Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: http://pagesinxt.com Umleitung

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 06.02.2013, 14:45   #1
DerHommel
 
http://pagesinxt.com Umleitung - Standard

http://pagesinxt.com Umleitung



Hallo zusammen!

So`n Mist!Da könnte ich just mit eurer Hilfe diesen lästigen GVU-Trojaner entfernen und nun hab ich auch schon das nächste Prob!!

Werde im Browser (Opera) immer wieder zu diese Site "umgeleitet" :

hxxp://pagesinxt.com

Wat ist das nun wieder für `ne neue Teufelei und wie zum Henker bekomme ich das wieder weg??

LG, Thomas

Alt 06.02.2013, 15:31   #2
markusg
/// Malware-holic
 
http://pagesinxt.com Umleitung - Standard

http://pagesinxt.com Umleitung



hi

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________

Alt 06.02.2013, 17:25   #3
DerHommel
 
http://pagesinxt.com Umleitung - Standard

http://pagesinxt.com Umleitung



OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 06.02.2013 17:15:55 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Surfer\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 6,64 Gb Available Physical Memory | 83,17% Memory free
15,97 Gb Paging File | 14,44 Gb Available in Paging File | 90,47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,66 Gb Total Space | 54,77 Gb Free Space | 56,08% Space Free | Partition Type: NTFS
Drive D: | 833,85 Gb Total Space | 678,43 Gb Free Space | 81,36% Space Free | Partition Type: NTFS
Drive E: | 297,99 Gb Total Space | 160,08 Gb Free Space | 53,72% Space Free | Partition Type: NTFS
 
Computer Name: DASDING | User Name: DerHommel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Surfer\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SbieSvc) -- C:\Hommel\Sandboxie\SbieSvc.exe (SANDBOXIE L.T.D)
SRV - (Secunia PSI Agent) -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe (Secunia)
SRV - (NisSrv) -- C:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- C:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (!SASCORE) -- C:\Hommel\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
SRV - (Intel(R) -- C:\Programme\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (iaStorA) -- C:\Windows\SysNative\drivers\iaStorA.sys (Intel Corporation)
DRV:64bit: - (iaStorF) -- C:\Windows\SysNative\drivers\iaStorF.sys (Intel Corporation)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (EtronXHCI) -- C:\Windows\SysNative\drivers\EtronXHCI.sys (Etron Technology Inc)
DRV:64bit: - (EtronHub3) -- C:\Windows\SysNative\drivers\EtronHub3.sys (Etron Technology Inc)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (PSI) -- C:\Windows\SysNative\drivers\psi_mf.sys (Secunia)
DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (RTVLANPT) -- C:\Windows\SysNative\drivers\RtVlan620.sys (Realtek Corporation)
DRV:64bit: - (TEAM) -- C:\Windows\SysNative\drivers\RtTeam60.sys (Realtek Corporation)
DRV:64bit: - (RTTEAMPT) -- C:\Windows\SysNative\drivers\RtTeam60.sys (Realtek Corporation)
DRV:64bit: - (RtNdPt60) -- C:\Windows\SysNative\drivers\RtNdPt60.sys (Realtek                                            )
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (XENfiltv) -- C:\Windows\SysNative\drivers\XENfiltv.sys (Creative Technology Ltd.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (SbieDrv) -- C:\Hommel\Sandboxie\SbieDrv.sys (SANDBOXIE L.T.D)
DRV - (SASDIFSV) -- C:\Hommel\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Hommel\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-153524545-3435180587-2222784198-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.tiberiumalliances.com/
IE - HKU\S-1-5-21-153524545-3435180587-2222784198-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-153524545-3435180587-2222784198-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-153524545-3435180587-2222784198-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 66 C0 71 08 B9 EE CD 01  [binary data]
IE - HKU\S-1-5-21-153524545-3435180587-2222784198-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-153524545-3435180587-2222784198-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-153524545-3435180587-2222784198-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-153524545-3435180587-2222784198-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.tiberiumalliances.com/de/
IE - HKU\S-1-5-21-153524545-3435180587-2222784198-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-153524545-3435180587-2222784198-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-153524545-3435180587-2222784198-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FE 8A 85 27 DF 03 CE 01  [binary data]
IE - HKU\S-1-5-21-153524545-3435180587-2222784198-1004\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-153524545-3435180587-2222784198-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
[2013.01.28 23:11:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
 
