| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Java/Treams.JO in Quarantäne, PC wieder sicher?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
13.02.2013, 13:17
| #1 |
| |  Java/Treams.JO in Quarantäne, PC wieder sicher? Hallo zusammen, Ich habe gestern bei einem Routinescan von Avira Internet Security 2012 in meinem Temp Ordner den Virus Java/Treams.JO entdeckt und in Quarantäne gesetzt. Da ich nicht weiss was der macht und wo der herkommt wollte ich hier um Rat fragen wie ich mir sicher sein kann, dass mein PC nun wieder sicher benutzbar ist (wird u.A. für Banking, Einkäufe etc. verwendet, neu aufsetzen wäre aber eine mittlere Katastrophe  ). Kleine Anmerkung, Ich habe weder vor dem Avira Scan noch danach irgendeine Beeinträchtigung meines PCs durch den Virus gemerkt. Ich habe nun schon in meinem Aktionismus ein paar Schritte gemacht, die hier im Forum unter http://www.trojaner-board.de/129212-...ereinigen.html beschrieben sind. Z.B. mbar, aswMBR, TDSS-Killer und adwCleaner. Während die ersten drei nichts besonderes gezeigt haben (deswegen kein Log im Beitrag), war adwCleaner ziemlich voll (wohl "Standardmüll", siehe gaaanz unten). Ansonsten habe ich zu dem Virus garnix gefunden, nichtmal Avira hatte eine Beschreibung davon.  Hier die hoffentlich hilfreichen Logs: Avira Log: Code:
ATTFilter
Avira Internet Security 2012
Erstellungsdatum der Reportdatei: Dienstag, 12. Februar 2013 12:04
Es wird nach 4995143 Virenstämmen gesucht.
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Holger Marten
Seriennummer : 2220724714-ISECE-0000001
Plattform : Windows 7 Professional
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : Hugomatic
Computername : HUGOMATIC-PC
Versionsinformationen:
BUILD.DAT : 12.1.9.1197 48681 Bytes 11.10.2012 15:22:00
AVSCAN.EXE : 12.3.0.48 468256 Bytes 13.11.2012 17:59:36
AVSCAN.DLL : 12.3.0.15 66256 Bytes 15.05.2012 19:09:17
LUKE.DLL : 12.3.0.15 68304 Bytes 15.05.2012 19:09:18
AVSCPLR.DLL : 12.3.0.14 97032 Bytes 12.05.2012 13:01:31
AVREG.DLL : 12.3.0.17 232200 Bytes 12.05.2012 13:01:31
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 12:57:26
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 12:58:05
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 12:58:47
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 12:59:00
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 12:59:12
VBASE005.VDF : 7.11.34.116 4034048 Bytes 29.06.2012 08:06:08
VBASE006.VDF : 7.11.41.250 4902400 Bytes 06.09.2012 11:07:18
VBASE007.VDF : 7.11.50.230 3904512 Bytes 22.11.2012 16:07:53
VBASE008.VDF : 7.11.60.10 6627328 Bytes 07.02.2013 12:11:51
VBASE009.VDF : 7.11.60.11 2048 Bytes 07.02.2013 12:11:52
VBASE010.VDF : 7.11.60.12 2048 Bytes 07.02.2013 12:11:52
VBASE011.VDF : 7.11.60.13 2048 Bytes 07.02.2013 12:11:52
VBASE012.VDF : 7.11.60.14 2048 Bytes 07.02.2013 12:11:52
VBASE013.VDF : 7.11.60.62 351232 Bytes 08.02.2013 08:11:34
VBASE014.VDF : 7.11.60.115 190976 Bytes 09.02.2013 08:11:35
VBASE015.VDF : 7.11.60.177 282624 Bytes 11.02.2013 16:11:31
VBASE016.VDF : 7.11.60.178 2048 Bytes 11.02.2013 16:11:32
VBASE017.VDF : 7.11.60.179 2048 Bytes 11.02.2013 16:11:32
VBASE018.VDF : 7.11.60.180 2048 Bytes 11.02.2013 16:11:32
VBASE019.VDF : 7.11.60.181 2048 Bytes 11.02.2013 16:11:32
VBASE020.VDF : 7.11.60.182 2048 Bytes 11.02.2013 16:11:32
VBASE021.VDF : 7.11.60.183 2048 Bytes 11.02.2013 16:11:32
VBASE022.VDF : 7.11.60.184 2048 Bytes 11.02.2013 16:11:32
VBASE023.VDF : 7.11.60.185 2048 Bytes 11.02.2013 16:11:32
VBASE024.VDF : 7.11.60.186 2048 Bytes 11.02.2013 16:11:32
VBASE025.VDF : 7.11.60.187 2048 Bytes 11.02.2013 16:11:32
VBASE026.VDF : 7.11.60.188 2048 Bytes 11.02.2013 16:11:32
VBASE027.VDF : 7.11.60.189 2048 Bytes 11.02.2013 16:11:33
VBASE028.VDF : 7.11.60.190 2048 Bytes 11.02.2013 16:11:33
VBASE029.VDF : 7.11.60.191 2048 Bytes 11.02.2013 16:11:33
VBASE030.VDF : 7.11.60.192 2048 Bytes 11.02.2013 16:11:33
VBASE031.VDF : 7.11.60.214 102400 Bytes 12.02.2013 10:11:28
Engineversion : 8.2.10.250
AEVDF.DLL : 8.1.2.10 102772 Bytes 10.07.2012 11:05:15
AESCRIPT.DLL : 8.1.4.88 471417 Bytes 08.02.2013 08:11:32
AESCN.DLL : 8.1.10.0 131445 Bytes 13.12.2012 20:07:53
AESBX.DLL : 8.2.5.12 606578 Bytes 14.06.2012 19:05:21
AERDL.DLL : 8.2.0.88 643444 Bytes 11.01.2013 14:08:02
AEPACK.DLL : 8.3.1.2 819574 Bytes 20.12.2012 16:07:59
AEOFFICE.DLL : 8.1.2.50 201084 Bytes 05.11.2012 16:06:44
AEHEUR.DLL : 8.1.4.198 5751159 Bytes 08.02.2013 08:11:32
AEHELP.DLL : 8.1.25.2 258423 Bytes 11.10.2012 15:07:17
AEGEN.DLL : 8.1.6.16 434549 Bytes 24.01.2013 16:11:23
AEEXP.DLL : 8.3.0.24 188787 Bytes 11.02.2013 08:11:36
AEEMU.DLL : 8.1.3.2 393587 Bytes 10.07.2012 11:05:14
AECORE.DLL : 8.1.30.0 201079 Bytes 13.12.2012 20:07:51
AEBB.DLL : 8.1.1.4 53619 Bytes 05.11.2012 16:06:35
AVWINLL.DLL : 12.3.0.15 27344 Bytes 15.05.2012 19:09:17
AVPREF.DLL : 12.3.0.32 50720 Bytes 13.11.2012 17:59:36
AVREP.DLL : 12.3.0.15 179208 Bytes 12.05.2012 13:01:31
AVARKT.DLL : 12.3.0.33 209696 Bytes 13.11.2012 17:59:34
AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 15.05.2012 19:09:17
SQLITE3.DLL : 3.7.0.1 398288 Bytes 15.05.2012 19:09:18
AVSMTP.DLL : 12.3.0.32 63992 Bytes 01.08.2012 09:05:32
NETNT.DLL : 12.3.0.15 17104 Bytes 15.05.2012 19:09:18
RCIMAGE.DLL : 12.3.0.31 4819704 Bytes 01.08.2012 09:05:26
RCTEXT.DLL : 12.3.0.32 98848 Bytes 13.11.2012 17:59:31
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\Program Files (x86)\Avira\AntiVir Desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Beginn des Suchlaufs: Dienstag, 12. Februar 2013 12:04
Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf nach versteckten Objekten wird begonnen.
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '88' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '123' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashUtil32_11_5_502_149_ActiveX.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'AVWEBGRD.EXE' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'avmailc.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'AlienFXHook32Mngr.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '68' Modul(e) wurden durchsucht
Durchsuche Prozess 'Updater.exe' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAANTMon.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'AlienFusionController.exe' - '79' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '114' Modul(e) wurden durchsucht
Durchsuche Prozess 'PerfTuneService.exe' - '105' Modul(e) wurden durchsucht
Durchsuche Prozess 'wlansrv.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'sftservice.EXE' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'PnkBstrA.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'brs.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'PDVD8Serv.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'PBN.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'GoogleToolbarNotifier.exe' - '71' Modul(e) wurden durchsucht
Durchsuche Prozess 'AlienwareAlienFXController.exe' - '118' Modul(e) wurden durchsucht
Durchsuche Prozess 'NBService.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'IJPLMSVC.EXE' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '73' Modul(e) wurden durchsucht
Durchsuche Prozess 'avfwsvc.exe' - '58' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAAnotif.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '44' Modul(e) wurden durchsucht
Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '1737' Dateien ).
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\' <OS>
C:\Users\Hugomatic\AppData\Local\Temp\jar_cache2511743082926785305.tmp
[0] Archivtyp: ZIP
--> Asdf3cvR55.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Pesur.BT.1
--> fYGVBJHGHJH666.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Dermit.GU.1
--> kalibton.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Karamel.CC
--> qDSJHFJHSDFGDSIKFJHD.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Treams.JM
--> S2394834djskfh.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Treams.JN
--> triton.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Lamar.RI.3
--> XLR.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Lamar.RI.3
--> ZHJGJG7778HGYU7Y8.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Treams.JO
Beginne mit der Desinfektion:
C:\Users\Hugomatic\AppData\Local\Temp\jar_cache2511743082926785305.tmp
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Treams.JO
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '564a9f93.qua' verschoben!
Ende des Suchlaufs: Dienstag, 12. Februar 2013 13:07
Benötigte Zeit: 58:09 Minute(n)
Der Suchlauf wurde vollständig durchgeführt.
28198 Verzeichnisse wurden überprüft
726141 Dateien wurden geprüft
8 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
1 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
726133 Dateien ohne Befall
3760 Archive wurden durchsucht
0 Warnungen
1 Hinweise
563004 Objekte wurden beim Rootkitscan durchsucht
0 Versteckte Objekte wurden gefunden
Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.02.13.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Hugomatic :: HUGOMATIC-PC [Administrator] Schutz: Aktiviert 13.02.2013 10:31:43 mbam-log-2013-02-13 (10-31-43).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 380246 Laufzeit: 47 Minute(n), 30 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter OTL logfile created on: 13.02.2013 12:09:50 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Hugomatic\Downloads 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 5,99 Gb Total Physical Memory | 4,54 Gb Available Physical Memory | 75,72% Memory free 11,98 Gb Paging File | 10,14 Gb Available in Paging File | 84,66% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 457,04 Gb Total Space | 202,60 Gb Free Space | 44,33% Space Free | Partition Type: NTFS Computer Name: HUGOMATIC-PC | User Name: Hugomatic | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Hugomatic\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks) PRC - C:\Program Files (x86)\Belkin\F7D4101\V1\wlansrv.exe () PRC - C:\Program Files (x86)\Belkin\F7D4101\V1\PBN.exe () PRC - C:\Programme\Alienware\Command Center\AlienFXHook32Mngr.exe (Alienware) PRC - C:\Programme\Alienware\Command Center\AlienwareAlienFXController.exe (Alienware Corporation) PRC - C:\Program Files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) PRC - C:\Program Files (x86)\CyberLink\Shared Files\brs.exe (cyberlink) PRC - C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.) PRC - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE () ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\77dfcfed5fd5f67d0d3edc545935bb21\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\a31a05ea4f51139b6fae4256999a538e\System.Data.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ff7c9a4f41f7cccc47e696c11b9f8469\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll () MOD - C:\Windows\assembly\GAC_MSIL\AlienLabs.MasterIOBoard.Communication.PID0x513\1.0.74.0__bebb3c8816410241\AlienLabs.MasterIOBoard.Communication.PID0x513.dll () MOD - C:\Windows\assembly\GAC_MSIL\AlienLabs.MasterIOBoard.Communication\1.0.74.0__bebb3c8816410241\AlienLabs.MasterIOBoard.Communication.dll () MOD - C:\Windows\assembly\GAC_MSIL\AlienLabs.MasterIOBoard.Communication.Core\1.0.74.0__bebb3c8816410241\AlienLabs.MasterIOBoard.Communication.Core.dll () MOD - C:\Windows\assembly\GAC_MSIL\AlienwareAlienFXModelResources\1.0.74.0__bebb3c8816410241\AlienwareAlienFXModelResources.dll () MOD - C:\Windows\assembly\GAC_MSIL\AlienwareAlienFXTools\1.0.74.0__bebb3c8816410241\AlienwareAlienFXTools.dll () MOD - C:\Windows\assembly\GAC_MSIL\AlienLabsTools\1.0.65.0__bebb3c8816410241\AlienLabsTools.dll () MOD - C:\Windows\assembly\GAC_MSIL\Alienlabs.CommandCenter.Tools\1.0.65.0__bebb3c8816410241\Alienlabs.CommandCenter.Tools.dll () MOD - C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x512\1.0.74.0__bebb3c8816410241\AlienFX.Communication.PID0x512.dll () MOD - C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x516\1.0.74.0__bebb3c8816410241\AlienFX.Communication.PID0x516.dll () MOD - C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x515\1.0.74.0__bebb3c8816410241\AlienFX.Communication.PID0x515.dll () MOD - C:\Windows\assembly\GAC_MSIL\AlienFX.DeviceDiscovery\1.0.74.0__bebb3c8816410241\AlienFX.DeviceDiscovery.dll () MOD - C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x513\1.0.74.0__bebb3c8816410241\AlienFX.Communication.PID0x513.dll () MOD - C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.Core\1.0.74.0__bebb3c8816410241\AlienFX.Communication.Core.dll () MOD - C:\Windows\assembly\GAC_MSIL\AlienFX.Communication\1.0.74.0__bebb3c8816410241\AlienFX.Communication.