Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Schwarzer Bildschirm nach Windows-Anmeldung

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 06.02.2013, 08:35   #1
Hr_Holsten
 
Schwarzer Bildschirm nach Windows-Anmeldung - Standard

Schwarzer Bildschirm nach Windows-Anmeldung



Guten Morgen liebes Forum,

seit 3 Tagen habe ich folgendes Problem: (Notebook mit Windows Vista)
Nach dem Ausführen einer AVI-Datei wurde plötzlich der Bildschirm schwarz und man konnte auch mit Strg alt entf. nicht mehr reagieren. Nach dem Ausschalten des Notebooks und einem Neustart fuhr das Notebook bis zur Windows-Anmeldung ganz normal hoch, bis man eine. Benutzer zur Anmeldung auswählt. Nach Auswahl eines Nutzers (egal welcher Benutzer) erscheint ein schwarzer Bildschirm und man kann erneut nicht reagieren.
Der abgesicherte Modus lässt sich starten, einen Avira- und Malaware-suchlauf habe ich ohne Befund durchgeführt - eine Systemwiederherstellung ist nicht möglich, da sich das Programm nicht öffnen lässt, es kommt kurz der runde Kreis, das Programm startet jedoch nicht. Zudem ist das Sicherheitscenter deaktivier und lässt sich auch nicht wieder aktivieren.
Habt ihr vielleicht eine Idee, worum es sich hierbei handeln könnte, bzw. wie man das Problem beseitigen kann?
Vielen Dank für eure Unterstützung vorab!!!

Alt 06.02.2013, 11:30   #2
markusg
/// Malware-holic
 
Schwarzer Bildschirm nach Windows-Anmeldung - Standard

Schwarzer Bildschirm nach Windows-Anmeldung



hi

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________

Alt 07.02.2013, 06:29   #3
Hr_Holsten
 
Schwarzer Bildschirm nach Windows-Anmeldung - Standard

Schwarzer Bildschirm nach Windows-Anmeldung



Hallo Markus,

vielen Dank für deine schnelle Rückmeldung!!! Anbei die Protokolle:

OTL.TxtOTL Logfile:
Code:
ATTFilter
OTL logfile created on: 06.02.2013 22:46:24 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Matze\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,97 Gb Total Physical Memory | 2,27 Gb Available Physical Memory | 76,57% Memory free
6,13 Gb Paging File | 5,74 Gb Available in Paging File | 93,67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 289,06 Gb Total Space | 90,14 Gb Free Space | 31,19% Space Free | Partition Type: NTFS
Drive D: | 55,27 Gb Total Space | 27,08 Gb Free Space | 48,99% Space Free | Partition Type: NTFS
Drive E: | 9,03 Gb Total Space | 1,65 Gb Free Space | 18,28% Space Free | Partition Type: NTFS
Drive G: | 170,90 Gb Total Space | 75,59 Gb Free Space | 44,23% Space Free | Partition Type: NTFS
Drive J: | 42,04 Gb Total Space | 10,53 Gb Free Space | 25,04% Space Free | Partition Type: NTFS
Drive K: | 29,88 Gb Total Space | 16,12 Gb Free Space | 53,97% Space Free | Partition Type: NTFS
 
Computer Name: MATZE | User Name: Matze | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.02.06 22:15:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Matze\Downloads\OTL.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
 
 
========== Services (SafeList) ==========
 
SRV - [2013.01.21 06:33:28 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.12.23 12:10:10 | 000,541,760 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.12.04 15:38:05 | 000,565,024 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2012.12.04 12:13:51 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.12.04 12:04:24 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.09.20 13:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011.05.24 09:33:30 | 001,840,128 | ---- | M] (MAGIX AG) [Auto | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2011.04.26 12:54:12 | 002,702,848 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2008.10.24 16:35:44 | 000,128,296 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe -- (AAV UpdateService)
SRV - [2008.09.11 11:52:52 | 000,237,650 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\stacsv.exe -- (STacSV)
SRV - [2008.06.27 15:53:08 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\AEstSrv.exe -- (AESTFilters)
SRV - [2008.04.26 00:15:26 | 000,361,808 | ---- | M] () [Auto | Stopped] -- C:\Windows\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008.02.03 11:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Stopped] -- C:\Windows\System32\ezsvc7.dll -- (ezSharedSvc)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\UIUSYS.SYS -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\netaapl.sys -- (Netaapl)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btwrchid.sys -- (btwrchid)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\btwavdt.sys -- (btwavdt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\btwaudio.sys -- (btwaudio)
DRV - [2012.11.27 10:01:26 | 000,083,944 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.11.22 15:51:13 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012.11.22 15:50:51 | 000,134,336 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.08.27 14:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2011.11.25 19:46:31 | 000,101,376 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\ACEDRV07.sys -- (ACEDRV07)
DRV - [2011.11.19 11:37:28 | 000,081,408 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\SSHDRV86.sys -- (SSHDRV86)
DRV - [2011.05.13 18:57:42 | 000,025,656 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hpdskflt.sys -- (hpdskflt)
DRV - [2011.05.13 18:57:20 | 000,035,896 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2009.10.03 06:02:06 | 009,905,096 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009.08.02 16:22:48 | 000,716,272 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2009.07.06 14:33:40 | 000,015,616 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hcw95rc.sys -- (hcw95rc)
DRV - [2009.07.06 14:30:58 | 000,573,440 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hcw95bda.sys -- (hcw95bda)
DRV - [2009.04.08 14:26:16 | 000,040,560 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hotcore3.sys -- (hotcore3)
DRV - [2009.03.31 09:26:18 | 004,232,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32)
DRV - [2009.03.18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2008.09.11 11:54:44 | 000,389,120 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2008.07.22 00:42:34 | 000,123,904 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008.07.08 10:16:26 | 000,096,856 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2008.05.14 03:09:00 | 000,043,552 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2008.01.24 14:23:12 | 000,052,736 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir)
DRV - [2007.06.18 16:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2006.11.02 08:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm60x32.sys -- (NVENETFD)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cnnb
IE - HKLM\..\SearchScopes,DefaultScope = {AF87E9C8-C850-44DB-AA47-5F3B71B85896}
IE - HKLM\..\SearchScopes\{34167F0C-A7FC-4E6B-8D5F-5C357F1719E9}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{AF87E9C8-C850-44DB-AA47-5F3B71B85896}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://spox.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&babsrc=SP_def&affID=10588&tl=gcn17201
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=e799ade0-0b1f-409b-8e29-7870d20e805f&apn_sauid=7BD4895B-88FB-4744-B374-20AB59149BED
IE - HKCU\..\SearchScopes\{34167F0C-A7FC-4E6B-8D5F-5C357F1719E9}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{7B1EE21A-38BD-41DD-A06B-A92B08EC583F}: "URL" = hxxp://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={2B7CEC6D-F310-4057-BCB9-FA7C9B1B5827}&mid=513e790a5c4f47d18c00d157aa036d80-aeb25640400ba11b38b00578d558b811210c2e6d&lang=de&ds=rn011&pr=sa&d=2012-03-09 23:13:10&v=9.0.0.23&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{AF87E9C8-C850-44DB-AA47-5F3B71B85896}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local;*.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://isearch.avg.com?cid=%7Bef711e80-c0eb-469b-a929-7f6f403d80cc%7D&mid=513e790a5c4f47d18c00d157aa036d80-aeb25640400ba11b38b00578d558b811210c2e6d&ds=rn011&v=11.1.0.12&lang=de&pr=sa&d=2012-03-09%2023%3A13%3A10&sap=hp"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.9
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.13.0.6
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {c840e246-6b95-475e-9bd7-caa1c7eca9f2}:3.13.0.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145
FF - prefs.js..extensions.enabledItems: gencrawler@some.com:2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31
FF - prefs.js..extensions.enabledItems: {ab91efd4-6975-4081-8552-1b3922ed79e2}:1.0.6.1
FF - prefs.js..extensions.enabledItems: adapter@babylontc.com:1.0.0.1
FF - prefs.js..extensions.enabledItems: ocr@babylon.com:1.1
FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.2.0
FF - prefs.js..extensions.enabledItems: avg@toolbar:11.1.0.12
FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-4&o=APN10261&locale=de_DE&apn_uid=e799ade0-0b1f-409b-8e29-7870d20e805f&apn_ptnrs=%5EAGS&apn_sauid=7BD4895B-88FB-4744-B374-20AB59149BED&apn_dtid=%5EYYYYYY%5EYY%5EDE&&q="
FF - prefs.js..network.proxy.backup.ftp: "127.0.0.1"
FF - prefs.js..network.proxy.backup.ftp_port: 9666
FF - prefs.js..network.proxy.backup.gopher: "127.0.0.1"
FF - prefs.js..network.proxy.backup.gopher_port: 9666
FF - prefs.js..network.proxy.backup.socks: "127.0.0.1"
FF - prefs.js..network.proxy.backup.socks_port: 9666
FF - prefs.js..network.proxy.backup.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.backup.ssl_port: 9666
FF - prefs.js..network.proxy.ftp: "127.0.0.1"
FF - prefs.js..network.proxy.ftp_port: 9666
FF - prefs.js..network.proxy.gopher: "127.0.0.1"
FF - prefs.js..network.proxy.gopher_port: 9666
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 9666
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "127.0.0.1"
FF - prefs.js..network.proxy.socks_port: 9666
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 9666
FF - prefs.js..network.proxy.type: 4
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@logitech.com/HarmonyRemote,version=1.0.0: C:\Program Files\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.12.22 11:19:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.11.11 17:05:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.11.11 17:05:33 | 000,000,000 | ---D | M]
 
[2011.01.07 18:35:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matze\AppData\Roaming\mozilla\Extensions
[2011.01.07 18:35:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matze\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2013.02.03 22:07:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matze\AppData\Roaming\mozilla\Firefox\Profiles\gea1b1zb.default\extensions
[2010.04.28 21:11:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Matze\AppData\Roaming\mozilla\Firefox\Profiles\gea1b1zb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.12.16 12:21:36 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Matze\AppData\Roaming\mozilla\Firefox\Profiles\gea1b1zb.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2012.03.09 21:57:24 | 000,000,000 | ---D | M] (HP Detect) -- C:\Users\Matze\AppData\Roaming\mozilla\Firefox\Profiles\gea1b1zb.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}
[2013.01.19 16:22:43 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Matze\AppData\Roaming\mozilla\Firefox\Profiles\gea1b1zb.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.04.06 11:28:03 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Matze\AppData\Roaming\mozilla\Firefox\Profiles\gea1b1zb.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.12.16 12:21:36 | 000,000,000 | ---D | M] (uTorrentBar_DE Community Toolbar) -- C:\Users\Matze\AppData\Roaming\mozilla\Firefox\Profiles\gea1b1zb.default\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}
[2012.05.08 11:13:14 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Matze\AppData\Roaming\mozilla\Firefox\Profiles\gea1b1zb.default\extensions\ffxtlbr@babylon.com
[2012.12.22 18:22:39 | 000,000,000 | ---D | M] (Avira SearchFree Toolbar plus Web Protection) -- C:\Users\Matze\AppData\Roaming\mozilla\Firefox\Profiles\gea1b1zb.default\extensions\toolbar@ask.com
[2012.12.22 18:22:39 | 000,002,344 | ---- | M] () -- C:\Users\Matze\AppData\Roaming\mozilla\firefox\profiles\gea1b1zb.default\searchplugins\askcom.xml
[2012.07.17 16:01:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010.05.04 20:59:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.09.28 17:45:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.10.28 18:31:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.12.28 23:05:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.03.27 21:20:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.07.29 20:12:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2012.02.28 18:55:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012.02.28 18:55:14 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.01.16 02:15:29 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.07.13 15:46:01 | 000,003,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012.05.08 11:13:00 | 000,002,351 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2010.01.16 02:15:29 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.16 02:15:29 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.16 02:15:29 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.16 02:15:29 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - No CLSID value found.
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKCU..\Run: [com.apple.dav.bookmarks.daemon] C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe (Apple Inc.)
O4 - HKCU..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O8 - Extra context menu item: An OneNote s&enden - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Download with &Media Finder - C:\Program Files\Media Finder\hook.html File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\Matze\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Matze\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000048 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{00FCBBAE-36BF-47E2-B3AA-30EF513BB278}: DhcpNameServer = 10.74.83.22 193.254.160.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D05CB813-3BD0-4785-ADC8-715B5C47D12C}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FFC167C8-4E45-421B-AF23-1092F9F4EF40}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Matze\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Matze\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
NetSvcs: ezSharedSvc - C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS)
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AutoStart IR.lnk -  - File not found
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinTV Recording Status..lnk -  - File not found
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: OnScreenDisplay - hkey= - key= - C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe ( Hewlett-Packard Development Company, L.P.)
MsConfig - StartUpReg: QlbCtrl.exe - hkey= - key= - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ( Hewlett-Packard Development Company, L.P.)
MsConfig - StartUpReg: QPService - hkey= - key= - C:\Program Files\HP\QuickPlay\QPService.exe (CyberLink Corp.)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: Steam - hkey= - key= - C:\Program Files\Steam\Steam.exe (Valve Corporation)
MsConfig - StartUpReg: TomTomHOME.exe - hkey= - key= -  File not found
MsConfig - State: "startup" - 2
 