========== Chrome  ==========
 
CHR - homepage: hxxp://search.babylon.com/?affID=117023&babsrc=HP_ss&mntrId=ceac1189000000000000902b341869df
CHR - Extension: No name found = C:\Users\DerHommel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: No name found = C:\Users\DerHommel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: No name found = C:\Users\DerHommel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Users\DerHommel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Users\DerHommel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Hommel\Treiber\HD7850\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-153524545-3435180587-2222784198-1000..\Run: [DAEMON Tools Lite] C:\Hommel\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-153524545-3435180587-2222784198-1000..\Run: [SandboxieControl] C:\Hommel\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - HKU\S-1-5-21-153524545-3435180587-2222784198-1000..\Run: [Steam] D:\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-153524545-3435180587-2222784198-1004..\Run: [SandboxieControl] C:\Hommel\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\DerHommel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\DerHommel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Surfer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\DerHommel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {615A1925-0E5B-4767-A65E-3165AEAC32A3} hxxp://quickscan.bitdefender.com/qsax/qsax64.cab (Bitdefender QuickScan Control)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/121022/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{79062264-55F9-4249-B0FD-8A9B9D1F4494}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20 - AppInit_DLLs: (c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll) -  File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{d4c2088c-6997-11e2-af7a-902b341869df}\Shell - "" = AutoRun
O33 - MountPoints2\{d4c2088c-6997-11e2-af7a-902b341869df}\Shell\AutoRun\command - "" = F:\wubi.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX:64bit: {1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1} - .NET Framework
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1} - .NET Framework
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.05 20:17:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp
[2013.02.05 20:17:08 | 000,000,000 | ---D | C] -- C:\Users\DerHommel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winamp Erkennungs-Plug-in
[2013.02.05 20:17:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp Detect
[2013.02.05 20:16:58 | 000,000,000 | ---D | C] -- C:\Users\DerHommel\AppData\Roaming\Winamp
[2013.02.05 20:16:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp
[2013.02.05 20:08:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2013.02.05 18:56:11 | 000,000,000 | ---D | C] -- C:\TauschThomas
[2013.02.05 18:40:18 | 000,000,000 | R--D | C] -- C:\Sandbox
[2013.02.05 18:39:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
[2013.02.05 18:25:23 | 000,000,000 | ---D | C] -- C:\Users\DerHommel\AppData\Roaming\SUPERAntiSpyware.com
[2013.02.05 18:25:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2013.02.05 18:25:04 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2013.02.05 18:23:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.02.05 18:23:32 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.02.05 17:53:03 | 000,000,000 | ---D | C] -- C:\Users\DerHommel\AppData\Local\{E8E63CF2-221F-4AEC-A6B9-1B899E18BF31}
[2013.02.05 17:53:02 | 000,000,000 | ---D | C] -- C:\Users\DerHommel\AppData\Local\{1DBC45AB-BBB0-4100-BB9E-ED5E13EE4111}
[2013.02.04 21:51:02 | 000,000,000 | ---D | C] -- C:\Users\DerHommel\AppData\Local\Secunia PSI
[2013.02.04 21:50:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secunia
[2013.02.04 21:31:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fish Aquarium 3D Screensaver
[2013.02.04 21:30:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\3D Matrix Screensaver
[2013.02.04 21:29:06 | 000,528,384 | ---- | C] (Astro Gemini Software) -- C:\Windows\SysWow64\Astro Gemini Screensaver Manager.scr
[2013.02.04 21:29:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Astro Gemini Software
[2013.02.04 21:29:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Solar System 3D Screensaver
[2013.02.04 21:29:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Astro Gemini Software
[2013.02.04 21:26:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\3Planesoft
[2013.02.04 21:26:37 | 000,825,368 | ---- | C] (3Planesoft) -- C:\Windows\SysWow64\The_One_Ring_3D_Screensaver.scr
[2013.02.04 21:22:40 | 014,476,800 | ---- | C] (Jochen Moschko) -- C:\Windows\Kaminfeuer Comprehensive Edition Free.scr
[2013.02.04 21:22:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaminfeuer Comprehensive Edition Free
[2013.02.04 21:22:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Start
[2013.02.04 21:22:31 | 000,000,000 | ---D | C] -- C:\Users\DerHommel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start
[2013.02.04 21:04:29 | 000,000,000 | ---D | C] -- C:\Users\DerHommel\Desktop\Fat32formatterer
[2013.02.02 13:55:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013.02.02 13:49:34 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2013.02.02 13:48:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2013.02.02 13:48:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.02.01 23:41:35 | 000,000,000 | R--D | C] -- C:\Users\DerHommel\Dropbox
[2013.02.01 22:49:31 | 000,000,000 | ---D | C] -- C:\Users\DerHommel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2013.02.01 22:48:37 | 000,000,000 | ---D | C] -- C:\Users\DerHommel\AppData\Roaming\Dropbox
[2013.02.01 09:21:35 | 000,000,000 | ---D | C] -- C:\Users\DerHommel\AppData\Local\Diagnostics
[2013.02.01 08:41:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Emsisoft Anti-Malware
[2013.02.01 08:41:30 | 000,000,000 | ---D | C] -- C:\Users\DerHommel\Documents\Anti-Malware
[2013.01.31 00:34:01 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins
[2013.01.31 00:34:01 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions
[2013.01.28 23:15:32 | 000,283,200 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2013.01.28 23:11:41 | 000,000,000 | ---D | C] -- C:\ProgramData\BrowserProtect
[2013.01.28 23:11:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.01.28 23:11:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2013.01.28 23:11:05 | 000,564,824 | ---- | C] (Duplex Secure Ltd.) -- C:\Windows\SysNative\drivers\sptd.sys
[2013.01.28 23:10:49 | 000,000,000 | ---D | C] -- C:\Users\DerHommel\AppData\Roaming\DAEMON Tools Lite
[2013.01.28 23:09:30 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2013.01.26 09:44:09 | 000,000,000 | ---D | C] -- C:\Users\DerHommel\AppData\Roaming\Windows SideBar
[2013.01.26 09:37:07 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\50 Minianwendungen
[2013.01.26 08:20:35 | 000,000,000 | ---D | C] -- C:\Users\DerHommel\AppData\Local\Zattoo
[2013.01.26 08:20:18 | 000,000,000 | ---D | C] -- C:\Users\DerHommel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zattoo4
[2013.01.26 08:20:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zattoo4
[2013.01.26 08:08:44 | 000,000,000 | ---D | C] -- C:\Users\DerHommel\Documents\Podcast Studio
[2013.01.26 08:08:15 | 000,000,000 | ---D | C] -- C:\Users\DerHommel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\concept design
[2013.01.26 08:08:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\concept design
[2013.01.26 08:08:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\onlineTV 8
[2013.01.26 08:08:04 | 000,962,560 | ---- | C] (East Wind Software) -- C:\Windows\SysWow64\advdaudio.ocx
[2013.01.26 08:08:03 | 000,966,144 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\SysWow64\NCTAudioInformation2.dll
[2013.01.26 08:08:03 | 000,877,568 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\NCTAudioFile2.dll
[2013.01.26 08:08:03 | 000,634,880 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\SysWow64\NCTAudioEditor2.dll
[2013.01.26 08:08:03 | 000,522,752 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\SysWow64\NCTAudioTransform2.dll
[2013.01.26 08:08:03 | 000,467,968 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\SysWow64\NCTAudioRecord2.dll
[2013.01.26 08:08:03 | 000,467,456 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\SysWow64\NCTAudioPlayer2.dll
[2013.01.26 08:08:02 | 000,413,696 | ---- | C] (Gabest) -- C:\Windows\SysWow64\flvsplitter.ax
[2013.01.26 08:08:02 | 000,000,000 | ---D | C] -- C:\Users\DerHommel\Documents\onlineTV 8
[2013.01.26 08:08:02 | 000,000,000 | ---D | C] -- C:\Users\DerHommel\AppData\Roaming\concept design
[2013.01.26 08:06:16 | 014,263,920 | ---- | C] (concept/design GmbH                                         ) -- C:\Users\Public\Documents\otv821setup.exe
[2013.01.19 16:39:23 | 000,000,000 | ---D | C] -- C:\Users\DerHommel\AppData\Local\Creative
[2013.01.19 16:37:46 | 000,000,000 | ---D | C] -- C:\Users\DerHommel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Creative
[2013.01.19 16:37:46 | 000,000,000 | ---D | C] -- C:\Users\DerHommel\AppData\Roaming\Creative
[2013.01.19 16:33:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Creative
[2013.01.19 16:31:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Creative
[2013.01.19 16:31:57 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Creative Installation Information
[2013.01.19 16:31:43 | 002,906,591 | ---- | C] (Creative) -- C:\Windows\SysWow64\Sens_oal.dll
[2013.01.19 16:31:43 | 001,942,528 | ---- | C] (Creative) -- C:\Windows\SysNative\Sens_oal.dll
[2013.01.19 16:31:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Creative Labs Shared
[2013.01.19 16:31:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative
[2013.01.19 16:31:04 | 000,000,000 | ---D | C] -- C:\Program Files\Creative
[2013.01.19 16:30:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Creative
[2013.01.19 00:13:36 | 000,000,000 | ---D | C] -- C:\Users\DerHommel\Documents\4A Games
[2013.01.17 23:55:43 | 000,000,000 | ---D | C] -- C:\Users\DerHommel\AppData\Local\Adobe
[2013.01.17 23:54:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2013.01.17 23:54:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2013.01.15 12:46:17 | 000,000,000 | ---D | C] -- C:\Users\DerHommel\AppData\Roaming\Malwarebytes
[2013.01.15 12:46:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.01.15 12:45:50 | 000,000,000 | ---D | C] -- C:\Users\DerHommel\AppData\Local\Programs
[2013.01.15 12:42:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013.01.15 12:42:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013.01.15 12:41:06 | 000,000,000 | ---D | C] -- C:\Users\DerHommel\AppData\Local\Google
[2013.01.15 12:41:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013.01.15 12:27:02 | 000,000,000 | ---D | C] -- C:\Users\DerHommel\AppData\Roaming\QuickScan
[2013.01.15 12:24:37 | 000,000,000 | ---D | C] -- C:\Users\DerHommel\AppData\Roaming\Bevy
[2013.01.15 10:56:01 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MpEngineStore
[2013.01.13 12:31:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\THQ
[2013.01.13 12:30:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Company of Heroes Eastern Front
[2013.01.13 11:54:11 | 000,000,000 | ---D | C] -- C:\Users\DerHommel\AppData\Roaming\Uzen
[2013.01.13 11:54:11 | 000,000,000 | ---D | C] -- C:\Users\DerHommel\AppData\Roaming\Avno
[2013.01.13 11:54:11 | 000,000,000 | ---D | C] -- C:\Users\DerHommel\AppData\Roaming\Aliwh
[2013.01.13 11:54:09 | 000,000,000 | ---D | C] -- C:\Users\DerHommel\AppData\Roaming\Zodee
[2013.01.13 11:54:09 | 000,000,000 | ---D | C] -- C:\Users\DerHommel\AppData\Roaming\Kuemyr
[2013.01.13 11:54:09 | 000,000,000 | ---D | C] -- C:\Users\DerHommel\AppData\Roaming\Daupat
[2013.01.13 11:25:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2013.01.13 11:22:57 | 000,000,000 | ---D | C] -- C:\Users\DerHommel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Blitzkrieg Mod
[2013.01.12 12:41:40 | 000,000,000 | ---D | C] -- C:\Users\DerHommel\AppData\Local\Risen
[2013.01.12 12:00:09 | 000,000,000 | -HSD | C] -- C:\ProgramData\SecuROM
[2013.01.12 12:00:08 | 000,000,000 | ---D | C] -- C:\Users\DerHommel\Documents\ArcaniA - Gothic 4
[2013.01.11 17:22:24 | 000,000,000 | ---D | C] -- C:\Users\DerHommel\AppData\Local\Two Worlds II
[2013.01.11 17:20:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Ubisoft
[2013.01.11 17:11:58 | 000,000,000 | ---D | C] -- C:\Users\DerHommel\AppData\Local\PAYDAY
[2013.01.11 17:10:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2013.01.11 15:00:43 | 000,000,000 | ---D | C] -- C:\Users\DerHommel\AppData\Local\4A Games
[2013.01.10 22:06:00 | 000,000,000 | ---D | C] -- C:\Users\DerHommel\Documents\Square Enix
[2013.01.10 22:05:45 | 000,000,000 | ---D | C] -- C:\Users\DerHommel\AppData\Local\76561198035409203
[2013.01.10 22:05:21 | 000,466,520 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2013.01.10 22:05:21 | 000,445,016 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2013.01.10 22:05:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL
[2013.01.10 21:53:12 | 000,000,000 | ---D | C] -- C:\Users\DerHommel\AppData\Local\dxhr
[2013.01.10 21:52:15 | 000,000,000 | ---D | C] -- C:\Users\DerHommel\AppData\Local\28050
[2013.01.10 21:32:26 | 000,000,000 | ---D | C] -- C:\Users\DerHommel\AppData\Local\Activision
[2013.01.10 20:53:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2013.01.10 20:53:52 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core
[2013.01.10 20:33:41 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2013.01.10 19:42:36 | 000,116,224 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\fms.dll
[2013.01.10 19:41:53 | 000,093,696 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysWow64\fms.dll
[2013.01.10 19:06:30 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2013.01.10 18:45:58 | 000,000,000 | ---D | C] -- C:\Users\DerHommel\Documents\my games
[2013.01.10 17:53:56 | 000,000,000 | ---D | C] -- C:\Windows\de
[2013.01.10 17:50:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2013.01.10 17:49:25 | 000,000,000 | ---D | C] -- C:\Users\DerHommel\AppData\Roaming\Macromedia
[2013.01.10 17:49:25 | 000,000,000 | ---D | C] -- C:\Users\DerHommel\AppData\Roaming\Adobe
[2013.01.10 17:46:31 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2013.01.10 17:46:29 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2013.01.10 17:46:09 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2013.01.10 17:46:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2013.01.10 17:46:08 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2013.01.10 17:45:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2013.01.10 17:45:34 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2013.01.10 17:45:25 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2013.01.10 17:44:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2013.01.10 17:42:55 | 000,000,000 | ---D | C] -- C:\Users\DerHommel\AppData\Local\Windows Live
[2013.01.10 17:42:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2013.01.10 17:35:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013.01.10 17:34:49 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013.01.10 17:34:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2013.01.10 15:05:10 | 000,000,000 | ---D | C] -- C:\Users\DerHommel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
[2013.01.10 14:59:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2013.01.10 14:59:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2013.01.10 14:48:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2013.01.10 14:48:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2013.01.09 23:23:01 | 000,000,000 | ---D | C] -- C:\Users\DerHommel\AppData\Roaming\ATI
[2013.01.09 23:23:01 | 000,000,000 | ---D | C] -- C:\Users\DerHommel\AppData\Local\ATI
[2013.01.09 23:23:01 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2013.01.09 23:20:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2013.01.09 23:11:33 | 000,000,000 | ---D | C] -- C:\Users\DerHommel\AppData\Local\WindowsUpdate
[2013.01.09 22:43:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2013.01.09 22:43:36 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD
[2013.01.09 22:43:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2013.01.09 22:43:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2013.01.09 22:43:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2013.01.09 22:43:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2013.01.09 22:42:41 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2013.01.09 22:35:35 | 000,000,000 | ---D | C] -- C:\Users\DerHommel\AppData\Roaming\Opera
[2013.01.09 22:35:35 | 000,000,000 | ---D | C] -- C:\Users\DerHommel\AppData\Local\Opera
[2013.01.09 22:35:34 | 000,000,000 | ---D | C] -- C:\Program Files\Opera x64
[2013.01.09 22:35:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Opera x64
[2013.01.09 22:34:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel Corporation
[2013.01.09 22:34:01 | 000,000,000 | ---D | C] -- C:\Users\DerHommel\AppData\Roaming\Intel Corporation
[2013.01.09 22:29:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel
[2013.01.09 22:29:18 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2013.01.09 22:28:57 | 000,000,000 | ---D | C] -- C:\Users\DerHommel\AppData\Roaming\InstallShield
[2013.01.09 22:27:05 | 000,058,472 | ---- | C] (Realtek Corporation) -- C:\Windows\SysNative\drivers\RtTeam60.sys
[2013.01.09 22:27:05 | 000,032,360 | ---- | C] (Realtek Corporation) -- C:\Windows\SysNative\drivers\RtVlan620.sys
[2013.01.09 22:27:05 | 000,027,136 | ---- | C] (Realtek                                            ) -- C:\Windows\SysNative\drivers\RtNdPt60.sys
[2013.01.09 22:27:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Realtek
[2013.01.09 22:24:06 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2013.01.09 22:24:06 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2013.01.09 22:23:59 | 003,308,376 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64H.dll
[2013.01.09 22:23:59 | 000,426,328 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64H.dll
[2013.01.09 22:23:59 | 000,372,056 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64H.dll
[2013.01.09 22:23:59 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RH3DHT64.dll
[2013.01.09 22:23:59 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RH3DAA64.dll
[2013.01.09 22:23:59 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64H.dll
[2013.01.09 22:23:59 | 000,136,024 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64H.dll
[2013.01.09 22:23:59 | 000,118,104 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64H.dll
[2013.01.09 22:23:59 | 000,097,624 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64H.dll
[2013.01.09 22:23:59 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64H.dll
[2013.01.09 22:23:59 | 000,074,072 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64H.dll
[2013.01.09 22:23:58 | 002,605,400 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll
[2013.01.09 22:23:58 | 002,131,288 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll
[2013.01.09 22:23:58 | 001,015,640 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPOShell64.dll
[2013.01.09 22:23:58 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2013.01.09 22:23:58 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2013.01.09 22:23:58 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2013.01.09 22:23:58 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2013.01.09 22:23:58 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2013.01.09 22:23:58 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2013.01.09 22:23:58 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2013.01.09 22:23:58 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2013.01.09 22:23:58 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2013.01.09 22:23:58 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2013.01.09 22:23:58 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2013.01.09 22:23:57 | 002,533,952 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2013.01.09 22:23:52 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
[2013.01.09 22:23:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2013.01.09 22:19:48 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll
[2013.01.09 22:19:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2013.01.09 22:19:34 | 000,000,000 | ---D | C] -- C:\Intel
[2013.01.09 22:18:24 | 000,088,832 | ---- | C] (Etron Technology Inc) -- C:\Windows\SysNative\drivers\EtronXHCI.sys
[2013.01.09 22:18:24 | 000,065,152 | ---- | C] (Etron Technology Inc) -- C:\Windows\SysNative\drivers\EtronHub3.sys
[2013.01.09 22:18:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Etron Technology
[2013.01.09 22:17:51 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2013.01.09 22:13:12 | 000,646,248 | ---- | C] (Realtek                                            ) -- C:\Windows\SysNative\drivers\Rt64win7.sys
[2013.01.09 22:13:09 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2013.01.09 22:13:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2013.01.09 22:12:10 | 000,000,000 | ---D | C] -- C:\Hommel
[2013.01.09 21:59:09 | 000,000,000 | R--D | C] -- C:\Users\DerHommel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013.01.09 21:59:09 | 000,000,000 | R--D | C] -- C:\Users\DerHommel\Searches
[2013.01.09 21:59:09 | 000,000,000 | R--D | C] -- C:\Users\DerHommel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013.01.09 21:59:02 | 000,000,000 | ---D | C] -- C:\Users\DerHommel\AppData\Roaming\Identities
[2013.01.09 21:59:01 | 000,000,000 | R--D | C] -- C:\Users\DerHommel\Contacts
[2013.01.09 21:59:00 | 000,000,000 | ---D | C] -- C:\Users\DerHommel\AppData\Local\VirtualStore
[2013.01.09 21:58:55 | 000,000,000 | --SD | C] -- C:\Users\DerHommel\AppData\Roaming\Microsoft
[2013.01.09 21:58:55 | 000,000,000 | R--D | C] -- C:\Users\DerHommel\Videos
[2013.01.09 21:58:55 | 000,000,000 | R--D | C] -- C:\Users\DerHommel\Saved Games
[2013.01.09 21:58:55 | 000,000,000 | R--D | C] -- C:\Users\DerHommel\Pictures
[2013.01.09 21:58:55 | 000,000,000 | R--D | C] -- C:\Users\DerHommel\Music
[2013.01.09 21:58:55 | 000,000,000 | R--D | C] -- C:\Users\DerHommel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013.01.09 21:58:55 | 000,000,000 | R--D | C] -- C:\Users\DerHommel\Links
[2013.01.09 21:58:55 | 000,000,000 | R--D | C] -- C:\Users\DerHommel\Favorites
[2013.01.09 21:58:55 | 000,000,000 | R--D | C] -- C:\Users\DerHommel\Downloads
[2013.01.09 21:58:55 | 000,000,000 | R--D | C] -- C:\Users\DerHommel\Documents
[2013.01.09 21:58:55 | 000,000,000 | R--D | C] -- C:\Users\DerHommel\Desktop
[2013.01.09 21:58:55 | 000,000,000 | R--D | C] -- C:\Users\DerHommel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013.01.09 21:58:55 | 000,000,000 | -HSD | C] -- C:\Users\DerHommel\Vorlagen
[2013.01.09 21:58:55 | 000,000,000 | -HSD | C] -- C:\Users\DerHommel\AppData\Local\Verlauf
[2013.01.09 21:58:55 | 000,000,000 | -HSD | C] -- C:\Users\DerHommel\AppData\Local\Temporary Internet Files
[2013.01.09 21:58:55 | 000,000,000 | -HSD | C] -- C:\Users\DerHommel\Startmenü
[2013.01.09 21:58:55 | 000,000,000 | -HSD | C] -- C:\Users\DerHommel\SendTo
[2013.01.09 21:58:55 | 000,000,000 | -HSD | C] -- C:\Users\DerHommel\Recent
[2013.01.09 21:58:55 | 000,000,000 | -HSD | C] -- C:\Users\DerHommel\Netzwerkumgebung
[2013.01.09 21:58:55 | 000,000,000 | -HSD | C] -- C:\Users\DerHommel\Lokale Einstellungen
[2013.01.09 21:58:55 | 000,000,000 | -HSD | C] -- C:\Users\DerHommel\Documents\Eigene Videos
[2013.01.09 21:58:55 | 000,000,000 | -HSD | C] -- C:\Users\DerHommel\Documents\Eigene Musik
[2013.01.09 21:58:55 | 000,000,000 | -HSD | C] -- C:\Users\DerHommel\Eigene Dateien
[2013.01.09 21:58:55 | 000,000,000 | -HSD | C] -- C:\Users\DerHommel\Documents\Eigene Bilder
[2013.01.09 21:58:55 | 000,000,000 | -HSD | C] -- C:\Users\DerHommel\Druckumgebung
[2013.01.09 21:58:55 | 000,000,000 | -HSD | C] -- C:\Users\DerHommel\Cookies
[2013.01.09 21:58:55 | 000,000,000 | -HSD | C] -- C:\Users\DerHommel\AppData\Local\Anwendungsdaten
[2013.01.09 21:58:55 | 000,000,000 | -HSD | C] -- C:\Users\DerHommel\Anwendungsdaten
[2013.01.09 21:58:55 | 000,000,000 | -H-D | C] -- C:\Users\DerHommel\AppData
[2013.01.09 21:58:55 | 000,000,000 | ---D | C] -- C:\Users\DerHommel\AppData\Local\Temp
[2013.01.09 21:58:55 | 000,000,000 | ---D | C] -- C:\Users\DerHommel\AppData\Local\Microsoft
[2013.01.09 21:58:55 | 000,000,000 | ---D | C] -- C:\Users\DerHommel\AppData\Roaming\Media Center Programs
[2013.01.09 21:58:17 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2013.01.09 21:58:17 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2013.01.09 21:58:17 | 000,000,000 | -HSD | C] -- C:\Recovery
[2013.01.09 21:58:17 | 000,000,000 | -HSD | C] -- C:\Programme
[2013.01.09 21:58:17 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien
[2013.01.09 21:58:17 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2013.01.09 21:58:17 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2013.01.09 21:58:17 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2013.01.09 21:58:17 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2013.01.09 21:58:17 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2013.01.09 21:58:17 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2013.01.09 21:58:17 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2013.01.09 21:55:35 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2013.01.09 21:51:16 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2013.01.09 21:46:33 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2013.01.09 21:45:47 | 000,000,000 | ---D | C] -- C:\Windows\Panther
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.06 17:10:31 | 000,017,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.06 17:10:31 | 000,017,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.06 17:04:43 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.02.06 17:03:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.06 17:03:16 | 2134,200,319 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.06 14:51:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.02.06 05:25:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.05 18:54:57 | 000,001,994 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2013.02.05 18:42:19 | 000,001,078 | ---- | M] () -- C:\Users\DerHommel\Desktop\Secunia PSI.lnk
[2013.02.05 18:39:12 | 000,000,846 | ---- | M] () -- C:\Users\DerHommel\Desktop\Sandboxed Web Browser.lnk
[2013.02.05 18:25:06 | 000,001,712 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013.02.05 18:23:35 | 000,000,832 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.02.04 21:02:45 | 000,073,728 | ---- | M] ( ) -- C:\Users\DerHommel\Desktop\guiformat.exe
[2013.02.04 15:17:00 | 000,000,800 | ---- | M] () -- C:\Users\DerHommel\Documents\cc_20130204_151658.reg
[2013.02.04 15:16:50 | 000,006,926 | ---- | M] () -- C:\Users\DerHommel\Documents\cc_20130204_151646.reg
[2013.02.02 17:08:16 | 000,000,146 | ---- | M] () -- C:\Users\DerHommel\Desktop\Java (32-Bit).lnk
[2013.02.01 22:49:40 | 000,001,060 | ---- | M] () -- C:\Users\DerHommel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.01.31 23:48:34 | 000,000,097 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013.01.31 00:11:08 | 001,621,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.01.31 00:11:08 | 000,699,726 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.01.31 00:11:08 | 000,654,564 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.01.31 00:11:08 | 000,149,364 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.01.31 00:11:08 | 000,121,934 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.01.28 23:15:32 | 000,283,200 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2013.01.28 23:11:06 | 000,564,824 | ---- | M] (Duplex Secure Ltd.) -- C:\Windows\SysNative\drivers\sptd.sys
[2013.01.26 15:44:49 | 000,000,146 | ---- | M] () -- C:\Users\DerHommel\Desktop\Internetoptionen.lnk
[2013.01.26 15:29:27 | 000,000,639 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.01.26 11:13:32 | 000,000,911 | ---- | M] () -- C:\Users\DerHommel\Desktop\Eastern Front Launcher.lnk
[2013.01.26 09:36:40 | 000,000,055 | ---- | M] () -- C:\Users\DerHommel\AppData\Roaming\mbam.context.scan
[2013.01.26 09:18:14 | 000,001,089 | ---- | M] () -- C:\Users\DerHommel\Desktop\Tausch.lnk
[2013.01.26 08:30:02 | 000,017,408 | ---- | M] () -- C:\Users\DerHommel\AppData\Local\WebpageIcons.db
[2013.01.26 08:20:18 | 000,001,565 | ---- | M] () -- C:\Users\DerHommel\Desktop\Zattoo.lnk
[2013.01.26 07:42:03 | 014,263,920 | ---- | M] (concept/design GmbH                                         ) -- C:\Users\Public\Documents\otv821setup.exe
[2013.01.26 07:36:58 | 016,245,112 | ---- | M] () -- C:\Users\Public\Documents\Zattoo-4.0.5.exe
[2013.01.26 07:20:49 | 000,650,657 | ---- | M] () -- C:\Users\Public\Documents\lame3.99.5.zip
[2013.01.19 16:31:55 | 000,000,376 | RH-- | M] () -- C:\Windows\ctfile.rfc
[2013.01.19 16:31:46 | 000,466,520 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2013.01.19 16:31:46 | 000,445,016 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2013.01.19 11:30:48 | 000,825,368 | ---- | M] (3Planesoft) -- C:\Windows\SysWow64\The_One_Ring_3D_Screensaver.scr
[2013.01.17 23:55:32 | 000,136,489 | ---- | M] () -- C:\Users\DerHommel\Desktop\295078304.pdf
[2013.01.16 11:57:53 | 000,001,320 | ---- | M] () -- C:\Users\DerHommel\Desktop\Roaming.lnk
[2013.01.15 08:53:03 | 000,002,198 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013.01.13 12:15:35 | 000,001,564 | ---- | M] () -- C:\Users\DerHommel\Desktop\scenarios.lnk
[2013.01.13 11:51:25 | 000,001,558 | ---- | M] () -- C:\Users\DerHommel\Desktop\ModernCombat.lnk
[2013.01.13 11:27:36 | 000,001,217 | ---- | M] () -- C:\Users\DerHommel\Desktop\Blitzkrieg Mod Launcher.lnk
[2013.01.13 11:27:36 | 000,001,130 | ---- | M] () -- C:\Users\DerHommel\Desktop\Blitzkrieg Mod.lnk
[2013.01.11 18:30:55 | 001,595,318 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.01.10 20:37:39 | 000,274,464 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.01.10 20:17:03 | 000,000,883 | ---- | M] () -- C:\Users\DerHommel\Desktop\common.lnk
[2013.01.10 17:50:10 | 000,000,020 | ---- | M] () -- C:\Windows\(øi
[2013.01.09 23:26:30 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.01.09 23:26:30 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013.01.09 22:45:32 | 000,000,497 | ---- | M] () -- C:\Users\DerHommel\Desktop\Windows-Firewall.lnk
[2013.01.09 22:44:37 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2013.01.09 21:56:08 | 000,057,050 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2013.01.09 21:56:08 | 000,057,050 | ---- | M] () -- C:\Windows\SysNative\license.rtf
 