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll () MOD - C:\Program Files (x86)\Belkin\F7D4101\V1\PBN.exe () MOD - C:\Program Files (x86)\Belkin\F7D4101\V1\BelkinwcuiDLL.dll () ========== Services (SafeList) ========== SRV:64bit: - (IswSvc) -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe File not found SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirFirewallService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG) SRV - (AntiVirMailService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks) SRV - (WLANBelkinService) -- C:\Program Files (x86)\Belkin\F7D4101\V1\wlansrv.exe () SRV - (DAUpdaterSvc) -- C:\Dragon Age\bin_ship\daupdatersvc.service.exe (BioWare) SRV - (AlienFusionService) -- C:\Programme\Alienware\Command Center\AlienFusionService.exe (Alienware) SRV - (XTUService) -- C:\Program Files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe (Intel Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (IAANTMON) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) SRV - (AERTFilters) -- C:\Programme\Realtek\Audio\HDA\AERTSr64.exe (Andrea Electronics Corporation) SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) SRV - (IJPLMSVC) -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE () ========== Driver Services (SafeList) ========== DRV:64bit: - (ISWKL) -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys File not found DRV:64bit: - (avfwot) -- C:\Windows\SysNative\drivers\avfwot.sys (Avira GmbH) DRV:64bit: - (avfwim) -- C:\Windows\SysNative\drivers\avfwim.sys (Avira GmbH) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (AWOPFilterDriver) -- C:\Windows\SysNative\drivers\AWOPFilterDriver.sys () DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys () DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys () DRV:64bit: - (BCMH43XX) -- C:\Windows\SysNative\drivers\bcmwlhigh564.sys (Broadcom Corporation) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV:64bit: - (SI3132) -- C:\Windows\SysNative\drivers\SI3132.sys (Silicon Image, Inc) DRV:64bit: - (SiFilter) -- C:\Windows\SysNative\drivers\SiWinAcc.sys (Silicon Image, Inc) DRV:64bit: - (SiRemFil) -- C:\Windows\SysNative\drivers\SiRemFil.sys (Silicon Image, Inc) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (smbusp) -- C:\Windows\SysNative\drivers\intelsmb.sys (Intel Corporation) DRV:64bit: - (Blfp) -- C:\Windows\SysNative\drivers\basp.sys (Broadcom Corporation) DRV:64bit: - (acedrv11) -- C:\Windows\SysNative\drivers\acedrv11.sys (Protect Software GmbH) DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (IOCBIOS) -- C:\ProgramData\Intel\Extreme Tuning Utility\IOCbios\64bit\iOCbios.sys (Intel Corporation) DRV - ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}) -- c:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl (CyberLink Corp.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3298486900-1751861136-877735410-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.alienware.com/ IE - HKU\S-1-5-21-3298486900-1751861136-877735410-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://support.alienware.com [binary data] IE - HKU\S-1-5-21-3298486900-1751861136-877735410-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-3298486900-1751861136-877735410-1000\..\URLSearchHook: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - No CLSID value found IE - HKU\S-1-5-21-3298486900-1751861136-877735410-1000\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - No CLSID value found IE - HKU\S-1-5-21-3298486900-1751861136-877735410-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-21-3298486900-1751861136-877735410-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3298486900-1751861136-877735410-1000\..\SearchScopes\{57FEA219-F77E-4D8F-BBBF-74C3C6F4108C}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=39EBBF6C-D99A-4A24-A3CD-2B7C94F5A45F&apn_sauid=4F91A191-E256-45FD-85AD-2B5B98174300 IE - HKU\S-1-5-21-3298486900-1751861136-877735410-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SUNC_deDE358 IE - HKU\S-1-5-21-3298486900-1751861136-877735410-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.) FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll File not found FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker ========== Chrome ========== CHR - homepage: hxxp://www.google.com/ CHR - homepage: hxxp://www.google.com/ CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: NPCIG.dll (Enabled) = C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 7 U10 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility for IJ (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL CHR - plugin: Java Deployment Toolkit 7.0.100.18 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3:64bit: - HKU\S-1-5-21-3298486900-1751861136-877735410-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKU\S-1-5-21-3298486900-1751861136-877735410-1000\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found O3 - HKU\S-1-5-21-3298486900-1751861136-877735410-1000\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found O4:64bit: - HKLM..\Run: [] File not found O4:64bit: - HKLM..\Run: [AlienFX Controller] C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe (Alienware Corporation) O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden" File not found O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe File not found O4:64bit: - HKLM..\Run: [Thermal Controller] C:\Program Files\Alienware\Command Center\ThermalController.exe (Alienware Corp.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BDRegion] c:\Program Files (x86)\Cyberlink\Shared Files\brs.exe (cyberlink) O4 - HKLM..\Run: [PDVD8LanguageShortcut] c:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.) O4 - HKLM..\Run: [RemoteControl8] c:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab (Java Plug-in 1.6.0_38) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab (Java Plug-in 10.13.2) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{787314A1-2B24-4861-8134-B583E6FC6B01}: DhcpNameServer = 192.168.2.1 O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{58e40010-e0c2-11de-bd5e-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{58e40010-e0c2-11de-bd5e-806e6f6e6963}\Shell\AutoRun\command - "" = "D:\World of Warcraft Setup.exe" O33 - MountPoints2\{ba292377-f98c-11df-b299-9444526e6ad1}\Shell - "" = AutoRun O33 - MountPoints2\{ba292377-f98c-11df-b299-9444526e6ad1}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.02.13 11:59:51 | 000,000,000 | R--D | C] -- C:\Users\Hugomatic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8 [2013.02.13 11:25:59 | 000,000,000 | ---D | C] -- C:\Logs [2013.02.13 10:24:35 | 000,000,000 | ---D | C] -- C:\Users\Hugomatic\AppData\Roaming\Malwarebytes [2013.02.13 10:24:01 | 000,000,000 | ---D | C] -- C:\Users\Hugomatic\AppData\Local\Programs [2013.02.12 17:21:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.02.12 17:21:29 | 000,000,000 | ---D | C] -- C:\Users\Hugomatic\Desktop\mbar [2013.02.03 13:10:21 | 000,000,000 | ---D | C] -- C:\Users\Hugomatic\.pdfsam [2013.02.03 13:07:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Split And Merge Basic [2013.02.03 13:07:20 | 000,000,000 | ---D | C] -- C:\Program Files\PDF Split And Merge Basic [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.02.13 12:07:39 | 000,014,032 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.02.13 12:07:39 | 000,014,032 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.02.13 12:06:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.02.13 11:59:52 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.02.13 11:59:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.02.13 11:59:41 | 529,731,583 | -HS- | M] () -- C:\hiberfil.sys [2013.02.13 11:32:48 | 000,000,000 | ---- | M] () -- C:\Users\Hugomatic\defogger_reenable [2013.02.13 11:26:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.02.12 17:43:21 | 000,034,875 | ---- | M] () -- C:\Users\Hugomatic\Documents\combofix.odt [2013.02.12 17:13:47 | 001,527,740 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.02.12 17:13:47 | 000,664,618 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.02.12 17:13:47 | 000,624,800 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.02.12 17:13:47 | 000,134,786 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.02.12 17:13:47 | 000,110,438 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.02.02 16:22:10 | 000,002,185 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.02.13 11:32:48 | 000,000,000 | ---- | C] () -- C:\Users\Hugomatic\defogger_reenable [2013.02.12 17:43:19 | 000,034,875 | ---- | C] () -- C:\Users\Hugomatic\Documents\combofix.odt [2012.09.10 15:55:03 | 000,060,304 | ---- | C] () -- C:\Users\Hugomatic\g2mdlhlpx.exe [2012.09.10 13:03:38 | 004,129,378 | ---- | C] () -- C:\Users\Hugomatic\ProStation Manual.pdf [2012.04.06 02:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.04.06 02:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.07.24 11:29:05 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat [2011.07.24 11:29:05 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat [2011.06.30 17:16:54 | 000,007,607 | ---- | C] () -- C:\Users\Hugomatic\AppData\Local\Resmon.ResmonCfg [2010.02.18 18:08:37 | 000,000,097 | ---- | C] () -- C:\Users\Hugomatic\AppData\Local\fusioncache.dat ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2011.03.28 19:44:25 | 000,000,000 | ---D | M] -- C:\Users\Hugomatic\AppData\Roaming\Canon [2010.01.06 19:26:53 | 000,000,000 | ---D | M] -- C:\Users\Hugomatic\AppData\Roaming\CheckPoint [2012.08.01 09:13:17 | 000,000,000 | ---D | M] -- C:\Users\Hugomatic\AppData\Roaming\OpenOffice.org [2010.07.13 18:51:16 | 000,000,000 | ---D | M] -- C:\Users\Hugomatic\AppData\Roaming\ProtectDisc [2011.11.04 18:15:57 | 000,000,000 | ---D | M] -- C:\Users\Hugomatic\AppData\Roaming\PunkBuster [2010.03.09 19:27:51 | 000,000,000 | ---D | M] -- C:\Users\Hugomatic\AppData\Roaming\Ubisoft [2012.09.10 12:27:41 | 000,000,000 | ---D | M] -- C:\Users\Hugomatic\AppData\Roaming\WH SELFINVEST ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 13.02.2013 08:49:33 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Hugomatic\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
5,99 Gb Total Physical Memory | 4,36 Gb Available Physical Memory | 72,82% Memory free
11,98 Gb Paging File | 9,89 Gb Available in Paging File | 82,55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 457,04 Gb Total Space | 205,25 Gb Free Space | 44,91% Space Free | Partition Type: NTFS
Computer Name: HUGOMATIC-PC | User Name: Hugomatic | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00FE80F0-1DCB-4434-A071-B24CBB9C96C9}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrsp.exe |
"{038164F5-F02D-4BED-8A32-59DEF920335A}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe |
"{09E79B72-08FF-4913-885F-639105320E43}" = protocol=6 | dir=in | app=c:\program files (x86)\reality pump\two worlds ii\twoworlds2.exe |
"{0FADFCAE-7A0C-4BCC-B0FE-5E18152A6B44}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\uplaybrowser.exe |
"{1680D63B-07D6-4F25-A340-449681A23D12}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbsp.exe |
"{1A36B73D-2986-49CE-8DDE-EB263103856A}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd8\powerdvd8.exe |
"{1E066D5D-DA62-462C-B710-320764406034}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe |
"{1EBCA0DD-BAF1-4DEC-9987-BCB994C39051}" = protocol=6 | dir=in | app=c:\dragon age\daoriginslauncher.exe |
"{20D42473-B6F8-4890-8C0D-1265A4A6D746}" = protocol=6 | dir=in | app=c:\dragon age\bin_ship\daupdatersvc.service.exe |
"{24DA52CB-20DC-4872-88CE-A70A41E54883}" = protocol=17 | dir=in | app=c:\windows\syswow64\zonelabs\vsmon.exe |
"{25A2D7E8-5030-4E56-B46C-5FB180A6D430}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrsp.exe |
"{29C61B44-0F92-48D1-899B-830EA6020E85}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{2BDED0D1-EBC2-4FB7-B63A-D918575E9D69}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreedii.exe |
"{2C34BDFF-9C8F-421F-9D70-11F52E727A38}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysis.exe |
"{2E2E38E6-0503-448F-9626-360CBBFAA46D}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{31321D17-93EB-49C3-B148-3E4D7BCC857A}" = protocol=17 | dir=in | app=c:\program files (x86)\deep silver\sacred 2 - gold\system\sacred2.exe |
"{351E8D68-0BD1-454D-8505-1F303D74BE45}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\assassinscreedrevelations.exe |
"{35A3D5DF-405B-487F-93D2-C3C1DBAFC4B1}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysisdedicatedserver.exe |
"{3BCD4BEE-D4D7-4648-AB69-0DB3651FF166}" = protocol=6 | dir=in | app=c:\dragon age\bin_ship\daorigins.exe |
"{4BB1AE14-1D84-427D-A937-0FC8678EEE9A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{4C85BDD2-0D82-41F8-9305-A433A96896A2}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis.exe |
"{541EBEC0-7EF1-47F2-8368-9E57A9664E04}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{566C9EF0-FC8D-45CF-9512-46F6F4BC24F1}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{5975A1D8-D1B3-4FB8-BB23-B790A48C1A02}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{6787D9C8-8B05-4C03-94BA-90C2EF1AF564}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{6B3ABD99-5823-4D03-8FE6-90D7EBD59497}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreedii.exe |
"{747E2F9E-DFC4-4713-9EC1-E9D27AEAE66D}" = protocol=6 | dir=in | app=c:\program files (x86)\unreal tournament 3 (lg)\binaries\ut3.exe |
"{7C2E5ED5-10CF-4D26-8932-919FB9DEADA0}" = protocol=17 | dir=in | app=c:\dragon age\bin_ship\daorigins.exe |
"{7CD53D4D-E043-4BE7-AD9C-84D1D26F7165}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\assassinscreedbrotherhood.exe |
"{7F16A3D2-2126-4A2A-8D75-44A3691EDB7E}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrmp.exe |
"{80F546B4-0A9C-4129-A5B9-B87B2BA73997}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreediigame.exe |
"{8A9F476D-53ED-427F-9AAA-A9A2470AB342}" = protocol=6 | dir=in | app=c:\program files (x86)\deep silver\sacred 2 - gold\system\sacred2.exe |
"{8E70EE16-6945-474E-BECE-D624268EE510}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbmp.exe |
"{90FB8D19-9B31-4BB3-B511-67FFF8DC98AA}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\uplaybrowser.exe |
"{92AF711C-CCA8-45F8-887A-C083A6B256DF}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\assassinscreedbrotherhood.exe |
"{9C715D5C-D04C-4D59-B274-88E538BB1112}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{9F3B501C-5018-4A36-9B3F-60C19F6B0551}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{A1A35A1B-2DFE-4677-8BDE-176498E3CF3F}" = protocol=6 | dir=in | app=c:\program files (x86)\deep silver\sacred 2 - gold\system\s2gs.exe |