CREATERESTOREPOINT
Unable to start System Restore Service. Error code 1084
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.05 21:36:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.02.05 21:36:51 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.02.05 21:36:51 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.02.05 21:26:16 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2013.02.05 21:25:40 | 000,000,000 | ---D | C] -- C:\Users\Matze\Documents\Simply Super Software
[2013.02.05 21:25:40 | 000,000,000 | ---D | C] -- C:\Users\Matze\AppData\Roaming\Simply Super Software
[2013.02.05 21:25:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
[2013.02.05 21:25:35 | 000,605,968 | ---- | C] (Igor Pavlov) -- C:\Windows\System32\ztv7z.dll
[2013.02.05 21:25:32 | 000,000,000 | ---D | C] -- C:\Program Files\Trojan Remover
[2013.02.05 21:25:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2013.01.19 16:22:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2013.01.10 21:56:01 | 000,000,000 | ---D | C] -- C:\Users\Matze\AppData\Local\Apple_Inc
[2009.01.02 16:17:47 | 003,063,561 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\MobileTV.exe
[2009.01.02 16:17:45 | 002,989,660 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\DVD.exe
[2009.01.02 16:17:43 | 002,864,396 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\MPV.exe
[2009.01.02 16:17:42 | 002,331,174 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\Karaoke.exe
[2009.01.02 16:17:41 | 002,231,606 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\Games.exe
[2 C:\Users\Matze\Desktop\*.tmp files -> C:\Users\Matze\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.06 22:11:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.06 06:33:04 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.02.06 06:32:25 | 000,798,543 | ---- | M] () -- C:\ProgramData\nvModes.001
[2013.02.06 06:28:45 | 000,798,543 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2013.02.06 06:28:36 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.06 06:28:36 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.06 06:25:37 | 000,001,356 | ---- | M] () -- C:\Users\Matze\AppData\Local\d3d9caps.dat
[2013.02.05 21:36:52 | 000,000,868 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.02.05 21:25:37 | 000,000,898 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Remover.lnk
[2013.01.29 22:37:58 | 000,143,872 | ---- | M] () -- C:\Users\Matze\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.01.28 21:38:46 | 000,002,056 | ---- | M] () -- C:\Users\Public\Desktop\Steuer-Spar- Erklärung 2013.lnk
[2013.01.23 21:48:11 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.01.19 16:22:15 | 000,000,994 | ---- | M] () -- C:\Users\Matze\Desktop\DVDVideoSoft Free Studio.lnk
[2013.01.19 16:22:13 | 000,001,057 | ---- | M] () -- C:\Users\Matze\Desktop\Free YouTube Download.lnk
[2013.01.10 03:31:01 | 000,484,304 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.01.10 03:27:12 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013.01.10 03:09:01 | 000,647,896 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.01.10 03:09:01 | 000,603,844 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.01.10 03:09:01 | 000,132,648 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.01.10 03:09:01 | 000,109,666 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2 C:\Users\Matze\Desktop\*.tmp files -> C:\Users\Matze\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.02.05 21:36:52 | 000,000,868 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.02.05 21:25:37 | 000,000,898 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Remover.lnk
[2013.02.05 21:25:35 | 000,185,616 | ---- | C] () -- C:\Windows\System32\ztvunrar39.dll
[2013.02.05 21:25:35 | 000,169,744 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll
[2013.02.05 21:25:35 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNRAR3.dll
[2013.02.05 21:25:35 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll
[2013.02.05 21:25:35 | 000,075,264 | ---- | C] () -- C:\Windows\System32\unacev2.dll
[2013.01.19 16:22:15 | 000,000,994 | ---- | C] () -- C:\Users\Matze\Desktop\DVDVideoSoft Free Studio.lnk
[2013.01.19 16:22:13 | 000,001,057 | ---- | C] () -- C:\Users\Matze\Desktop\Free YouTube Download.lnk
[2012.12.15 03:27:14 | 000,000,552 | ---- | C] () -- C:\Users\Matze\AppData\Local\d3d8caps.dat
[2012.03.09 22:44:30 | 000,004,998 | ---- | C] () -- C:\ProgramData\mtbjfghn.xbe
[2011.12.31 10:30:30 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2011.12.31 10:30:23 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011.12.31 10:30:23 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011.12.31 10:30:22 | 000,079,360 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011.11.19 11:37:28 | 000,081,408 | ---- | C] () -- C:\Windows\System32\drivers\SSHDRV86.sys
[2011.05.29 18:37:22 | 000,017,089 | ---- | C] () -- C:\Users\Matze\AppData\Roaming\UserTile.png
[2010.02.07 11:26:58 | 000,000,600 | ---- | C] () -- C:\Users\Matze\PUTTY.RND
[2009.08.02 13:25:45 | 000,001,164 | ---- | C] () -- C:\Users\Matze\AppData\Local\9A5FF4EA.il
[2009.08.02 13:25:45 | 000,000,280 | ---- | C] () -- C:\Users\Matze\AppData\Local\IndexIE_9A5FF4EA.il
[2009.07.19 17:52:39 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2009.03.08 21:47:24 | 000,001,356 | ---- | C] () -- C:\Users\Matze\AppData\Local\d3d9caps.dat
[2009.01.02 22:53:36 | 000,143,872 | ---- | C] () -- C:\Users\Matze\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.10.29 16:22:19 | 000,000,249 | ---- | C] () -- C:\ProgramData\hpqp.ini
[2008.10.29 16:14:20 | 000,798,543 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008.10.29 16:13:50 | 000,798,543 | ---- | C] () -- C:\ProgramData\nvModes.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.10.14 15:08:18 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\2K Games
[2012.03.09 23:13:01 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\3v
[2012.02.13 20:54:32 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\Ascaron Entertainment
[2011.02.28 20:43:44 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\DriverCure
[2013.01.19 16:22:59 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\DVDVideoSoft
[2013.01.19 16:22:30 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\DVDVideoSoftIEHelpers
[2009.02.12 12:23:12 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\EPSON
[2012.12.24 14:10:10 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\GrabPro
[2012.03.09 22:09:47 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\Hewlett Packard Company
[2012.08.05 17:55:46 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\MAGIX
[2012.02.04 19:51:13 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\Media Finder
[2012.12.24 14:22:51 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\Orbit
[2011.05.29 18:37:22 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\PeerNetworking
[2012.12.24 14:10:16 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\ProgSense
[2013.02.05 21:25:40 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\Simply Super Software
[2012.12.23 12:49:39 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\Sports Interactive
[2011.10.03 09:06:53 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\temp
[2011.01.07 18:35:23 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\TomTom
[2012.11.24 18:10:27 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\TuneUp Software
[2012.01.27 23:23:23 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\wargaming.net
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2012.07.31 18:46:09 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2009.09.17 20:44:32 | 000,000,000 | -HSD | M] -- C:\boot
[2012.04.01 14:20:32 | 000,000,000 | ---D | M] -- C:\BraCa Soft
[2013.01.28 21:38:48 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2009.01.02 14:30:43 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2012.12.24 14:20:52 | 000,000,000 | ---D | M] -- C:\downloads
[2010.09.21 17:32:40 | 000,000,000 | ---D | M] -- C:\DVDVideoSoft
[2012.07.17 16:24:30 | 000,000,000 | ---D | M] -- C:\FM Genie Scout 12
[2012.01.27 22:51:45 | 000,000,000 | ---D | M] -- C:\Games
[2009.01.02 14:37:09 | 000,000,000 | -H-D | M] -- C:\HP
[2009.01.02 15:59:10 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2008.01.21 03:32:31 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2013.02.05 21:36:51 | 000,000,000 | ---D | M] -- C:\Program Files
[2013.02.05 21:26:16 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2009.01.02 14:30:43 | 000,000,000 | -HSD | M] -- C:\Programme
[2009.01.16 20:33:00 | 000,000,000 | ---D | M] -- C:\Recorded TV
[2012.03.09 23:28:36 | 000,000,000 | ---D | M] -- C:\SwSetup
[2013.02.03 19:56:31 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2009.01.02 14:35:56 | 000,000,000 | -H-D | M] -- C:\System.sav
[2012.02.01 14:45:24 | 000,000,000 | -H-D | M] -- C:\SystemData
[2011.11.25 19:59:28 | 000,000,000 | ---D | M] -- C:\TEMP
[2012.07.31 18:44:05 | 000,000,000 | R--D | M] -- C:\Users
[2013.01.27 13:02:32 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2006.11.02 10:44:49 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2006.11.02 10:44:49 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2006.11.02 10:44:49 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2006.11.02 10:44:49 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2009.04.11 07:27:17 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2006.11.02 14:01:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2006.11.02 14:01:49 | 000,032,630 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009.08.09 21:51:41 | 000,001,094 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2009.08.09 21:51:42 | 000,001,098 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2009.10.05 20:00:25 | 000,000,422 | -H-- | C] () -- C:\Windows\Tasks\User_Feed_Synchronization-{22010D45-9E53-4C3A-B964-F60DAADEB7A9}.job
[2012.04.06 11:23:45 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
 
< MD5 for: AGP440.SYS  >
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2008.08.01 07:43:55 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys
[2008.08.01 07:43:55 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.08.01 07:43:55 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008.01.21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\System32\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
[2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.12.14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2009.08.02 16:22:48 | 000,716,272 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\drivers\sptd.sys
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2013.02.06 22:46:15 | 008,388,608 | -HS- | M] () -- C:\Users\Matze\ntuser.dat
[2013.02.06 22:46:14 | 000,262,144 | -H-- | M] () -- C:\Users\Matze\ntuser.dat.LOG1
[2012.09.17 18:41:19 | 000,262,144 | -H-- | M] () -- C:\Users\Matze\ntuser.dat.LOG2
[2011.12.10 22:35:08 | 007,602,176 | -HS- | M] () -- C:\Users\Matze\ntuser.dat_previous
[2009.03.22 10:12:26 | 000,065,536 | -HS- | M] () -- C:\Users\Matze\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2009.03.22 10:12:26 | 000,524,288 | -HS- | M] () -- C:\Users\Matze\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2009.01.02 16:13:44 | 000,524,288 | -HS- | M] () -- C:\Users\Matze\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2012.09.17 18:41:19 | 001,048,576 | -HS- | M] () -- C:\Users\Matze\ntuser.dat{e3fd5fe8-16c9-11de-91f1-002186c0c749}.TxR.0.regtrans-ms
[2012.09.17 18:41:19 | 001,048,576 | -HS- | M] () -- C:\Users\Matze\ntuser.dat{e3fd5fe8-16c9-11de-91f1-002186c0c749}.TxR.1.regtrans-ms
[2012.09.17 18:41:19 | 001,048,576 | -HS- | M] () -- C:\Users\Matze\ntuser.dat{e3fd5fe8-16c9-11de-91f1-002186c0c749}.TxR.2.regtrans-ms
[2012.09.17 18:41:19 | 000,065,536 | -HS- | M] () -- C:\Users\Matze\ntuser.dat{e3fd5fe8-16c9-11de-91f1-002186c0c749}.TxR.blf
[2013.02.06 22:09:54 | 000,065,536 | -HS- | M] () -- C:\Users\Matze\ntuser.dat{e3fd5fe9-16c9-11de-91f1-002186c0c749}.TM.blf
[2012.02.12 22:17:32 | 000,524,288 | -HS- | M] () -- C:\Users\Matze\ntuser.dat{e3fd5fe9-16c9-11de-91f1-002186c0c749}.TMContainer00000000000000000001.regtrans-ms
[2013.02.06 22:09:54 | 000,524,288 | -HS- | M] () -- C:\Users\Matze\ntuser.dat{e3fd5fe9-16c9-11de-91f1-002186c0c749}.TMContainer00000000000000000002.regtrans-ms
[2009.01.02 14:34:11 | 000,000,020 | -HS- | M] () -- C:\Users\Matze\ntuser.ini
[2010.06.27 20:57:07 | 000,000,600 | ---- | M] () -- C:\Users\Matze\PUTTY.RND
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

< End of report >
         
--- --- ---

Extras.TxtOTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 06.02.2013 22:46:24 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Matze\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,97 Gb Total Physical Memory | 2,27 Gb Available Physical Memory | 76,57% Memory free
6,13 Gb Paging File | 5,74 Gb Available in Paging File | 93,67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 289,06 Gb Total Space | 90,14 Gb Free Space | 31,19% Space Free | Partition Type: NTFS
Drive D: | 55,27 Gb Total Space | 27,08 Gb Free Space | 48,99% Space Free | Partition Type: NTFS
Drive E: | 9,03 Gb Total Space | 1,65 Gb Free Space | 18,28% Space Free | Partition Type: NTFS
Drive G: | 170,90 Gb Total Space | 75,59 Gb Free Space | 44,23% Space Free | Partition Type: NTFS
Drive J: | 42,04 Gb Total Space | 10,53 Gb Free Space | 25,04% Space Free | Partition Type: NTFS
Drive K: | 29,88 Gb Total Space | 16,12 Gb Free Space | 53,97% Space Free | Partition Type: NTFS
 