========== Files Created - No Company Name ==========
 
[2013.02.05 18:42:19 | 000,001,078 | ---- | C] () -- C:\Users\DerHommel\Desktop\Secunia PSI.lnk
[2013.02.05 18:39:22 | 000,000,846 | ---- | C] () -- C:\Users\DerHommel\Desktop\Sandboxed Web Browser.lnk
[2013.02.05 18:39:20 | 000,001,994 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2013.02.05 18:25:06 | 000,001,712 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013.02.05 18:23:35 | 000,000,832 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.02.04 21:50:52 | 000,001,078 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
[2013.02.04 21:31:49 | 000,003,390 | ---- | C] () -- C:\Windows\SysWow64\Fish Aquarium 3D Screensaver.html
[2013.02.04 21:31:48 | 007,548,928 | ---- | C] () -- C:\Windows\SysWow64\Fish Aquarium 3D Screensaver.scr
[2013.02.04 21:30:29 | 000,003,800 | ---- | C] () -- C:\Windows\SysWow64\3d Matrix Screensaver.htm
[2013.02.04 21:30:28 | 001,712,128 | ---- | C] () -- C:\Windows\SysWow64\3D Matrix Screensaver.scr
[2013.02.04 21:30:28 | 000,667,648 | ---- | C] () -- C:\Windows\SysWow64\FreeImage.dll
[2013.02.04 21:29:05 | 000,003,394 | ---- | C] () -- C:\Windows\SysWow64\SolarSystem3DScreensaver.html
[2013.02.04 21:29:04 | 014,667,776 | ---- | C] () -- C:\Windows\SysWow64\Solar System 3D Screensaver.scr
[2013.02.04 21:22:42 | 000,001,318 | ---- | C] () -- C:\Users\DerHommel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaminfeuer Comprehensive Edition Free.LNK
[2013.02.04 21:02:44 | 000,073,728 | ---- | C] ( ) -- C:\Users\DerHommel\Desktop\guiformat.exe
[2013.02.04 15:16:59 | 000,000,800 | ---- | C] () -- C:\Users\DerHommel\Documents\cc_20130204_151658.reg
[2013.02.04 15:16:48 | 000,006,926 | ---- | C] () -- C:\Users\DerHommel\Documents\cc_20130204_151646.reg
[2013.02.02 17:08:16 | 000,000,146 | ---- | C] () -- C:\Users\DerHommel\Desktop\Java (32-Bit).lnk
[2013.02.01 22:49:40 | 000,001,060 | ---- | C] () -- C:\Users\DerHommel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.01.31 23:48:32 | 000,000,097 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013.01.26 15:44:49 | 000,000,146 | ---- | C] () -- C:\Users\DerHommel\Desktop\Internetoptionen.lnk
[2013.01.26 09:36:40 | 000,000,055 | ---- | C] () -- C:\Users\DerHommel\AppData\Roaming\mbam.context.scan
[2013.01.26 09:18:14 | 000,001,089 | ---- | C] () -- C:\Users\DerHommel\Desktop\Tausch.lnk
[2013.01.26 08:48:29 | 000,650,657 | ---- | C] () -- C:\Users\Public\Documents\lame3.99.5.zip
[2013.01.26 08:20:35 | 000,017,408 | ---- | C] () -- C:\Users\DerHommel\AppData\Local\WebpageIcons.db
[2013.01.26 08:20:18 | 000,001,565 | ---- | C] () -- C:\Users\DerHommel\Desktop\Zattoo.lnk
[2013.01.26 08:08:03 | 000,511,488 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2013.01.26 08:08:03 | 000,110,080 | ---- | C] () -- C:\Windows\SysWow64\advd.dll
[2013.01.26 08:08:03 | 000,023,040 | ---- | C] () -- C:\Windows\SysWow64\auth.dll
[2013.01.26 07:37:24 | 016,245,112 | ---- | C] () -- C:\Users\Public\Documents\Zattoo-4.0.5.exe
[2013.01.19 16:31:48 | 000,242,176 | ---- | C] () -- C:\Windows\SysNative\APOMgr64.DLL
[2013.01.19 16:31:48 | 000,186,880 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2013.01.19 16:31:48 | 000,089,088 | ---- | C] () -- C:\Windows\SysNative\CmdRtr64.DLL
[2013.01.19 16:31:48 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2013.01.19 16:31:48 | 000,032,434 | ---- | C] () -- C:\Windows\SysNative\xfiXEN.ini
[2013.01.19 16:31:48 | 000,011,084 | ---- | C] () -- C:\Windows\XENAPO64.ssc
[2013.01.19 16:31:48 | 000,006,737 | ---- | C] () -- C:\Windows\XENCFX64.ssc
[2013.01.19 16:31:48 | 000,002,169 | ---- | C] () -- C:\Windows\XENcfg.ini
[2013.01.19 16:31:48 | 000,000,388 | ---- | C] () -- C:\Windows\XENMCcfg.ini
[2013.01.19 16:31:48 | 000,000,376 | RH-- | C] () -- C:\Windows\ctfile.rfc
[2013.01.19 16:31:34 | 000,007,062 | ---- | C] () -- C:\Windows\SysWow64\audiopid.vxd
[2013.01.17 23:55:32 | 000,136,489 | ---- | C] () -- C:\Users\DerHommel\Desktop\295078304.pdf
[2013.01.17 23:55:04 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013.01.16 11:57:53 | 000,001,320 | ---- | C] () -- C:\Users\DerHommel\Desktop\Roaming.lnk
[2013.01.15 12:42:54 | 000,000,639 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.01.15 12:41:10 | 000,001,116 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.01.15 12:41:10 | 000,001,112 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.01.13 12:31:13 | 000,000,911 | ---- | C] () -- C:\Users\DerHommel\Desktop\Eastern Front Launcher.lnk
[2013.01.13 12:15:35 | 000,001,564 | ---- | C] () -- C:\Users\DerHommel\Desktop\scenarios.lnk
[2013.01.13 11:51:25 | 000,001,558 | ---- | C] () -- C:\Users\DerHommel\Desktop\ModernCombat.lnk
[2013.01.13 11:22:57 | 000,001,217 | ---- | C] () -- C:\Users\DerHommel\Desktop\Blitzkrieg Mod Launcher.lnk
[2013.01.13 11:22:57 | 000,001,130 | ---- | C] () -- C:\Users\DerHommel\Desktop\Blitzkrieg Mod.lnk
[2013.01.10 20:17:03 | 000,000,883 | ---- | C] () -- C:\Users\DerHommel\Desktop\common.lnk
[2013.01.10 19:42:58 | 000,347,904 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd
[2013.01.10 19:42:35 | 000,001,041 | ---- | C] () -- C:\Windows\SysWow64\tcpbidi.xml
[2013.01.10 19:42:04 | 000,095,744 | ---- | C] () -- C:\Windows\SysNative\RDVGHelper.exe
[2013.01.10 19:41:59 | 000,146,389 | ---- | C] () -- C:\Windows\SysWow64\printmanagement.msc
[2013.01.10 19:41:58 | 000,105,559 | ---- | C] () -- C:\Windows\SysWow64\RacRules.xml
[2013.01.10 19:41:58 | 000,105,559 | ---- | C] () -- C:\Windows\SysNative\RacRules.xml
[2013.01.10 19:41:58 | 000,010,429 | ---- | C] () -- C:\Windows\SysNative\ScavengeSpace.xml
[2013.01.10 17:51:11 | 000,001,314 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2013.01.10 17:50:32 | 000,001,383 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2013.01.10 17:50:10 | 000,000,020 | ---- | C] () -- C:\Windows\(øi
[2013.01.10 17:49:35 | 000,001,467 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2013.01.10 17:48:49 | 000,002,495 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2013.01.10 17:46:33 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.01.10 14:50:58 | 000,002,198 | ---- | C] () -- C:\Windows\epplauncher.mif
[2013.01.10 14:48:12 | 000,002,117 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2013.01.09 23:26:30 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.01.09 23:26:30 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013.01.09 22:45:32 | 000,000,497 | ---- | C] () -- C:\Users\DerHommel\Desktop\Windows-Firewall.lnk
[2013.01.09 22:44:37 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013.01.09 22:35:34 | 000,001,827 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
[2013.01.09 22:34:46 | 001,595,318 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.01.09 22:23:58 | 000,293,889 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT
[2013.01.09 22:13:12 | 000,074,272 | ---- | C] () -- C:\Windows\SysNative\RtNicProp64.dll
[2013.01.09 21:59:14 | 000,001,405 | ---- | C] () -- C:\Users\DerHommel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2013.01.09 21:59:10 | 000,001,439 | ---- | C] () -- C:\Users\DerHommel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013.01.09 21:56:01 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2013.01.09 21:55:54 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2013.01.09 21:51:00 | 2134,200,319 | -HS- | C] () -- C:\hiberfil.sys
[2012.09.28 02:29:54 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.09.28 02:29:54 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.05.02 14:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.04.20 13:59:44 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
[2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 04:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.01.13 11:54:11 | 000,000,000 | ---D | M] -- C:\Users\DerHommel\AppData\Roaming\Aliwh
[2013.01.14 12:17:53 | 000,000,000 | ---D | M] -- C:\Users\DerHommel\AppData\Roaming\Avno
[2013.01.15 12:53:18 | 000,000,000 | ---D | M] -- C:\Users\DerHommel\AppData\Roaming\Bevy
[2013.01.26 08:08:44 | 000,000,000 | ---D | M] -- C:\Users\DerHommel\AppData\Roaming\concept design
[2013.01.31 00:34:57 | 000,000,000 | ---D | M] -- C:\Users\DerHommel\AppData\Roaming\DAEMON Tools Lite
[2013.01.13 11:54:09 | 000,000,000 | ---D | M] -- C:\Users\DerHommel\AppData\Roaming\Daupat
[2013.02.05 18:44:53 | 000,000,000 | ---D | M] -- C:\Users\DerHommel\AppData\Roaming\Dropbox
[2013.01.14 07:56:19 | 000,000,000 | ---D | M] -- C:\Users\DerHommel\AppData\Roaming\Kuemyr
[2013.01.09 22:35:35 | 000,000,000 | ---D | M] -- C:\Users\DerHommel\AppData\Roaming\Opera
[2013.01.15 12:27:03 | 000,000,000 | ---D | M] -- C:\Users\DerHommel\AppData\Roaming\QuickScan
[2013.01.13 11:54:11 | 000,000,000 | ---D | M] -- C:\Users\DerHommel\AppData\Roaming\Uzen
[2013.01.26 09:44:09 | 000,000,000 | ---D | M] -- C:\Users\DerHommel\AppData\Roaming\Windows SideBar
[2013.01.13 12:19:54 | 000,000,000 | ---D | M] -- C:\Users\DerHommel\AppData\Roaming\Zodee
[2013.02.06 17:04:50 | 000,000,000 | ---D | M] -- C:\Users\Surfer\AppData\Roaming\Dropbox
[2013.02.05 18:53:18 | 000,000,000 | ---D | M] -- C:\Users\Surfer\AppData\Roaming\Opera
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2013.02.05 18:45:20 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2013.01.09 21:58:17 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2013.02.05 18:39:08 | 000,000,000 | ---D | M] -- C:\Hommel
[2013.01.09 22:19:34 | 000,000,000 | ---D | M] -- C:\Intel
[2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2013.01.19 16:31:04 | 000,000,000 | R--D | M] -- C:\Program Files
[2013.02.05 20:17:08 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2013.02.05 18:25:23 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2013.01.09 21:58:17 | 000,000,000 | -HSD | M] -- C:\Programme
[2013.01.09 21:58:17 | 000,000,000 | -HSD | M] -- C:\Recovery
[2013.02.05 18:52:55 | 000,000,000 | R--D | M] -- C:\Sandbox
[2013.02.06 17:16:35 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2013.02.05 18:56:11 | 000,000,000 | ---D | M] -- C:\TauschThomas
[2013.02.05 18:45:19 | 000,000,000 | R--D | M] -- C:\Users
[2013.02.06 05:08:02 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2009.07.14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2010.11.20 04:16:54 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2009.07.14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009.07.14 06:08:49 | 000,028,098 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2013.01.10 17:46:33 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2013.01.15 12:41:10 | 000,001,112 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2013.01.15 12:41:10 | 000,001,116 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010.11.20 04:17:10 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SysWOW64\explorer.exe
[2010.11.20 04:17:10 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009.08.03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010.11.20 05:24:46 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\explorer.exe
[2010.11.20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2010.11.20 05:24:46 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009.10.31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2009.08.03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2010.11.20 05:33:40 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\drivers\iaStorV.sys
[2010.11.20 05:33:40 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 05:33:40 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 05:27:24 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 05:27:24 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2010.11.20 04:20:30 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 04:20:30 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
[2010.11.20 05:33:50 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\drivers\nvstor.sys
[2010.11.20 05:33:50 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 05:33:50 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 04:21:06 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 04:21:06 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
[2010.11.20 05:27:26 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 05:27:26 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010.11.20 04:08:58 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 04:08:58 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[2010.11.20 05:27:28 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 05:27:28 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.20 04:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 04:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
[2010.11.20 05:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 05:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2010.11.20 05:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 05:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012.12.14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Hommel\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2013.02.06 17:14:27 | 001,835,008 | -HS- | M] () -- C:\Users\DerHommel\NTUSER.DAT
[2013.02.06 17:14:27 | 000,262,144 | -HS- | M] () -- C:\Users\DerHommel\ntuser.dat.LOG1
[2013.01.09 21:58:55 | 000,000,000 | -HS- | M] () -- C:\Users\DerHommel\ntuser.dat.LOG2
[2013.01.09 21:59:40 | 000,065,536 | -HS- | M] () -- C:\Users\DerHommel\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2013.01.09 21:59:40 | 000,524,288 | -HS- | M] () -- C:\Users\DerHommel\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2013.01.09 21:59:40 | 000,524,288 | -HS- | M] () -- C:\Users\DerHommel\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2013.01.28 09:53:18 | 000,065,536 | -HS- | M] () -- C:\Users\DerHommel\NTUSER.DAT{634a707a-6927-11e2-b0b5-902b341869df}.TM.blf
[2013.01.28 09:53:18 | 000,524,288 | -HS- | M] () -- C:\Users\DerHommel\NTUSER.DAT{634a707a-6927-11e2-b0b5-902b341869df}.TMContainer00000000000000000001.regtrans-ms
[2013.01.28 09:53:18 | 000,524,288 | -HS- | M] () -- C:\Users\DerHommel\NTUSER.DAT{634a707a-6927-11e2-b0b5-902b341869df}.TMContainer00000000000000000002.regtrans-ms
[2013.01.30 23:53:37 | 000,065,536 | -HS- | M] () -- C:\Users\DerHommel\NTUSER.DAT{aa08b921-6b2b-11e2-853c-902b341869df}.TM.blf
[2013.01.30 23:53:37 | 000,524,288 | -HS- | M] () -- C:\Users\DerHommel\NTUSER.DAT{aa08b921-6b2b-11e2-853c-902b341869df}.TMContainer00000000000000000001.regtrans-ms
[2013.01.30 23:53:37 | 000,524,288 | -HS- | M] () -- C:\Users\DerHommel\NTUSER.DAT{aa08b921-6b2b-11e2-853c-902b341869df}.TMContainer00000000000000000002.regtrans-ms
[2013.01.09 21:58:55 | 000,000,020 | -HS- | M] () -- C:\Users\DerHommel\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

< End of report >
         
--- --- ---





+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
__________________

Alt 06.02.2013, 17:27   #4
DerHommel
 
http://pagesinxt.com Umleitung - Standard

http://pagesinxt.com Umleitung



OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 06.02.2013 17:15:55 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Surfer\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 6,64 Gb Available Physical Memory | 83,17% Memory free
15,97 Gb Paging File | 14,44 Gb Available in Paging File | 90,47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,66 Gb Total Space | 54,77 Gb Free Space | 56,08% Space Free | Partition Type: NTFS
Drive D: | 833,85 Gb Total Space | 678,43 Gb Free Space | 81,36% Space Free | Partition Type: NTFS
Drive E: | 297,99 Gb Total Space | 160,08 Gb Free Space | 53,72% Space Free | Partition Type: NTFS
 