"{A24300E5-F2B2-4520-8003-AB4989926DA1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{A5A50408-D708-4DFA-A69A-085C60D11860}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{ADB92EC1-3DFF-4265-BBBC-744EA4E67D44}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbsp.exe |
"{B3DD45FD-49CB-492B-9B7A-AF8A5DE8F3C8}" = protocol=17 | dir=in | app=c:\windows\syswow64\zonelabs\vsmon.exe |
"{BDEE0490-78EF-426B-9DCF-98CC87C988BE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{C1E53C6C-6C8A-443C-9E59-1A303913D10F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{C23F5C61-E714-4E86-987E-C1C3C0B47572}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrmp.exe |
"{C528B8CC-2716-4191-94EE-328CD78B8969}" = protocol=6 | dir=in | app=c:\windows\syswow64\zonelabs\vsmon.exe |
"{C57DD692-31BF-4FE8-BAF0-470EE31CC575}" = protocol=17 | dir=in | app=c:\dragon age\daoriginslauncher.exe |
"{C5FBFD34-4A62-45A9-A3E3-2B12C1F64491}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis.exe |
"{C699DD47-34A4-46E5-8E8C-139335AA449C}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreediigame.exe |
"{C9FB4CB7-62B4-406A-BBFE-5BF04DB8694C}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\assassinscreedrevelations.exe |
"{CBC335B8-DFEA-4F73-B01A-6D9C258C9B1D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{CBFA15B1-4526-487C-9E7A-97164ED4E920}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{CED8196E-C321-4109-8AC0-F4091C4F84FA}" = protocol=6 | dir=in | app=c:\windows\syswow64\zonelabs\vsmon.exe |
"{D41DE1CF-E958-4838-8BEC-83738F6E1205}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{D764A164-761E-4B99-9C27-8C3F7EABD167}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{D76BC965-6156-4D41-A760-613E3159B546}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{DB193F07-BEC1-4FE0-8BE8-8D7B9C639E72}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\uplaybrowser.exe |
"{DB1D4A78-596E-40FA-9653-F6BD5C91B85D}" = protocol=17 | dir=in | app=c:\dragon age\bin_ship\daupdatersvc.service.exe |
"{DB2219D0-C483-487C-A56A-776EB735D072}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\uplaybrowser.exe |
"{DFDD853A-4F4E-466E-9F3F-000F2E614EBB}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysis.exe |
"{E1B0B810-C1B6-41B5-8374-3C7A201E0CAE}" = protocol=17 | dir=in | app=c:\program files (x86)\reality pump\two worlds ii\twoworlds2.exe |
"{E1DF79F8-6374-4758-9707-7C138BC0F484}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{E4C465C6-4124-400F-BA8B-9C4C16E4D6C7}" = protocol=17 | dir=in | app=c:\program files (x86)\deep silver\sacred 2 - gold\system\s2gs.exe |
"{E581981C-05E2-4CC1-B670-D26DC6E95C2C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{E608582A-34AB-425F-9640-6E08315FF407}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{E66E66CC-024B-44FB-A069-EE71265C44A8}" = protocol=17 | dir=in | app=c:\program files (x86)\unreal tournament 3 (lg)\binaries\ut3.exe |
"{E910728F-F2D6-4877-8D55-17159716557F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{F2149C7F-2987-4A0B-A56C-1619EDCC3DB4}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbmp.exe |
"{F79FC874-B686-4715-8B7A-09E621028FC5}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysisdedicatedserver.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP610_series" = Canon MP610 series
"{26A24AE4-039D-4CA4-87B4-2F86416014FF}" = Java(TM) 6 Update 14 (64-bit)
"{2E98C5B7-D64C-4D7E-BFC3-A7D078569F28}" = Broadcom NetXtreme-I Netlink Driver and Management Installer
"{35FBBE37-D205-B85B-A072-F306AF0DA6AB}" = ccc-utility64
"{5831C6D6-309D-DBB5-14F7-FEE57086CEE7}" = AMD Catalyst Install Manager
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{9B9DBB81-1F48-48B0-8CB3-051311DC73F7}" = Adobe Photoshop Lightroom 2.7 64-bit
"{AE1E0DFB-A3D9-451C-AA7F-46FD390400D4}" = Command Center
"{C91B24F6-1629-11E2-B696-21676188709B}" = PDF Split And Merge Basic
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CanonMyPrinter" = Canon My Printer
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SMBus" = Intel(R) SMBus
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{01F7C7DB-3112-5099-C9E7-DD287AE5CD34}" = CCC Help Greek
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0A957041-A0D3-8227-0B1C-34A0B9B4BCE9}" = Catalyst Control Center Graphics Full New
"{0EC66655-20A4-DC5F-3145-B60C54F1BEDC}" = Catalyst Control Center Localization All
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}" = Risen
"{1633A40C-B60C-54A8-79EC-1D83F24F3102}" = CCC Help Russian
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1D824414-EEA0-8288-A694-ADB2C96C2420}" = Catalyst Control Center Graphics Light
"{1E897CA6-5DA8-449D-5F0F-64473BCF7A92}" = CCC Help Dutch
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool Help
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{26A24AE4-039D-4CA4-87B4-2F83216038FF}" = Java(TM) 6 Update 38
"{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{30204391-70DE-706C-1907-50E0CEEEE763}" = CCC Help Spanish
"{33A22B2D-55BA-4508-B767-BF2E9C21A73F}" = Assassin's Creed Revelations 1.03
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{34E1B3D3-D636-3D6A-8089-CD055365A84D}" = CCC Help Danish
"{368ba326-73ad-4351-84ed-3c0a7a52cc53}" = Nero Rescue Agent
"{481BD864-726E-2B54-1F55-26623C47B9F4}" = CCC Help Finnish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B271648-43CB-DD31-FF24-E7B06D3EE72A}" = Catalyst Control Center InstallProxy
"{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}" = OpenOffice.org 3.4
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5FF85B8C-4BE5-99FA-895A-7876E3279C0B}" = Catalyst Control Center InstallProxy
"{61CF87C1-172B-3594-0504-69AEB723C61B}" = Catalyst Control Center Graphics Full Existing
"{62ac81f6-bdd3-4110-9d36-3e9eaab40999}" = Nero CoverDesigner
"{62AE603D-5599-C19C-1FD6-457B803E86A3}" = Skins
"{62EA3947-00F0-CD3C-B4F1-409D03353E8C}" = CCC Help Norwegian
"{66896432-C843-3937-AFC5-9A753F2ACE55}" = Catalyst Control Center Core Implementation
"{6B388EFD-35DF-AB18-37B6-498784F38C92}" = CCC Help Hungarian
"{6DB66382-0C4E-FEA5-F6B9-037714E7D695}" = CCC Help Chinese Traditional
"{72198521-36AE-472E-EDC1-36E9E66EF706}" = CCC Help Portuguese
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72B59E5A-CF45-4528-8227-7EDF5EC772BE}" = Intel Extreme Tuning Utility
"{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD(R)
"{74cc0977-aec9-4d27-8883-888baff04160}" = Nero 9 Essentials
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights
"{818395BC-8C56-9DBB-06DB-7A5C4FAA1EAA}" = CCC Help Polish
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8402C81C-7202-B07E-E556-5DCF9C91A37A}" = CCC Help Italian
"{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{88E62BD7-A532-48F6-8428-D949BB93A2D7}" = Play Wireless USB Adapter
"{8C87ECBD-9B68-ABA9-9EB0-2545C2746C3B}" = CCC Help Turkish
"{91A9CEFA-1506-B9BA-1663-1205B55BC51C}" = CCC Help French
"{91EE7DC4-F14A-4A98-B6A9-D2851D9EA213}" = CCC Help English
"{9685F3F9-5581-07A7-90B7-CFF046694FCA}" = CCC Help Swedish
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A69D7B32-2BE9-42BF-B576-69B5E0FF7394}" = Catalyst Control Center - Branding
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A933D9C3-56EF-68F4-BECA-05BE7337918F}" = CCC Help German
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.5 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{BCBDC685-EF9F-FE17-A5B7-FAD72A41997B}" = CCC Help Japanese
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{BE4BA698-8533-4F77-9559-C7F3F78C0B05}" = Assassin's Creed Brotherhood
"{C20FF6AA-1CE7-ABC5-6B74-2D644731E3D2}" = CCC Help Thai
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed Help
"{ce96f5a5-584d-4f8f-aa3e-9baed413db72}" = Nero CoverDesigner Help
"{D4E45F96-61E5-0C00-8972-228B9BFFB091}" = Catalyst Control Center Graphics Previews Vista
"{D5A9DA4B-E4F9-FB49-017D-769FC540F1F0}" = EA Download Manager UI
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{E26B007E-4F63-6F24-D440-2A509A89C00E}" = Catalyst Control Center Graphics Previews Common
"{E4EE40C4-29E4-D860-78C0-72B9B29C4184}" = CCC Help Czech
"{E56B8E1D-8E90-46DC-AE55-EBA87ED69A5F}" = WHS ProStation
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed Help
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EC79D1A6-1D7D-B7A3-B113-1591E6CA78DF}" = CCC Help Korean
"{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B}" = The Witcher 2
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F12614C4-BF95-57EC-BFB3-04F934A8ED8A}" = ccc-core-static
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{f6bdd7c5-89ed-4569-9318-469aa9732572}" = Nero BurnRights Help
"{FA5D0718-40E2-7FEE-BB9B-028162A7B2FC}" = CCC Help Chinese Standard
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Avira AntiVir Desktop" = Avira Internet Security 2012
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"Canon MP610 series Benutzerregistrierung" = Canon MP610 series Benutzerregistrierung
"CANONIJPLM100" = PIXMA Extended Survey Program
"CanonSolutionMenu" = Canon Utilities Solution Menu
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"Crysis WARHEAD(R)" = Crysis WARHEAD(R)
"Diablo III" = Diablo III
"DPP" = Canon Utilities Digital Photo Professional 3.9
"Drakensang_is1" = Drakensang
"Drakensang_TRoT_is1" = Drakensang - Am Fluss der Zeit
"EA Download Manager" = EA Download Manager
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"EOS Utility" = Canon Utilities EOS Utility
"Google Chrome" = Google Chrome
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{72B59E5A-CF45-4528-8227-7EDF5EC772BE}" = Intel Extreme Tuning Utility
"InstallShield_{88E62BD7-A532-48F6-8428-D949BB93A2D7}" = Play Wireless USB Adapter
"InstallShield_{AE1E0DFB-A3D9-451C-AA7F-46FD390400D4}" = Command Center
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"MyCamera Download Plugin" = CANON iMAGE GATEWAY MyCamera Download Plugin
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"PunkBusterSvc" = PunkBuster Services
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Two Worlds II" = Two Worlds II
"WFTK" = Canon Utilities WFT Utility
"World of Warcraft" = World of Warcraft
"YTdetect" = Yahoo! Detect
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3298486900-1751861136-877735410-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 5.1.0.880
"InstallShield_{E56B8E1D-8E90-46DC-AE55-EBA87ED69A5F}" = WHS ProStation
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 07.02.2013 08:14:43 | Computer Name = Hugomatic-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16457 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 77c Startzeit: 01ce052c944ed2d1 Endzeit: 8 Anwendungspfad: C:\Program
Files (x86)\Internet Explorer\iexplore.exe Berichts-ID:
Error - 07.02.2013 10:18:44 | Computer Name = Hugomatic-PC | Source = XTUservice | ID = 0
Description = ------------------------------------------------------------------------------
2013-02-07,
15:18:44.0301108 : Error : Unhandled exception detected while executing virtual
device command response.: CDV(READ_ITEM_DEFAULT, 370, MEMORY_FREQUENCY_MONITOR)
: Inputs=[ (HOST_CLOCK_FREQUENCY,133) (MEMORY_MULTIPLIER,) ] := Error calculating
derived value! Calling StackTrace: bei Intel.PerfTune.VirtualDevices.VirtualClockDevice._CalculateDerivedValue(IVirtualDeviceCommandProcessing
vdcmdproc, ItemId derivedItem, IDictionary`2 inputList) bei Intel.PerfTune.VirtualDevices.VirtualClockDevice._DerivedMonitorFinalizeResult(CommandTrackingKey
CompletedItemIdAndEventId, IComparable& FinalizedReturnValue) bei Intel.PerfTune.VirtualDevices.DefaultDerivedMonitorDeviceImplementation._FinalizeDerivedRead(IVirtualDeviceCommandMessage
vdcmdmsg, ErrorTypes status, CommandTrackingKey completedItemIdAndEventId, List`1
errors) bei Intel.PerfTune.VirtualDevices.DefaultDerivedMonitorDeviceImplementation._LoadValueToTrackingDictionary(IVirtualDeviceCommandMessage
sender, EventId currentEvent, ItemId currentItemId, ErrorTypes status, Object valueReturned,
List`1 ErrorInfo) bei Intel.PerfTune.VirtualDevices.DefaultVirtualDeviceImpl._ProcessReadItemDefault(IVirtualDeviceCommandProcessing
cmdMsg) bei Intel.PerfTune.VirtualDevices.DefaultVirtualDeviceImpl._ProcessCommandRequest(IVirtualDeviceCommandProcessing
cmdMsg) bei Intel.PerfTune.VirtualDevices.VirtualDeviceCommandProcessor._VdMessageProcessor()
bei System.Threading.ThreadHelper.ThreadStart_Context(Object state) bei System.Threading.ExecutionContext.Run(ExecutionContext
executionContext, ContextCallback callback, Object state) bei System.Threading.ThreadHelper.ThreadStart()
Error - 08.02.2013 02:57:50 | Computer Name = Hugomatic-PC | Source = XTUservice | ID = 0
Description = ------------------------------------------------------------------------------
2013-02-08,
07:57:50.1221000 : Error : Unhandled exception detected while executing virtual
device command response.: CDV(READ_ITEM_DEFAULT, 370, MEMORY_FREQUENCY_MONITOR)
: Inputs=[ (HOST_CLOCK_FREQUENCY,133) (MEMORY_MULTIPLIER,) ] := Error calculating
derived value! Calling StackTrace: bei Intel.PerfTune.VirtualDevices.VirtualClockDevice._CalculateDerivedValue(IVirtualDeviceCommandProcessing
vdcmdproc, ItemId derivedItem, IDictionary`2 inputList) bei Intel.PerfTune.VirtualDevices.VirtualClockDevice._DerivedMonitorFinalizeResult(CommandTrackingKey
CompletedItemIdAndEventId, IComparable& FinalizedReturnValue) bei Intel.PerfTune.VirtualDevices.DefaultDerivedMonitorDeviceImplementation._FinalizeDerivedRead(IVirtualDeviceCommandMessage
vdcmdmsg, ErrorTypes status, CommandTrackingKey completedItemIdAndEventId, List`1
errors) bei Intel.PerfTune.VirtualDevices.DefaultDerivedMonitorDeviceImplementation._LoadValueToTrackingDictionary(IVirtualDeviceCommandMessage