Computer Name: MATZE | User Name: Matze | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0325398C-93B2-4134-A56C-E446E5B60685}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{0AE468CA-1447-4CB2-A68A-6229D466D5BB}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{0CACACC9-0DF2-47C0-A4F2-B5DBF6FDED3D}" = lport=139 | protocol=6 | dir=in | app=system | 
"{0F543ADB-F03E-453C-AB60-BB4BBB9293D7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{12FF73B5-A6CF-469B-932F-238B2716E9C8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{1A6EEC4F-3806-414A-B595-61F7F32A7F5D}" = lport=445 | protocol=6 | dir=in | app=system | 
"{2009CF17-9042-49AD-994B-14F333094507}" = lport=137 | protocol=17 | dir=in | app=system | 
"{2EAC13EC-D0AC-46F1-A1C7-0A110FFB5AD4}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{345139B0-507A-4397-8BB6-F8E3CE3B54B5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{3B8FAF27-AAAD-435E-9CD5-84168DECCBBD}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{40FAA3B5-8C74-4B9F-ACA1-B17CE0218914}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{431B181B-9A03-440F-B6C8-07BAE3495571}" = rport=2869 | protocol=6 | dir=out | app=system | 
"{49E7857B-4F66-43A6-949C-ED38CAB9AFBF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{54AB7AB0-EE5C-400F-9611-14E5DBCA71FC}" = lport=138 | protocol=17 | dir=in | app=system | 
"{58912532-EB66-4B02-AA01-4E90680EE609}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{58F7975F-E033-4CB5-B5D9-B49509F75C48}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{5E9E1E33-D75E-4597-B1DF-8FFDD9042713}" = rport=138 | protocol=17 | dir=out | app=system | 
"{5F578214-F797-49DA-92C4-EDF4D3963068}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{663874F8-097A-4298-8025-E3879F0F8A72}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{67B5134A-2E4A-42BE-8E68-75235D0F2318}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{6B6A61E5-10B7-4A8F-AF00-95331E93BA2B}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{6DB6820E-3A11-4783-9931-5C78F1F702C1}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | 
"{779501F2-3759-479B-942E-2A1610462011}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{77BCECD1-F9F4-45CC-BB01-428504E9D665}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{7D987023-2096-48AB-922F-15A9532E5654}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{86915E40-2353-4235-BEFA-2E920422C3AF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{8E85C1DC-91A0-4009-B82D-550481BD39BA}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{9003DA3A-3DB9-4637-9999-0834026D5C92}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{93174492-F4D6-4C18-8E8C-5B3F0637F9FE}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{9CCAD5C2-AF90-40DF-8165-99B33A671906}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{9DE51D6B-02B6-4A3D-BE21-F5DB02F0FE53}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{ABFB7B7D-8C59-4CB0-8DB6-488906D905BE}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{B2A2FCAC-BCBA-4B91-B800-F5215C1C3466}" = rport=137 | protocol=17 | dir=out | app=system | 
"{BA696F4F-FA35-4675-A3A2-D66BA06D3AB2}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{BD7D7416-B5CF-4EC3-9B6A-E2006675DA67}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{CB1F7891-1560-4D96-A638-0D1122EB7F7D}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{CCEB5B44-049B-446F-BCA2-94E815FB2D86}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{D75560DE-5018-47A0-A871-C1FD09B0C8BB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{DEA79674-9C66-4F94-99F0-3F3177CA046D}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{DFD8D7CB-8DC3-45B5-8249-2BC4564825BA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E2DA4F9C-DBFC-4712-8520-2770EEEE9834}" = rport=445 | protocol=6 | dir=out | app=system | 
"{E34828CA-190C-468B-8A71-7173911D2CB6}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{E702D0E9-647E-4390-8C5F-838802CEB6E7}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F0BCC3A0-12B8-4BAF-BFB7-5A1A91AD0DDD}" = rport=139 | protocol=6 | dir=out | app=system | 
"{F161B7E1-2B4F-4ABA-9077-F8D21131FE2D}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{F18F40C4-0D7C-49E8-9339-E95EAF0DAAE4}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{F8491C46-F283-42F9-B885-9A10C0A61E89}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{FC67AA9B-82B4-4D99-B29D-9FCAA5B3CACB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0790F847-C1B6-42A2-BC43-A6DA70090B6A}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{0B19D83E-3C4C-4A12-B310-6B73C96B4A29}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{0CCACF15-9758-47C8-971D-04BE1281BD89}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{0F31B251-5DF2-476A-96B9-1A6250E500D7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{14E1BF5C-B207-4431-AF0F-34FEC4C76FF1}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{153E1217-3C47-4DD5-8AFB-609D9BE4FDF8}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{1BF849F4-3B59-4DB9-8330-C1E340DEDD21}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{1C32C9C9-C0A5-4EB8-8B9A-2BE03416E26C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{1C89673D-B2F7-4860-9829-77B9A59B80DC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{21C0379F-A5DC-49FE-AE9A-D4A456FB1552}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\football manager 2011\fm.exe | 
"{28725DAD-CF8E-45E7-9953-68F6AF97F9AA}" = dir=in | app=c:\program files\hp\quickplay\qp.exe | 
"{2E8C0893-907D-4F78-99D3-9D49741D72D6}" = protocol=6 | dir=in | app=c:\windows\temp\kd_installer.exe | 
"{35BAA72C-7660-4C50-9591-7C6178CF862B}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\football manager 2011\fm.exe | 
"{3929E136-09B3-4BD2-BEA7-A9BCB6300EDD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{39DB8892-750C-45BC-8559-2D8847BC9A05}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{3AD52E49-790E-4A52-9010-84349FA172F7}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\football manager 2011\fm.exe | 
"{40AAE597-4C83-467D-8636-D6B7E2577BBB}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{43C1EAA1-C353-46E9-A339-5F055E380300}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{446D3271-3C5A-4EE3-B20E-C4F1C5955867}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{46209F83-6D3C-437D-9B97-22CE1C8B597D}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe | 
"{4635D2E4-E407-452D-97D5-96BB543B542E}" = protocol=6 | dir=in | app=f:\dwizard615.exe | 
"{482E813A-66C0-4D24-A035-0F9EDBDCF971}" = protocol=17 | dir=in | app=c:\windows\temp\kd_installer.exe | 
"{50F74F25-D0E6-4F4F-8082-743AF1DBE9D5}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{6300F5F4-FD81-4F44-BF68-F3F778EE90B1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{6AB3ECEC-62EF-4C6F-9255-4ABED8283D76}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\football manager 2013\fm.exe | 
"{6F711800-7634-4371-9053-C8E3E914B6A4}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{766A883F-C01C-4EA4-BBCE-DFFABA338FF1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{7D81E626-E08D-40D0-B105-2243603AA1C7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{8293CFF4-90C1-475F-B3FC-5D3E00E0BD80}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{8B31D85E-4414-403B-AB93-7EBBDD126EB1}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{9573D538-5328-4942-8D2F-5EA7871629F7}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\football manager 2013\fm.exe | 
"{9C634DCC-EC51-410B-BCC4-45003F6603B3}" = protocol=6 | dir=out | app=system | 
"{A64FECEC-45A7-4E91-84E8-F1887817BB3F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{A678CC02-B21E-4471-89E9-9C61FBD580B4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{A6AF821A-E47D-4A45-A51F-284503E4F795}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\football manager 2009\fm.exe | 
"{A8CC3A0F-DD7A-457C-AE50-968402BBEEBA}" = protocol=6 | dir=in | app=f:\libneap.dll | 
"{AFFCF188-FB07-4489-9BF1-F39A7C2FC01E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{B3A2E5D0-0CDB-4906-B39F-C00335604749}" = protocol=17 | dir=in | app=f:\libneap.dll | 
"{C9B87307-9D01-49AE-A669-1E42F5AE57DD}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{CD99C8D6-E1B1-496B-9EB3-E012CEAF7DE0}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 
"{CE91D8C5-F3BF-4052-930E-8BB014675B49}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{D11F2E7B-4B32-4206-B094-F39247797BCC}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\football manager 2011\fm.exe | 
"{D8CC5C86-A35B-424E-A8BD-985568A0118A}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{D9157731-0713-4126-98A4-7F7C0CAFF369}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E0BD9F64-C6E6-4DDA-9164-FA4DD23B9CCA}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\football manager 2009\fm.exe | 
"{EF95A175-2E66-4880-AA8E-B322114829CB}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\football manager 2012\fm.exe | 
"{F46FAE93-FDB6-41CA-9E98-38CE076AE9A6}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\football manager 2012\fm.exe | 
"{F616195C-A1E7-4509-8DAE-68058985D329}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{FD6C4640-692E-4C4D-ABF5-480BB4800447}" = protocol=17 | dir=in | app=f:\dwizard615.exe | 
"{FDE30457-10A5-454A-BA2D-BDA8BBB6184C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"TCP Query User{1017AC7D-563E-44AF-ACCB-27780FC844B7}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"TCP Query User{1DD9F8F9-4A3B-4990-B35A-5FDAD552DAC8}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"TCP Query User{2F48A4BB-75F1-444A-B7C1-F54C5B1B15F4}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
"TCP Query User{37EA9E9B-84D3-4BB8-B4E8-9771FB99BDB8}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{414672A9-C8D6-4E96-AC31-B7B15CC43BC4}D:\spiele\ascaron entertainment\anstoss 3\anstoss3.exe" = protocol=6 | dir=in | app=d:\spiele\ascaron entertainment\anstoss 3\anstoss3.exe | 
"TCP Query User{42FA2776-FC28-4D56-891F-0C13AB5AE6E4}C:\program files\jdownloader 2\jdownloader 2.exe" = protocol=6 | dir=in | app=c:\program files\jdownloader 2\jdownloader 2.exe | 
"TCP Query User{5C6D9DC0-D869-452E-B06A-42247F2D46B1}D:\spiele\ea sports\fussball manager 12\online\fmonline.exe" = protocol=6 | dir=in | app=d:\spiele\ea sports\fussball manager 12\online\fmonline.exe | 
"TCP Query User{66DCE51D-1E13-4A13-8DE4-845513A3ACA1}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe | 
"TCP Query User{6757591C-2392-4AD5-A564-F0DD5F7441AF}C:\program files\tvants\tvants.exe" = protocol=6 | dir=in | app=c:\program files\tvants\tvants.exe | 
"TCP Query User{6B5591EF-675E-4FB0-A41C-B813ACBD43C6}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{6E85E170-15B0-4D86-B437-5FB8E063853A}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"TCP Query User{748568C1-1B9E-461C-8B13-272A7D4D10C9}C:\program files\microsoft office\office14\groove.exe" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"TCP Query User{8E2B0181-5BB2-47C7-B33F-EC6DF56E18D8}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{A15CDB7C-2DD1-4ACC-B545-F038C62C7170}D:\spiele\ascaron entertainment\anstoss 3\anstoss3.exe" = protocol=6 | dir=in | app=d:\spiele\ascaron entertainment\anstoss 3\anstoss3.exe | 
"TCP Query User{B1B8E37A-5134-423E-84AE-6F42051962C8}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"TCP Query User{B87F0161-1B11-493F-A1F2-A24855897E6A}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
"TCP Query User{C55F3ABF-FF1F-4E38-A690-F0F38F5DF257}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"TCP Query User{E41CF0E7-0149-4812-B989-CA492E3F0D05}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"TCP Query User{E9001FCB-D51E-47B1-96C7-34471CCB20FF}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"TCP Query User{EBCB1E3E-6F78-49DF-8BDB-26287B520F2D}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{FD789C72-3F0C-4809-9154-C8E25E8CC64B}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{1BD10010-8B9F-406A-8E22-A58075E0466F}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
"UDP Query User{320D4604-CE88-4960-90C9-5793C546BF6C}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{3637A84A-7941-4110-A9CD-2601772696E1}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe | 
"UDP Query User{3FCE676C-3F2E-43C3-8ACD-C2B28BABDEE8}C:\program files\jdownloader 2\jdownloader 2.exe" = protocol=17 | dir=in | app=c:\program files\jdownloader 2\jdownloader 2.exe | 
"UDP Query User{4B6F761C-392B-4F25-81D5-D5E549EEFE73}C:\program files\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"UDP Query User{55614E64-E96A-4039-9542-EF0C7A2C6196}D:\spiele\ascaron entertainment\anstoss 3\anstoss3.exe" = protocol=17 | dir=in | app=d:\spiele\ascaron entertainment\anstoss 3\anstoss3.exe | 
"UDP Query User{5C1EDDDC-2E31-4959-88CD-41E0DFA7813E}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"UDP Query User{68F3DC2B-8642-4B18-AFB9-D6D5C3EBC845}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{6A38DEEF-3AFE-4465-9257-676B201FEE9B}C:\program files\microsoft office\office14\groove.exe" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"UDP Query User{7D38C383-4B31-44AC-9DE0-636F30BB9E97}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{875316C3-AB79-4164-818D-440B2506646D}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{92B2308F-B349-4E2D-9500-F9D0B6F6DDD4}C:\program files\tvants\tvants.exe" = protocol=17 | dir=in | app=c:\program files\tvants\tvants.exe | 
"UDP Query User{A05D4367-A814-4826-ADCE-49523502E8BF}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"UDP Query User{B081135F-A645-4237-8C84-3FB85814579B}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"UDP Query User{B0CE5216-1358-4EC1-8475-FED9BF8B8D8A}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"UDP Query User{B7EDB90F-B5A1-4A40-9D28-2C0ACAA687F3}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{BF91E97B-5694-4CE3-83DB-5D930C89E01C}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
"UDP Query User{C675E8EF-E72F-470A-AF78-6AE73A9F5312}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{D91E9938-7B82-4D01-B767-951319789B2A}D:\spiele\ea sports\fussball manager 12\online\fmonline.exe" = protocol=17 | dir=in | app=d:\spiele\ea sports\fussball manager 12\online\fmonline.exe | 
"UDP Query User{F448F4CE-F8A2-41B8-A170-84E8E8AEC5DE}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{F89DF6E7-0138-45E2-B603-F7F2389711D9}D:\spiele\ascaron entertainment\anstoss 3\anstoss3.exe" = protocol=17 | dir=in | app=d:\spiele\ascaron entertainment\anstoss 3\anstoss3.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
""Anstoss2005 Soundfile"" = "Anstoss2005 Soundfile"
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1E728246-95D5-4E72-8A9A-AC62602F39D8}_is1" = ANSTOSS 3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{30DAA715-5032-40F9-A0AE-95C9AEBB3E3F}" = HP QuickTouch 1.00 D2
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{340F521E-3576-4E1A-B75C-EB0ACF751379}" = HP Wireless Assistant
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 D1
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{435E53AF-B62B-4094-AE12-F6ECF0BF3CE4}" = CM4
"{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.7
"{49CFD5D9-0556-4037-B7D6-E13ED4BEA4C5}" = Football Manager 2006
"{51E5C397-0AA0-48DD-9CB6-7259AFFDFB0A}" = HP Easy Setup - Frontend
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{5DA7BC15-18D3-41A0-9F59-838DA3EAEF17}" = EPSON Easy Photo Print
"{5DDB3393-E08B-447E-925F-6C00B95D0FE7}" = iCloud
"{5DEBDBF3-5AEC-4B61-B7FC-0C48CF62473C}" = MAGIX Foto Premium MX
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{634F79E1-2A41-4C40-9E8D-89EC740AC9D6}" = Logitech Harmony Remote Software
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C5F8503-55D2-4398-858C-362B7A7AF51C}" = Firebird SQL Server - MAGIX Edition
"{710BF966-43C8-4216-A8EC-BC4E169FF7C1}" = MobileMe Control Panel
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{80F19EAA-44C4-47C2-AE87-1C7628E858D6}" = Logitech Harmony Remote Software 7
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{88EF3F58-80D5-43B0-B9C0-FA4F51D0BD55}_is1" = ANSTOSS 2005 1.2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F238A60-C445-4B81-8EDE-07DC924E98F8}" = HP MULTIPLE MODEM INSTALLER for VISTA
"{9F5FD796-86F0-4360-85F8-D54C0F5411EB}" = Steuer-Spar-Erklärung 2011
"{A35001F0-F1E4-11DD-A38B-005056C00008}" = Paragon Partition Manager™ 10.0 Professional
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A94CA235-0C9B-475D-8018-50DDC0E3867C}" = MAGIX Foto & Grafik Designer 7
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.3 - Deutsch
"{AEB61F7A-4BBA-4292-A096-7893E09034A4}" = Steuer-Spar-Erklärung 2013
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}" = AAVUpdateManager
"{B0261E53-B6F1-474A-864B-E7C3CBF468E0}" = iTunes
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B16DA0F8-26BC-4FFC-9363-1D9F3E6C3E21}" = HP Customer Experience Enhancements
"{B8169E45-8E23-430B-91D1-EC64540C8ED0}" = HP User Guides 0103
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C38DAF06-0274-4C12-AE3A-AE1B4E75B8F4}" = MAGIX Speed burnR (MSI)
"{CB71A20E-B1B4-4562-81FA-33E1DBD0342F}" = ProtectSmart Hard Drive Protection
"{CCD2BAD2-0919-40CB-80CC-E9538B0E4C2E}" = Steuer-Spar-Erklärung 2012
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{D8E1DFEE-622B-46BA-AEFF-AB7E541C0B21}" = Steuer-Spar-Erklärung 2010
"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime
"{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}" = HP Update
"{E333CA5F-00ED-4EEF-90E5-6A33A8FE969F}" = HP Help and Support
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{f32502b5-5b64-4882-bf61-77f23edcac4f}" = HP Total Care Advisor
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FA031DA5-05D0-4937-BD2B-DCEC47A2506B}_is1" = ANSTOSS 2007
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone-Konfigurationsprogramm
"{FDC9D4AE-1A9C-4206-ACBF-3A073C6443DC}" = MAGIX Screenshare
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"0630-0716-3135-7887" = JDownloader 2
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Avira AntiVir Desktop" = Avira Free Antivirus
"CMScout" = CM Scout
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup" = DivX-Setup
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"EPSON Scanner" = EPSON Scan
"Free YouTube Download_is1" = Free YouTube Download version 3.1.42.1212
"FUSSBALL MANAGER 12" = FUSSBALL MANAGER 12
"InstallShield_{435E53AF-B62B-4094-AE12-F6ECF0BF3CE4}" = CM4
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 8.1.0
"MAGIX_MSI_Foto_Grafik_Designer_7_FPMX" = MAGIX Foto & Grafik Designer 7
"MAGIX_MSI_Foto_Premium_MX" = MAGIX Foto Premium MX
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.2pre)" = Mozilla Firefox (3.6.2pre)
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Piraten_is1" = Piraten
"Port Royale 2" = Port Royale 2
"Steam App 10540" = Football Manager 2009
"Steam App 207890" = Football Manager 2013
"Steam App 34220" = Football Manager 2011
"Steam App 71270" = Football Manager 2012
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Trojan Remover_is1" = Trojan Remover 6.8.5
"VLC media player" = VLC media player 1.1.5
"WinRAR archiver" = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 05.02.2013 16:24:40 | Computer Name = Matze | Source = EventSystem | ID = 4609
Description = 
 