Computer Name: DASDING | User Name: DerHommel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_USERS\S-1-5-21-153524545-3435180587-2222784198-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[HKEY_USERS\S-1-5-21-153524545-3435180587-2222784198-1004\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- C:\Program Files\Opera x64\Opera.exe (Opera Software)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01D257FD-4137-4AA5-81E2-8E14B4C43240}" = rport=138 | protocol=17 | dir=out | app=system | 
"{1F1EBA5A-6C02-427B-801F-1A481DFEA4B3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{39763F55-4CDA-4A72-99BA-8B3706447957}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{4344F713-9284-46A8-AFA6-2BEBD79B7D87}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{47866224-94A3-4FD2-8E74-ECF9D5F5FC36}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{52AF82CA-E81E-494D-AF2E-A27DE19FD108}" = lport=138 | protocol=17 | dir=in | app=system | 
"{594E48F8-6DC0-4AB1-86E7-2DA31755D4F6}" = rport=137 | protocol=17 | dir=out | app=system | 
"{6391ACCF-0CCE-4837-B298-825CC248739B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{6CFC6894-A6F4-4DC7-AB6F-6436E54A104D}" = rport=445 | protocol=6 | dir=out | app=system | 
"{72C798EA-F3D7-4819-91FF-79F251C81610}" = rport=139 | protocol=6 | dir=out | app=system | 
"{8597C0D9-9BFB-4DAA-8A4A-40E0C651E1F3}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{87FC0426-4403-462E-8354-52E5E26CB601}" = lport=445 | protocol=6 | dir=in | app=system | 
"{95F7A899-BCA9-46CC-8679-A49F341351DB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{9E4DBC41-3887-4AA9-8CBC-2C94E24659B4}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{B0A7BFC5-C440-4884-9DA2-8CB0B42306F3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{B37ED10F-9B25-4C42-8BE8-83EC958196B2}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{B4C89880-A753-4A28-B3C9-6ED054EAC8A8}" = lport=139 | protocol=6 | dir=in | app=system | 
"{D34F5106-77C4-4AF8-9431-A83593629E2B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D6A56F08-722C-4430-8123-B753F7EFD53B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E45AC4E9-028D-413A-A08A-4DDC8DAACFA2}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F3355B2F-9FEE-4DDC-863E-C855AEE07A78}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{F526B8EF-23F2-4430-AEA8-DD97F4400648}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{FC5B121D-A72C-4E48-B5A1-7C7FD9FACCB4}" = lport=137 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01AF369D-3815-4E32-84E4-4974E0A792E0}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\tom clancy's splinter cell conviction\src\system\conviction_game.exe | 
"{02D1CB38-E3AD-4480-AE0A-8606867C642C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{041EDB3D-6129-4BAE-9423-D9B05FD2D32D}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\arcania gothic 4\arcania.exe | 
"{08F210B5-8F3C-4838-836A-9EBA066402F6}" = protocol=17 | dir=in | app=c:\users\derhommel\appdata\roaming\dropbox\bin\dropbox.exe | 
"{0ACA98FD-8838-4000-9BF4-03C30C60B071}" = protocol=6 | dir=in | app=c:\program files\opera x64\pluginwrapper\opera_plugin_wrapper_32.exe | 
"{0ACE82B4-FE24-4992-8508-8093BC2BA5F8}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\company of heroes\reliccoh.exe | 
"{0B46F7AA-BFEE-46F4-A4B9-41E36BE1B2B0}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\call of duty black ops\blackops.exe | 
"{0B4D1716-EDC6-4E50-AFFE-8FE2058F543E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{122F523D-E6B0-494A-8EBD-53DC2EB6E349}" = protocol=6 | dir=in | app=c:\program files\opera x64\opera.exe | 
"{168A3CF8-BAAA-4394-9CC7-B294CC887D47}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\men of war assault squad\mow_assault_squad.exe | 
"{170FA40D-AC9E-4468-8AA3-ED7BFA85C052}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\call of duty black ops\blackopsmp.exe | 
"{19B170C4-0E6B-49DC-88A1-8705A13D4BB1}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\two worlds ii\twoworlds2.exe | 
"{1D947E17-59BA-42F7-93E0-367D5251493C}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\metro 2033\metro2033.exe | 
"{25A50D8E-4BB8-474D-A4AF-7B296FF5EC44}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{2A8DCE23-1FEC-4604-B542-1AC29B67446C}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\tom clancy's splinter cell conviction\src\system\conviction_game.exe | 
"{310CBE2B-6CDA-48BA-896E-16B85838CBE4}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\call of duty black ops\blackopsmp.exe | 
"{31DEA089-E0A9-4781-99C4-BC1756C05B61}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{3318D75B-FE6A-42E7-B5C7-68733436318D}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | 
"{340276AD-8E47-4EB1-B985-2BA8B3C96E77}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\two worlds ii\twoworlds2.exe | 
"{353DCD56-D7AC-4D03-9857-7BA1BF3C6CA9}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\men of war assault squad\mow_assault_squad.exe | 
"{35506508-BD60-4EB9-806A-2244888B3CE1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{3A4C43DB-590F-44CF-B499-94C6402D79AC}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\arcania gothic 4\arcania.exe | 
"{3F176240-8BFE-44B7-99AA-9FB4D92FC2BC}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\payday the heist\payday_win32_release.exe | 
"{4252E048-49A1-4F46-AC1F-6BCEA019F999}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\risen\bin\risen.exe | 
"{42EF8019-03A1-4906-92AD-7B857C592613}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\kane & lynch 2 - dog days\kl2.exe | 
"{4BFD75B2-DB8D-4EBF-8823-C9397A650678}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{4C38CA68-DF56-495F-B4CF-51C8C7F0B652}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\serious sam hd the second encounter\bin\samhd_tse_unrestricted.exe | 
"{52D0F6E8-EE3C-4C4A-BA67-B73E9E103A9A}" = protocol=6 | dir=in | app=c:\hommel\onlinetv 8\onlinetvstarter.exe | 
"{5432478A-DB2C-46B2-9DA9-B065314DFC18}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{54968F59-1316-4D41-91F4-A2A3BDEAE4C4}" = protocol=6 | dir=in | app=c:\program files\opera x64\pluginwrapper\opera_plugin_wrapper.exe | 
"{54A977B7-DB5E-4BEC-9755-EEB6FD9D2822}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2launcher.exe | 
"{5AB4ED05-9BED-4BF9-BC37-FB7447C64C7C}" = protocol=6 | dir=in | app=c:\hommel\onlinetv 8\onlinetv.exe | 
"{6617DBE4-B1F5-4146-B23E-6FFCF07B2245}" = protocol=17 | dir=in | app=c:\program files\opera x64\opera.exe | 
"{68AC6AEF-B502-41A6-8A89-686E5AEA84A5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{69343C9D-D2B5-4F48-A49F-2F5522998454}" = protocol=6 | dir=in | app=d:\steam\steam.exe | 
"{6F0B9159-482D-4CF1-9CB0-783796A93040}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{6FB7A3BE-AEAB-4D12-9CC4-57750796A852}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | 
"{73DBA2E4-5A1E-4E83-AA9E-4F2AD9693A97}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\risen\bin\risen.exe | 
"{747E4EEC-5DFC-41F5-A8CC-44CCFA6B9CD0}" = protocol=17 | dir=in | app=d:\steam\steam.exe | 
"{7498AC60-26AD-4433-AE0C-99AD0D401268}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\duke nukem forever\system\dukeforever.exe | 
"{75579D91-F961-4AE8-9063-55DDABE742B2}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\two worlds ii\twoworlds2_dx10.exe | 
"{7ACA6E7D-57CA-46E1-8439-B88E68FA5DF2}" = protocol=17 | dir=in | app=c:\users\surfer\appdata\roaming\dropbox\bin\dropbox.exe | 
"{7EF65858-8F79-4178-9148-761FE2BC2979}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{7FEE18E5-5ABB-4570-90C0-3BB4CF4CEACA}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\serious sam hd the second encounter\bin\samhd_tse.exe | 
"{832F33A6-6FCA-42E6-8C63-B3CA1121299D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{83E7E01C-BFE2-44EA-B701-8A2C77672F57}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\specops_theline\binaries\win32\specopstheline.exe | 
"{8477088A-806C-4D4A-9483-623769D5F0D6}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\deus ex - human revolution\dxhr.exe | 
"{8F7D0CB6-C3A2-421C-8ECE-903B802B8FE7}" = protocol=6 | dir=in | app=c:\users\surfer\appdata\roaming\dropbox\bin\dropbox.exe | 
"{91B53EA4-EB60-4E99-9C7C-EAF0814A814D}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\serious sam hd the second encounter\bin\samhd_tse_unrestricted.exe | 
"{948F066C-82BC-43D5-8502-08188E76E09A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{99DC5563-3D52-444C-91E9-0E19A22E3260}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{9B467782-4D02-4474-A63B-BE0C11B2F5EB}" = protocol=17 | dir=in | app=c:\program files\opera x64\pluginwrapper\opera_plugin_wrapper.exe | 
"{A0CB94EA-10CF-45EB-9B2D-8B48B22A901B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A3BBEFEE-5BE5-4E19-9ED8-DC33726F58E2}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\metro 2033\metro2033.exe | 
"{A59174F5-F3E4-4F4A-A6DB-7BCC522F4F75}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\duke nukem forever\system\dukeforever.exe | 
"{A899362D-4FEE-4958-A407-AF17A88C9757}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{ABCF0A98-6DF0-4F36-B8C7-162BFB30EF56}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | 
"{AC89299E-94D5-426D-82A2-8CF7F5905D40}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\deus ex - human revolution\dxhr.exe | 
"{ACE2306E-9EC9-44B2-AC98-4FB36ED589F7}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\payday the heist\payday_win32_release.exe | 
"{AD6193D7-AEE6-4787-B4DB-A70DD0158DE1}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\homefront\binaries\homefront.exe | 
"{AD916860-06AA-446E-A89F-1696E40A8C6D}" = protocol=6 | dir=in | app=c:\users\derhommel\appdata\roaming\dropbox\bin\dropbox.exe | 
"{B15EBBCE-86AC-4068-8C2E-B65B12156B77}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\call of duty black ops\blackops.exe | 
"{B395DC27-EC63-4A09-A498-AA083D5A57CE}" = protocol=6 | dir=in | app=c:\program files (x86)\concept design\video jukebox\cdvideojukebox.exe | 
"{C080E203-9E31-44CE-870C-17E04A01ADD0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{C08AAB5F-B904-465B-9A46-10E0B46C8AC7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C2CFAB5C-8E23-45DC-9C11-CBE4770C8B7D}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{C3B55FA4-B19A-4A20-96CF-0BBD7301ACC4}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\homefront\binaries\homefront.exe | 
"{C5112F80-B28F-4A1D-833B-4FD2A5B834F1}" = protocol=6 | dir=out | app=c:\hommel\onlinetv 8\onlinetv.exe | 
"{C822992A-AA6A-4297-B0EE-4CD2B75575AA}" = protocol=17 | dir=in | app=c:\program files\opera x64\pluginwrapper\opera_plugin_wrapper_32.exe | 
"{CEA20AD8-681B-49B0-AC54-D4E09C0AF29A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{CFFC6E6D-0B42-45DA-BA00-7DD2893E38BF}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\kane & lynch 2 - dog days\kl2.exe | 
"{D16A1719-CD67-4F4E-9F5A-774B36DE9479}" = protocol=6 | dir=out | app=system | 
"{D34828FE-55E7-41EC-A84F-9C9A39EA8C84}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\specops_theline\binaries\win32\specopstheline.exe | 
"{D8363341-A342-4330-A95D-CAB4FB499A58}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{D9B7293E-67CC-4EE6-B6E2-2B150CC95838}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\company of heroes\reliccoh.exe | 
"{DE8E503B-ECD3-4B9A-846A-20E4E2AA8128}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\two worlds ii\twoworlds2_dx10.exe | 
"{E348EEBD-61C9-4ADF-B0B1-390019C227A9}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{E35FD4CB-DB81-4495-8343-0CDC693BAE99}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E565B5B0-D7DF-4E8F-A851-82EAA97B04B3}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{E99976E9-B88E-4438-AA19-676EE10664C3}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | 
"{EAF8C3F7-A9B0-4335-901A-050F6E4E5CB5}" = protocol=6 | dir=out | app=c:\hommel\onlinetv 8\onlinetvstarter.exe | 
"{ED791516-5BDF-4768-9087-3B4FF279E1CA}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\serious sam hd the second encounter\bin\samhd_tse.exe | 
"{EE006825-7493-44D6-A462-7B42729AE8BE}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2launcher.exe | 
"{F5C42323-36A8-4B37-BBB0-9BB82066CC68}" = protocol=6 | dir=out | app=c:\program files (x86)\concept design\video jukebox\cdvideojukebox.exe | 
"TCP Query User{B4B9A154-BA89-44D5-9602-209DE0C1AA51}D:\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2.exe" = protocol=6 | dir=in | app=d:\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2.exe | 
"TCP Query User{BFE4CA48-6795-4118-BBC0-D59222DA4A9C}D:\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe" = protocol=6 | dir=in | app=d:\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe | 
"UDP Query User{5AD18976-0CEB-4D23-B613-4ADE3EC0AE9F}D:\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe" = protocol=17 | dir=in | app=d:\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe | 
"UDP Query User{DF313197-77D1-41D4-B013-63BB8FB8AC19}D:\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2.exe" = protocol=17 | dir=in | app=d:\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0407893F-352C-B182-E04A-A8C3333DA29B}" = AMD Drag and Drop Transcoding
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{0DCAB5DD-CC69-271A-CF03-F2BD6B60BD8A}" = AMD Media Foundation Decoders
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{14297226-E0A0-3781-8911-E9D529552663}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1}" = Microsoft .NET Framework 4.5
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{2128559D-BBCD-4744-87F0-7C0CD5CFB464}" = Windows Live Family Safety
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{46DA7FD9-8BC1-7BA8-98D1-27F46647871B}" = AMD Catalyst Install Manager
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{504184A2-1B0E-5D93-603A-517E93E7EDB3}" = AMD Accelerated Video Transcoding
"{57580625-C673-7FEA-8791-E84B7AAF5069}" = ccc-utility64
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}" = Intel® Trusted Connect Service Client
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"Opera 12.13.1734" = Opera 12.13
"Sandboxie" = Sandboxie 3.76 (64-bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F7A6FD0-87F5-FB5D-973C-CF604DE1BC6B}" = CCC Help Polish
"{1A9BE3D6-4D53-2C9D-B77D-562D85936B91}" = CCC Help Norwegian
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{210DFA65-F805-1A2B-4F83-8E27279AE385}" = Catalyst Control Center Graphics Previews Common
"{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13
"{29822CAD-C76A-0BEE-55F5-AAA524DA814F}" = CCC Help Greek
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37569A10-CB38-4615-8B32-0BF9FF5D887D}_is1" = concept/design Video Jukebox
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3A1293DF-7D09-BB0F-9576-EC47EE4A9362}" = CCC Help Italian
"{449CE12D-E2C7-4B97-B19E-55D163EA9435}" = Bing Bar
"{47416F0B-6589-591E-C6F8-4235D2230B14}" = Catalyst Control Center InstallProxy
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{625FC7D1-656D-1BEC-F86F-3EACAFDAA8FE}" = CCC Help English
"{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB}" = NVIDIA PhysX
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7351EEF8-9D6C-5F46-5A19-F2C7456CE132}" = CCC Help German
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7F172E34-4107-8964-6AEA-5051FFD265FF}" = CCC Help Portuguese
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86095E92-1959-8364-920E-82E81F64F8FB}" = Catalyst Control Center
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89D05F35-933A-89C0-B935-C92BEE4229BD}" = CCC Help French
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93CFCA51-4484-4211-89EB-39ED3CBDBEB1}" = Sound Blaster Tactic(3D) Sigma
"{959E4378-CCA1-E4E4-2425-793DA92E8D95}" = CCC Help Czech
"{96BB3C67-4EB4-9757-E0C2-C0D2FE9053B1}" = CCC Help Turkish
"{974F4B73-2017-E174-9070-3F58F01B341F}" = CCC Help Danish
"{97AFD0D8-5720-4A59-BFDC-CB92A36FADF9}_is1" = Company of Heroes: Eastern Front 1.20
"{98E20A18-3C29-86FA-50B4-918C2B34A082}" = CCC Help Hungarian
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E2E5EB3-DC6E-9277-E9DB-13175E7DDA39}" = CCC Help Dutch
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAACC0A5-4382-04D0-C75E-0669C7B949B6}" = CCC Help Japanese
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.01) - Deutsch
"{ACEF4078-9B86-2455-E18D-34D52D37D9D5}" = CCC Help Chinese Standard
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B55FB422-B803-11F5-5582-B3666EA1B9AC}" = Catalyst Control Center Localization All
"{B8010864-15F8-613B-20EF-AC35B14B3E0D}" = CCC Help Russian
"{C1342411-5A98-DE8A-5629-D0C518E1C280}" = CCC Help Finnish
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D08B4177-5160-6B66-8934-2F9012134D61}" = CCC Help Thai
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2AC7034-15AC-4F62-85BD-1E48021E45D6}_is1" = concept/design onlineTV 8
"{D34A6029-FB1A-9EA8-A938-5393F82A3A00}" = CCC Help Korean
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DADC7AB0-E554-4705-9F6A-83EA82ED708E}" = Realtek Ethernet Diagnostic Utility
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E3A09D13-4D40-3CF8-7D32-8BD55F8D1533}" = CCC Help Spanish
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2C35491-9323-3AE7-6023-6B4128045153}" = CCC Help Swedish
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FC66A32F-1A57-AC5C-4F12-DAC2F4CB77A0}" = CCC Help Chinese Traditional
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"3D Matrix Screensaver_is1" = 3D Matrix Screensaver 1.1
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Astro Gemini Screensaver Manager_is1" = Astro Gemini Screensaver Manager 1.2
"Blitzkrieg" = Blitzkrieg Mod
"DAEMON Tools Lite" = DAEMON Tools Lite
"Eastern Front" = Eastern Front
"Fish Aquarium 3D Screensaver_is1" = Fish Aquarium 3D Screensaver 1.0
"Google Chrome" = Google Chrome
"InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"OpenAL" = OpenAL
"Secunia PSI" = Secunia PSI (3.0.0.4001)
"Solar System 3D Screensaver_is1" = Solar System 3D Screensaver 1.4
"ST5UNST #1" = Kaminfeuer Comprehensive Edition Free
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 108800" = Crysis 2 Maximum Edition
"Steam App 20540" = Company of Heroes: Tales of Valor
"Steam App 24240" = PAYDAY: The Heist
"Steam App 28000" = Kane & Lynch 2: Dog Days
"Steam App 28050" = Deus Ex: Human Revolution
"Steam App 33220" = Tom Clancy's Splinter Cell: Conviction
"Steam App 39690" = ArcaniA – Gothic 4
"Steam App 40300" = Risen
"Steam App 41010" = Serious Sam HD: The Second Encounter
"Steam App 42700" = Call of Duty: Black Ops
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"Steam App 43110" = Metro 2033
"Steam App 4560" = Company of Heroes
"Steam App 50300" = Spec Ops: The Line
"Steam App 550" = Left 4 Dead 2
"Steam App 55100" = Homefront
"Steam App 57900" = Duke Nukem Forever
"Steam App 64000" = Men of War: Assault Squad
"Steam App 7520" = Two Worlds II
"SysInfo" = Creative Systeminformationen
"The One Ring 3D Screensaver_is1" = The One Ring 3D Screensaver 1.0
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"Zattoo4" = Zattoo4 4.0.5
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-153524545-3435180587-2222784198-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-153524545-3435180587-2222784198-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Opera 12.14.1738" = Opera 12.14
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 01.02.2013 17:50:32 | Computer Name = DasDing | Source = Application Hang | ID = 1002
Description = Programm Dropbox.exe, Version 1.6.16.0 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: e84    Startzeit: 
01ce00c607842eda    Endzeit: 4    Anwendungspfad: C:\Users\DerHommel\AppData\Roaming\Dropbox\bin\Dropbox.exe