sender, EventId currentEvent, ItemId currentItemId, ErrorTypes status, Object valueReturned,
List`1 ErrorInfo) bei Intel.PerfTune.VirtualDevices.DefaultVirtualDeviceImpl._ProcessReadItemDefault(IVirtualDeviceCommandProcessing
cmdMsg) bei Intel.PerfTune.VirtualDevices.DefaultVirtualDeviceImpl._ProcessCommandRequest(IVirtualDeviceCommandProcessing
cmdMsg) bei Intel.PerfTune.VirtualDevices.VirtualDeviceCommandProcessor._VdMessageProcessor()
bei System.Threading.ThreadHelper.ThreadStart_Context(Object state) bei System.Threading.ExecutionContext.Run(ExecutionContext
executionContext, ContextCallback callback, Object state) bei System.Threading.ThreadHelper.ThreadStart()
Error - 11.02.2013 03:24:37 | Computer Name = Hugomatic-PC | Source = XTUservice | ID = 0
Description = ------------------------------------------------------------------------------
2013-02-11,
08:24:37.8419108 : Error : Unhandled exception detected while executing virtual
device command response.: CDV(READ_ITEM_DEFAULT, 370, MEMORY_FREQUENCY_MONITOR)
: Inputs=[ (HOST_CLOCK_FREQUENCY,133) (MEMORY_MULTIPLIER,) ] := Error calculating
derived value! Calling StackTrace: bei Intel.PerfTune.VirtualDevices.VirtualClockDevice._CalculateDerivedValue(IVirtualDeviceCommandProcessing
vdcmdproc, ItemId derivedItem, IDictionary`2 inputList) bei Intel.PerfTune.VirtualDevices.VirtualClockDevice._DerivedMonitorFinalizeResult(CommandTrackingKey
CompletedItemIdAndEventId, IComparable& FinalizedReturnValue) bei Intel.PerfTune.VirtualDevices.DefaultDerivedMonitorDeviceImplementation._FinalizeDerivedRead(IVirtualDeviceCommandMessage
vdcmdmsg, ErrorTypes status, CommandTrackingKey completedItemIdAndEventId, List`1
errors) bei Intel.PerfTune.VirtualDevices.DefaultDerivedMonitorDeviceImplementation._LoadValueToTrackingDictionary(IVirtualDeviceCommandMessage
sender, EventId currentEvent, ItemId currentItemId, ErrorTypes status, Object valueReturned,
List`1 ErrorInfo) bei Intel.PerfTune.VirtualDevices.DefaultVirtualDeviceImpl._ProcessReadItemDefault(IVirtualDeviceCommandProcessing
cmdMsg) bei Intel.PerfTune.VirtualDevices.DefaultVirtualDeviceImpl._ProcessCommandRequest(IVirtualDeviceCommandProcessing
cmdMsg) bei Intel.PerfTune.VirtualDevices.VirtualDeviceCommandProcessor._VdMessageProcessor()
bei System.Threading.ThreadHelper.ThreadStart_Context(Object state) bei System.Threading.ExecutionContext.Run(ExecutionContext
executionContext, ContextCallback callback, Object state) bei System.Threading.ThreadHelper.ThreadStart()
Error - 11.02.2013 10:13:50 | Computer Name = Hugomatic-PC | Source = XTUservice | ID = 0
Description = ------------------------------------------------------------------------------
2013-02-11,
15:13:50.1033078 : Error : Unhandled exception detected while executing virtual
device command response.: CDV(READ_ITEM_DEFAULT, 370, MEMORY_FREQUENCY_MONITOR)
: Inputs=[ (HOST_CLOCK_FREQUENCY,133) (MEMORY_MULTIPLIER,) ] := Error calculating
derived value! Calling StackTrace: bei Intel.PerfTune.VirtualDevices.VirtualClockDevice._CalculateDerivedValue(IVirtualDeviceCommandProcessing
vdcmdproc, ItemId derivedItem, IDictionary`2 inputList) bei Intel.PerfTune.VirtualDevices.VirtualClockDevice._DerivedMonitorFinalizeResult(CommandTrackingKey
CompletedItemIdAndEventId, IComparable& FinalizedReturnValue) bei Intel.PerfTune.VirtualDevices.DefaultDerivedMonitorDeviceImplementation._FinalizeDerivedRead(IVirtualDeviceCommandMessage
vdcmdmsg, ErrorTypes status, CommandTrackingKey completedItemIdAndEventId, List`1
errors) bei Intel.PerfTune.VirtualDevices.DefaultDerivedMonitorDeviceImplementation._LoadValueToTrackingDictionary(IVirtualDeviceCommandMessage
sender, EventId currentEvent, ItemId currentItemId, ErrorTypes status, Object valueReturned,
List`1 ErrorInfo) bei Intel.PerfTune.VirtualDevices.DefaultVirtualDeviceImpl._ProcessReadItemDefault(IVirtualDeviceCommandProcessing
cmdMsg) bei Intel.PerfTune.VirtualDevices.DefaultVirtualDeviceImpl._ProcessCommandRequest(IVirtualDeviceCommandProcessing
cmdMsg) bei Intel.PerfTune.VirtualDevices.VirtualDeviceCommandProcessor._VdMessageProcessor()
bei System.Threading.ThreadHelper.ThreadStart_Context(Object state) bei System.Threading.ExecutionContext.Run(ExecutionContext
executionContext, ContextCallback callback, Object state) bei System.Threading.ThreadHelper.ThreadStart()
Error - 12.02.2013 03:14:04 | Computer Name = Hugomatic-PC | Source = XTUservice | ID = 0
Description = ------------------------------------------------------------------------------
2013-02-12,
08:14:04.0538929 : Error : Unhandled exception detected while executing virtual
device command response.: CDV(READ_ITEM_DEFAULT, 370, MEMORY_FREQUENCY_MONITOR)
: Inputs=[ (HOST_CLOCK_FREQUENCY,133) (MEMORY_MULTIPLIER,) ] := Error calculating
derived value! Calling StackTrace: bei Intel.PerfTune.VirtualDevices.VirtualClockDevice._CalculateDerivedValue(IVirtualDeviceCommandProcessing
vdcmdproc, ItemId derivedItem, IDictionary`2 inputList) bei Intel.PerfTune.VirtualDevices.VirtualClockDevice._DerivedMonitorFinalizeResult(CommandTrackingKey
CompletedItemIdAndEventId, IComparable& FinalizedReturnValue) bei Intel.PerfTune.VirtualDevices.DefaultDerivedMonitorDeviceImplementation._FinalizeDerivedRead(IVirtualDeviceCommandMessage
vdcmdmsg, ErrorTypes status, CommandTrackingKey completedItemIdAndEventId, List`1
errors) bei Intel.PerfTune.VirtualDevices.DefaultDerivedMonitorDeviceImplementation._LoadValueToTrackingDictionary(IVirtualDeviceCommandMessage
sender, EventId currentEvent, ItemId currentItemId, ErrorTypes status, Object valueReturned,
List`1 ErrorInfo) bei Intel.PerfTune.VirtualDevices.DefaultVirtualDeviceImpl._ProcessReadItemDefault(IVirtualDeviceCommandProcessing
cmdMsg) bei Intel.PerfTune.VirtualDevices.DefaultVirtualDeviceImpl._ProcessCommandRequest(IVirtualDeviceCommandProcessing
cmdMsg) bei Intel.PerfTune.VirtualDevices.VirtualDeviceCommandProcessor._VdMessageProcessor()
bei System.Threading.ThreadHelper.ThreadStart_Context(Object state) bei System.Threading.ExecutionContext.Run(ExecutionContext
executionContext, ContextCallback callback, Object state) bei System.Threading.ThreadHelper.ThreadStart()
Error - 12.02.2013 07:01:46 | Computer Name = Hugomatic-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Wow-64.exe, Version: 5.1.0.16357,
Zeitstempel: 0x50bd644f Name des fehlerhaften Moduls: Wow-64.exe, Version: 5.1.0.16357,
Zeitstempel: 0x50bd644f Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000004d6e93
ID
des fehlerhaften Prozesses: 0x3ec Startzeit der fehlerhaften Anwendung: 0x01ce08f65f038f32
Pfad
der fehlerhaften Anwendung: C:\Users\Public\Games\World of Warcraft\Wow-64.exe Pfad
des fehlerhaften Moduls: C:\Users\Public\Games\World of Warcraft\Wow-64.exe Berichtskennung:
9720347a-7503-11e2-825b-9444526e6ad1
Error - 12.02.2013 11:51:55 | Computer Name = Hugomatic-PC | Source = XTUservice | ID = 0
Description = ------------------------------------------------------------------------------
2013-02-12,
16:51:55.1197035 : Error : Unhandled exception detected while executing virtual
device command response.: CDV(READ_ITEM_DEFAULT, 370, MEMORY_FREQUENCY_MONITOR)
: Inputs=[ (HOST_CLOCK_FREQUENCY,133) (MEMORY_MULTIPLIER,) ] := Error calculating
derived value! Calling StackTrace: bei Intel.PerfTune.VirtualDevices.VirtualClockDevice._CalculateDerivedValue(IVirtualDeviceCommandProcessing
vdcmdproc, ItemId derivedItem, IDictionary`2 inputList) bei Intel.PerfTune.VirtualDevices.VirtualClockDevice._DerivedMonitorFinalizeResult(CommandTrackingKey
CompletedItemIdAndEventId, IComparable& FinalizedReturnValue) bei Intel.PerfTune.VirtualDevices.DefaultDerivedMonitorDeviceImplementation._FinalizeDerivedRead(IVirtualDeviceCommandMessage
vdcmdmsg, ErrorTypes status, CommandTrackingKey completedItemIdAndEventId, List`1
errors) bei Intel.PerfTune.VirtualDevices.DefaultDerivedMonitorDeviceImplementation._LoadValueToTrackingDictionary(IVirtualDeviceCommandMessage
sender, EventId currentEvent, ItemId currentItemId, ErrorTypes status, Object valueReturned,
List`1 ErrorInfo) bei Intel.PerfTune.VirtualDevices.DefaultVirtualDeviceImpl._ProcessReadItemDefault(IVirtualDeviceCommandProcessing
cmdMsg) bei Intel.PerfTune.VirtualDevices.DefaultVirtualDeviceImpl._ProcessCommandRequest(IVirtualDeviceCommandProcessing
cmdMsg) bei Intel.PerfTune.VirtualDevices.VirtualDeviceCommandProcessor._VdMessageProcessor()
bei System.Threading.ThreadHelper.ThreadStart_Context(Object state) bei System.Threading.ExecutionContext.Run(ExecutionContext
executionContext, ContextCallback callback, Object state) bei System.Threading.ThreadHelper.ThreadStart()
Error - 13.02.2013 03:04:05 | Computer Name = Hugomatic-PC | Source = XTUservice | ID = 0
Description = ------------------------------------------------------------------------------
2013-02-13,
08:04:05.0924871 : Error : Unhandled exception detected while executing virtual
device command response.: CDV(READ_ITEM_DEFAULT, 370, MEMORY_FREQUENCY_MONITOR)
: Inputs=[ (HOST_CLOCK_FREQUENCY,133) (MEMORY_MULTIPLIER,) ] := Error calculating
derived value! Calling StackTrace: bei Intel.PerfTune.VirtualDevices.VirtualClockDevice._CalculateDerivedValue(IVirtualDeviceCommandProcessing
vdcmdproc, ItemId derivedItem, IDictionary`2 inputList) bei Intel.PerfTune.VirtualDevices.VirtualClockDevice._DerivedMonitorFinalizeResult(CommandTrackingKey
CompletedItemIdAndEventId, IComparable& FinalizedReturnValue) bei Intel.PerfTune.VirtualDevices.DefaultDerivedMonitorDeviceImplementation._FinalizeDerivedRead(IVirtualDeviceCommandMessage
vdcmdmsg, ErrorTypes status, CommandTrackingKey completedItemIdAndEventId, List`1
errors) bei Intel.PerfTune.VirtualDevices.DefaultDerivedMonitorDeviceImplementation._LoadValueToTrackingDictionary(IVirtualDeviceCommandMessage
sender, EventId currentEvent, ItemId currentItemId, ErrorTypes status, Object valueReturned,
List`1 ErrorInfo) bei Intel.PerfTune.VirtualDevices.DefaultVirtualDeviceImpl._ProcessReadItemDefault(IVirtualDeviceCommandProcessing
cmdMsg) bei Intel.PerfTune.VirtualDevices.DefaultVirtualDeviceImpl._ProcessCommandRequest(IVirtualDeviceCommandProcessing
cmdMsg) bei Intel.PerfTune.VirtualDevices.VirtualDeviceCommandProcessor._VdMessageProcessor()
bei System.Threading.ThreadHelper.ThreadStart_Context(Object state) bei System.Threading.ExecutionContext.Run(ExecutionContext
executionContext, ContextCallback callback, Object state) bei System.Threading.ThreadHelper.ThreadStart()
Error - 13.02.2013 03:39:29 | Computer Name = Hugomatic-PC | Source = XTUservice | ID = 0
Description = ------------------------------------------------------------------------------
2013-02-13,
08:39:29.0157028 : Error : Unhandled exception detected while executing virtual
device command response.: CDV(READ_ITEM_DEFAULT, 370, MEMORY_FREQUENCY_MONITOR)
: Inputs=[ (HOST_CLOCK_FREQUENCY,133) (MEMORY_MULTIPLIER,) ] := Error calculating
derived value! Calling StackTrace: bei Intel.PerfTune.VirtualDevices.VirtualClockDevice._CalculateDerivedValue(IVirtualDeviceCommandProcessing
vdcmdproc, ItemId derivedItem, IDictionary`2 inputList) bei Intel.PerfTune.VirtualDevices.VirtualClockDevice._DerivedMonitorFinalizeResult(CommandTrackingKey
CompletedItemIdAndEventId, IComparable& FinalizedReturnValue) bei Intel.PerfTune.VirtualDevices.DefaultDerivedMonitorDeviceImplementation._FinalizeDerivedRead(IVirtualDeviceCommandMessage
vdcmdmsg, ErrorTypes status, CommandTrackingKey completedItemIdAndEventId, List`1
errors) bei Intel.PerfTune.VirtualDevices.DefaultDerivedMonitorDeviceImplementation._LoadValueToTrackingDictionary(IVirtualDeviceCommandMessage
sender, EventId currentEvent, ItemId currentItemId, ErrorTypes status, Object valueReturned,
List`1 ErrorInfo) bei Intel.PerfTune.VirtualDevices.DefaultVirtualDeviceImpl._ProcessReadItemDefault(IVirtualDeviceCommandProcessing
cmdMsg) bei Intel.PerfTune.VirtualDevices.DefaultVirtualDeviceImpl._ProcessCommandRequest(IVirtualDeviceCommandProcessing
cmdMsg) bei Intel.PerfTune.VirtualDevices.VirtualDeviceCommandProcessor._VdMessageProcessor()
bei System.Threading.ThreadHelper.ThreadStart_Context(Object state) bei System.Threading.ExecutionContext.Run(ExecutionContext
executionContext, ContextCallback callback, Object state) bei System.Threading.ThreadHelper.ThreadStart()
[ System Events ]
Error - 12.02.2013 12:09:55 | Computer Name = Hugomatic-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 12.02.2013 12:09:55 | Computer Name = Hugomatic-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 12.02.2013 12:09:56 | Computer Name = Hugomatic-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 12.02.2013 12:09:56 | Computer Name = Hugomatic-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 13.02.2013 03:03:29 | Computer Name = Hugomatic-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "ZoneAlarm Toolbar ISWKL" wurde aufgrund folgenden Fehlers
nicht gestartet: %%3
Error - 13.02.2013 03:03:29 | Computer Name = Hugomatic-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "ZoneAlarm Toolbar IswSvc" ist vom Dienst "ZoneAlarm Toolbar
ISWKL" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%3
Error - 13.02.2013 03:38:43 | Computer Name = Hugomatic-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "ZoneAlarm Toolbar ISWKL" wurde aufgrund folgenden Fehlers
nicht gestartet: %%3
Error - 13.02.2013 03:38:43 | Computer Name = Hugomatic-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "ZoneAlarm Toolbar IswSvc" ist vom Dienst "ZoneAlarm Toolbar
ISWKL" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%3
Error - 13.02.2013 03:39:15 | Computer Name = Hugomatic-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Alienware Fusion Service erreicht.