Error - 05.02.2013 16:38:31 | Computer Name = Matze | Source = System Restore | ID = 8193
Description = 
 
Error - 05.02.2013 16:38:37 | Computer Name = Matze | Source = System Restore | ID = 8193
Description = 
 
Error - 05.02.2013 16:38:53 | Computer Name = Matze | Source = System Restore | ID = 8193
Description = 
 
Error - 05.02.2013 16:38:56 | Computer Name = Matze | Source = System Restore | ID = 8193
Description = 
 
Error - 06.02.2013 01:32:27 | Computer Name = Matze | Source = WinMgmt | ID = 10
Description = 
 
Error - 06.02.2013 02:24:41 | Computer Name = Matze | Source = WinMgmt | ID = 10
Description = 
 
Error - 06.02.2013 02:28:01 | Computer Name = Matze | Source = EventSystem | ID = 4609
Description = 
 
Error - 06.02.2013 17:11:57 | Computer Name = Matze | Source = EventSystem | ID = 4609
Description = 
 
Error - 06.02.2013 17:12:36 | Computer Name = Matze | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 06.02.2013 02:28:41 | Computer Name = Matze | Source = DCOM | ID = 10005
Description = 
 
Error - 06.02.2013 02:28:43 | Computer Name = Matze | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 06.02.2013 17:09:38 | Computer Name = Matze | Source = DCOM | ID = 10005
Description = 
 
Error - 06.02.2013 17:11:49 | Computer Name = Matze | Source = DCOM | ID = 10005
Description = 
 
Error - 06.02.2013 17:11:57 | Computer Name = Matze | Source = DCOM | ID = 10005
Description = 
 
Error - 06.02.2013 17:12:00 | Computer Name = Matze | Source = DCOM | ID = 10005
Description = 
 
Error - 06.02.2013 17:12:04 | Computer Name = Matze | Source = DCOM | ID = 10005
Description = 
 
Error - 06.02.2013 17:12:14 | Computer Name = Matze | Source = DCOM | ID = 10005
Description = 
 
Error - 06.02.2013 17:12:37 | Computer Name = Matze | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 06.02.2013 17:12:37 | Computer Name = Matze | Source = Service Control Manager | ID = 7026
Description = 
 
 
< End of report >
         
--- --- ---
__________________

Alt 07.02.2013, 13:02   #4
markusg
/// Malware-holic
 
Schwarzer Bildschirm nach Windows-Anmeldung - Standard

Schwarzer Bildschirm nach Windows-Anmeldung



hi
poste bitte alle Malwarebytes logs mit funden.
http://www.trojaner-board.de/125889-...en-posten.html
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 08.02.2013, 06:20   #5
Hr_Holsten
 
Schwarzer Bildschirm nach Windows-Anmeldung - Standard

Schwarzer Bildschirm nach Windows-Anmeldung



Guten Morgen Markus,

anbei das Protokoll:

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.02.05.09

Windows Vista Service Pack 2 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
Matze :: MATZE [Administrator]

07.02.2013 20:29:38
mbam-log-2013-02-07 (20-29-38).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|G:\|J:\|K:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 1852163
Laufzeit: 3 Stunde(n), 57 Minute(n), 31 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)


Alt 08.02.2013, 16:18   #6
markusg
/// Malware-holic
 
Schwarzer Bildschirm nach Windows-Anmeldung - Standard

Schwarzer Bildschirm nach Windows-Anmeldung



wo sind da Funde? ich wollte die mit Funden, falls vorhanden.
__________________
--> Schwarzer Bildschirm nach Windows-Anmeldung

Alt 08.02.2013, 17:49   #7
Hr_Holsten
 
Schwarzer Bildschirm nach Windows-Anmeldung - Standard

Schwarzer Bildschirm nach Windows-Anmeldung



Weder Avira noch Malwarebytes waren mit Befund -beides jeweils der vollständige Scan ohne Befund!!

Alt 08.02.2013, 18:11   #8
markusg
/// Malware-holic
 
Schwarzer Bildschirm nach Windows-Anmeldung - Standard

Schwarzer Bildschirm nach Windows-Anmeldung



Hi
dann schreib das beim nächsten Mal bitte so.
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
c: öffnen, tdsskiller-datum-version.txt öffnen, Inhalt posten
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 09.02.2013, 11:00   #9
Hr_Holsten
 
Schwarzer Bildschirm nach Windows-Anmeldung - Standard

Schwarzer Bildschirm nach Windows-Anmeldung



Hallo Markus, das kein Befund vorlag hatte ich gleich im Eingangspost geschrieben
Zitat:
Zitat von Hr_Holsten Beitrag anzeigen
Der abgesicherte Modus lässt sich starten, einen Avira- und Malaware-suchlauf habe ich ohne Befund durchgeführt -
Der TDSSKiller war erfolgreich, anbei der Log