Berichts-ID:
 654d51b2-6cb9-11e2-b3c8-902b341869df  
 
Error - 01.02.2013 17:52:01 | Computer Name = DasDing | Source = Application Hang | ID = 1002
Description = Programm Dropbox.exe, Version 1.6.16.0 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: b44    Startzeit: 
01ce00c62cff4e48    Endzeit: 2    Anwendungspfad: C:\Users\DerHommel\AppData\Roaming\Dropbox\bin\Dropbox.exe

Berichts-ID:
 8ff7931f-6cb9-11e2-b3c8-902b341869df  
 
Error - 04.02.2013 16:02:02 | Computer Name = DasDing | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\DerHommel\Desktop\SoftonicDownloader_fuer_fat32-format.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 04.02.2013 16:02:18 | Computer Name = DasDing | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\DerHommel\Desktop\SoftonicDownloader_fuer_fat32-format.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 04.02.2013 16:02:21 | Computer Name = DasDing | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\DerHommel\Desktop\SoftonicDownloader_fuer_fat32-format.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 04.02.2013 16:02:25 | Computer Name = DasDing | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\DerHommel\Desktop\SoftonicDownloader_fuer_fat32-format.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 05.02.2013 13:37:22 | Computer Name = DasDing | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17514,
 Zeitstempel: 0x4ce7a144  Name des fehlerhaften Moduls: usercpl.dll, Version: 6.1.7601.17514,
 Zeitstempel: 0x4ce7c9f3  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000000000000ebce
ID
 des fehlerhaften Prozesses: 0xa64  Startzeit der fehlerhaften Anwendung: 0x01ce03c074693b05
Pfad
 der fehlerhaften Anwendung: C:\Windows\Explorer.EXE  Pfad des fehlerhaften Moduls:
 C:\Windows\System32\usercpl.dll  Berichtskennung: b23d2966-6fba-11e2-aacb-902b341869df
 
Error - 05.02.2013 13:45:22 | Computer Name = DasDing | Source = ESENT | ID = 215
Description = WinMail (1720) WindowsMail0: Die Sicherung wurde abgebrochen, weil
 sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen
 wurde.
 
Error - 05.02.2013 13:45:25 | Computer Name = DasDing | Source = ESENT | ID = 215
Description = WinMail (5088) WindowsMail0: Die Sicherung wurde abgebrochen, weil
 sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen
 wurde.
 
Error - 06.02.2013 09:41:13 | Computer Name = DasDing | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: opera_plugin_wrapper.exe, Version:
 12.13.1734.0, Zeitstempel: 0x51069470  Name des fehlerhaften Moduls: NPSWF64_11_5_502_146.dll,
 Version: 11.5.502.146, Zeitstempel: 0x50cfbd8c  Ausnahmecode: 0xc0000005  Fehleroffset:
 0x00000000003b3a11  ID des fehlerhaften Prozesses: 0x10b8  Startzeit der fehlerhaften
 Anwendung: 0x01ce046f926199ad  Pfad der fehlerhaften Anwendung: C:\Program Files\Opera
 x64\pluginwrapper\opera_plugin_wrapper.exe  Pfad des fehlerhaften Moduls: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll
Berichtskennung:
 df03cab0-7062-11e2-9365-902b341869df
 
[ System Events ]
Error - 26.01.2013 05:04:32 | Computer Name = DasDing | Source = srv | ID = 2017
Description = Der Server konnte keinen nicht-ausgelagerten Poolspeicher reservieren,
 da die konfigurierte Grenze für die Reservierung von nicht-ausgelagertem Poolspeicher
 erreicht wurde.
 
Error - 26.01.2013 05:18:32 | Computer Name = DasDing | Source = srv | ID = 2017
Description = Der Server konnte keinen nicht-ausgelagerten Poolspeicher reservieren,
 da die konfigurierte Grenze für die Reservierung von nicht-ausgelagertem Poolspeicher
 erreicht wurde.
 
Error - 26.01.2013 09:35:37 | Computer Name = DasDing | Source = srv | ID = 2017
Description = Der Server konnte keinen nicht-ausgelagerten Poolspeicher reservieren,
 da die konfigurierte Grenze für die Reservierung von nicht-ausgelagertem Poolspeicher
 erreicht wurde.
 
Error - 26.01.2013 09:36:37 | Computer Name = DasDing | Source = srv | ID = 2017
Description = Der Server konnte keinen nicht-ausgelagerten Poolspeicher reservieren,
 da die konfigurierte Grenze für die Reservierung von nicht-ausgelagertem Poolspeicher
 erreicht wurde.
 
Error - 26.01.2013 09:37:37 | Computer Name = DasDing | Source = srv | ID = 2017
Description = Der Server konnte keinen nicht-ausgelagerten Poolspeicher reservieren,
 da die konfigurierte Grenze für die Reservierung von nicht-ausgelagertem Poolspeicher
 erreicht wurde.
 
Error - 26.01.2013 10:34:32 | Computer Name = DasDing | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%-1073473535.
 
Error - 26.01.2013 10:34:32 | Computer Name = DasDing | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
 Neustart des Diensts.
 
Error - 30.01.2013 19:34:15 | Computer Name = DasDing | Source = DCOM | ID = 10010
Description = 
 
Error - 05.02.2013 00:02:42 | Computer Name = DasDing | Source = DCOM | ID = 10010
Description = 
 
Error - 05.02.2013 16:06:59 | Computer Name = DasDing | Source = WMPNetworkSvc | ID = 866333
Description = 
 
 
< End of report >
         
--- --- ---

Alt 06.02.2013, 19:23   #5
markusg
/// Malware-holic
 
http://pagesinxt.com Umleitung - Standard

http://pagesinxt.com Umleitung



hi
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
c: öffnen, tdsskiller-datum-version.txt öffnen, Inhalt posten