Error - 13.02.2013 03:39:15 | Computer Name = Hugomatic-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Alienware Fusion Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
< End of report >
Code:
ATTFilter GMER 2.0.18454 - hxxp://www.gmer.net
Rootkit scan 2013-02-13 11:58:29
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD50 rev.05.0 465,76GB
Running: gmer_2.0.18454.exe; Driver: C:\Users\HUGOMA~1\AppData\Local\Temp\fwriruog.sys
---- User code sections - GMER 2.0 ----
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe[1852] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075e01401 2 bytes [E0, 75]
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe[1852] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075e01419 2 bytes [E0, 75]
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe[1852] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075e01431 2 bytes [E0, 75]
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe[1852] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075e0144a 2 bytes [E0, 75]
.text ... * 9
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe[1852] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075e014dd 2 bytes [E0, 75]
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe[1852] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075e014f5 2 bytes [E0, 75]
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe[1852] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075e0150d 2 bytes [E0, 75]
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe[1852] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075e01525 2 bytes [E0, 75]
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe[1852] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075e0153d 2 bytes [E0, 75]
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe[1852] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075e01555 2 bytes [E0, 75]
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe[1852] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075e0156d 2 bytes [E0, 75]
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe[1852] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075e01585 2 bytes [E0, 75]
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe[1852] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075e0159d 2 bytes [E0, 75]
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe[1852] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075e015b5 2 bytes [E0, 75]
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe[1852] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075e015cd 2 bytes [E0, 75]
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe[1852] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075e016b2 2 bytes [E0, 75]
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe[1852] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075e016bd 2 bytes [E0, 75]
.text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1744] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075e01401 2 bytes [E0, 75]
.text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1744] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075e01419 2 bytes [E0, 75]
.text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1744] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075e01431 2 bytes [E0, 75]
.text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1744] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075e0144a 2 bytes [E0, 75]
.text ... * 9
.text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1744] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075e014dd 2 bytes [E0, 75]
.text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1744] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075e014f5 2 bytes [E0, 75]
.text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1744] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075e0150d 2 bytes [E0, 75]
.text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1744] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075e01525 2 bytes [E0, 75]
.text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1744] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075e0153d 2 bytes [E0, 75]
.text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1744] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075e01555 2 bytes [E0, 75]
.text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1744] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075e0156d 2 bytes [E0, 75]
.text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1744] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075e01585 2 bytes [E0, 75]
.text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1744] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075e0159d 2 bytes [E0, 75]
.text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1744] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075e015b5 2 bytes [E0, 75]
.text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1744] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075e015cd 2 bytes [E0, 75]
.text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1744] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075e016b2 2 bytes [E0, 75]
.text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1744] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075e016bd 2 bytes [E0, 75]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1916] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82 00000000725617fa 2 bytes [56, 72]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1916] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88 0000000072561860 2 bytes [56, 72]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1916] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98 0000000072561942 2 bytes [56, 72]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1916] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109 000000007256194d 2 bytes [56, 72]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe[1964] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075e01401 2 bytes [E0, 75]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe[1964] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075e01419 2 bytes [E0, 75]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe[1964] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075e01431 2 bytes [E0, 75]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe[1964] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075e0144a 2 bytes [E0, 75]
.text ... * 9
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe[1964] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075e014dd 2 bytes [E0, 75]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe[1964] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075e014f5 2 bytes [E0, 75]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe[1964] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075e0150d 2 bytes [E0, 75]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe[1964] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075e01525 2 bytes [E0, 75]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe[1964] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075e0153d 2 bytes [E0, 75]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe[1964] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075e01555 2 bytes [E0, 75]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe[1964] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075e0156d 2 bytes [E0, 75]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe[1964] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075e01585 2 bytes [E0, 75]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe[1964] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075e0159d 2 bytes [E0, 75]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe[1964] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075e015b5 2 bytes [E0, 75]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe[1964] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075e015cd 2 bytes [E0, 75]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe[1964] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075e016b2 2 bytes [E0, 75]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe[1964] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075e016bd 2 bytes [E0, 75]
---- EOF - GMER 2.0 ----
Code:
ATTFilter # AdwCleaner v2.112 - Datei am 13/02/2013 um 08:35:25 erstellt
# Aktualisiert am 10/02/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : Hugomatic - HUGOMATIC-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Hugomatic\Downloads\adwcleaner0.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gefunden : C:\Program Files (x86)\Ask.com
Ordner Gefunden : C:\Program Files (x86)\Conduit
Ordner Gefunden : C:\ProgramData\Ask
Ordner Gefunden : C:\Users\Hugomatic\AppData\Local\APN
Ordner Gefunden : C:\Users\Hugomatic\AppData\Local\Conduit
Ordner Gefunden : C:\Users\Hugomatic\AppData\LocalLow\AskToolbar
Ordner Gefunden : C:\Users\Hugomatic\AppData\LocalLow\Conduit
Ordner Gefunden : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKCU\Software\APN
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gefunden : HKCU\Software\Ask.com
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gefunden : HKLM\Software\APN
Schlüssel Gefunden : HKLM\Software\AskToolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Schlüssel Gefunden : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2611275
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2613550
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2645238
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Schlüssel Gefunden : HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16457
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Google Chrome v24.0.1312.57
Datei : C:\Users\Hugomatic\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [5805 octets] - [13/02/2013 08:35:25]
########## EOF - C:\AdwCleaner[R1].txt - [5865 octets] ##########
Vielleicht kann mir jemand noch Tipps geben, ob ich noch etwas überprüfen sollte. Bis dahin Viele Grüße |
|
14.02.2013, 11:42
| #2 | ||
| /// Winkelfunktion /// TB-Süch-Tiger™   | Java/Treams.JO in Quarantäne, PC wieder sicher? Hallo und
__________________ Zitat:
Ist das rein zufällig ein Büro-/Firmen-PC? Oder ein Uni-Rechner? Zitat:
__________________ |
|
14.02.2013, 14:29
| #3 |
| | Java/Treams.JO in Quarantäne, PC wieder sicher? Hallo Cosinus,
__________________vielen Dank schonmal für die Antwort. Ich habe eine Professional Edition weil der Rechner zwar privat ist, er aber auch ggf. in meiner Firma genutzt werden sollte (wurde er letztlich aber nicht...). Glaube bei Dell gab es damals eine kostenlose Upgrade-Aktion von Home auf Professional Edition, hatte mich auf jeden Fall also nicht sonderlich gestört. Weitere Logs folgen unten, aswMBR ist aber heute erstellt, da ich das Log gestern anscheinend nicht gespeichert habe. Zur Info: Ich habe gestern Abend, also nach allen gestrigen Scans aber vor dem heutigen aswMBR Lauf, noch meinen User/AppData/Local/Temp Ordner per Datenträgerbereinigung gekillt, der war einfach unglaublich voll. Ebenso habe ich den Java Temp Ordner über das Java Control Panel bereinigt und zur Sicherheit mehrere alte Java-Versionen deinstalliert und nur die neueste drauf gelassen. TDSS Log: Code:
ATTFilter 08:29:17.0010 5640 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
08:29:19.0022 5640 ============================================================
08:29:19.0022 5640 Current date / time: 2013/02/13 08:29:19.0022
08:29:19.0022 5640 SystemInfo:
08:29:19.0022 5640
08:29:19.0022 5640 OS Version: 6.1.7601 ServicePack: 1.0
08:29:19.0022 5640 Product type: Workstation
08:29:19.0022 5640 ComputerName: HUGOMATIC-PC
08:29:19.0022 5640 UserName: Hugomatic
08:29:19.0022 5640 Windows directory: C:\Windows
08:29:19.0022 5640 System windows directory: C:\Windows
08:29:19.0022 5640 Running under WOW64
08:29:19.0022 5640 Processor architecture: Intel x64
08:29:19.0022 5640 Number of processors: 8
08:29:19.0022 5640 Page size: 0x1000
08:29:19.0022 5640 Boot type: Normal boot
08:29:19.0022 5640 ============================================================
08:29:19.0350 5640 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
08:29:19.0366 5640 ============================================================
08:29:19.0366 5640 \Device\Harddisk0\DR0:
08:29:19.0366 5640 MBR partitions:
08:29:19.0366 5640 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x37000, BlocksNum 0x1139000
08:29:19.0366 5640 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1170000, BlocksNum 0x39215800
08:29:19.0366 5640 ============================================================
08:29:19.0397 5640 C: <-> \Device\Harddisk0\DR0\Partition2
08:29:19.0397 5640 ============================================================
08:29:19.0397 5640 Initialize success
08:29:19.0397 5640 ============================================================
08:29:39.0287 6136 ============================================================
08:29:39.0287 6136 Scan started
08:29:39.0287 6136 Mode: Manual; SigCheck; TDLFS;
08:29:39.0287 6136 ============================================================
08:29:39.0568 6136 ================ Scan system memory ========================
08:29:39.0568 6136 System memory - ok
08:29:39.0568 6136 ================ Scan services =============================
08:29:39.0692 6136 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
08:29:39.0755 6136 1394ohci - ok
08:29:39.0817 6136 [ 6CE02D42183CDF31315F208AE35F153F ] acedrv11 C:\Windows\system32\drivers\acedrv11.sys
08:29:39.0833 6136 acedrv11 - ok
08:29:39.0864 6136 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
08:29:39.0880 6136 ACPI - ok
08:29:39.0911 6136 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
08:29:39.0942 6136 AcpiPmi - ok
08:29:40.0067 6136 [ EC807244904FA170C299AB06D87FBDBE ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
08:29:40.0082 6136 AdobeFlashPlayerUpdateSvc - ok
08:29:40.0114 6136 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
08:29:40.0129 6136 adp94xx - ok
08:29:40.0145 6136 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
08:29:40.0160 6136 adpahci - ok
08:29:40.0176 6136 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
08:29:40.0176 6136 adpu320 - ok
08:29:40.0207 6136 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
08:29:40.0270 6136 AeLookupSvc - ok
08:29:40.0332 6136 [ 3AC22A3DFA8A050E35F0E3CD99D0CDF2 ] AERTFilters C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
08:29:40.0379 6136 AERTFilters - ok
08:29:40.0426 6136 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
08:29:40.0457 6136 AFD - ok
08:29:40.0488 6136 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
08:29:40.0504 6136 agp440 - ok
08:29:40.0519 6136 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
08:29:40.0566 6136 ALG - ok
08:29:40.0628 6136 [ 27CD092372190BBC476EFB644E8764AA ] AlienFusionService C:\Program Files\Alienware\Command Center\AlienFusionService.exe
08:29:40.0644 6136 AlienFusionService - ok
08:29:40.0660 6136 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
08:29:40.0675 6136 aliide - ok
08:29:40.0706 6136 [ 1EAED36210279C0B7B97817D09836E45 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
08:29:40.0738 6136 AMD External Events Utility - ok
08:29:40.0753 6136 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
08:29:40.0753 6136 amdide - ok
08:29:40.0784 6136 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
08:29:40.0816 6136 AmdK8 - ok
08:29:40.0925 6136 [ A7CF8A458F6851A97F27F1F2DCAF7262 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
08:29:41.0018 6136 amdkmdag - ok
08:29:41.0081 6136 [ 0E57258E5CC4CC7A9A9A877AFDF0CEC6 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
08:29:41.0096 6136 amdkmdap ( UnsignedFile.Multi.Generic ) - warning
08:29:41.0096 6136 amdkmdap - detected UnsignedFile.Multi.Generic (1)
08:29:41.0096 6136 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