10:50:31.0870 2692 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
10:50:32.0525 2692 ============================================================
10:50:32.0525 2692 Current date / time: 2013/02/09 10:50:32.0525
10:50:32.0525 2692 SystemInfo:
10:50:32.0525 2692
10:50:32.0525 2692 OS Version: 6.0.6002 ServicePack: 2.0
10:50:32.0525 2692 Product type: Workstation
10:50:32.0525 2692 ComputerName: MATZE
10:50:32.0525 2692 UserName: Matze
10:50:32.0525 2692 Windows directory: C:\Windows
10:50:32.0525 2692 System windows directory: C:\Windows
10:50:32.0525 2692 Processor architecture: Intel x86
10:50:32.0525 2692 Number of processors: 2
10:50:32.0525 2692 Page size: 0x1000
10:50:32.0525 2692 Boot type: Safe boot with network
10:50:32.0525 2692 ============================================================
10:50:34.0210 2692 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0xA181, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
10:50:34.0553 2692 Drive \Device\Harddisk1\DR1 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
10:50:34.0553 2692 ============================================================
10:50:34.0553 2692 \Device\Harddisk0\DR0:
10:50:34.0553 2692 MBR partitions:
10:50:34.0553 2692 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2421F7C1
10:50:34.0553 2692 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2421F800, BlocksNum 0x120DB10
10:50:34.0553 2692 \Device\Harddisk1\DR1:
10:50:34.0553 2692 MBR partitions:
10:50:34.0553 2692 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x6E8A130
10:50:34.0553 2692 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x6E8A16F, BlocksNum 0x155CE7A6
10:50:34.0553 2692 \Device\Harddisk1\DR1\Partition3: MBR, Type 0x7, StartLBA 0x20018D51, BlocksNum 0x5414970
10:50:34.0553 2692 \Device\Harddisk1\DR1\Partition4: MBR, Type 0x7, StartLBA 0x1C458915, BlocksNum 0x3BC043C
10:50:34.0553 2692 ============================================================
10:50:34.0615 2692 C: <-> \Device\Harddisk0\DR0\Partition1
10:50:34.0662 2692 D: <-> \Device\Harddisk1\DR1\Partition1
10:50:34.0693 2692 J: <-> \Device\Harddisk1\DR1\Partition3
10:50:34.0740 2692 E: <-> \Device\Harddisk0\DR0\Partition2
10:50:34.0787 2692 G: <-> \Device\Harddisk1\DR1\Partition2
10:50:34.0834 2692 K: <-> \Device\Harddisk1\DR1\Partition4
10:50:34.0834 2692 ============================================================
10:50:34.0834 2692 Initialize success
10:50:34.0834 2692 ============================================================
10:51:12.0867 2812 ============================================================
10:51:12.0867 2812 Scan started
10:51:12.0867 2812 Mode: Manual; SigCheck; TDLFS;
10:51:12.0867 2812 ============================================================
10:51:14.0005 2812 ================ Scan system memory ========================
10:51:14.0005 2812 System memory - ok
10:51:14.0005 2812 ================ Scan services =============================
10:51:14.0161 2812 [ 7EEB488346FBFA3731276C3EE8A8FD9E ] AAV UpdateService C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
10:51:14.0239 2812 AAV UpdateService - ok
10:51:14.0380 2812 [ CC1F1D3D70DC13C2C281488D347D4415 ] Accelerometer C:\Windows\system32\DRIVERS\Accelerometer.sys
10:51:14.0395 2812 Accelerometer - ok
10:51:14.0458 2812 [ 4E5451DD0AEC8504D7F8030DD2D4C416 ] ACEDRV07 C:\Windows\system32\drivers\ACEDRV07.sys
10:51:14.0505 2812 ACEDRV07 ( UnsignedFile.Multi.Generic ) - warning
10:51:14.0505 2812 ACEDRV07 - detected UnsignedFile.Multi.Generic (1)
10:51:14.0551 2812 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
10:51:14.0567 2812 ACPI - ok
10:51:14.0645 2812 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
10:51:14.0661 2812 AdobeFlashPlayerUpdateSvc - ok
10:51:14.0723 2812 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
10:51:14.0739 2812 adp94xx - ok
10:51:14.0785 2812 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
10:51:14.0785 2812 adpahci - ok
10:51:14.0817 2812 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
10:51:14.0832 2812 adpu160m - ok
10:51:14.0848 2812 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
10:51:14.0848 2812 adpu320 - ok
10:51:14.0910 2812 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
10:51:15.0004 2812 AeLookupSvc - ok
10:51:15.0097 2812 [ 3B1B2EE9DF189F6BBB080BF393D1B2EE ] AESTFilters C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\aestsrv.exe
10:51:15.0175 2812 AESTFilters - ok
10:51:15.0222 2812 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
10:51:15.0300 2812 AFD - ok
10:51:15.0363 2812 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
10:51:15.0378 2812 agp440 - ok
10:51:15.0409 2812 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
10:51:15.0425 2812 aic78xx - ok
10:51:15.0441 2812 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
10:51:15.0597 2812 ALG - ok
10:51:15.0612 2812 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
10:51:15.0628 2812 aliide - ok
10:51:15.0643 2812 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
10:51:15.0643 2812 amdagp - ok
10:51:15.0659 2812 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
10:51:15.0659 2812 amdide - ok
10:51:15.0706 2812 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
10:51:15.0753 2812 AmdK7 - ok
10:51:15.0784 2812 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
10:51:15.0815 2812 AmdK8 - ok
10:51:15.0909 2812 [ 0FA2D8304ECA29CA0AB7E3EE50FD585A ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
10:51:16.0033 2812 AntiVirSchedulerService - ok
10:51:16.0096 2812 [ 5C69AAC8A59207DA9710FF2E42D6F80F ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
10:51:16.0111 2812 AntiVirService - ok
10:51:16.0127 2812 [ 255527AB98293EA390352A8C53B0042A ] AntiVirWebService C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
10:51:16.0158 2812 AntiVirWebService - ok
10:51:16.0221 2812 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
10:51:16.0267 2812 Appinfo - ok
10:51:16.0361 2812 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:51:16.0377 2812 Apple Mobile Device - ok
10:51:16.0423 2812 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
10:51:16.0439 2812 arc - ok
10:51:16.0486 2812 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
10:51:16.0501 2812 arcsas - ok
10:51:16.0548 2812 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
10:51:16.0595 2812 AsyncMac - ok
10:51:16.0642 2812 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
10:51:16.0642 2812 atapi - ok
10:51:16.0720 2812 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
10:51:16.0751 2812 AudioEndpointBuilder - ok
10:51:16.0767 2812 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
10:51:16.0782 2812 Audiosrv - ok
10:51:16.0845 2812 [ A5C175039B1D6D85D0E79F5855828E4D ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
10:51:16.0845 2812 avgntflt - ok
10:51:16.0860 2812 [ 37B854C7D1F477E66C5B49C7700C47CC ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
10:51:16.0876 2812 avipbb - ok
10:51:16.0891 2812 [ CC4EBA25D80DE42BBC2BF3E553219388 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
10:51:16.0891 2812 avkmgr - ok
10:51:16.0985 2812 [ CF6A67C90951E3E763D2135DEDE44B85 ] BCM43XV C:\Windows\system32\DRIVERS\bcmwl6.sys
10:51:17.0188 2812 BCM43XV - ok
10:51:17.0235 2812 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
10:51:17.0281 2812 Beep - ok
10:51:17.0344 2812 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
10:51:17.0391 2812 BFE - ok
10:51:17.0453 2812 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll
10:51:17.0749 2812 BITS - ok
10:51:17.0796 2812 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
10:51:17.0843 2812 blbdrive - ok
10:51:17.0968 2812 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
10:51:17.0983 2812 Bonjour Service - ok
10:51:18.0015 2812 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
10:51:18.0046 2812 bowser - ok
10:51:18.0108 2812 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
10:51:18.0139 2812 BrFiltLo - ok
10:51:18.0171 2812 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
10:51:18.0217 2812 BrFiltUp - ok
10:51:18.0295 2812 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
10:51:18.0342 2812 Browser - ok
10:51:18.0576 2812 [ 639838B4BD0ED95F308650B910E3EC82 ] BrowserProtect C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
10:51:18.0685 2812 BrowserProtect - ok
10:51:18.0701 2812 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
10:51:18.0763 2812 Brserid - ok
10:51:18.0779 2812 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
10:51:18.0810 2812 BrSerWdm - ok
10:51:18.0841 2812 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
10:51:18.0904 2812 BrUsbMdm - ok
10:51:18.0935 2812 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
10:51:18.0997 2812 BrUsbSer - ok
10:51:19.0044 2812 [ 6D39C954799B63BA866910234CF7D726 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
10:51:19.0075 2812 BthEnum - ok
10:51:19.0107 2812 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
10:51:19.0138 2812 BTHMODEM - ok
10:51:19.0185 2812 [ 5904EFA25F829BF84EA6FB045134A1D8 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
10:51:19.0247 2812 BthPan - ok
10:51:19.0294 2812 [ 611FF3F2F095C8D4A6D4CFD9DCC09793 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
10:51:19.0341 2812 BTHPORT - ok
10:51:19.0372 2812 [ A4C8377FA4A994E07075107DBE2E3DCE ] BthServ C:\Windows\System32\bthserv.dll
10:51:19.0387 2812 BthServ - ok
10:51:19.0434 2812 [ D330803EAB2A15CAEC7F011F1D4CB30E ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
10:51:19.0450 2812 BTHUSB - ok
10:51:19.0481 2812 btwaudio - ok
10:51:19.0497 2812 btwavdt - ok
10:51:19.0497 2812 btwrchid - ok
10:51:19.0543 2812 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
10:51:19.0575 2812 cdfs - ok
10:51:19.0637 2812 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
10:51:19.0668 2812 cdrom - ok
10:51:19.0699 2812 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
10:51:19.0746 2812 CertPropSvc - ok
10:51:19.0793 2812 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\DRIVERS\circlass.sys
10:51:19.0840 2812 circlass - ok
10:51:19.0887 2812 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
10:51:19.0902 2812 CLFS - ok
10:51:19.0949 2812 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:51:19.0965 2812 clr_optimization_v2.0.50727_32 - ok
10:51:20.0043 2812 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:51:20.0121 2812 clr_optimization_v4.0.30319_32 - ok
10:51:20.0152 2812 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
10:51:20.0199 2812 CmBatt - ok
10:51:20.0214 2812 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
10:51:20.0214 2812 cmdide - ok
10:51:20.0292 2812 [ A94146208170D78906C93EE39CEBDD9F ] Com4QLBEx C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
10:51:20.0308 2812 Com4QLBEx - ok
10:51:20.0323 2812 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
10:51:20.0323 2812 Compbatt - ok
10:51:20.0339 2812 COMSysApp - ok
10:51:20.0355 2812 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
10:51:20.0370 2812 crcdisk - ok
10:51:20.0386 2812 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
10:51:20.0433 2812 Crusoe - ok
10:51:20.0495 2812 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll
10:51:20.0542 2812 CryptSvc - ok
10:51:20.0604 2812 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
10:51:20.0729 2812 DcomLaunch - ok
10:51:20.0776 2812 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
10:51:20.0838 2812 DfsC - ok
10:51:20.0947 2812 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
10:51:21.0088 2812 DFSR - ok
10:51:21.0150 2812 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
10:51:21.0197 2812 Dhcp - ok
10:51:21.0259 2812 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
10:51:21.0259 2812 disk - ok
10:51:21.0322 2812 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
10:51:21.0384 2812 Dnscache - ok
10:51:21.0415 2812 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
10:51:21.0462 2812 dot3svc - ok
10:51:21.0525 2812 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
10:51:21.0571 2812 DPS - ok
10:51:21.0634 2812 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
10:51:21.0681 2812 drmkaud - ok
10:51:21.0743 2812 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
10:51:21.0759 2812 DXGKrnl - ok
10:51:21.0790 2812 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
10:51:21.0805 2812 E1G60 - ok
10:51:21.0883 2812 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
10:51:21.0915 2812 EapHost - ok
10:51:21.0977 2812 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
10:51:21.0993 2812 Ecache - ok
10:51:22.0024 2812 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
10:51:22.0039 2812 ehRecvr - ok
10:51:22.0055 2812 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
10:51:22.0086 2812 ehSched - ok
10:51:22.0117 2812 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
10:51:22.0149 2812 ehstart - ok
10:51:22.0195 2812 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
10:51:22.0211 2812 elxstor - ok
10:51:22.0273 2812 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
10:51:22.0367 2812 EMDMgmt - ok
10:51:22.0429 2812 [ 4CD6B056C5FD9E97C06FE74C81479517 ] enecir C:\Windows\system32\DRIVERS\enecir.sys
10:51:22.0476 2812 enecir - ok
10:51:22.0507 2812 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
10:51:22.0554 2812 ErrDev - ok
10:51:22.0617 2812 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
10:51:22.0663 2812 EventSystem - ok
10:51:22.0710 2812 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
10:51:22.0773 2812 exfat - ok
10:51:22.0819 2812 [ 42F721C52EEF2D6DF9372A53813A83EF ] ezSharedSvc C:\Windows\System32\ezsvc7.dll
10:51:22.0851 2812 ezSharedSvc ( UnsignedFile.Multi.Generic ) - warning
10:51:22.0851 2812 ezSharedSvc - detected UnsignedFile.Multi.Generic (1)
10:51:22.0944 2812 Fabs - ok
10:51:22.0975 2812 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
10:51:23.0022 2812 fastfat - ok
10:51:23.0085 2812 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
10:51:23.0100 2812 fdc - ok
10:51:23.0147 2812 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
10:51:23.0178 2812 fdPHost - ok
10:51:23.0178 2812 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
10:51:23.0256 2812 FDResPub - ok
10:51:23.0287 2812 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
10:51:23.0303 2812 FileInfo - ok
10:51:23.0334 2812 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
10:51:23.0381 2812 Filetrace - ok
10:51:23.0506 2812 [ 5BD96D8C5411ACE71A7EAACAF0EF2903 ] FirebirdServerMAGIXInstance C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe
10:51:23.0662 2812 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning
10:51:23.0662 2812 FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic (1)
10:51:23.0677 2812 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
10:51:23.0740 2812 flpydisk - ok
10:51:23.0787 2812 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
10:51:23.0802 2812 FltMgr - ok
10:51:24.0052 2812 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
10:51:24.0099 2812 FontCache - ok
10:51:24.0161 2812 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
10:51:24.0177 2812 FontCache3.0.0.0 - ok
10:51:24.0208 2812 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
10:51:24.0270 2812 Fs_Rec - ok
10:51:24.0301 2812 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
10:51:24.0301 2812 gagp30kx - ok
10:51:24.0379 2812 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
10:51:24.0395 2812 GEARAspiWDM - ok
10:51:24.0426 2812 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
10:51:24.0582 2812 gpsvc - ok
10:51:24.0660 2812 [ 626A24ED1228580B9518C01930936DF9 ] gupdate1ca1932481cd220 C:\Program Files\Google\Update\GoogleUpdate.exe
10:51:24.0660 2812 gupdate1ca1932481cd220 - ok
10:51:24.0676 2812 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
10:51:24.0691 2812 gupdatem - ok
10:51:24.0816 2812 [ 833051C6C6C42117191935F734CFBD97 ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
10:51:24.0832 2812 hamachi - ok
10:51:24.0894 2812 [ A9157AFE4B6F32DCCE9BD18FECD53A0D ] hcw95bda C:\Windows\system32\Drivers\hcw95bda.sys
10:51:24.0925 2812 hcw95bda - ok
10:51:24.0957 2812 [ EB77F3C96C62E65CC25F04220B9A204A ] hcw95rc C:\Windows\system32\DRIVERS\hcw95rc.sys
10:51:24.0988 2812 hcw95rc - ok
10:51:25.0050 2812 [ 3F90E001369A07243763BD5A523D8722 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
10:51:25.0081 2812 HdAudAddService - ok
10:51:25.0128 2812 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
10:51:25.0175 2812 HDAudBus - ok
10:51:25.0222 2812 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
10:51:25.0284 2812 HidBth - ok
10:51:25.0362 2812 [ D8DF3722D5E961BAA1292AA2F12827E2 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
10:51:25.0409 2812 HidIr - ok
10:51:25.0456 2812 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll
10:51:25.0487 2812 hidserv - ok
10:51:25.0518 2812 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
10:51:25.0565 2812 HidUsb - ok
10:51:25.0596 2812 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
10:51:25.0643 2812 hkmsvc - ok
10:51:25.0690 2812 [ 3E71FF34FCC1B757D1F070239C538B43 ] hotcore3 C:\Windows\system32\DRIVERS\hotcore3.sys
10:51:25.0705 2812 hotcore3 - ok
10:51:25.0768 2812 [ A19B0BB5A7EB6DF2DD4A0711D36955EE ] HP Health Check Service c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
