigstens kann ich inzwischen normal schreiben, das ging vorher auch nicht, da hat er immer jede menge buchstaben "verschluckt".

ich habe den eindruck, dass es ihn immer beutelt, wenn ich einen prozess das erste mal starte bzw. einen vorgang das erste mal mache, zb. favoriten aufrufen oder systemsteuerung, das zieht sich beim ersten mal, beim zweiten mal geht es dann.

ich mach mal eine datenträgerbereinigung.

naja, manche sachen gehen schnell, andere langsam. die meisten langsam, auch zb. neue internettabs/-seiten aufzurufen dauert oft ewig, da kommt schon die rückmeldung, dass die seite nicht reagiert. word und excel gehen schnell auf, firefox schafft es irgendwie gar nicht, iexplorer geht einigermaßen. sidebar von windows braucht lange, phase 6 abruferinnerung geht sofort auf. usw.

Geändert von shopgirl86 (26.01.2013 um 10:53 Uhr)

Alt 26.01.2013, 11:21   #5
t'john
/// Helfer-Team
 
win 7 plötzlich seeehr langsam, html/redir.eb.8 - Standard

win 7 plötzlich seeehr langsam, html/redir.eb.8



Bitte mal ausfuehren:
http://www.trojaner-board.de/72874-s...eparieren.html

Danach:
- neustarten
nochmal versuchen

__________________
Mfg, t'john
Das TB unterstützen

Alt 26.01.2013, 12:03   #6
shopgirl86
 
win 7 plötzlich seeehr langsam, html/redir.eb.8 - Standard

win 7 plötzlich seeehr langsam, html/redir.eb.8



hi,

ich hab das jetzt gemacht, er hat einiges repariert, aber das problem ist noch da, er braucht sehr lange, um einen vorgang das erste mal zu starten. geht meine festplatte oder was anderes ein?

das logfile kann ich grad nicht posten, weil es so lange ist, dass der browser/pc das nicht schafft. soll ich nur die einträge von heute reinkopieren?

ich lass es gerade noch einmal laufen.

danke,
shopgirl

Alt 26.01.2013, 12:06   #7
t'john
/// Helfer-Team
 
win 7 plötzlich seeehr langsam, html/redir.eb.8 - Standard

win 7 plötzlich seeehr langsam, html/redir.eb.8



Mache mal ein Screenshot von: CrystalDiskInfo - Download - Filepony

und von: Open Hardware Monitor - Download - Filepony oder HWMonitor - Temperatur und Voltage Tool
__________________
Mfg, t'john
Das TB unterstützen

Alt 26.01.2013, 12:29   #8
shopgirl86
 
win 7 plötzlich seeehr langsam, html/redir.eb.8 - Standard

win 7 plötzlich seeehr langsam, html/redir.eb.8



hallo,

hier mal die screenshots:







Danke,
shopgirl

das ist wirklich sehr seltsam. ich kann zb mit der ganz normalen geschwindigkeit bilder bearbeiten. aber eine neue internetseite aufrufen kann dauern.

Alt 27.01.2013, 15:29   #9
t'john
/// Helfer-Team
 
win 7 plötzlich seeehr langsam, html/redir.eb.8 - Standard

win 7 plötzlich seeehr langsam, html/redir.eb.8



Laut der Diagnose haben deine Platten bereits fehlerhafte Sektoren.
Du solltest dich bald um Ersatz kuemmern.



Hast du Firefox mal deinstalliert und mal neu installiert?