08:29:41.0143 6136 AmdPPM - ok
08:29:41.0174 6136 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
08:29:41.0174 6136 amdsata - ok
08:29:41.0190 6136 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
08:29:41.0206 6136 amdsbs - ok
08:29:41.0206 6136 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
08:29:41.0221 6136 amdxata - ok
08:29:41.0299 6136 [ 6ACC11E9D2F01C88251123D26C1C5489 ] AntiVirFirewallService C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe
08:29:41.0315 6136 AntiVirFirewallService - ok
08:29:41.0377 6136 [ B7FA28AEFA586FB5A04876C7B31D03E6 ] AntiVirMailService C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
08:29:41.0393 6136 AntiVirMailService - ok
08:29:41.0440 6136 [ 2E35310D600F4CC64624786A813A041E ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
08:29:41.0440 6136 AntiVirSchedulerService - ok
08:29:41.0471 6136 [ 984102B9E2F6513008ED4E0C5AC4151D ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
08:29:41.0471 6136 AntiVirService - ok
08:29:41.0486 6136 [ 9BC7247FD7379307BCFF92CF8EB64B87 ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
08:29:41.0502 6136 AntiVirWebService - ok
08:29:41.0549 6136 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
08:29:41.0627 6136 AppID - ok
08:29:41.0674 6136 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
08:29:41.0705 6136 AppIDSvc - ok
08:29:41.0752 6136 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
08:29:41.0798 6136 Appinfo - ok
08:29:41.0845 6136 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
08:29:41.0861 6136 AppMgmt - ok
08:29:41.0892 6136 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
08:29:41.0892 6136 arc - ok
08:29:41.0908 6136 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
08:29:41.0908 6136 arcsas - ok
08:29:41.0970 6136 aspnet_state - ok
08:29:41.0986 6136 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
08:29:42.0032 6136 AsyncMac - ok
08:29:42.0064 6136 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
08:29:42.0079 6136 atapi - ok
08:29:42.0110 6136 [ 506934DF94E3197F4A1BBE8FBEAB0CCD ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
08:29:42.0126 6136 AtiHdmiService - ok
08:29:42.0204 6136 [ A7CF8A458F6851A97F27F1F2DCAF7262 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
08:29:42.0251 6136 atikmdag - ok
08:29:42.0282 6136 [ FC0E8778C000291CAF60EB88C011E931 ] atksgt C:\Windows\system32\DRIVERS\atksgt.sys
08:29:42.0298 6136 atksgt - ok
08:29:42.0344 6136 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
08:29:42.0391 6136 AudioEndpointBuilder - ok
08:29:42.0422 6136 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
08:29:42.0438 6136 AudioSrv - ok
08:29:42.0485 6136 [ C5B223B2C174147D00F64E0D783459C7 ] avfwim C:\Windows\system32\DRIVERS\avfwim.sys
08:29:42.0500 6136 avfwim - ok
08:29:42.0532 6136 [ C7B2A376DCF4E1528B26358A9B341F4C ] avfwot C:\Windows\system32\DRIVERS\avfwot.sys
08:29:42.0547 6136 avfwot - ok
08:29:42.0578 6136 [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
08:29:42.0594 6136 avgntflt - ok
08:29:42.0610 6136 [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
08:29:42.0625 6136 avipbb - ok
08:29:42.0625 6136 [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
08:29:42.0641 6136 avkmgr - ok
08:29:42.0672 6136 [ 5B64B0D162AABDE795B3F7A7234F2FE1 ] AWOPFilterDriver C:\Windows\system32\drivers\AWOPFilterDriver.sys
08:29:42.0672 6136 AWOPFilterDriver - ok
08:29:42.0719 6136 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
08:29:42.0750 6136 AxInstSV - ok
08:29:42.0781 6136 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
08:29:42.0797 6136 b06bdrv - ok
08:29:42.0812 6136 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
08:29:42.0844 6136 b57nd60a - ok
08:29:42.0875 6136 [ EA289355B7E07461760172B0674B9382 ] BCMH43XX C:\Windows\system32\DRIVERS\bcmwlhigh564.sys
08:29:42.0906 6136 BCMH43XX - ok
08:29:42.0922 6136 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
08:29:42.0953 6136 BDESVC - ok
08:29:42.0953 6136 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
08:29:43.0015 6136 Beep - ok
08:29:43.0062 6136 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
08:29:43.0109 6136 BFE - ok
08:29:43.0156 6136 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
08:29:43.0202 6136 BITS - ok
08:29:43.0218 6136 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
08:29:43.0234 6136 blbdrive - ok
08:29:43.0280 6136 [ E869C8C360F3705DA7875327DA616F11 ] Blfp C:\Windows\system32\DRIVERS\basp.sys
08:29:43.0280 6136 Blfp - ok
08:29:43.0312 6136 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
08:29:43.0327 6136 bowser - ok
08:29:43.0343 6136 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
08:29:43.0421 6136 BrFiltLo - ok
08:29:43.0436 6136 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
08:29:43.0436 6136 BrFiltUp - ok
08:29:43.0468 6136 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
08:29:43.0483 6136 Browser - ok
08:29:43.0499 6136 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
08:29:43.0514 6136 Brserid - ok
08:29:43.0530 6136 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
08:29:43.0546 6136 BrSerWdm - ok
08:29:43.0592 6136 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
08:29:43.0639 6136 BrUsbMdm - ok
08:29:43.0639 6136 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
08:29:43.0655 6136 BrUsbSer - ok
08:29:43.0655 6136 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
08:29:43.0686 6136 BTHMODEM - ok
08:29:43.0702 6136 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
08:29:43.0733 6136 bthserv - ok
08:29:43.0764 6136 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
08:29:43.0811 6136 cdfs - ok
08:29:43.0826 6136 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
08:29:43.0842 6136 cdrom - ok
08:29:43.0889 6136 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
08:29:43.0920 6136 CertPropSvc - ok
08:29:43.0936 6136 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
08:29:43.0967 6136 circlass - ok
08:29:43.0998 6136 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
08:29:43.0998 6136 CLFS - ok
08:29:44.0029 6136 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:29:44.0029 6136 clr_optimization_v2.0.50727_32 - ok
08:29:44.0092 6136 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
08:29:44.0092 6136 clr_optimization_v2.0.50727_64 - ok
08:29:44.0185 6136 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:29:44.0185 6136 clr_optimization_v4.0.30319_32 - ok
08:29:44.0232 6136 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
08:29:44.0248 6136 clr_optimization_v4.0.30319_64 - ok
08:29:44.0279 6136 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
08:29:44.0279 6136 CmBatt - ok
08:29:44.0310 6136 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
08:29:44.0310 6136 cmdide - ok
08:29:44.0341 6136 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
08:29:44.0372 6136 CNG - ok
08:29:44.0388 6136 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
08:29:44.0404 6136 Compbatt - ok
08:29:44.0435 6136 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
08:29:44.0466 6136 CompositeBus - ok
08:29:44.0482 6136 COMSysApp - ok
08:29:44.0497 6136 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
08:29:44.0497 6136 crcdisk - ok
08:29:44.0544 6136 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
08:29:44.0544 6136 CryptSvc - ok
08:29:44.0591 6136 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
08:29:44.0638 6136 CSC - ok
08:29:44.0700 6136 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
08:29:44.0716 6136 CscService - ok
08:29:44.0794 6136 [ 914A7156B0C0F10BE645A02E13F576B2 ] DAUpdaterSvc C:\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
08:29:44.0809 6136 DAUpdaterSvc - ok
08:29:44.0840 6136 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
08:29:44.0872 6136 DcomLaunch - ok
08:29:44.0918 6136 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
08:29:44.0950 6136 defragsvc - ok
08:29:44.0981 6136 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
08:29:45.0028 6136 DfsC - ok
08:29:45.0059 6136 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
08:29:45.0090 6136 Dhcp - ok
08:29:45.0121 6136 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
08:29:45.0137 6136 discache - ok
08:29:45.0199 6136 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
08:29:45.0199 6136 Disk - ok
08:29:45.0230 6136 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
08:29:45.0277 6136 Dnscache - ok
08:29:45.0293 6136 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
08:29:45.0340 6136 dot3svc - ok
08:29:45.0371 6136 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
08:29:45.0402 6136 DPS - ok
08:29:45.0433 6136 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
08:29:45.0433 6136 drmkaud - ok
08:29:45.0480 6136 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
08:29:45.0496 6136 DXGKrnl - ok
08:29:45.0527 6136 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
08:29:45.0558 6136 EapHost - ok
08:29:45.0605 6136 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
08:29:45.0667 6136 ebdrv - ok
08:29:45.0698 6136 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
08:29:45.0730 6136 EFS - ok
08:29:45.0761 6136 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
08:29:45.0808 6136 ehRecvr - ok
08:29:45.0823 6136 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
08:29:45.0854 6136 ehSched - ok
08:29:45.0886 6136 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
08:29:45.0901 6136 elxstor - ok
08:29:45.0917 6136 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
08:29:45.0932 6136 ErrDev - ok
08:29:45.0948 6136 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
08:29:45.0995 6136 EventSystem - ok
08:29:46.0010 6136 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
08:29:46.0026 6136 exfat - ok
08:29:46.0042 6136 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
08:29:46.0088 6136 fastfat - ok
08:29:46.0135 6136 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
08:29:46.0166 6136 Fax - ok
08:29:46.0198 6136 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
08:29:46.0198 6136 fdc - ok
08:29:46.0213 6136 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
08:29:46.0244 6136 fdPHost - ok
08:29:46.0260 6136 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
08:29:46.0291 6136 FDResPub - ok
08:29:46.0307 6136 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
08:29:46.0307 6136 FileInfo - ok
08:29:46.0322 6136 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
08:29:46.0354 6136 Filetrace - ok
08:29:46.0385 6136 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
08:29:46.0385 6136 flpydisk - ok
08:29:46.0416 6136 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
08:29:46.0432 6136 FltMgr - ok
08:29:46.0463 6136 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
08:29:46.0494 6136 FontCache - ok
08:29:46.0541 6136 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
08:29:46.0556 6136 FontCache3.0.0.0 - ok
08:29:46.0556 6136 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
08:29:46.0572 6136 FsDepends - ok
08:29:46.0603 6136 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
08:29:46.0619 6136 Fs_Rec - ok
08:29:46.0650 6136 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
08:29:46.0666 6136 fvevol - ok
08:29:46.0681 6136 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
08:29:46.0681 6136 gagp30kx - ok
08:29:46.0728 6136 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
08:29:46.0759 6136 gpsvc - ok
08:29:46.0868 6136 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
08:29:46.0868 6136 gupdate - ok
08:29:46.0884 6136 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
08:29:46.0884 6136 gupdatem - ok
08:29:46.0946 6136 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
08:29:46.0946 6136 gusvc - ok
08:29:46.0962 6136 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
08:29:46.0978 6136 hcw85cir - ok
08:29:47.0024 6136 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
08:29:47.0040 6136 HDAudBus - ok
08:29:47.0040 6136 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
08:29:47.0056 6136 HidBatt - ok
08:29:47.0071 6136 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
08:29:47.0071 6136 HidBth - ok
08:29:47.0102 6136 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
08:29:47.0102 6136 HidIr - ok
08:29:47.0134 6136 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
08:29:47.0180 6136 hidserv - ok
08:29:47.0212 6136 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
08:29:47.0212 6136 HidUsb - ok
08:29:47.0243 6136 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
08:29:47.0290 6136 hkmsvc - ok
08:29:47.0336 6136 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
08:29:47.0368 6136 HomeGroupListener - ok
08:29:47.0399 6136 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
08:29:47.0399 6136 HomeGroupProvider - ok
08:29:47.0414 6136 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
08:29:47.0430 6136 HpSAMD - ok
08:29:47.0477 6136 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
08:29:47.0508 6136 HTTP - ok
08:29:47.0539 6136 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
08:29:47.0555 6136 hwpolicy - ok
08:29:47.0570 6136 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
08:29:47.0586 6136 i8042prt - ok
08:29:47.0633 6136 [ 7548066DF68A8A1A56B043359F915F37 ] IAANTMON C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
08:29:47.0648 6136 IAANTMON - ok
08:29:47.0680 6136 [ 1D004CB1DA6323B1F55CAEF7F94B61D9 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
08:29:47.0680 6136 iaStor - ok
08:29:47.0711 6136 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
08:29:47.0711 6136 iaStorV - ok
08:29:47.0820 6136 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
08:29:47.0820 6136 IDriverT ( UnsignedFile.Multi.Generic ) - warning
08:29:47.0820 6136 IDriverT - detected UnsignedFile.Multi.Generic (1)
08:29:47.0867 6136 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
08:29:47.0882 6136 idsvc - ok
08:29:47.0914 6136 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
08:29:47.0929 6136 iirsp - ok
08:29:47.0992 6136 [ 51516252DBBFED36F70B341DBA263167 ] IJPLMSVC C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
08:29:48.0007 6136 IJPLMSVC ( UnsignedFile.Multi.Generic ) - warning
08:29:48.0007 6136 IJPLMSVC - detected UnsignedFile.Multi.Generic (1)
08:29:48.0054 6136 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
08:29:48.0101 6136 IKEEXT - ok
08:29:48.0148 6136 [ D42D651676883181400E22957A7E0B1E ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
08:29:48.0179 6136 IntcAzAudAddService - ok
08:29:48.0194 6136 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
08:29:48.0194 6136 intelide - ok
08:29:48.0210 6136 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
08:29:48.0226 6136 intelppm - ok
08:29:48.0304 6136 [ 0E3A39C18C9C7A25D363E2D5889CB5A2 ] IOCBIOS C:\ProgramData\Intel\Extreme Tuning Utility\IOCbios\64bit\IOCBIOS.SYS
08:29:48.0304 6136 IOCBIOS - ok
08:29:48.0335 6136 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
08:29:48.0366 6136 IPBusEnum - ok
08:29:48.0413 6136 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:29:48.0444 6136 IpFilterDriver - ok
08:29:48.0491 6136 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
08:29:48.0506 6136 iphlpsvc - ok
08:29:48.0538 6136 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
08:29:48.0553 6136 IPMIDRV - ok
08:29:48.0569 6136 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
08:29:48.0616 6136 IPNAT - ok
08:29:48.0647 6136 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
08:29:48.0662 6136 IRENUM - ok
08:29:48.0678 6136 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
08:29:48.0678 6136 isapnp - ok
08:29:48.0725 6136 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
08:29:48.0725 6136 iScsiPrt - ok
08:29:48.0772 6136 ISWKL - ok
08:29:48.0787 6136 IswSvc - ok