10:51:25.0799 2812 HP Health Check Service ( UnsignedFile.Multi.Generic ) - warning
10:51:25.0799 2812 HP Health Check Service - detected UnsignedFile.Multi.Generic (1)
10:51:25.0846 2812 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
10:51:25.0861 2812 HpCISSs - ok
10:51:25.0861 2812 [ 4EF10B866C62ABBEAF7511CDD05A19BE ] hpdskflt C:\Windows\system32\DRIVERS\hpdskflt.sys
10:51:25.0877 2812 hpdskflt - ok
10:51:25.0924 2812 [ 35956140E686D53BF676CF0C778880FC ] HpqKbFiltr C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
10:51:26.0002 2812 HpqKbFiltr - ok
10:51:26.0033 2812 [ D50FDAD1E57AA60F1973CFC77D905F0E ] hpqwmiex C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
10:51:26.0049 2812 hpqwmiex - ok
10:51:26.0095 2812 [ C0BEB56ED79B59B7B33D0AA6C38A0BA6 ] hpsrv C:\Windows\system32\Hpservice.exe
10:51:26.0095 2812 hpsrv - ok
10:51:26.0158 2812 [ 46D67209550973257601A533E2AC5785 ] HSFHWAZL C:\Windows\system32\DRIVERS\VSTAZL3.SYS
10:51:26.0205 2812 HSFHWAZL - ok
10:51:26.0251 2812 [ EC36F1D542ED4252390D446BF6D4DFD0 ] HSF_DPV C:\Windows\system32\DRIVERS\VSTDPV3.SYS
10:51:26.0329 2812 HSF_DPV - ok
10:51:26.0376 2812 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
10:51:26.0439 2812 HTTP - ok
10:51:26.0470 2812 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
10:51:26.0470 2812 i2omp - ok
10:51:26.0532 2812 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
10:51:26.0579 2812 i8042prt - ok
10:51:26.0626 2812 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
10:51:26.0626 2812 iaStorV - ok
10:51:26.0719 2812 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
10:51:26.0735 2812 IDriverT ( UnsignedFile.Multi.Generic ) - warning
10:51:26.0735 2812 IDriverT - detected UnsignedFile.Multi.Generic (1)
10:51:26.0829 2812 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:51:26.0891 2812 idsvc - ok
10:51:26.0922 2812 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
10:51:26.0938 2812 iirsp - ok
10:51:26.0985 2812 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
10:51:27.0031 2812 IKEEXT - ok
10:51:27.0078 2812 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
10:51:27.0094 2812 intelide - ok
10:51:27.0141 2812 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
10:51:27.0172 2812 intelppm - ok
10:51:27.0219 2812 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
10:51:27.0265 2812 IPBusEnum - ok
10:51:27.0281 2812 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:51:27.0328 2812 IpFilterDriver - ok
10:51:27.0390 2812 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
10:51:27.0468 2812 iphlpsvc - ok
10:51:27.0468 2812 IpInIp - ok
10:51:27.0499 2812 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
10:51:27.0531 2812 IPMIDRV - ok
10:51:27.0562 2812 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
10:51:27.0609 2812 IPNAT - ok
10:51:27.0687 2812 [ E8A39D41474BE42FD8830CED32932D6C ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
10:51:27.0718 2812 iPod Service - ok
10:51:27.0733 2812 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
10:51:27.0749 2812 IRENUM - ok
10:51:27.0765 2812 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
10:51:27.0780 2812 isapnp - ok
10:51:27.0843 2812 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
10:51:27.0858 2812 iScsiPrt - ok
10:51:27.0874 2812 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
10:51:27.0889 2812 iteatapi - ok
10:51:27.0905 2812 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
10:51:27.0921 2812 iteraid - ok
10:51:27.0967 2812 [ DA971CFC625D13636E04C405948E9D62 ] JMCR C:\Windows\system32\DRIVERS\jmcr.sys
10:51:27.0999 2812 JMCR - ok
10:51:28.0014 2812 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
10:51:28.0030 2812 kbdclass - ok
10:51:28.0061 2812 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
10:51:28.0077 2812 kbdhid - ok
10:51:28.0092 2812 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
10:51:28.0108 2812 KeyIso - ok
10:51:28.0139 2812 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
10:51:28.0155 2812 KSecDD - ok
10:51:28.0201 2812 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
10:51:28.0248 2812 KtmRm - ok
10:51:28.0342 2812 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll
10:51:28.0389 2812 LanmanServer - ok
10:51:28.0420 2812 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
10:51:28.0467 2812 LanmanWorkstation - ok
10:51:28.0513 2812 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
10:51:28.0560 2812 lltdio - ok
10:51:28.0607 2812 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
10:51:28.0669 2812 lltdsvc - ok
10:51:28.0701 2812 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
10:51:28.0763 2812 lmhosts - ok
10:51:28.0794 2812 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
10:51:28.0810 2812 LSI_FC - ok
10:51:28.0825 2812 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
10:51:28.0841 2812 LSI_SAS - ok
10:51:28.0841 2812 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
10:51:28.0857 2812 LSI_SCSI - ok
10:51:28.0857 2812 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
10:51:28.0903 2812 luafv - ok
10:51:28.0935 2812 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
10:51:28.0966 2812 Mcx2Svc - ok
10:51:28.0997 2812 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
10:51:29.0013 2812 megasas - ok
10:51:29.0091 2812 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
10:51:29.0106 2812 MegaSR - ok
10:51:29.0231 2812 Microsoft SharePoint Workspace Audit Service - ok
10:51:29.0247 2812 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
10:51:29.0293 2812 MMCSS - ok
10:51:29.0340 2812 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
10:51:29.0371 2812 Modem - ok
10:51:29.0403 2812 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
10:51:29.0449 2812 monitor - ok
10:51:29.0481 2812 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
10:51:29.0481 2812 mouclass - ok
10:51:29.0512 2812 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
10:51:29.0559 2812 mouhid - ok
10:51:29.0590 2812 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
10:51:29.0605 2812 MountMgr - ok
10:51:29.0652 2812 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
10:51:29.0668 2812 mpio - ok
10:51:29.0683 2812 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
10:51:29.0699 2812 mpsdrv - ok
10:51:29.0746 2812 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
10:51:29.0793 2812 MpsSvc - ok
10:51:29.0824 2812 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
10:51:29.0839 2812 Mraid35x - ok
10:51:29.0886 2812 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
10:51:29.0902 2812 MRxDAV - ok
10:51:29.0917 2812 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
10:51:29.0980 2812 mrxsmb - ok
10:51:30.0011 2812 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:51:30.0042 2812 mrxsmb10 - ok
10:51:30.0073 2812 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:51:30.0120 2812 mrxsmb20 - ok
10:51:30.0167 2812 [ 5457DCFA7C0DA43522F4D9D4049C1472 ] msahci C:\Windows\system32\drivers\msahci.sys
10:51:30.0167 2812 msahci - ok
10:51:30.0183 2812 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
10:51:30.0198 2812 msdsm - ok
10:51:30.0214 2812 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
10:51:30.0261 2812 MSDTC - ok
10:51:30.0292 2812 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
10:51:30.0339 2812 Msfs - ok
10:51:30.0385 2812 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
10:51:30.0401 2812 msisadrv - ok
10:51:30.0417 2812 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
10:51:30.0463 2812 MSiSCSI - ok
10:51:30.0463 2812 msiserver - ok
10:51:30.0510 2812 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
10:51:30.0557 2812 MSKSSRV - ok
10:51:30.0604 2812 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
10:51:30.0651 2812 MSPCLOCK - ok
10:51:30.0682 2812 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
10:51:30.0729 2812 MSPQM - ok
10:51:30.0775 2812 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
10:51:30.0775 2812 MsRPC - ok
10:51:30.0791 2812 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
10:51:30.0807 2812 mssmbios - ok
10:51:30.0822 2812 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
10:51:30.0869 2812 MSTEE - ok
10:51:30.0900 2812 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
10:51:30.0916 2812 Mup - ok
10:51:30.0947 2812 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
10:51:30.0994 2812 napagent - ok
10:51:31.0056 2812 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
10:51:31.0087 2812 NativeWifiP - ok
10:51:31.0150 2812 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
10:51:31.0197 2812 NDIS - ok
10:51:31.0228 2812 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
10:51:31.0275 2812 NdisTapi - ok
10:51:31.0290 2812 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
10:51:31.0337 2812 Ndisuio - ok
10:51:31.0415 2812 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
10:51:31.0462 2812 NdisWan - ok
10:51:31.0493 2812 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
10:51:31.0524 2812 NDProxy - ok
10:51:31.0540 2812 Netaapl - ok
10:51:31.0571 2812 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
10:51:31.0618 2812 NetBIOS - ok
10:51:31.0665 2812 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
10:51:31.0711 2812 netbt - ok
10:51:31.0711 2812 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
10:51:31.0727 2812 Netlogon - ok
10:51:31.0758 2812 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
10:51:31.0805 2812 Netman - ok
10:51:31.0836 2812 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
10:51:31.0867 2812 netprofm - ok
10:51:31.0899 2812 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:51:31.0914 2812 NetTcpPortSharing - ok
10:51:32.0055 2812 [ 83F310BF50985F2A52121F2614787C38 ] NETw5v32 C:\Windows\system32\DRIVERS\NETw5v32.sys
10:51:32.0226 2812 NETw5v32 - ok
10:51:32.0242 2812 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
10:51:32.0257 2812 nfrd960 - ok
10:51:32.0257 2812 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
10:51:32.0304 2812 NlaSvc - ok
10:51:32.0351 2812 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
10:51:32.0398 2812 Npfs - ok
10:51:32.0429 2812 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
10:51:32.0476 2812 nsi - ok
10:51:32.0507 2812 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
10:51:32.0554 2812 nsiproxy - ok
10:51:32.0616 2812 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
10:51:32.0679 2812 Ntfs - ok
10:51:32.0710 2812 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
10:51:32.0772 2812 ntrigdigi - ok
10:51:32.0803 2812 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
10:51:32.0819 2812 Null - ok
10:51:32.0866 2812 [ 1657F3FBD9061526C14FF37E79306F98 ] NVENETFD C:\Windows\system32\DRIVERS\nvm60x32.sys
10:51:32.0913 2812 NVENETFD - ok
10:51:32.0944 2812 [ F972DC046C374A9E02F2DFBE74EBB203 ] NVHDA C:\Windows\system32\drivers\nvhda32v.sys
10:51:32.0944 2812 NVHDA - ok
10:51:33.0193 2812 [ 24000B817CC84AC1555F41929879AF5A ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
10:51:33.0583 2812 nvlddmkm - ok
10:51:33.0599 2812 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
10:51:33.0615 2812 nvraid - ok
10:51:33.0630 2812 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
10:51:33.0646 2812 nvstor - ok
10:51:33.0693 2812 [ C4D17F11526F87BC762F31DA5BD2580B ] nvsvc C:\Windows\system32\nvvsvc.exe
10:51:33.0755 2812 nvsvc - ok
10:51:33.0786 2812 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
10:51:33.0802 2812 nv_agp - ok
10:51:33.0802 2812 NwlnkFlt - ok
10:51:33.0817 2812 NwlnkFwd - ok
10:51:33.0864 2812 [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
10:51:33.0911 2812 ohci1394 - ok
10:51:33.0989 2812 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:51:33.0989 2812 ose - ok
10:51:34.0145 2812 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
10:51:34.0395 2812 osppsvc - ok
10:51:34.0473 2812 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
10:51:34.0566 2812 p2pimsvc - ok
10:51:34.0582 2812 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
10:51:34.0629 2812 p2psvc - ok
10:51:34.0691 2812 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
10:51:34.0722 2812 Parport - ok
10:51:34.0769 2812 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
10:51:34.0769 2812 partmgr - ok
10:51:34.0800 2812 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
10:51:34.0831 2812 Parvdm - ok
10:51:34.0847 2812 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
10:51:34.0863 2812 PcaSvc - ok
10:51:34.0909 2812 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
10:51:34.0909 2812 pci - ok
10:51:34.0956 2812 [ FC175F5DDAB666D7F4D17449A547626F ] pciide C:\Windows\system32\drivers\pciide.sys
10:51:34.0972 2812 pciide - ok
10:51:34.0987 2812 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
10:51:35.0003 2812 pcmcia - ok
10:51:35.0065 2812 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
10:51:35.0159 2812 PEAUTH - ok
10:51:35.0237 2812 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
10:51:35.0377 2812 pla - ok
10:51:35.0424 2812 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
10:51:35.0455 2812 PlugPlay - ok
10:51:35.0502 2812 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
10:51:35.0533 2812 PNRPAutoReg - ok
10:51:35.0580 2812 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
10:51:35.0596 2812 PNRPsvc - ok
10:51:35.0658 2812 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
10:51:35.0705 2812 PolicyAgent - ok
10:51:35.0767 2812 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
10:51:35.0799 2812 PptpMiniport - ok
10:51:35.0845 2812 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
10:51:35.0892 2812 Processor - ok
10:51:35.0923 2812 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
10:51:35.0939 2812 ProfSvc - ok
10:51:35.0955 2812 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
10:51:35.0970 2812 ProtectedStorage - ok
10:51:36.0001 2812 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
10:51:36.0033 2812 PSched - ok
10:51:36.0095 2812 [ 153D02480A0A2F45785522E814C634B6 ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
10:51:36.0111 2812 PxHelp20 - ok
10:51:36.0173 2812 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
10:51:36.0220 2812 ql2300 - ok
10:51:36.0251 2812 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
10:51:36.0267 2812 ql40xx - ok
10:51:36.0329 2812 [ 26F65F22527515990532209BAFF78DEA ] QPCapSvc C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
10:51:36.0345 2812 QPCapSvc - ok
10:51:36.0376 2812 [ 511E9DDC22A63E5109C7F221F85DEB3D ] QPSched C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
10:51:36.0391 2812 QPSched - ok
10:51:36.0423 2812 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
10:51:36.0438 2812 QWAVE - ok
10:51:36.0438 2812 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
10:51:36.0469 2812 QWAVEdrv - ok
10:51:36.0501 2812 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
10:51:36.0547 2812 RasAcd - ok
10:51:36.0579 2812 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
10:51:36.0625 2812 RasAuto - ok
10:51:36.0657 2812 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
10:51:36.0719 2812 Rasl2tp - ok
10:51:36.0766 2812 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
10:51:36.0813 2812 RasMan - ok
10:51:36.0859 2812 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
10:51:36.0891 2812 RasPppoe - ok
10:51:36.0953 2812 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
10:51:36.0953 2812 RasSstp - ok
10:51:37.0000 2812 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
10:51:37.0031 2812 rdbss - ok
10:51:37.0062 2812 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
10:51:37.0109 2812 RDPCDD - ok
10:51:37.0140 2812 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
10:51:37.0156 2812 rdpdr - ok
10:51:37.0156 2812 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
10:51:37.0187 2812 RDPENCDD - ok
10:51:37.0218 2812 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
10:51:37.0265 2812 RDPWD - ok
10:51:37.0312 2812 [ 431723F23D0E065BEF502389E8FFDC10 ] Recovery Service for Windows C:\Windows\SMINST\BLService.exe
10:51:37.0343 2812 Recovery Service for Windows - ok
10:51:37.0405 2812 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
10:51:37.0452 2812 RemoteAccess - ok
10:51:37.0483 2812 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
10:51:37.0530 2812 RemoteRegistry - ok
10:51:37.0577 2812 [ 6482707F9F4DA0ECBAB43B2E0398A101 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
10:51:37.0593 2812 RFCOMM - ok
10:51:37.0608 2812 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
10:51:37.0655 2812 RpcLocator - ok
10:51:37.0686 2812 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
10:51:37.0717 2812 RpcSs - ok
10:51:37.0764 2812 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
10:51:37.0811 2812 rspndr - ok
10:51:37.0873 2812 [ 125C504A34D0A2E152517E342E7E432C ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh86.sys
10:51:37.0905 2812 RTL8169 - ok
10:51:37.0936 2812 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
10:51:37.0936 2812 SamSs - ok
10:51:37.0951 2812 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
10:51:37.0967 2812 sbp2port - ok