__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 06.02.2013, 19:30   #6
DerHommel
 
http://pagesinxt.com Umleitung - Standard

http://pagesinxt.com Umleitung



19:27:58.0757 3772 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
19:27:58.0944 3772 ============================================================
19:27:58.0944 3772 Current date / time: 2013/02/06 19:27:58.0944
19:27:58.0944 3772 SystemInfo:
19:27:58.0944 3772
19:27:58.0944 3772 OS Version: 6.1.7601 ServicePack: 1.0
19:27:58.0944 3772 Product type: Workstation
19:27:58.0944 3772 ComputerName: DASDING
19:27:58.0944 3772 UserName: DerHommel
19:27:58.0944 3772 Windows directory: C:\Windows
19:27:58.0944 3772 System windows directory: C:\Windows
19:27:58.0944 3772 Running under WOW64
19:27:58.0944 3772 Processor architecture: Intel x64
19:27:58.0944 3772 Number of processors: 4
19:27:58.0944 3772 Page size: 0x1000
19:27:58.0944 3772 Boot type: Normal boot
19:27:58.0944 3772 ============================================================
19:27:59.0584 3772 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x23DC4, SectorsPerTrack: 0x13, TracksPerCylinder: 0xE0, Type 'K0', Flags 0x00000040
19:27:59.0584 3772 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:27:59.0600 3772 ============================================================
19:27:59.0600 3772 \Device\Harddisk0\DR0:
19:27:59.0600 3772 MBR partitions:
19:27:59.0600 3772 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x253FB800
19:27:59.0600 3772 \Device\Harddisk1\DR1:
19:27:59.0600 3772 MBR partitions:
19:27:59.0600 3772 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xC350000
19:27:59.0600 3772 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0xC350800, BlocksNum 0x683B5800
19:27:59.0600 3772 ============================================================
19:27:59.0631 3772 C: <-> \Device\Harddisk1\DR1\Partition1
19:27:59.0662 3772 D: <-> \Device\Harddisk1\DR1\Partition2
19:27:59.0693 3772 E: <-> \Device\Harddisk0\DR0\Partition1
19:27:59.0693 3772 ============================================================
19:27:59.0693 3772 Initialize success
19:27:59.0693 3772 ============================================================
19:29:29.0576 4836 ============================================================
19:29:29.0576 4836 Scan started
19:29:29.0576 4836 Mode: Manual; SigCheck; TDLFS;
19:29:29.0576 4836 ============================================================
19:29:30.0044 4836 ================ Scan system memory ========================
19:29:30.0044 4836 System memory - ok
19:29:30.0044 4836 ================ Scan services =============================
19:29:30.0107 4836 [ 581D88B25C4D4121824FED2CA38E562F ] !SASCORE C:\Hommel\SUPERAntiSpyware\SASCORE64.EXE
19:29:30.0138 4836 !SASCORE - ok
19:29:30.0247 4836 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
19:29:30.0278 4836 1394ohci - ok
19:29:30.0294 4836 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
19:29:30.0310 4836 ACPI - ok
19:29:30.0325 4836 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
19:29:30.0341 4836 AcpiPmi - ok
19:29:30.0388 4836 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:29:30.0403 4836 AdobeARMservice - ok
19:29:30.0481 4836 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:29:30.0497 4836 AdobeFlashPlayerUpdateSvc - ok
19:29:30.0512 4836 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
19:29:30.0528 4836 adp94xx - ok
19:29:30.0559 4836 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
19:29:30.0575 4836 adpahci - ok
19:29:30.0590 4836 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
19:29:30.0590 4836 adpu320 - ok
19:29:30.0606 4836 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:29:30.0637 4836 AeLookupSvc - ok
19:29:30.0684 4836 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
19:29:30.0715 4836 AFD - ok
19:29:30.0715 4836 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
19:29:30.0731 4836 agp440 - ok
19:29:30.0746 4836 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
19:29:30.0762 4836 ALG - ok
19:29:30.0778 4836 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
19:29:30.0793 4836 aliide - ok
19:29:30.0809 4836 [ 4C1E3649C89C7D542CD18ECC5210099D ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
19:29:30.0840 4836 AMD External Events Utility - ok
19:29:30.0856 4836 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
19:29:30.0856 4836 amdide - ok
19:29:30.0871 4836 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
19:29:30.0871 4836 AmdK8 - ok
19:29:31.0012 4836 [ A3C0A15B39F979E8F3EABA901D72ECD7 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
19:29:31.0214 4836 amdkmdag - ok
19:29:31.0261 4836 [ 20F3CD38B107C1BD747C0EA37D450165 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
19:29:31.0292 4836 amdkmdap - ok
19:29:31.0292 4836 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
19:29:31.0292 4836 AmdPPM - ok
19:29:31.0308 4836 [ 6EC6D772EAE38DC17C14AED9B178D24B ] amdsata C:\Windows\system32\drivers\amdsata.sys
19:29:31.0324 4836 amdsata - ok
19:29:31.0339 4836 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
19:29:31.0339 4836 amdsbs - ok
19:29:31.0355 4836 [ 1142A21DB581A84EA5597B03A26EBAA0 ] amdxata C:\Windows\system32\drivers\amdxata.sys
19:29:31.0355 4836 amdxata - ok
19:29:31.0370 4836 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
19:29:31.0402 4836 AppID - ok
19:29:31.0417 4836 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
19:29:31.0448 4836 AppIDSvc - ok
19:29:31.0464 4836 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
19:29:31.0495 4836 Appinfo - ok
19:29:31.0495 4836 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
19:29:31.0526 4836 AppMgmt - ok
19:29:31.0526 4836 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
19:29:31.0542 4836 arc - ok
19:29:31.0542 4836 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
19:29:31.0558 4836 arcsas - ok
19:29:31.0620 4836 [ 108FB6DDB69E537A2EA53F425363FAE5 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
19:29:31.0636 4836 aspnet_state - ok
19:29:31.0651 4836 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:29:31.0682 4836 AsyncMac - ok
19:29:31.0682 4836 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
19:29:31.0698 4836 atapi - ok
19:29:31.0729 4836 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:29:31.0745 4836 AudioEndpointBuilder - ok
19:29:31.0760 4836 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
19:29:31.0792 4836 AudioSrv - ok
19:29:31.0792 4836 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
19:29:31.0807 4836 AxInstSV - ok
19:29:31.0823 4836 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
19:29:31.0838 4836 b06bdrv - ok
19:29:31.0870 4836 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
19:29:31.0885 4836 b57nd60a - ok
19:29:31.0932 4836 [ 0D1EA7509F394D8B705B239EE71F5118 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
19:29:31.0963 4836 BBSvc - ok
19:29:31.0979 4836 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
19:29:31.0994 4836 BDESVC - ok
19:29:31.0994 4836 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
19:29:32.0041 4836 Beep - ok
19:29:32.0072 4836 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
19:29:32.0104 4836 BFE - ok
19:29:32.0135 4836 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
19:29:32.0166 4836 BITS - ok
19:29:32.0197 4836 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
19:29:32.0197 4836 blbdrive - ok
19:29:32.0228 4836 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:29:32.0228 4836 bowser - ok
19:29:32.0244 4836 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:29:32.0244 4836 BrFiltLo - ok
19:29:32.0260 4836 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:29:32.0275 4836 BrFiltUp - ok
19:29:32.0291 4836 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
19:29:32.0306 4836 Browser - ok
19:29:32.0322 4836 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
19:29:32.0353 4836 Brserid - ok
19:29:32.0353 4836 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
19:29:32.0369 4836 BrSerWdm - ok
19:29:32.0369 4836 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
19:29:32.0369 4836 BrUsbMdm - ok
19:29:32.0369 4836 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
19:29:32.0384 4836 BrUsbSer - ok
19:29:32.0384 4836 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
19:29:32.0400 4836 BTHMODEM - ok
19:29:32.0400 4836 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
19:29:32.0431 4836 bthserv - ok
19:29:32.0431 4836 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:29:32.0447 4836 cdfs - ok
19:29:32.0462 4836 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
19:29:32.0478 4836 cdrom - ok
19:29:32.0494 4836 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
19:29:32.0525 4836 CertPropSvc - ok
19:29:32.0525 4836 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
19:29:32.0540 4836 circlass - ok
19:29:32.0540 4836 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
19:29:32.0556 4836 CLFS - ok
19:29:32.0587 4836 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:29:32.0603 4836 clr_optimization_v2.0.50727_32 - ok
19:29:32.0618 4836 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:29:32.0618 4836 clr_optimization_v2.0.50727_64 - ok
19:29:32.0665 4836 [ 6D7C8A951AF6AD6835C029B3CB88D333 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:29:32.0681 4836 clr_optimization_v4.0.30319_32 - ok
19:29:32.0696 4836 [ 86329C35FF23CFEF0FB6C0023BA06BCE ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:29:32.0712 4836 clr_optimization_v4.0.30319_64 - ok
19:29:32.0712 4836 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
19:29:32.0728 4836 CmBatt - ok
19:29:32.0728 4836 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
19:29:32.0728 4836 cmdide - ok
19:29:32.0743 4836 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
19:29:32.0759 4836 CNG - ok
19:29:32.0774 4836 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
19:29:32.0774 4836 Compbatt - ok
19:29:32.0790 4836 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
19:29:32.0790 4836 CompositeBus - ok
19:29:32.0806 4836 COMSysApp - ok
19:29:32.0806 4836 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
19:29:32.0821 4836 crcdisk - ok
19:29:32.0852 4836 [ C8BD651E13895B93ED9EC5B4F1DF42BC ] Creative ALchemy AL6 Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
19:29:32.0852 4836 Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - warning
19:29:32.0852 4836 Creative ALchemy AL6 Licensing Service - detected UnsignedFile.Multi.Generic (1)
19:29:32.0884 4836 [ C0EAD9F8AB83D41FF07303C75589C2B8 ] Creative Audio Engine Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
19:29:32.0884 4836 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - warning
19:29:32.0884 4836 Creative Audio Engine Licensing Service - detected UnsignedFile.Multi.Generic (1)
19:29:32.0899 4836 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:29:32.0930 4836 CryptSvc - ok
19:29:32.0946 4836 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
19:29:32.0977 4836 CSC - ok
19:29:33.0024 4836 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
19:29:33.0055 4836 CscService - ok
19:29:33.0102 4836 [ 1B8194450EB013CB6E79CE5503D1B0B5 ] CTAudSvcService C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
19:29:33.0118 4836 CTAudSvcService ( UnsignedFile.Multi.Generic ) - warning
19:29:33.0118 4836 CTAudSvcService - detected UnsignedFile.Multi.Generic (1)
19:29:33.0133 4836 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
19:29:33.0164 4836 DcomLaunch - ok
19:29:33.0180 4836 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
19:29:33.0211 4836 defragsvc - ok
19:29:33.0242 4836 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:29:33.0289 4836 DfsC - ok
19:29:33.0305 4836 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
19:29:33.0352 4836 Dhcp - ok
19:29:33.0352 4836 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
19:29:33.0383 4836 discache - ok
19:29:33.0383 4836 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
19:29:33.0383 4836 Disk - ok
19:29:33.0398 4836 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:29:33.0414 4836 Dnscache - ok
19:29:33.0430 4836 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
19:29:33.0461 4836 dot3svc - ok
19:29:33.0476 4836 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
19:29:33.0508 4836 DPS - ok
19:29:33.0539 4836 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:29:33.0554 4836 drmkaud - ok
19:29:33.0570 4836 [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
19:29:33.0586 4836 dtsoftbus01 - ok
19:29:33.0601 4836 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:29:33.0617 4836 DXGKrnl - ok
19:29:33.0632 4836 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
19:29:33.0664 4836 EapHost - ok
19:29:33.0695 4836 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
19:29:33.0742 4836 ebdrv - ok
19:29:33.0773 4836 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
19:29:33.0773 4836 EFS - ok
19:29:33.0851 4836 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:29:33.0866 4836 ehRecvr - ok
19:29:33.0898 4836 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
19:29:33.0929 4836 ehSched - ok
19:29:33.0929 4836 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
19:29:33.0944 4836 elxstor - ok
19:29:33.0960 4836 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
19:29:33.0976 4836 ErrDev - ok
19:29:33.0991 4836 [ 3DBC10CBC436288801FAEE66DE91AE47 ] EtronHub3 C:\Windows\system32\Drivers\EtronHub3.sys
19:29:34.0007 4836 EtronHub3 - ok
19:29:34.0007 4836 [ DE261095A2220D400D9603E1E42D4185 ] EtronXHCI C:\Windows\system32\Drivers\EtronXHCI.sys
19:29:34.0022 4836 EtronXHCI - ok
19:29:34.0038 4836 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
19:29:34.0069 4836 EventSystem - ok
19:29:34.0100 4836 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
19:29:34.0132 4836 exfat - ok
19:29:34.0132 4836 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:29:34.0163 4836 fastfat - ok
19:29:34.0178 4836 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
19:29:34.0225 4836 Fax - ok
19:29:34.0225 4836 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
19:29:34.0241 4836 fdc - ok
19:29:34.0256 4836 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
19:29:34.0288 4836 fdPHost - ok
19:29:34.0303 4836 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
19:29:34.0334 4836 FDResPub - ok
19:29:34.0350 4836 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:29:34.0350 4836 FileInfo - ok
19:29:34.0350 4836 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:29:34.0381 4836 Filetrace - ok
19:29:34.0397 4836 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
19:29:34.0397 4836 flpydisk - ok
19:29:34.0428 4836 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:29:34.0444 4836 FltMgr - ok
19:29:34.0475 4836 [ B4447F606BB19FD8AD0BAFB59B90F5D9 ] FontCache C:\Windows\system32\FntCache.dll
19:29:34.0522 4836 FontCache - ok
19:29:34.0568 4836 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:29:34.0568 4836 FontCache3.0.0.0 - ok
19:29:34.0568 4836 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
19:29:34.0584 4836 FsDepends - ok
19:29:34.0600 4836 [ 07DA62C960DDCCC2D35836AEAB4FC578 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
19:29:34.0615 4836 fssfltr - ok
19:29:34.0646 4836 [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
19:29:34.0693 4836 fsssvc - ok
19:29:34.0709 4836 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:29:34.0724 4836 Fs_Rec - ok
19:29:34.0724 4836 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
19:29:34.0740 4836 fvevol - ok
19:29:34.0756 4836 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
19:29:34.0756 4836 gagp30kx - ok
19:29:34.0787 4836 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
19:29:34.0834 4836 gpsvc - ok
19:29:34.0849 4836 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:29:34.0865 4836 gupdate - ok
19:29:34.0865 4836 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:29:34.0865 4836 gupdatem - ok
19:29:34.0880 4836 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
19:29:34.0880 4836 hcw85cir - ok
19:29:34.0912 4836 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:29:34.0927 4836 HdAudAddService - ok
19:29:34.0943 4836 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
19:29:34.0943 4836 HDAudBus - ok
19:29:34.0958 4836 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
19:29:34.0974 4836 HidBatt - ok
19:29:34.0990 4836 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
19:29:35.0005 4836 HidBth - ok
19:29:35.0021 4836 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
19:29:35.0036 4836 HidIr - ok
19:29:35.0052 4836 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
19:29:35.0099 4836 hidserv - ok
19:29:35.0114 4836 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
19:29:35.0114 4836 HidUsb - ok
19:29:35.0146 4836 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
19:29:35.0161 4836 hkmsvc - ok
19:29:35.0177 4836 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:29:35.0192 4836 HomeGroupListener - ok
19:29:35.0224 4836 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:29:35.0239 4836 HomeGroupProvider - ok
19:29:35.0239 4836 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
19:29:35.0239 4836 HpSAMD - ok
19:29:35.0270 4836 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:29:35.0302 4836 HTTP - ok
19:29:35.0302 4836 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
19:29:35.0317 4836 hwpolicy - ok
19:29:35.0317 4836 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
19:29:35.0333 4836 i8042prt - ok
19:29:35.0380 4836 [ 6C91E425ACE29594BD574DE38AC9B76D ] iaStorA C:\Windows\system32\DRIVERS\iaStorA.sys
19:29:35.0395 4836 iaStorA - ok
19:29:35.0426 4836 [ 2B38F13E18E272459CD2CE83E6722C12 ] iaStorF C:\Windows\system32\DRIVERS\iaStorF.sys
19:29:35.0426 4836 iaStorF - ok
19:29:35.0442 4836 [ 3DF4395A7CF8B7A72A5F4606366B8C2D ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
19:29:35.0458 4836 iaStorV - ok
19:29:35.0473 4836 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:29:35.0489 4836 idsvc - ok
19:29:35.0504 4836 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
19:29:35.0520 4836 iirsp - ok
19:29:35.0520 4836 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
19:29:35.0567 4836 IKEEXT - ok
19:29:35.0629 4836 [ C2F868881D48A568B525255F084EF063 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
19:29:35.0660 4836 IntcAzAudAddService - ok
19:29:35.0723 4836 [ C99F8E90DE4B8F0C7FE15BB1CBCD29DC ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
19:29:35.0738 4836 Intel(R) Capability Licensing Service Interface - ok
19:29:35.0738 4836 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
19:29:35.0754 4836 intelide - ok
19:29:35.0754 4836 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
19:29:35.0770 4836 intelppm - ok
19:29:35.0801 4836 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:29:35.0816 4836 IPBusEnum - ok
19:29:35.0832 4836 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:29:35.0863 4836 IpFilterDriver - ok
19:29:35.0879 4836 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
19:29:35.0910 4836 iphlpsvc - ok
19:29:35.0910 4836 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
19:29:35.0926 4836 IPMIDRV - ok
19:29:35.0941 4836 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
19:29:35.0972 4836 IPNAT - ok
19:29:35.0972 4836 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:29:35.0988 4836 IRENUM - ok
19:29:36.0004 4836 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
19:29:36.0004 4836 isapnp - ok
19:29:36.0019 4836 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
19:29:36.0035 4836 iScsiPrt - ok
19:29:36.0066 4836 [ 78ABBE558F57144047F10A0F50FE4B2F ] jhi_service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
19:29:36.0066 4836 jhi_service - ok
19:29:36.0082 4836 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
19:29:36.0082 4836 kbdclass - ok
19:29:36.0097 4836 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
19:29:36.0113 4836 kbdhid - ok
19:29:36.0128 4836 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
19:29:36.0144 4836 KeyIso - ok
19:29:36.0144 4836 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:29:36.0160 4836 KSecDD - ok
19:29:36.0175 4836 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
19:29:36.0175 4836 KSecPkg - ok
19:29:36.0191 4836 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
19:29:36.0222 4836 ksthunk - ok
19:29:36.0238 4836 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
19:29:36.0284 4836 KtmRm - ok
19:29:36.0378 4836 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
19:29:36.0409 4836 LanmanServer - ok
19:29:36.0440 4836 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:29:36.0472 4836 LanmanWorkstation - ok
19:29:36.0487 4836 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:29:36.0503 4836 lltdio - ok
19:29:36.0518 4836 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:29:36.0550 4836 lltdsvc - ok
19:29:36.0550 4836 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
19:29:36.0581 4836 lmhosts - ok
19:29:36.0596 4836 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
19:29:36.0612 4836 LSI_FC - ok
19:29:36.0612 4836 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
19:29:36.0628 4836 LSI_SAS - ok
19:29:36.0628 4836 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:29:36.0643 4836 LSI_SAS2 - ok
19:29:36.0659 4836 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:29:36.0659 4836 LSI_SCSI - ok
19:29:36.0674 4836 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
19:29:36.0690 4836 luafv - ok
19:29:36.0706 4836 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:29:36.0706 4836 Mcx2Svc - ok
19:29:36.0721 4836 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
19:29:36.0721 4836 megasas - ok
19:29:36.0737 4836 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
19:29:36.0737 4836 MegaSR - ok
19:29:36.0752 4836 [ 772A1DEEDFDBC244183B5C805D1B7D85 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
19:29:36.0752 4836 MEIx64 - ok
19:29:36.0752 4836 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
19:29:36.0784 4836 MMCSS - ok
19:29:36.0784 4836 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
19:29:36.0815 4836 Modem - ok
19:29:36.0815 4836 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:29:36.0830 4836 monitor - ok
19:29:36.0830 4836 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
19:29:36.0830 4836 mouclass - ok
19:29:36.0862 4836 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:29:36.0877 4836 mouhid - ok
19:29:36.0893 4836 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
19:29:36.0893 4836 mountmgr - ok
19:29:36.0924 4836 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
19:29:36.0940 4836 MpFilter - ok
19:29:36.0955 4836 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
19:29:36.0971 4836 mpio - ok
19:29:36.0986 4836 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:29:37.0002 4836 mpsdrv - ok
19:29:37.0018 4836 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
19:29:37.0064 4836 MpsSvc - ok
19:29:37.0064 4836 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:29:37.0080 4836 MRxDAV - ok
19:29:37.0111 4836 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:29:37.0111 4836 mrxsmb - ok
19:29:37.0127 4836 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:29:37.0142 4836 mrxsmb10 - ok
19:29:37.0142 4836 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:29:37.0174 4836 mrxsmb20 - ok
19:29:37.0174 4836 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
19:29:37.0189 4836 msahci - ok
19:29:37.0189 4836 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
19:29:37.0205 4836 msdsm - ok
19:29:37.0220 4836 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
19:29:37.0220 4836 MSDTC - ok
19:29:37.0236 4836 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:29:37.0267 4836 Msfs - ok
19:29:37.0267 4836 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
19:29:37.0283 4836 mshidkmdf - ok
19:29:37.0298 4836 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
19:29:37.0298 4836 msisadrv - ok
19:29:37.0314 4836 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:29:37.0345 4836 MSiSCSI - ok
19:29:37.0345 4836 msiserver - ok
19:29:37.0361 4836 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:29:37.0392 4836 MSKSSRV - ok
19:29:37.0439 4836 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
19:29:37.0454 4836 MsMpSvc - ok
19:29:37.0454 4836 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:29:37.0486 4836 MSPCLOCK - ok
19:29:37.0486 4836 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:29:37.0517 4836 MSPQM - ok
19:29:37.0532 4836 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:29:37.0548 4836 MsRPC - ok
19:29:37.0564 4836 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
19:29:37.0564 4836 mssmbios - ok
19:29:37.0579 4836 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:29:37.0595 4836 MSTEE - ok
19:29:37.0610 4836 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
19:29:37.0610 4836 MTConfig - ok
19:29:37.0626 4836 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
19:29:37.0626 4836 Mup - ok
19:29:37.0657 4836 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
19:29:37.0688 4836 napagent - ok
19:29:37.0704 4836 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:29:37.0720 4836 NativeWifiP - ok
19:29:37.0751 4836 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
19:29:37.0766 4836 NDIS - ok
19:29:37.0782 4836 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
19:29:37.0813 4836 NdisCap - ok
19:29:37.0829 4836 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:29:37.0844 4836 NdisTapi - ok