08:29:48.0803 6136 [ 08DD34F74D65E1C8F238565570952630 ] k57nd60a C:\Windows\system32\DRIVERS\k57nd60a.sys
08:29:48.0803 6136 k57nd60a - ok
08:29:48.0818 6136 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
08:29:48.0834 6136 kbdclass - ok
08:29:48.0865 6136 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
08:29:48.0896 6136 kbdhid - ok
08:29:48.0912 6136 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
08:29:48.0928 6136 KeyIso - ok
08:29:48.0959 6136 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
08:29:48.0959 6136 KSecDD - ok
08:29:48.0990 6136 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
08:29:49.0006 6136 KSecPkg - ok
08:29:49.0021 6136 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
08:29:49.0052 6136 ksthunk - ok
08:29:49.0068 6136 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
08:29:49.0099 6136 KtmRm - ok
08:29:49.0146 6136 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
08:29:49.0177 6136 LanmanServer - ok
08:29:49.0208 6136 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
08:29:49.0255 6136 LanmanWorkstation - ok
08:29:49.0302 6136 [ 156AB2E56DC3CA0B582E3362E07CDED7 ] lirsgt C:\Windows\system32\DRIVERS\lirsgt.sys
08:29:49.0302 6136 lirsgt - ok
08:29:49.0318 6136 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
08:29:49.0333 6136 lltdio - ok
08:29:49.0364 6136 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
08:29:49.0411 6136 lltdsvc - ok
08:29:49.0427 6136 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
08:29:49.0458 6136 lmhosts - ok
08:29:49.0474 6136 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
08:29:49.0489 6136 LSI_FC - ok
08:29:49.0505 6136 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
08:29:49.0505 6136 LSI_SAS - ok
08:29:49.0520 6136 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
08:29:49.0536 6136 LSI_SAS2 - ok
08:29:49.0536 6136 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
08:29:49.0552 6136 LSI_SCSI - ok
08:29:49.0567 6136 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
08:29:49.0583 6136 luafv - ok
08:29:49.0614 6136 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
08:29:49.0645 6136 Mcx2Svc - ok
08:29:49.0661 6136 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
08:29:49.0661 6136 megasas - ok
08:29:49.0676 6136 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
08:29:49.0692 6136 MegaSR - ok
08:29:49.0708 6136 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
08:29:49.0739 6136 MMCSS - ok
08:29:49.0770 6136 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
08:29:49.0801 6136 Modem - ok
08:29:49.0832 6136 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
08:29:49.0848 6136 monitor - ok
08:29:49.0895 6136 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
08:29:49.0895 6136 mouclass - ok
08:29:49.0910 6136 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
08:29:49.0926 6136 mouhid - ok
08:29:49.0957 6136 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
08:29:49.0973 6136 mountmgr - ok
08:29:49.0988 6136 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
08:29:50.0004 6136 mpio - ok
08:29:50.0020 6136 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
08:29:50.0035 6136 mpsdrv - ok
08:29:50.0098 6136 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
08:29:50.0144 6136 MpsSvc - ok
08:29:50.0176 6136 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
08:29:50.0207 6136 MRxDAV - ok
08:29:50.0238 6136 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
08:29:50.0238 6136 mrxsmb - ok
08:29:50.0269 6136 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:29:50.0300 6136 mrxsmb10 - ok
08:29:50.0332 6136 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:29:50.0347 6136 mrxsmb20 - ok
08:29:50.0363 6136 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
08:29:50.0378 6136 msahci - ok
08:29:50.0410 6136 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
08:29:50.0425 6136 msdsm - ok
08:29:50.0425 6136 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
08:29:50.0456 6136 MSDTC - ok
08:29:50.0456 6136 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
08:29:50.0488 6136 Msfs - ok
08:29:50.0488 6136 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
08:29:50.0534 6136 mshidkmdf - ok
08:29:50.0566 6136 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
08:29:50.0566 6136 msisadrv - ok
08:29:50.0597 6136 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
08:29:50.0628 6136 MSiSCSI - ok
08:29:50.0628 6136 msiserver - ok
08:29:50.0659 6136 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
08:29:50.0690 6136 MSKSSRV - ok
08:29:50.0690 6136 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
08:29:50.0722 6136 MSPCLOCK - ok
08:29:50.0737 6136 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
08:29:50.0768 6136 MSPQM - ok
08:29:50.0800 6136 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
08:29:50.0815 6136 MsRPC - ok
08:29:50.0815 6136 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
08:29:50.0831 6136 mssmbios - ok
08:29:50.0846 6136 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
08:29:50.0862 6136 MSTEE - ok
08:29:50.0878 6136 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
08:29:50.0893 6136 MTConfig - ok
08:29:50.0909 6136 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
08:29:50.0909 6136 Mup - ok
08:29:50.0940 6136 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
08:29:50.0987 6136 napagent - ok
08:29:51.0002 6136 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
08:29:51.0018 6136 NativeWifiP - ok
08:29:51.0080 6136 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
08:29:51.0096 6136 NDIS - ok
08:29:51.0112 6136 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
08:29:51.0127 6136 NdisCap - ok
08:29:51.0143 6136 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
08:29:51.0174 6136 NdisTapi - ok
08:29:51.0205 6136 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
08:29:51.0221 6136 Ndisuio - ok
08:29:51.0252 6136 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
08:29:51.0283 6136 NdisWan - ok
08:29:51.0314 6136 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
08:29:51.0361 6136 NDProxy - ok
08:29:51.0455 6136 [ B90E093E7A7250906F1054418B5339C0 ] Nero BackItUp Scheduler 4.0 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
08:29:51.0470 6136 Nero BackItUp Scheduler 4.0 - ok
08:29:51.0486 6136 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
08:29:51.0517 6136 NetBIOS - ok
08:29:51.0548 6136 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
08:29:51.0580 6136 NetBT - ok
08:29:51.0595 6136 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
08:29:51.0611 6136 Netlogon - ok
08:29:51.0626 6136 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
08:29:51.0673 6136 Netman - ok
08:29:51.0689 6136 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
08:29:51.0720 6136 netprofm - ok
08:29:51.0736 6136 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
08:29:51.0751 6136 NetTcpPortSharing - ok
08:29:51.0782 6136 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
08:29:51.0782 6136 nfrd960 - ok
08:29:51.0814 6136 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
08:29:51.0829 6136 NlaSvc - ok
08:29:51.0845 6136 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
08:29:51.0876 6136 Npfs - ok
08:29:51.0876 6136 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
08:29:51.0923 6136 nsi - ok
08:29:51.0923 6136 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
08:29:51.0970 6136 nsiproxy - ok
08:29:52.0016 6136 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
08:29:52.0032 6136 Ntfs - ok
08:29:52.0048 6136 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
08:29:52.0094 6136 Null - ok
08:29:52.0141 6136 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
08:29:52.0141 6136 nvraid - ok
08:29:52.0157 6136 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
08:29:52.0172 6136 nvstor - ok
08:29:52.0188 6136 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
08:29:52.0188 6136 nv_agp - ok
08:29:52.0204 6136 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
08:29:52.0235 6136 ohci1394 - ok
08:29:52.0250 6136 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
08:29:52.0266 6136 p2pimsvc - ok
08:29:52.0297 6136 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
08:29:52.0297 6136 p2psvc - ok
08:29:52.0313 6136 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
08:29:52.0313 6136 Parport - ok
08:29:52.0344 6136 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
08:29:52.0360 6136 partmgr - ok
08:29:52.0360 6136 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
08:29:52.0391 6136 PcaSvc - ok
08:29:52.0406 6136 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
08:29:52.0406 6136 pci - ok
08:29:52.0438 6136 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
08:29:52.0438 6136 pciide - ok
08:29:52.0453 6136 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
08:29:52.0469 6136 pcmcia - ok
08:29:52.0484 6136 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
08:29:52.0484 6136 pcw - ok
08:29:52.0500 6136 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
08:29:52.0547 6136 PEAUTH - ok
08:29:52.0594 6136 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
08:29:52.0625 6136 PeerDistSvc - ok
08:29:52.0703 6136 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
08:29:52.0734 6136 PerfHost - ok
08:29:52.0781 6136 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
08:29:52.0843 6136 pla - ok
08:29:52.0874 6136 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
08:29:52.0890 6136 PlugPlay - ok
08:29:52.0921 6136 PnkBstrA - ok
08:29:52.0937 6136 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
08:29:52.0952 6136 PNRPAutoReg - ok
08:29:52.0968 6136 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
08:29:52.0968 6136 PNRPsvc - ok
08:29:52.0984 6136 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
08:29:53.0030 6136 PolicyAgent - ok
08:29:53.0046 6136 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
08:29:53.0093 6136 Power - ok
08:29:53.0124 6136 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
08:29:53.0171 6136 PptpMiniport - ok
08:29:53.0186 6136 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
08:29:53.0202 6136 Processor - ok
08:29:53.0233 6136 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
08:29:53.0280 6136 ProfSvc - ok
08:29:53.0296 6136 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
08:29:53.0311 6136 ProtectedStorage - ok
08:29:53.0342 6136 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
08:29:53.0374 6136 Psched - ok
08:29:53.0420 6136 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
08:29:53.0436 6136 ql2300 - ok
08:29:53.0452 6136 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
08:29:53.0467 6136 ql40xx - ok
08:29:53.0483 6136 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
08:29:53.0498 6136 QWAVE - ok
08:29:53.0514 6136 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
08:29:53.0545 6136 QWAVEdrv - ok
08:29:53.0561 6136 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
08:29:53.0592 6136 RasAcd - ok
08:29:53.0623 6136 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
08:29:53.0639 6136 RasAgileVpn - ok
08:29:53.0670 6136 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
08:29:53.0686 6136 RasAuto - ok
08:29:53.0717 6136 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
08:29:53.0748 6136 Rasl2tp - ok
08:29:53.0779 6136 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
08:29:53.0826 6136 RasMan - ok
08:29:53.0842 6136 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
08:29:53.0873 6136 RasPppoe - ok
08:29:53.0873 6136 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
08:29:53.0904 6136 RasSstp - ok
08:29:53.0935 6136 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
08:29:53.0966 6136 rdbss - ok
08:29:53.0982 6136 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
08:29:53.0998 6136 rdpbus - ok
08:29:54.0013 6136 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
08:29:54.0029 6136 RDPCDD - ok
08:29:54.0060 6136 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
08:29:54.0076 6136 RDPDR - ok
08:29:54.0091 6136 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
08:29:54.0107 6136 RDPENCDD - ok
08:29:54.0122 6136 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
08:29:54.0138 6136 RDPREFMP - ok
08:29:54.0169 6136 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
08:29:54.0200 6136 RDPWD - ok
08:29:54.0232 6136 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
08:29:54.0232 6136 rdyboost - ok
08:29:54.0263 6136 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
08:29:54.0294 6136 RemoteAccess - ok
08:29:54.0310 6136 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
08:29:54.0356 6136 RemoteRegistry - ok
08:29:54.0372 6136 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
08:29:54.0403 6136 RpcEptMapper - ok
08:29:54.0434 6136 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
08:29:54.0466 6136 RpcLocator - ok
08:29:54.0497 6136 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
08:29:54.0528 6136 RpcSs - ok
08:29:54.0544 6136 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
08:29:54.0590 6136 rspndr - ok
08:29:54.0606 6136 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
08:29:54.0622 6136 s3cap - ok
08:29:54.0622 6136 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
08:29:54.0637 6136 SamSs - ok
08:29:54.0668 6136 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
08:29:54.0668 6136 sbp2port - ok
08:29:54.0684 6136 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
08:29:54.0715 6136 SCardSvr - ok
08:29:54.0746 6136 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
08:29:54.0778 6136 scfilter - ok
08:29:54.0824 6136 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
08:29:54.0871 6136 Schedule - ok
08:29:54.0902 6136 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
08:29:54.0934 6136 SCPolicySvc - ok
08:29:54.0965 6136 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
08:29:54.0996 6136 SDRSVC - ok
08:29:55.0012 6136 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
08:29:55.0043 6136 secdrv - ok
08:29:55.0074 6136 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
08:29:55.0121 6136 seclogon - ok
08:29:55.0136 6136 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
08:29:55.0168 6136 SENS - ok
08:29:55.0168 6136 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
08:29:55.0183 6136 SensrSvc - ok
08:29:55.0199 6136 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
08:29:55.0214 6136 Serenum - ok
08:29:55.0230 6136 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
08:29:55.0246 6136 Serial - ok
08:29:55.0261 6136 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
08:29:55.0261 6136 sermouse - ok
08:29:55.0308 6136 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
08:29:55.0339 6136 SessionEnv - ok
08:29:55.0355 6136 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
08:29:55.0386 6136 sffdisk - ok
08:29:55.0402 6136 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
08:29:55.0417 6136 sffp_mmc - ok
08:29:55.0417 6136 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
08:29:55.0448 6136 sffp_sd - ok
08:29:55.0464 6136 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
08:29:55.0464 6136 sfloppy - ok
08:29:55.0542 6136 [ 21D48D7C9BDEF13AF16FDCBC5719FC3B ] SftService C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
08:29:55.0573 6136 SftService ( UnsignedFile.Multi.Generic ) - warning
08:29:55.0573 6136 SftService - detected UnsignedFile.Multi.Generic (1)
08:29:55.0589 6136 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
08:29:55.0636 6136 SharedAccess - ok
08:29:55.0667 6136 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
08:29:55.0682 6136 ShellHWDetection - ok
08:29:55.0714 6136 [ 0F498DEE92FD73DD999BAE4D506367F5 ] SI3132 C:\Windows\system32\DRIVERS\SI3132.sys
08:29:55.0729 6136 SI3132 - ok