10:51:37.0998 2812 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
10:51:38.0029 2812 SCardSvr - ok
10:51:38.0092 2812 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
10:51:38.0185 2812 Schedule - ok
10:51:38.0232 2812 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
10:51:38.0248 2812 SCPolicySvc - ok
10:51:38.0248 2812 [ 8F36B54688C31EED4580129040C6A3D3 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
10:51:38.0295 2812 sdbus - ok
10:51:38.0326 2812 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
10:51:38.0373 2812 SDRSVC - ok
10:51:38.0404 2812 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
10:51:38.0466 2812 secdrv - ok
10:51:38.0497 2812 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
10:51:38.0544 2812 seclogon - ok
10:51:38.0575 2812 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
10:51:38.0622 2812 SENS - ok
10:51:38.0653 2812 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
10:51:38.0716 2812 Serenum - ok
10:51:38.0747 2812 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
10:51:38.0794 2812 Serial - ok
10:51:38.0825 2812 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
10:51:38.0841 2812 sermouse - ok
10:51:38.0872 2812 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
10:51:38.0919 2812 SessionEnv - ok
10:51:38.0950 2812 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
10:51:38.0965 2812 sffdisk - ok
10:51:38.0981 2812 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
10:51:39.0028 2812 sffp_mmc - ok
10:51:39.0043 2812 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
10:51:39.0075 2812 sffp_sd - ok
10:51:39.0075 2812 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
10:51:39.0137 2812 sfloppy - ok
10:51:39.0184 2812 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
10:51:39.0231 2812 SharedAccess - ok
10:51:39.0293 2812 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
10:51:39.0324 2812 ShellHWDetection - ok
10:51:39.0355 2812 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
10:51:39.0355 2812 sisagp - ok
10:51:39.0387 2812 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
10:51:39.0387 2812 SiSRaid2 - ok
10:51:39.0402 2812 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
10:51:39.0418 2812 SiSRaid4 - ok
10:51:39.0527 2812 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
10:51:39.0714 2812 slsvc - ok
10:51:39.0761 2812 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
10:51:39.0808 2812 SLUINotify - ok
10:51:39.0855 2812 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
10:51:39.0870 2812 Smb - ok
10:51:39.0886 2812 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
10:51:39.0901 2812 SNMPTRAP - ok
10:51:39.0917 2812 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
10:51:39.0917 2812 spldr - ok
10:51:39.0964 2812 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
10:51:39.0979 2812 Spooler - ok
10:51:40.0026 2812 [ 7F1B7C4D446CD3F926AF45B8C48BD593 ] sptd C:\Windows\system32\Drivers\sptd.sys
10:51:40.0026 2812 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 7F1B7C4D446CD3F926AF45B8C48BD593
10:51:40.0026 2812 sptd ( LockedFile.Multi.Generic ) - warning
10:51:40.0026 2812 sptd - detected LockedFile.Multi.Generic (1)
10:51:40.0073 2812 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
10:51:40.0135 2812 srv - ok
10:51:40.0151 2812 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
10:51:40.0213 2812 srv2 - ok
10:51:40.0245 2812 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
10:51:40.0245 2812 srvnet - ok
10:51:40.0276 2812 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
10:51:40.0291 2812 SSDPSRV - ok
10:51:40.0354 2812 [ B9E31F2A3640403B0EA3A867BB73B9F4 ] SSHDRV86 C:\Windows\system32\drivers\SSHDRV86.sys
10:51:40.0385 2812 SSHDRV86 ( UnsignedFile.Multi.Generic ) - warning
10:51:40.0385 2812 SSHDRV86 - detected UnsignedFile.Multi.Generic (1)
10:51:40.0416 2812 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
10:51:40.0432 2812 ssmdrv - ok
10:51:40.0494 2812 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
10:51:40.0541 2812 SstpSvc - ok
10:51:40.0619 2812 [ CF7DF19EC6EEE8D51B7FCCF4AAE93906 ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\STacSV.exe
10:51:40.0635 2812 STacSV - ok
10:51:40.0681 2812 Steam Client Service - ok
10:51:40.0759 2812 [ 87A094CA41BC86CE430DF0ED0C846DC8 ] STHDA C:\Windows\system32\DRIVERS\stwrt.sys
10:51:40.0806 2812 STHDA - ok
10:51:40.0869 2812 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
10:51:40.0915 2812 stisvc - ok
10:51:40.0947 2812 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
10:51:40.0947 2812 swenum - ok
10:51:41.0009 2812 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
10:51:41.0071 2812 swprv - ok
10:51:41.0103 2812 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
10:51:41.0103 2812 Symc8xx - ok
10:51:41.0118 2812 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
10:51:41.0134 2812 Sym_hi - ok
10:51:41.0149 2812 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
10:51:41.0149 2812 Sym_u3 - ok
10:51:41.0212 2812 [ 067CB9D745407A8C1B26E89A6A2CE152 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
10:51:41.0212 2812 SynTP - ok
10:51:41.0274 2812 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
10:51:41.0321 2812 SysMain - ok
10:51:41.0368 2812 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
10:51:41.0399 2812 TabletInputService - ok
10:51:41.0446 2812 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
10:51:41.0493 2812 TapiSrv - ok
10:51:41.0524 2812 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
10:51:41.0555 2812 TBS - ok
10:51:41.0602 2812 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
10:51:41.0649 2812 Tcpip - ok
10:51:41.0680 2812 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
10:51:41.0742 2812 Tcpip6 - ok
10:51:41.0773 2812 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
10:51:41.0820 2812 tcpipreg - ok
10:51:41.0851 2812 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
10:51:41.0898 2812 TDPIPE - ok
10:51:41.0929 2812 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
10:51:41.0976 2812 TDTCP - ok
10:51:42.0023 2812 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
10:51:42.0039 2812 tdx - ok
10:51:42.0070 2812 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
10:51:42.0085 2812 TermDD - ok
10:51:42.0117 2812 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
10:51:42.0179 2812 TermService - ok
10:51:42.0210 2812 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
10:51:42.0226 2812 Themes - ok
10:51:42.0257 2812 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
10:51:42.0273 2812 THREADORDER - ok
10:51:42.0304 2812 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
10:51:42.0319 2812 TrkWks - ok
10:51:42.0366 2812 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
10:51:42.0382 2812 TrustedInstaller - ok
10:51:42.0397 2812 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
10:51:42.0413 2812 tssecsrv - ok
10:51:42.0460 2812 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
10:51:42.0491 2812 tunmp - ok
10:51:42.0538 2812 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
10:51:42.0569 2812 tunnel - ok
10:51:42.0600 2812 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
10:51:42.0616 2812 uagp35 - ok
10:51:42.0647 2812 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
10:51:42.0694 2812 udfs - ok
10:51:42.0725 2812 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
10:51:42.0756 2812 UI0Detect - ok
10:51:42.0756 2812 UIUSys - ok
10:51:42.0787 2812 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
10:51:42.0787 2812 uliagpkx - ok
10:51:42.0819 2812 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
10:51:42.0834 2812 uliahci - ok
10:51:42.0834 2812 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
10:51:42.0850 2812 UlSata - ok
10:51:42.0850 2812 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
10:51:42.0865 2812 ulsata2 - ok
10:51:42.0881 2812 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
10:51:42.0928 2812 umbus - ok
10:51:42.0959 2812 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
10:51:42.0975 2812 upnphost - ok
10:51:43.0053 2812 [ 8BF5D980CDCE35FB26F05047144BB57E ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
10:51:43.0084 2812 USBAAPL - ok
10:51:43.0131 2812 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
10:51:43.0146 2812 usbccgp - ok
10:51:43.0177 2812 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
10:51:43.0240 2812 usbcir - ok
10:51:43.0271 2812 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
10:51:43.0287 2812 usbehci - ok
10:51:43.0333 2812 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
10:51:43.0349 2812 usbhub - ok
10:51:43.0380 2812 [ 7BDB7B0E7D45AC0402D78B90789EF47C ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
10:51:43.0427 2812 usbohci - ok
10:51:43.0489 2812 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
10:51:43.0536 2812 usbprint - ok
10:51:43.0583 2812 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
10:51:43.0630 2812 usbscan - ok
10:51:43.0661 2812 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:51:43.0677 2812 USBSTOR - ok
10:51:43.0677 2812 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
10:51:43.0723 2812 usbuhci - ok
10:51:43.0770 2812 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
10:51:43.0786 2812 usbvideo - ok
10:51:43.0817 2812 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
10:51:43.0864 2812 UxSms - ok
10:51:43.0911 2812 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
10:51:43.0957 2812 vds - ok
10:51:44.0004 2812 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
10:51:44.0051 2812 vga - ok
10:51:44.0082 2812 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
10:51:44.0129 2812 VgaSave - ok
10:51:44.0160 2812 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
10:51:44.0160 2812 viaagp - ok
10:51:44.0176 2812 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
10:51:44.0207 2812 ViaC7 - ok
10:51:44.0223 2812 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
10:51:44.0238 2812 viaide - ok
10:51:44.0254 2812 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
10:51:44.0269 2812 volmgr - ok
10:51:44.0301 2812 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
10:51:44.0316 2812 volmgrx - ok
10:51:44.0347 2812 [ 786DB5771F05EF300390399F626BF30A ] volsnap C:\Windows\system32\drivers\volsnap.sys
10:51:44.0363 2812 volsnap - ok
10:51:44.0379 2812 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
10:51:44.0379 2812 vsmraid - ok
10:51:44.0410 2812 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
10:51:44.0519 2812 VSS - ok
10:51:44.0566 2812 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
10:51:44.0613 2812 W32Time - ok
10:51:44.0644 2812 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
10:51:44.0691 2812 WacomPen - ok
10:51:44.0706 2812 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
10:51:44.0722 2812 Wanarp - ok
10:51:44.0722 2812 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
10:51:44.0737 2812 Wanarpv6 - ok
10:51:44.0769 2812 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
10:51:44.0815 2812 wcncsvc - ok
10:51:44.0847 2812 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
10:51:44.0862 2812 WcsPlugInService - ok
10:51:44.0893 2812 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
10:51:44.0893 2812 Wd - ok
10:51:44.0940 2812 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
10:51:44.0956 2812 Wdf01000 - ok
10:51:44.0987 2812 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
10:51:45.0018 2812 WdiServiceHost - ok
10:51:45.0018 2812 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
10:51:45.0034 2812 WdiSystemHost - ok
10:51:45.0081 2812 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
10:51:45.0112 2812 WebClient - ok
10:51:45.0159 2812 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
10:51:45.0205 2812 Wecsvc - ok
10:51:45.0237 2812 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
10:51:45.0252 2812 wercplsupport - ok
10:51:45.0283 2812 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
10:51:45.0330 2812 WerSvc - ok
10:51:45.0361 2812 [ 5C7BDCF5864DB00323FE2D90FA26A8A2 ] winachsf C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
10:51:45.0393 2812 winachsf - ok
10:51:45.0439 2812 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
10:51:45.0455 2812 WinDefend - ok
10:51:45.0471 2812 WinHttpAutoProxySvc - ok
10:51:45.0533 2812 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
10:51:45.0564 2812 Winmgmt - ok
10:51:45.0611 2812 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
10:51:45.0720 2812 WinRM - ok
10:51:45.0767 2812 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
10:51:45.0829 2812 Wlansvc - ok
10:51:45.0876 2812 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
10:51:45.0892 2812 WmiAcpi - ok
10:51:45.0939 2812 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
10:51:45.0970 2812 wmiApSrv - ok
10:51:46.0063 2812 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
10:51:46.0141 2812 WMPNetworkSvc - ok
10:51:46.0173 2812 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
10:51:46.0188 2812 WPCSvc - ok
10:51:46.0235 2812 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
10:51:46.0251 2812 WPDBusEnum - ok
10:51:46.0282 2812 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
10:51:46.0313 2812 WpdUsb - ok
10:51:46.0453 2812 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
10:51:46.0516 2812 WPFFontCache_v0400 - ok
10:51:46.0563 2812 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
10:51:46.0578 2812 ws2ifsl - ok
10:51:46.0641 2812 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\System32\wscsvc.dll
10:51:46.0641 2812 wscsvc - ok
10:51:46.0656 2812 WSearch - ok
10:51:46.0734 2812 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
10:51:46.0921 2812 wuauserv - ok
10:51:46.0984 2812 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
10:51:46.0999 2812 WudfPf - ok
10:51:47.0093 2812 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
10:51:47.0109 2812 WUDFRd - ok
10:51:47.0155 2812 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
10:51:47.0187 2812 wudfsvc - ok
10:51:47.0249 2812 [ 9EEA6D029FEF5F3016D089B1A603837D ] xnacc C:\Windows\system32\DRIVERS\xnacc.sys
10:51:47.0296 2812 xnacc - ok
10:51:47.0374 2812 ================ Scan global ===============================
10:51:47.0421 2812 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
10:51:47.0467 2812 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
10:51:47.0483 2812 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
10:51:47.0561 2812 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
10:51:47.0561 2812 [Global] - ok
10:51:47.0561 2812 ================ Scan MBR ==================================
10:51:47.0577 2812 [ 85D751F0E41B8E520AEE8C07A8DA777B ] \Device\Harddisk0\DR0
10:51:48.0091 2812 \Device\Harddisk0\DR0 - ok
10:51:48.0107 2812 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
10:51:48.0528 2812 \Device\Harddisk1\DR1 - ok
10:51:48.0528 2812 ================ Scan VBR ==================================
10:51:48.0528 2812 [ 9F08255350C8093FA843C6E49FA0F01D ] \Device\Harddisk0\DR0\Partition1
10:51:48.0544 2812 \Device\Harddisk0\DR0\Partition1 - ok
10:51:48.0544 2812 [ C23C8B0E7189FB86A4989767D0910B48 ] \Device\Harddisk0\DR0\Partition2
10:51:48.0544 2812 \Device\Harddisk0\DR0\Partition2 - ok
10:51:48.0544 2812 [ B3F2E0D4073B209B3857F9BF91644DB1 ] \Device\Harddisk1\DR1\Partition1
10:51:48.0544 2812 \Device\Harddisk1\DR1\Partition1 - ok
10:51:48.0544 2812 [ 9403DBF0BA69027589734606F60BF2D2 ] \Device\Harddisk1\DR1\Partition2
10:51:48.0544 2812 \Device\Harddisk1\DR1\Partition2 - ok
10:51:48.0559 2812 [ 9AB81504464FE256A6336622356DC5F3 ] \Device\Harddisk1\DR1\Partition3
10:51:48.0559 2812 \Device\Harddisk1\DR1\Partition3 - ok
10:51:48.0559 2812 [ 89E298C2BF686B9FB338DE14776F5DED ] \Device\Harddisk1\DR1\Partition4
10:51:48.0559 2812 \Device\Harddisk1\DR1\Partition4 - ok
10:51:48.0559 2812 ============================================================
10:51:48.0559 2812 Scan finished
10:51:48.0559 2812 ============================================================
10:51:48.0559 2804 Detected object count: 7
10:51:48.0559 2804 Actual detected object count: 7
10:56:14.0352 2804 ACEDRV07 ( UnsignedFile.Multi.Generic ) - skipped by user
10:56:14.0352 2804 ACEDRV07 ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:56:14.0352 2804 ezSharedSvc ( UnsignedFile.Multi.Generic ) - skipped by user
10:56:14.0352 2804 ezSharedSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:56:14.0352 2804 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - skipped by user
10:56:14.0352 2804 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:56:14.0352 2804 HP Health Check Service ( UnsignedFile.Multi.Generic ) - skipped by user
10:56:14.0352 2804 HP Health Check Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:56:14.0352 2804 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
10:56:14.0352 2804 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:56:14.0352 2804 sptd ( LockedFile.Multi.Generic ) - skipped by user
10:56:14.0352 2804 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
10:56:14.0352 2804 SSHDRV86 ( UnsignedFile.Multi.Generic ) - skipped by user
10:56:14.0352 2804 SSHDRV86 ( UnsignedFile.Multi.Generic ) - User select action: Skip