19:29:37.0860 4836 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:29:37.0891 4836 Ndisuio - ok
19:29:37.0891 4836 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:29:37.0922 4836 NdisWan - ok
19:29:37.0938 4836 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:29:37.0969 4836 NDProxy - ok
19:29:37.0969 4836 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:29:38.0000 4836 NetBIOS - ok
19:29:38.0016 4836 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
19:29:38.0047 4836 NetBT - ok
19:29:38.0047 4836 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
19:29:38.0047 4836 Netlogon - ok
19:29:38.0063 4836 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
19:29:38.0094 4836 Netman - ok
19:29:38.0110 4836 [ 5243CFC2E7161C91C2B355240035B9E4 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:29:38.0125 4836 NetMsmqActivator - ok
19:29:38.0125 4836 [ 5243CFC2E7161C91C2B355240035B9E4 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:29:38.0125 4836 NetPipeActivator - ok
19:29:38.0141 4836 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
19:29:38.0172 4836 netprofm - ok
19:29:38.0188 4836 [ 5243CFC2E7161C91C2B355240035B9E4 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:29:38.0188 4836 NetTcpActivator - ok
19:29:38.0188 4836 [ 5243CFC2E7161C91C2B355240035B9E4 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:29:38.0203 4836 NetTcpPortSharing - ok
19:29:38.0219 4836 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
19:29:38.0219 4836 nfrd960 - ok
19:29:38.0250 4836 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
19:29:38.0250 4836 NisDrv - ok
19:29:38.0266 4836 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv C:\Program Files\Microsoft Security Client\NisSrv.exe
19:29:38.0281 4836 NisSrv - ok
19:29:38.0312 4836 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
19:29:38.0344 4836 NlaSvc - ok
19:29:38.0359 4836 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:29:38.0375 4836 Npfs - ok
19:29:38.0390 4836 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
19:29:38.0422 4836 nsi - ok
19:29:38.0437 4836 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:29:38.0453 4836 nsiproxy - ok
19:29:38.0468 4836 [ 05D78AA5CB5F3F5C31160BDB955D0B7C ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:29:38.0500 4836 Ntfs - ok
19:29:38.0515 4836 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
19:29:38.0546 4836 Null - ok
19:29:38.0546 4836 [ 5D9FD91F3D38DC9DA01E3CB5FA89CD48 ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:29:38.0562 4836 nvraid - ok
19:29:38.0578 4836 [ F7CD50FE7139F07E77DA8AC8033D1832 ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:29:38.0578 4836 nvstor - ok
19:29:38.0609 4836 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
19:29:38.0609 4836 nv_agp - ok
19:29:38.0624 4836 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
19:29:38.0640 4836 ohci1394 - ok
19:29:38.0656 4836 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
19:29:38.0671 4836 p2pimsvc - ok
19:29:38.0687 4836 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
19:29:38.0702 4836 p2psvc - ok
19:29:38.0718 4836 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
19:29:38.0718 4836 Parport - ok
19:29:38.0734 4836 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:29:38.0734 4836 partmgr - ok
19:29:38.0749 4836 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
19:29:38.0765 4836 PcaSvc - ok
19:29:38.0780 4836 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
19:29:38.0780 4836 pci - ok
19:29:38.0812 4836 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
19:29:38.0812 4836 pciide - ok
19:29:38.0827 4836 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
19:29:38.0843 4836 pcmcia - ok
19:29:38.0843 4836 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
19:29:38.0858 4836 pcw - ok
19:29:38.0858 4836 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:29:38.0890 4836 PEAUTH - ok
19:29:38.0921 4836 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
19:29:38.0968 4836 PeerDistSvc - ok
19:29:38.0999 4836 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
19:29:39.0014 4836 PerfHost - ok
19:29:39.0046 4836 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
19:29:39.0124 4836 pla - ok
19:29:39.0139 4836 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:29:39.0155 4836 PlugPlay - ok
19:29:39.0155 4836 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
19:29:39.0155 4836 PNRPAutoReg - ok
19:29:39.0170 4836 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
19:29:39.0170 4836 PNRPsvc - ok
19:29:39.0202 4836 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:29:39.0233 4836 PolicyAgent - ok
19:29:39.0233 4836 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
19:29:39.0264 4836 Power - ok
19:29:39.0280 4836 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:29:39.0311 4836 PptpMiniport - ok
19:29:39.0311 4836 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
19:29:39.0326 4836 Processor - ok
19:29:39.0342 4836 [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc C:\Windows\system32\profsvc.dll
19:29:39.0373 4836 ProfSvc - ok
19:29:39.0373 4836 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:29:39.0373 4836 ProtectedStorage - ok
19:29:39.0389 4836 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
19:29:39.0420 4836 Psched - ok
19:29:39.0436 4836 [ FB46E9A827A8799EBD7BFA9128C91F37 ] PSI C:\Windows\system32\DRIVERS\psi_mf.sys
19:29:39.0451 4836 PSI - ok
19:29:39.0482 4836 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
19:29:39.0529 4836 ql2300 - ok
19:29:39.0545 4836 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
19:29:39.0560 4836 ql40xx - ok
19:29:39.0576 4836 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
19:29:39.0592 4836 QWAVE - ok
19:29:39.0592 4836 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:29:39.0607 4836 QWAVEdrv - ok
19:29:39.0623 4836 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:29:39.0654 4836 RasAcd - ok
19:29:39.0670 4836 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
19:29:39.0685 4836 RasAgileVpn - ok
19:29:39.0701 4836 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
19:29:39.0732 4836 RasAuto - ok
19:29:39.0732 4836 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:29:39.0748 4836 Rasl2tp - ok
19:29:39.0763 4836 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
19:29:39.0794 4836 RasMan - ok
19:29:39.0810 4836 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:29:39.0841 4836 RasPppoe - ok
19:29:39.0857 4836 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:29:39.0872 4836 RasSstp - ok
19:29:39.0888 4836 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:29:39.0904 4836 rdbss - ok
19:29:39.0919 4836 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
19:29:39.0935 4836 rdpbus - ok
19:29:39.0950 4836 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:29:39.0966 4836 RDPCDD - ok
19:29:39.0982 4836 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
19:29:39.0997 4836 RDPDR - ok
19:29:39.0997 4836 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:29:40.0028 4836 RDPENCDD - ok
19:29:40.0044 4836 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
19:29:40.0060 4836 RDPREFMP - ok
19:29:40.0091 4836 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
19:29:40.0106 4836 RdpVideoMiniport - ok
19:29:40.0122 4836 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:29:40.0138 4836 RDPWD - ok
19:29:40.0153 4836 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
19:29:40.0169 4836 rdyboost - ok
19:29:40.0184 4836 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
19:29:40.0231 4836 RemoteAccess - ok
19:29:40.0247 4836 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:29:40.0262 4836 RemoteRegistry - ok
19:29:40.0278 4836 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
19:29:40.0294 4836 RpcEptMapper - ok
19:29:40.0294 4836 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
19:29:40.0309 4836 RpcLocator - ok
19:29:40.0340 4836 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
19:29:40.0356 4836 RpcSs - ok
19:29:40.0356 4836 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:29:40.0387 4836 rspndr - ok
19:29:40.0418 4836 [ C20F64FCD5E2B40310A1774495877ACD ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIVX.sys
19:29:40.0418 4836 RTHDMIAzAudService - ok
19:29:40.0450 4836 [ 7F4F11527AF5A7E4526CB6A146B3E40C ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
19:29:40.0465 4836 RTL8167 - ok
19:29:40.0465 4836 [ 2B38C905492F36FE42B59DA52D6B4EB7 ] RtNdPt60 C:\Windows\system32\DRIVERS\RtNdPt60.sys
19:29:40.0481 4836 RtNdPt60 - ok
19:29:40.0512 4836 [ 8DF706A5A12A4832A3291A1FF26A7CC1 ] RTTEAMPT C:\Windows\system32\DRIVERS\RtTeam60.sys
19:29:40.0512 4836 RTTEAMPT - ok
19:29:40.0528 4836 [ ED0624ED83121E1BC141F49B1316CAA0 ] RTVLANPT C:\Windows\system32\DRIVERS\RtVlan620.sys
19:29:40.0528 4836 RTVLANPT - ok
19:29:40.0543 4836 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
19:29:40.0543 4836 s3cap - ok
19:29:40.0559 4836 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
19:29:40.0574 4836 SamSs - ok
19:29:40.0606 4836 [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV C:\Hommel\SUPERAntiSpyware\SASDIFSV64.SYS
19:29:40.0606 4836 SASDIFSV - ok
19:29:40.0606 4836 [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL C:\Hommel\SUPERAntiSpyware\SASKUTIL64.SYS
19:29:40.0621 4836 SASKUTIL - ok
19:29:40.0684 4836 [ CCBF62280DAF6D94A4C73E391CDAC68C ] SbieDrv C:\Hommel\Sandboxie\SbieDrv.sys
19:29:40.0699 4836 SbieDrv - ok
19:29:40.0730 4836 [ 8A1F63C6EC01C56C9EC4C681E593FE34 ] SbieSvc C:\Hommel\Sandboxie\SbieSvc.exe
19:29:40.0730 4836 SbieSvc - ok
19:29:40.0762 4836 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
19:29:40.0762 4836 sbp2port - ok
19:29:40.0793 4836 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:29:40.0824 4836 SCardSvr - ok
19:29:40.0840 4836 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
19:29:40.0871 4836 scfilter - ok
19:29:40.0902 4836 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
19:29:40.0964 4836 Schedule - ok
19:29:40.0996 4836 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
19:29:41.0011 4836 SCPolicySvc - ok
19:29:41.0027 4836 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:29:41.0027 4836 SDRSVC - ok
19:29:41.0089 4836 [ 78779EE07231C658B483B1F38B5088DF ] SeaPort C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
19:29:41.0105 4836 SeaPort - ok
19:29:41.0136 4836 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:29:41.0183 4836 secdrv - ok
19:29:41.0198 4836 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
19:29:41.0214 4836 seclogon - ok
19:29:41.0261 4836 [ 9901DCF2B6DD2AD12CB42BD559E0C92D ] Secunia PSI Agent C:\Program Files (x86)\Secunia\PSI\PSIA.exe
19:29:41.0276 4836 Secunia PSI Agent - ok
19:29:41.0292 4836 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
19:29:41.0308 4836 SENS - ok
19:29:41.0323 4836 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
19:29:41.0339 4836 SensrSvc - ok
19:29:41.0339 4836 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
19:29:41.0354 4836 Serenum - ok
19:29:41.0386 4836 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
19:29:41.0401 4836 Serial - ok
19:29:41.0417 4836 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
19:29:41.0417 4836 sermouse - ok
19:29:41.0448 4836 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
19:29:41.0479 4836 SessionEnv - ok
19:29:41.0495 4836 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
19:29:41.0495 4836 sffdisk - ok
19:29:41.0510 4836 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
19:29:41.0510 4836 sffp_mmc - ok
19:29:41.0526 4836 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
19:29:41.0526 4836 sffp_sd - ok
19:29:41.0542 4836 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
19:29:41.0557 4836 sfloppy - ok
19:29:41.0573 4836 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
19:29:41.0588 4836 SharedAccess - ok
19:29:41.0604 4836 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:29:41.0666 4836 ShellHWDetection - ok
19:29:41.0682 4836 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:29:41.0682 4836 SiSRaid2 - ok
19:29:41.0698 4836 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
19:29:41.0698 4836 SiSRaid4 - ok
19:29:41.0713 4836 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:29:41.0744 4836 Smb - ok
19:29:41.0760 4836 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:29:41.0776 4836 SNMPTRAP - ok
19:29:41.0776 4836 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
19:29:41.0791 4836 spldr - ok
19:29:41.0807 4836 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe
19:29:41.0838 4836 Spooler - ok
19:29:41.0885 4836 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
19:29:41.0947 4836 sppsvc - ok
19:29:41.0963 4836 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
19:29:41.0994 4836 sppuinotify - ok
19:29:42.0025 4836 [ D6AB7C13FCDD2E4CAC35244D2C172D9A ] sptd C:\Windows\System32\Drivers\sptd.sys
19:29:42.0025 4836 sptd - ok
19:29:42.0056 4836 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
19:29:42.0072 4836 srv - ok
19:29:42.0103 4836 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:29:42.0119 4836 srv2 - ok
19:29:42.0134 4836 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:29:42.0166 4836 srvnet - ok
19:29:42.0181 4836 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:29:42.0228 4836 SSDPSRV - ok
19:29:42.0228 4836 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:29:42.0259 4836 SstpSvc - ok
19:29:42.0290 4836 Steam Client Service - ok
19:29:42.0290 4836 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
19:29:42.0306 4836 stexstor - ok
19:29:42.0322 4836 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
19:29:42.0337 4836 stisvc - ok
19:29:42.0353 4836 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
19:29:42.0368 4836 storflt - ok
19:29:42.0368 4836 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
19:29:42.0384 4836 storvsc - ok
19:29:42.0384 4836 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
19:29:42.0400 4836 swenum - ok
19:29:42.0400 4836 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
19:29:42.0431 4836 swprv - ok
19:29:42.0446 4836 Synth3dVsc - ok
19:29:42.0493 4836 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
19:29:42.0540 4836 SysMain - ok
19:29:42.0571 4836 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:29:42.0571 4836 TabletInputService - ok
19:29:42.0602 4836 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
19:29:42.0634 4836 TapiSrv - ok
19:29:42.0649 4836 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
19:29:42.0665 4836 TBS - ok
19:29:42.0680 4836 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:29:42.0727 4836 Tcpip - ok
19:29:42.0758 4836 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
19:29:42.0790 4836 TCPIP6 - ok
19:29:42.0805 4836 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:29:42.0836 4836 tcpipreg - ok
19:29:42.0836 4836 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:29:42.0852 4836 TDPIPE - ok
19:29:42.0868 4836 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:29:42.0883 4836 TDTCP - ok
19:29:42.0899 4836 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:29:42.0930 4836 tdx - ok
19:29:42.0946 4836 [ 8DF706A5A12A4832A3291A1FF26A7CC1 ] TEAM C:\Windows\system32\DRIVERS\RtTeam60.sys
19:29:42.0946 4836 TEAM - ok
19:29:42.0961 4836 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
19:29:42.0961 4836 TermDD - ok
19:29:42.0992 4836 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
19:29:43.0024 4836 TermService - ok
19:29:43.0024 4836 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
19:29:43.0039 4836 Themes - ok
19:29:43.0055 4836 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
19:29:43.0086 4836 THREADORDER - ok
19:29:43.0086 4836 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
19:29:43.0117 4836 TrkWks - ok
19:29:43.0148 4836 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:29:43.0180 4836 TrustedInstaller - ok
19:29:43.0180 4836 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:29:43.0211 4836 tssecsrv - ok
19:29:43.0226 4836 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
19:29:43.0226 4836 TsUsbFlt - ok
19:29:43.0242 4836 tsusbhub - ok
19:29:43.0258 4836 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:29:43.0273 4836 tunnel - ok
19:29:43.0289 4836 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
19:29:43.0289 4836 uagp35 - ok
19:29:43.0304 4836 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:29:43.0336 4836 udfs - ok
19:29:43.0336 4836 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:29:43.0351 4836 UI0Detect - ok
19:29:43.0367 4836 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
19:29:43.0382 4836 uliagpkx - ok
19:29:43.0398 4836 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
19:29:43.0398 4836 umbus - ok
19:29:43.0414 4836 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
19:29:43.0429 4836 UmPass - ok
19:29:43.0460 4836 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
19:29:43.0476 4836 UmRdpService - ok
19:29:43.0492 4836 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
19:29:43.0523 4836 upnphost - ok
19:29:43.0538 4836 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
19:29:43.0570 4836 usbaudio - ok
19:29:43.0585 4836 [ 481DFF26B4DCA8F4CBAC1F7DCE1D6829 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:29:43.0585 4836 usbccgp - ok
19:29:43.0601 4836 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
19:29:43.0616 4836 usbcir - ok
19:29:43.0616 4836 [ 74EE782B1D9C241EFE425565854C661C ] usbehci C:\Windows\system32\drivers\usbehci.sys
19:29:43.0632 4836 usbehci - ok
19:29:43.0648 4836 [ DC96BD9CCB8403251BCF25047573558E ] usbhub C:\Windows\system32\drivers\usbhub.sys
19:29:43.0663 4836 usbhub - ok
19:29:43.0663 4836 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\drivers\usbohci.sys
19:29:43.0679 4836 usbohci - ok
19:29:43.0694 4836 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
19:29:43.0710 4836 usbprint - ok
19:29:43.0710 4836 [ D76510CFA0FC09023077F22C2F979D86 ] USBSTOR C:\Windows\system32\drivers\USBSTOR.SYS
19:29:43.0726 4836 USBSTOR - ok
19:29:43.0741 4836 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
19:29:43.0757 4836 usbuhci - ok
19:29:43.0757 4836 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
19:29:43.0788 4836 UxSms - ok
19:29:43.0804 4836 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
19:29:43.0804 4836 VaultSvc - ok
19:29:43.0819 4836 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
19:29:43.0819 4836 vdrvroot - ok
19:29:43.0835 4836 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
19:29:43.0866 4836 vds - ok
19:29:43.0866 4836 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:29:43.0882 4836 vga - ok
19:29:43.0897 4836 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
19:29:43.0928 4836 VgaSave - ok
19:29:43.0928 4836 VGPU - ok
19:29:43.0944 4836 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
19:29:43.0944 4836 vhdmp - ok
19:29:43.0960 4836 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
19:29:43.0960 4836 viaide - ok
19:29:43.0975 4836 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
19:29:43.0991 4836 vmbus - ok
19:29:43.0991 4836 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
19:29:44.0006 4836 VMBusHID - ok
19:29:44.0022 4836 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
19:29:44.0022 4836 volmgr - ok
19:29:44.0038 4836 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:29:44.0053 4836 volmgrx - ok
19:29:44.0053 4836 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:29:44.0069 4836 volsnap - ok
19:29:44.0084 4836 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
19:29:44.0084 4836 vsmraid - ok
19:29:44.0116 4836 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
19:29:44.0178 4836 VSS - ok
19:29:44.0194 4836 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
19:29:44.0209 4836 vwifibus - ok
19:29:44.0225 4836 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
19:29:44.0256 4836 W32Time - ok
19:29:44.0256 4836 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
19:29:44.0287 4836 WacomPen - ok
19:29:44.0303 4836 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
19:29:44.0334 4836 WANARP - ok
19:29:44.0334 4836 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:29:44.0350 4836 Wanarpv6 - ok
19:29:44.0396 4836 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
19:29:44.0412 4836 wbengine - ok
19:29:44.0428 4836 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
19:29:44.0443 4836 WbioSrvc - ok
19:29:44.0459 4836 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:29:44.0474 4836 wcncsvc - ok
19:29:44.0474 4836 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:29:44.0490 4836 WcsPlugInService - ok
19:29:44.0506 4836 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
19:29:44.0521 4836 Wd - ok
19:29:44.0537 4836 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:29:44.0552 4836 Wdf01000 - ok
19:29:44.0552 4836 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:29:44.0568 4836 WdiServiceHost - ok
19:29:44.0568 4836 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:29:44.0568 4836 WdiSystemHost - ok
19:29:44.0584 4836 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
19:29:44.0599 4836 WebClient - ok
19:29:44.0599 4836 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:29:44.0630 4836 Wecsvc - ok
19:29:44.0646 4836 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:29:44.0662 4836 wercplsupport - ok
19:29:44.0677 4836 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
19:29:44.0708 4836 WerSvc - ok
19:29:44.0724 4836 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
19:29:44.0740 4836 WfpLwf - ok
19:29:44.0755 4836 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
19:29:44.0755 4836 WIMMount - ok
19:29:44.0771 4836 WinDefend - ok
19:29:44.0771 4836 WinHttpAutoProxySvc - ok
19:29:44.0802 4836 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:29:44.0818 4836 Winmgmt - ok
19:29:44.0849 4836 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
19:29:44.0896 4836 WinRM - ok
19:29:44.0927 4836 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
19:29:44.0942 4836 Wlansvc - ok
19:29:44.0974 4836 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
19:29:44.0989 4836 wlcrasvc - ok
19:29:45.0036 4836 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:29:45.0083 4836 wlidsvc - ok
19:29:45.0098 4836 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
19:29:45.0114 4836 WmiAcpi - ok
19:29:45.0114 4836 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:29:45.0130 4836 wmiApSrv - ok
19:29:45.0145 4836 WMPNetworkSvc - ok
19:29:45.0161 4836 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:29:45.0176 4836 WPCSvc - ok
19:29:45.0192 4836 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:29:45.0208 4836 WPDBusEnum - ok
19:29:45.0223 4836 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:29:45.0239 4836 ws2ifsl - ok
19:29:45.0254 4836 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
19:29:45.0270 4836 wscsvc - ok
19:29:45.0270 4836 WSearch - ok
19:29:45.0317 4836 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
19:29:45.0348 4836 wuauserv - ok
19:29:45.0379 4836 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
19:29:45.0395 4836 WudfPf - ok
19:29:45.0410 4836 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:29:45.0426 4836 wudfsvc - ok
19:29:45.0457 4836 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
19:29:45.0488 4836 WwanSvc - ok
19:29:45.0520 4836 [ 754C8BF43F0DD4B54865F174A62761E9 ] XENfiltv C:\Windows\system32\drivers\XENfiltv.sys
19:29:45.0535 4836 XENfiltv - ok
19:29:45.0551 4836 ================ Scan global ===============================
19:29:45.0551 4836 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
19:29:45.0582 4836 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
19:29:45.0582 4836 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
19:29:45.0598 4836 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
19:29:45.0613 4836 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
19:29:45.0613 4836 [Global] - ok
19:29:45.0613 4836 ================ Scan MBR ==================================
19:29:45.0613 4836 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:29:45.0988 4836 \Device\Harddisk0\DR0 - ok
19:29:45.0988 4836 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
19:29:46.0097 4836 \Device\Harddisk1\DR1 - ok
19:29:46.0097 4836 ================ Scan VBR ==================================
19:29:46.0128 4836 [ 80B022ED993270641888A6C9328B15CD ] \Device\Harddisk0\DR0\Partition1
19:29:46.0128 4836 \Device\Harddisk0\DR0\Partition1 - ok
19:29:46.0128 4836 [ E931B66F69ADEAF67EC49F15FE26EDEB ] \Device\Harddisk1\DR1\Partition1
19:29:46.0128 4836 \Device\Harddisk1\DR1\Partition1 - ok
19:29:46.0159 4836 [ ADCD3C86C07053310DD442E80CF7D720 ] \Device\Harddisk1\DR1\Partition2
19:29:46.0159 4836 \Device\Harddisk1\DR1\Partition2 - ok
19:29:46.0159 4836 ============================================================
19:29:46.0159 4836 Scan finished
19:29:46.0159 4836 ============================================================
19:29:46.0175 4244 Detected object count: 3
19:29:46.0175 4244 Actual detected object count: 3
19:29:54.0147 4244 Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
19:29:54.0147 4244 Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:29:54.0147 4244 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
19:29:54.0147 4244 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:29:54.0147 4244 CTAudSvcService ( UnsignedFile.Multi.Generic ) - skipped by user
19:29:54.0147 4244 CTAudSvcService ( UnsignedFile.Multi.Generic ) - User select action: Skip