Windows Repair Tool (AIO)

  • Downloade Windows repair tool
  • Entpacke das Zip und starte Repair_Windows.exe
  • Klicke auf Start repairs Tab dann: Start

    folgende Punkte auswählen

    Register System Files
    Repair WMI
    Repair Windows Firewall
    Repair Internet Explorer
    Repair Winsock & DNS Cache
    Remove Temp Files
    Repair Proxy Settings
    Set Windows Services To Default Startup


    Auswählen: Restart System When Finished
    Dann Start Button klicken.
__________________
Mfg, t'john
Das TB unterstützen

Alt 26.03.2013, 04:34   #10
t'john
/// Helfer-Team
 
win 7 plötzlich seeehr langsam, html/redir.eb.8 - Standard

win 7 plötzlich seeehr langsam, html/redir.eb.8



Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html


Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.
__________________
Mfg, t'john
Das TB unterstützen

Alt 26.03.2013, 09:56   #11
shopgirl
 
win 7 plötzlich seeehr langsam, html/redir.eb.8 - Standard

win 7 plötzlich seeehr langsam, html/redir.eb.8



hallo,
danke für die erinnerung.
es gibt keine probleme, aber ich mussten den pc kurz danach - aus anderen gründen - komplett neu aufsetzen, daher war ich damit beschäftigt ;-)
danke für die hilfe nocheinmal!
shopgirl

Antwort

Themen zu win 7 plötzlich seeehr langsam, html/redir.eb.8
7-zip, antivir, audacity, bho, bonjour, canon, converter, desktop, firefox, flash player, hijack, hijackthis, home, html/infected.webpage.gen2, html/redir.eb.8, iexplore.exe, langsam, netgear, nexus, nodrives, object, phish/paypal.du, pixel, plug-in, realtek, registry, security, sketchup, software, svchost.exe, warnung




Ähnliche Themen: win 7 plötzlich seeehr langsam, html/redir.eb.8


  1. Vista-Laptop ist seeehr langsam geworden
    Log-Analyse und Auswertung - 02.12.2014 (15)
  2. Internet plötzlich langsam
    Plagegeister aller Art und deren Bekämpfung - 14.08.2014 (17)
  3. PC plötzlich langsam
    Alles rund um Windows - 29.01.2014 (5)
  4. Neuer Pc Internet seeehr langsam
    Alles rund um Windows - 07.11.2013 (0)
  5. funmoods - PC plötzlich langsam -
    Log-Analyse und Auswertung - 14.01.2013 (19)
  6. Netbook seeehr langsam, Windows-Update funktioniert nicht
    Log-Analyse und Auswertung - 17.02.2012 (17)
  7. Pc ist plötzlich langsam.
    Log-Analyse und Auswertung - 05.01.2011 (1)
  8. Rechner seeehr langsam im Seitenaufbau / Internetverbindung
    Log-Analyse und Auswertung - 09.11.2009 (0)
  9. Pc plötzlich langsam
    Log-Analyse und Auswertung - 05.09.2009 (3)
  10. PC plötzlich seeehr langsam
    Log-Analyse und Auswertung - 29.06.2009 (0)
  11. pc plötzlich langsam
    Mülltonne - 16.12.2008 (0)
  12. Laptop plötzlich langsam
    Log-Analyse und Auswertung - 08.12.2008 (0)
  13. System seeehr langsam - Bitte um Einsicht der Logfile
    Log-Analyse und Auswertung - 05.12.2008 (0)
  14. XP plötzlich extrem langsam
    Log-Analyse und Auswertung - 02.10.2008 (1)
  15. Internet und Pc plötzlich langsam
    Log-Analyse und Auswertung - 29.12.2007 (0)
  16. Computer plötzlich langsam !!
    Log-Analyse und Auswertung - 07.05.2007 (3)
  17. PC plötzlich langsam!
    Log-Analyse und Auswertung - 06.05.2007 (6)

Zum Thema win 7 plötzlich seeehr langsam, html/redir.eb.8 - hallo, es ist freitag und mein pc hat wieder mal ein problem. seit heute früh ist er plötzlich seeehr langsam, die programme brauchen ewig zum öffnen, die browserseiten auch, zwischendurch - win 7 plötzlich seeehr langsam, html/redir.eb.8...
Archiv
Du betrachtest: win 7 plötzlich seeehr langsam, html/redir.eb.8 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.