Alt 11.02.2013, 13:13   #10
markusg
/// Malware-holic
 
Schwarzer Bildschirm nach Windows-Anmeldung - Standard

Schwarzer Bildschirm nach Windows-Anmeldung



hi,
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu Schwarzer Bildschirm nach Windows-Anmeldung
beseitigen, bildschirm, bildschirm schwarz, erneut, folge, forum, guten, meldung, modus, neustart, nicht mehr, nicht möglich, nicht öffnen, notebook, ohne befund, plötzlich, problem, programm, schwarzer bildschirm, sicherheitscenter, starten, startet, strg, systemwiederherstellung, vista, windows, windows vista, öffnen




Ähnliche Themen: Schwarzer Bildschirm nach Windows-Anmeldung


  1. Vorübergehender Schwarzer Bildschirm mit beweglicher Maus nach Anmeldung
    Log-Analyse und Auswertung - 10.07.2015 (17)
  2. Nach anmeldung schwarzer bildschirm mit mauszeiger, alles ausprobiert nichts funktionert!
    Plagegeister aller Art und deren Bekämpfung - 21.04.2015 (12)
  3. Windows 7 nach Anmelden Schwarzer Bildschirm mit Maus / nach einer Zeit Windows Funktioniert nicht mehr
    Alles rund um Windows - 09.02.2015 (1)
  4. Ausus 2in1 Book Windows 8 Nach Anmeldung Schwarzer Bildschirm abgesicherter Modus nicht möglich
    Log-Analyse und Auswertung - 02.02.2015 (3)
  5. Windows 7 - nur Schwarzer Bildschirm, Anmeldung blind möglich aber keine Desktop Symbole oder Taskleiste
    Log-Analyse und Auswertung - 06.11.2014 (15)
  6. Windows 7: Nach Anmeldung schwarzer Desktop und fehlende Taskleiste
    Log-Analyse und Auswertung - 12.10.2014 (13)
  7. Windows 8 Schwarzer Bildschirm mit Maus (bei Anmeldung)
    Log-Analyse und Auswertung - 25.07.2014 (3)
  8. Windows 8: Schwarzer Bildschirm bei Anmeldung, aber Cursor sichtbar und Anmeldemaske sichtbar
    Log-Analyse und Auswertung - 17.07.2014 (23)
  9. Windows 7 weisser Bildschirm nach der Anmeldung
    Log-Analyse und Auswertung - 29.03.2014 (3)
  10. Windows 7 64 Bit Weißer Bildschirm nach der Anmeldung
    Plagegeister aller Art und deren Bekämpfung - 24.03.2014 (5)
  11. Weißer Bildschirm nach Anmeldung (Windows XP)
    Plagegeister aller Art und deren Bekämpfung - 17.12.2013 (4)
  12. weißer Bildschirm nach Anmeldung, im abges. Modus sofortiger Neustart nach Anmeldung
    Plagegeister aller Art und deren Bekämpfung - 22.11.2013 (12)
  13. Weißer Bildschirm nach Windows 7 Anmeldung
    Plagegeister aller Art und deren Bekämpfung - 02.11.2013 (7)
  14. Windows 7 -weißer Bildschirm nach Anmeldung
    Log-Analyse und Auswertung - 26.10.2013 (9)
  15. Weißer Bildschirm nach Anmeldung (Windows 7)
    Plagegeister aller Art und deren Bekämpfung - 15.08.2013 (11)
  16. grauer Bildschirm nach Anmeldung, Windows XP
    Log-Analyse und Auswertung - 01.01.2013 (13)
  17. Nach Anmeldung Schwarzer Bildschirm, bzw. Systemabsturz mit BSOD nach kurzer Zeit
    Log-Analyse und Auswertung - 25.04.2011 (11)

Zum Thema Schwarzer Bildschirm nach Windows-Anmeldung - Guten Morgen liebes Forum, seit 3 Tagen habe ich folgendes Problem: (Notebook mit Windows Vista) Nach dem Ausführen einer AVI-Datei wurde plötzlich der Bildschirm schwarz und man konnte auch mit - Schwarzer Bildschirm nach Windows-Anmeldung...
Archiv
Du betrachtest: Schwarzer Bildschirm nach Windows-Anmeldung auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.