Alt 06.02.2013, 19:32   #7
markusg
/// Malware-holic
 
http://pagesinxt.com Umleitung - Standard

http://pagesinxt.com Umleitung



hi,
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 06.02.2013, 19:33   #8
DerHommel
 
http://pagesinxt.com Umleitung - Standard

http://pagesinxt.com Umleitung



Scan gemacht, nix entfernt, alles aus "skip" gelassen.Soll ich die Kiste jetzt neustarten?

Alt 06.02.2013, 19:34   #9
markusg
/// Malware-holic
 
http://pagesinxt.com Umleitung - Standard

http://pagesinxt.com Umleitung



ne, weiter mit meinem adw cleaner post bitte.
nichts mit dem TDSS killer löschen bitte
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 06.02.2013, 19:42   #10
DerHommel
 
http://pagesinxt.com Umleitung - Standard

http://pagesinxt.com Umleitung



Ok, hat nur 1mal neustarten müssen.

AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v2.111 - Datei am 06/02/2013 um 19:39:05 erstellt
# Aktualisiert am 05/02/2013 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzer : DerHommel - DASDING
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Surfer\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\ProgramData\BrowserProtect
Ordner Gelöscht : C:\Users\DerHommel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Softonic

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Google Chrome v24.0.1312.57

Datei : C:\Users\DerHommel\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

Datei : C:\Users\Surfer\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S2].txt - [333 octets] - [06/02/2013 19:34:56]
AdwCleaner[S3].txt - [1115 octets] - [06/02/2013 19:39:05]

########## EOF - \AdwCleaner[S3].txt - [1175 octets] ##########
         
--- --- ---

Alt 06.02.2013, 19:55   #11
markusg
/// Malware-holic
 
http://pagesinxt.com Umleitung - Standard

http://pagesinxt.com Umleitung



hi
lade den CCleaner standard:
CCleaner - Download - Filepony
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 06.02.2013, 20:16   #12
DerHommel
 
http://pagesinxt.com Umleitung - Standard

http://pagesinxt.com Umleitung



Du meinst also hinter jedes installierte Programm Nötig/Unnötig, bzw unbekannt?
Gehe also jetzt davon aus das wir sie löschen werden, oder wie versteh ich das jetzt?

Alt 06.02.2013, 20:34   #13
markusg
/// Malware-holic
 
http://pagesinxt.com Umleitung - Standard

http://pagesinxt.com Umleitung



hi, genau, na die Nötigen löschen wir nicht, da währe ja ne Beschriftung sinnlos :-)
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 06.02.2013, 20:43   #14
DerHommel
 
http://pagesinxt.com Umleitung - Standard

http://pagesinxt.com Umleitung



3D Matrix Screensaver 1.1 04.02.2013 4,53MB 9.20.00.0 UNNÖTIG
Adobe Flash Player 11 Plugin Adobe Systems Incorporated 04.02.2013 6,00MB 11.5.502.146 ???
Adobe Reader XI (11.0.01) - Deutsch Adobe Systems Incorporated 17.01.2013 132MB 11.0.01 Unnötig
AMD Catalyst Install Manager Advanced Micro Devices, Inc. 09.01.2013 26,3MB 8.0.891.0 notwendig
ArcaniA – Gothic 4 Spellbound Studios 04.02.2013 notwendig
Astro Gemini Screensaver Manager 1.2 04.02.2013 UNNÖTIG
Bing Bar Microsoft Corporation 10.01.2013 24,2MB 7.0.619.0 ???
Blitzkrieg Mod 04.02.2013 4.51 notwendig
Call of Duty: Black Ops Treyarch 04.02.2013 notwendig
Call of Duty: Black Ops - Multiplayer Treyarch 04.02.2013 notwendig
Call of Duty: Modern Warfare 2 Infinity Ward 04.02.2013 notwendig
Call of Duty: Modern Warfare 2 - Multiplayer Infinity Ward 04.02.2013 notwendig
CCleaner Piriform 23.01.2013 3.27 notwendig
Company of Heroes Relic 04.02.2013 notwendig
Company of Heroes: Eastern Front 1.20 Eastern Front Team 13.01.2013 898MB notwendig
Company of Heroes: Tales of Valor Relic 04.02.2013 notwendig
concept/design onlineTV 8 concept/design GmbH 26.01.2013 22,4MB 8.2.0.1 UNNÖTIG
concept/design Video Jukebox concept/design GmbH 26.01.2013 9,04MB Video Jukebox UNNÖTIG
Creative Systeminformationen Creative Technology Limited 04.02.2013 1.10 notwendig
Crysis 2 Maximum Edition Electronic Arts 04.02.2013 notwendig
DAEMON Tools Lite DT Soft Ltd 04.02.2013 4.46.1.0328 UNNÖTIG
Deus Ex: Human Revolution Eidos Montreal 04.02.2013 notwendig
Dropbox Dropbox, Inc. 01.02.2013 1.6.16 notwendig
Duke Nukem Forever Gearbox Software 04.02.2013 notwendig
Etron USB3.0 Host Controller Etron Technology 09.01.2013 356KB 0.115 notwendig
Fish Aquarium 3D Screensaver 1.0 04.02.2013 UNNÖTIG
Google Chrome Google Inc. 15.01.2013 24.0.1312.57 UNNÖTIG
Homefront THQ 04.02.2013 notwendig
Intel(R) Management Engine Components Intel Corporation 09.01.2013 8.1.0.1252 ???
Java 7 Update 13 Oracle 02.02.2013 129MB 7.0.130 ???
Kaminfeuer Comprehensive Edition Free 04.02.2013 UNNÖTIG
Kane & Lynch 2: Dog Days IO Interactive 04.02.2013 notwendig
Left 4 Dead 2 Valve 04.02.2013 notwendig
Malwarebytes Anti-Malware Version 1.70.0.1100 Malwarebytes Corporation 05.02.2013 18,4MB 1.70.0.1100 notwendig
Men of War: Assault Squad Digitalmindsoft 04.02.2013 notwendig
Metro 2033 THQ 04.02.2013 notwendig
Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 10.01.2013 2,93MB 4.0.30319 notwendig
Microsoft .NET Framework 4.5 Microsoft Corporation 09.01.2013 38,8MB 4.5.50709 notwendig
Microsoft Security Essentials Microsoft Corporation 10.01.2013 4.1.522.0 notwendig
Microsoft Silverlight Microsoft Corporation 10.01.2013 50,6MB 5.1.10411.0 notwendig
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 10.01.2013 1,69MB 3.1.0000 ???
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 11.01.2013 300KB 8.0.59193 ???
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 Microsoft Corporation 09.01.2013 792KB 9.0.30729 ???
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 10.01.2013 788KB 9.0.30729.6161 ???
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Corporation 10.01.2013 1,42MB 9.0.21022 ???
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 10.01.2013 596KB 9.0.30729 ???
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 11.01.2013 600KB 9.0.30729.6161 ???
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Corporation 09.01.2013 13,8MB 10.0.40219 ???
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 09.01.2013 11,1MB 10.0.40219 ???
NVIDIA PhysX NVIDIA Corporation 11.01.2013 111MB 9.12.0613 notwendig
OpenAL 04.02.2013 notwendig
Opera 12.13 Opera Software ASA 30.01.2013 12.13.1734 notwendig
PAYDAY: The Heist Overkill 04.02.2013 notwendig
Realtek Ethernet Controller Driver Realtek 09.01.2013 7.49.927.2011 notwendig
Realtek Ethernet Diagnostic Utility Realtek 09.01.2013 1.006 notwendig
Realtek HDMI Audio Driver for ATI Realtek Semiconductor Corp. 04.02.2013 6.0.1.6519 notwendig
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 09.01.2013 6.0.1.6662 notwendig
Risen Piranha Bytes 04.02.2013 notwendig
Sandboxie 3.76 (64-bit) SANDBOXIE L.T.D 05.02.2013 3.76 notwendig
Secunia PSI (3.0.0.4001) Secunia 04.02.2013 5,81MB 3.0.0.4001 notwendig
Serious Sam HD: The Second Encounter Croteam 04.02.2013 notwendig
Solar System 3D Screensaver 1.4 04.02.2013 UNNÖTIG
Sound Blaster Tactic(3D) Sigma Creative Technology Limited 04.02.2013 1.0 notwendig
Spec Ops: The Line YAGER 04.02.2013 notwendig
Steam Valve Corporation 10.01.2013 35,4MB 1.0.0.0 notwendig(!!!)
SUPERAntiSpyware SUPERAntiSpyware.com 05.02.2013 46,3MB 5.6.1014 notwendig
The One Ring 3D Screensaver 1.0 3Planesoft 04.02.2013 6,42MB 1.0 UNNÖTIG
Tom Clancy's Splinter Cell: Conviction Ubisoft 04.02.2013 notwendig
Two Worlds II 04.02.2013 notwendig
Winamp Nullsoft, Inc 05.02.2013 5.63 notwendig
Winamp Erkennungs-Plug-in Nullsoft, Inc 05.02.2013 63,0KB 1.0.0.1 ???
Windows Live Essentials Microsoft Corporation 10.01.2013 15.4.3555.0308 ???
Windows Live Mesh ActiveX control for remote connections Microsoft Corporation 10.01.2013 5,57MB 15.4.5722.2 ???
Zattoo4 4.0.5 Zattoo Inc. 04.02.2013 4.0.5 UNNÖTIG

Alt 06.02.2013, 20:48   #15
markusg
/// Malware-holic
 
http://pagesinxt.com Umleitung - Standard

http://pagesinxt.com Umleitung



deinstaliere:
3D
Adobe Reader
Astro
Bing
concept: beide
DAEMON
Fish
Google
Kaminfeuer
Solar
SUPERAntiSpyware : kann weg, findet meist nur kookies
The One
Windows Live : alle von dir nicht benötigten
Zattoo4

Öffne CCleaner, analysieren, starten, PC neustarten, testen, wie PC + Programme wie Browser laufen
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu http://pagesinxt.com Umleitung
.com, browser, entferne, entfernen, eurer, gvu-trojaner, gvu-trojaner entfernen, hallo zusammen, immer wieder, lästige, neue, opera, prob, thomas, umgeleitet, umleitung, wieder weg, zusammen




Ähnliche Themen: http://pagesinxt.com Umleitung


  1. Ungewollte Startseiten: *http://wisersearch.com/?channel=de_nt* und *http://search.fbdownloader.com/?channel=sfde203fbdgy21*
    Log-Analyse und Auswertung - 16.12.2013 (13)
  2. Infektion mit http://www.qvo6.com und http://static.icmapp.com
    Log-Analyse und Auswertung - 04.12.2013 (7)
  3. http://dfs.pathdone.net/sd/cpops-1.2.0.html?u=http%3A%2F%2Fdfs.pathdone.net%2Fsd%2Fapps%2Ffusionx%2F0.0.4.html%3Faff%3D1060-8002&p=LyricsSay
    Plagegeister aller Art und deren Bekämpfung - 29.10.2013 (13)
  4. Win7 - 64bit: Öffnen von http://serve.bannersdontwork.com/text/javascript und http://serve.bannersdontwork.com/&m=true in Firefox
    Log-Analyse und Auswertung - 13.08.2013 (17)
  5. http://rou.resyncload.net/sd/wrap-0.01.html?u=http%3A%2F%2Frou.resyncload.net%2Fsd%2Fapps%2Fyb1024.html
    Plagegeister aller Art und deren Bekämpfung - 29.07.2013 (11)
  6. Wie entferne ich http://serve.bannersdontwork.com/text/javascript http://serve.bannersdontwork.com/&m=true
    Log-Analyse und Auswertung - 18.06.2013 (10)
  7. Firefox immer an pagesinxt.com weitergeleitet
    Plagegeister aller Art und deren Bekämpfung - 02.03.2012 (3)
  8. 100ksearches Umleitung
    Plagegeister aller Art und deren Bekämpfung - 16.08.2011 (6)
  9. DNS Umleitung was ist hier los?
    Log-Analyse und Auswertung - 28.02.2009 (2)
  10. Umleitung 85.255...
    Plagegeister aller Art und deren Bekämpfung - 20.02.2009 (6)
  11. Umleitung
    Log-Analyse und Auswertung - 05.02.2009 (1)
  12. Umleitung auf http://81.95.149.27/eur/index.php
    Plagegeister aller Art und deren Bekämpfung - 10.08.2007 (2)
  13. URL Umleitung
    Plagegeister aller Art und deren Bekämpfung - 22.01.2007 (1)
  14. Umleitung im IE
    Log-Analyse und Auswertung - 30.09.2006 (27)
  15. ">"">><meta http-equiv="Refresh" content="0;url=http://askimizsonsuza.com/code/">"">
    Plagegeister aller Art und deren Bekämpfung - 04.09.2006 (4)
  16. Umleitung
    Plagegeister aller Art und deren Bekämpfung - 26.06.2006 (30)
  17. Wie bekomme ich die "Umleitung" http://win-eto.com/ aus dem Explorer?
    Plagegeister aller Art und deren Bekämpfung - 18.12.2004 (26)

Zum Thema http://pagesinxt.com Umleitung - Hallo zusammen! So`n Mist!Da könnte ich just mit eurer Hilfe diesen lästigen GVU-Trojaner entfernen und nun hab ich auch schon das nächste Prob!! Werde im Browser (Opera) immer wieder zu - http://pagesinxt.com Umleitung...

Alle Zeitangaben in WEZ +1. Es ist jetzt 16:56 Uhr.


Copyright ©2000-2024, Trojaner-Board
Archiv
Du betrachtest: http://pagesinxt.com Umleitung auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.