08:29:55.0729 6136 [ 127CE10E01F53F2EDACA7FE42E5631EA ] SiFilter C:\Windows\system32\DRIVERS\SiWinAcc.sys
08:29:55.0729 6136 SiFilter - ok
08:29:55.0745 6136 [ B742C37002B8EBEF6E230DF9B4B28546 ] SiRemFil C:\Windows\system32\DRIVERS\SiRemFil.sys
08:29:55.0745 6136 SiRemFil - ok
08:29:55.0776 6136 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
08:29:55.0776 6136 SiSRaid2 - ok
08:29:55.0792 6136 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
08:29:55.0807 6136 SiSRaid4 - ok
08:29:55.0823 6136 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
08:29:55.0870 6136 Smb - ok
08:29:55.0916 6136 [ 14A6C16F523BE06BA307CB68597EAA82 ] smbusp C:\Windows\system32\DRIVERS\intelsmb.sys
08:29:55.0948 6136 smbusp - ok
08:29:55.0979 6136 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
08:29:55.0994 6136 SNMPTRAP - ok
08:29:56.0010 6136 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
08:29:56.0010 6136 spldr - ok
08:29:56.0057 6136 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
08:29:56.0088 6136 Spooler - ok
08:29:56.0150 6136 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
08:29:56.0229 6136 sppsvc - ok
08:29:56.0244 6136 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
08:29:56.0275 6136 sppuinotify - ok
08:29:56.0307 6136 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
08:29:56.0338 6136 srv - ok
08:29:56.0369 6136 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
08:29:56.0400 6136 srv2 - ok
08:29:56.0416 6136 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
08:29:56.0431 6136 srvnet - ok
08:29:56.0463 6136 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
08:29:56.0494 6136 SSDPSRV - ok
08:29:56.0509 6136 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
08:29:56.0525 6136 SstpSvc - ok
08:29:56.0572 6136 Steam Client Service - ok
08:29:56.0603 6136 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
08:29:56.0603 6136 stexstor - ok
08:29:56.0650 6136 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
08:29:56.0681 6136 stisvc - ok
08:29:56.0712 6136 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
08:29:56.0728 6136 storflt - ok
08:29:56.0743 6136 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
08:29:56.0759 6136 StorSvc - ok
08:29:56.0775 6136 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
08:29:56.0790 6136 storvsc - ok
08:29:56.0806 6136 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
08:29:56.0806 6136 swenum - ok
08:29:56.0821 6136 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
08:29:56.0868 6136 swprv - ok
08:29:56.0915 6136 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
08:29:56.0946 6136 SysMain - ok
08:29:56.0977 6136 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
08:29:56.0993 6136 TabletInputService - ok
08:29:57.0009 6136 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
08:29:57.0055 6136 TapiSrv - ok
08:29:57.0087 6136 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
08:29:57.0133 6136 TBS - ok
08:29:57.0180 6136 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
08:29:57.0211 6136 Tcpip - ok
08:29:57.0243 6136 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
08:29:57.0274 6136 TCPIP6 - ok
08:29:57.0305 6136 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
08:29:57.0321 6136 tcpipreg - ok
08:29:57.0352 6136 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
08:29:57.0352 6136 TDPIPE - ok
08:29:57.0383 6136 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
08:29:57.0383 6136 TDTCP - ok
08:29:57.0430 6136 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
08:29:57.0445 6136 tdx - ok
08:29:57.0477 6136 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
08:29:57.0492 6136 TermDD - ok
08:29:57.0539 6136 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
08:29:57.0570 6136 TermService - ok
08:29:57.0586 6136 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
08:29:57.0617 6136 Themes - ok
08:29:57.0633 6136 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
08:29:57.0664 6136 THREADORDER - ok
08:29:57.0679 6136 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
08:29:57.0695 6136 TrkWks - ok
08:29:57.0742 6136 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
08:29:57.0773 6136 TrustedInstaller - ok
08:29:57.0804 6136 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
08:29:57.0835 6136 tssecsrv - ok
08:29:57.0882 6136 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
08:29:57.0898 6136 TsUsbFlt - ok
08:29:57.0945 6136 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
08:29:57.0960 6136 tunnel - ok
08:29:57.0976 6136 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
08:29:57.0991 6136 uagp35 - ok
08:29:58.0007 6136 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
08:29:58.0054 6136 udfs - ok
08:29:58.0085 6136 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
08:29:58.0085 6136 UI0Detect - ok
08:29:58.0101 6136 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
08:29:58.0116 6136 uliagpkx - ok
08:29:58.0147 6136 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
08:29:58.0163 6136 umbus - ok
08:29:58.0194 6136 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
08:29:58.0194 6136 UmPass - ok
08:29:58.0241 6136 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
08:29:58.0272 6136 UmRdpService - ok
08:29:58.0288 6136 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
08:29:58.0335 6136 upnphost - ok
08:29:58.0366 6136 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
08:29:58.0381 6136 usbccgp - ok
08:29:58.0413 6136 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
08:29:58.0413 6136 usbcir - ok
08:29:58.0444 6136 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
08:29:58.0475 6136 usbehci - ok
08:29:58.0491 6136 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
08:29:58.0506 6136 usbhub - ok
08:29:58.0537 6136 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
08:29:58.0569 6136 usbohci - ok
08:29:58.0584 6136 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
08:29:58.0600 6136 usbprint - ok
08:29:58.0631 6136 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
08:29:58.0647 6136 usbscan - ok
08:29:58.0662 6136 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:29:58.0662 6136 USBSTOR - ok
08:29:58.0709 6136 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
08:29:58.0709 6136 usbuhci - ok
08:29:58.0725 6136 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
08:29:58.0771 6136 UxSms - ok
08:29:58.0803 6136 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
08:29:58.0803 6136 VaultSvc - ok
08:29:58.0818 6136 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
08:29:58.0834 6136 vdrvroot - ok
08:29:58.0865 6136 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
08:29:58.0896 6136 vds - ok
08:29:58.0943 6136 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
08:29:58.0943 6136 vga - ok
08:29:58.0959 6136 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
08:29:58.0990 6136 VgaSave - ok
08:29:59.0021 6136 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
08:29:59.0037 6136 vhdmp - ok
08:29:59.0068 6136 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
08:29:59.0068 6136 viaide - ok
08:29:59.0099 6136 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
08:29:59.0099 6136 vmbus - ok
08:29:59.0115 6136 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
08:29:59.0130 6136 VMBusHID - ok
08:29:59.0177 6136 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
08:29:59.0177 6136 volmgr - ok
08:29:59.0208 6136 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
08:29:59.0224 6136 volmgrx - ok
08:29:59.0239 6136 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
08:29:59.0255 6136 volsnap - ok
08:29:59.0271 6136 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
08:29:59.0271 6136 vsmraid - ok
08:29:59.0317 6136 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
08:29:59.0364 6136 VSS - ok
08:29:59.0364 6136 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
08:29:59.0380 6136 vwifibus - ok
08:29:59.0411 6136 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
08:29:59.0427 6136 vwififlt - ok
08:29:59.0458 6136 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
08:29:59.0489 6136 W32Time - ok
08:29:59.0505 6136 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
08:29:59.0520 6136 WacomPen - ok
08:29:59.0551 6136 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
08:29:59.0583 6136 WANARP - ok
08:29:59.0583 6136 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
08:29:59.0614 6136 Wanarpv6 - ok
08:29:59.0661 6136 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
08:29:59.0692 6136 wbengine - ok
08:29:59.0707 6136 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
08:29:59.0723 6136 WbioSrvc - ok
08:29:59.0754 6136 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
08:29:59.0785 6136 wcncsvc - ok
08:29:59.0801 6136 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
08:29:59.0817 6136 WcsPlugInService - ok
08:29:59.0817 6136 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
08:29:59.0832 6136 Wd - ok
08:29:59.0879 6136 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
08:29:59.0895 6136 Wdf01000 - ok
08:29:59.0910 6136 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
08:29:59.0926 6136 WdiServiceHost - ok
08:29:59.0926 6136 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
08:29:59.0941 6136 WdiSystemHost - ok
08:29:59.0988 6136 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
08:30:00.0004 6136 WebClient - ok
08:30:00.0019 6136 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
08:30:00.0066 6136 Wecsvc - ok
08:30:00.0097 6136 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
08:30:00.0129 6136 wercplsupport - ok
08:30:00.0144 6136 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
08:30:00.0191 6136 WerSvc - ok
08:30:00.0207 6136 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
08:30:00.0238 6136 WfpLwf - ok
08:30:00.0269 6136 [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
08:30:00.0269 6136 WimFltr - ok
08:30:00.0285 6136 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
08:30:00.0285 6136 WIMMount - ok
08:30:00.0300 6136 WinDefend - ok
08:30:00.0316 6136 WinHttpAutoProxySvc - ok
08:30:00.0347 6136 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
08:30:00.0378 6136 Winmgmt - ok
08:30:00.0425 6136 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
08:30:00.0456 6136 WinRM - ok
08:30:00.0519 6136 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
08:30:00.0550 6136 WinUsb - ok
08:30:00.0581 6136 [ 0F695800783C3F9E577B94BF1E71D95A ] WLANBelkinService C:\Program Files (x86)\Belkin\F7D4101\V1\wlansrv.exe
08:30:00.0597 6136 WLANBelkinService ( UnsignedFile.Multi.Generic ) - warning
08:30:00.0597 6136 WLANBelkinService - detected UnsignedFile.Multi.Generic (1)
08:30:00.0612 6136 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
08:30:00.0659 6136 Wlansvc - ok
08:30:00.0675 6136 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
08:30:00.0690 6136 WmiAcpi - ok
08:30:00.0706 6136 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
08:30:00.0721 6136 wmiApSrv - ok
08:30:00.0753 6136 WMPNetworkSvc - ok
08:30:00.0768 6136 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
08:30:00.0768 6136 WPCSvc - ok
08:30:00.0799 6136 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
08:30:00.0815 6136 WPDBusEnum - ok
08:30:00.0831 6136 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
08:30:00.0862 6136 ws2ifsl - ok
08:30:00.0877 6136 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
08:30:00.0909 6136 wscsvc - ok
08:30:00.0909 6136 WSearch - ok
08:30:00.0955 6136 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
08:30:00.0987 6136 wuauserv - ok
08:30:01.0018 6136 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
08:30:01.0033 6136 WudfPf - ok
08:30:01.0065 6136 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
08:30:01.0096 6136 WUDFRd - ok
08:30:01.0127 6136 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
08:30:01.0143 6136 wudfsvc - ok
08:30:01.0158 6136 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
08:30:01.0174 6136 WwanSvc - ok
08:30:01.0221 6136 [ AC6B43F32E452E358BDC5ECABF894452 ] XTUService C:\Program Files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe
08:30:01.0236 6136 XTUService - ok
08:30:01.0283 6136 [ 1CACFEF9E5DD866C5B79A135EE729E18 ] {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054} c:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl
08:30:01.0299 6136 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054} - ok
08:30:01.0299 6136 ================ Scan global ===============================
08:30:01.0314 6136 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
08:30:01.0361 6136 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
08:30:01.0361 6136 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
08:30:01.0377 6136 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
08:30:01.0408 6136 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
08:30:01.0408 6136 [Global] - ok
08:30:01.0408 6136 ================ Scan MBR ==================================
08:30:01.0423 6136 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
08:30:01.0689 6136 \Device\Harddisk0\DR0 - ok
08:30:01.0689 6136 ================ Scan VBR ==================================
08:30:01.0689 6136 [ 10441088096DECAE728B4DD1D2DBA381 ] \Device\Harddisk0\DR0\Partition1
08:30:01.0689 6136 \Device\Harddisk0\DR0\Partition1 - ok
08:30:01.0720 6136 [ 462731C0FEDD5F2BC96B327EF23F1A3B ] \Device\Harddisk0\DR0\Partition2
08:30:01.0720 6136 \Device\Harddisk0\DR0\Partition2 - ok
08:30:01.0720 6136 ============================================================
08:30:01.0720 6136 Scan finished
08:30:01.0720 6136 ============================================================
08:30:01.0735 4584 Detected object count: 5
08:30:01.0735 4584 Actual detected object count: 5
08:32:22.0432 4584 amdkmdap ( UnsignedFile.Multi.Generic ) - skipped by user
08:32:22.0432 4584 amdkmdap ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:32:22.0432 4584 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
08:32:22.0432 4584 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:32:22.0432 4584 IJPLMSVC ( UnsignedFile.Multi.Generic ) - skipped by user
08:32:22.0432 4584 IJPLMSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:32:22.0432 4584 SftService ( UnsignedFile.Multi.Generic ) - skipped by user
08:32:22.0432 4584 SftService ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:32:22.0432 4584 WLANBelkinService ( UnsignedFile.Multi.Generic ) - skipped by user
08:32:22.0432 4584 WLANBelkinService ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:32:26.0504 2388 Deinitialize success
mbar Anti-Rootkit: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1020
www.malwarebytes.org
Database version: v2013.02.13.03
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Hugomatic :: HUGOMATIC-PC [administrator]
13.02.2013 08:14:06
mbar-log-2013-02-13 (08-14-06).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 26909
Time elapsed: 7 minute(s), 15 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-02-14 12:43:31
-----------------------------
12:43:31.643 OS Version: Windows x64 6.1.7601 Service Pack 1
12:43:31.643 Number of processors: 8 586 0x1A05
12:43:31.643 ComputerName: HUGOMATIC-PC UserName: Hugomatic
12:43:32.743 Initialize success
12:47:27.011 AVAST engine defs: 13021304
12:56:24.132 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
12:56:24.132 Disk 0 Vendor: WDC_WD50 05.0 Size: 476940MB BusType: 3
12:56:24.162 Disk 0 MBR read successfully
12:56:24.162 Disk 0 MBR scan
12:56:24.252 Disk 0 Windows 7 default MBR code
12:56:24.272 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 109 MB offset 63
12:56:24.312 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 8818 MB offset 225280
12:56:24.352 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 468011 MB offset 18284544
12:56:24.392 Disk 0 scanning C:\Windows\system32\drivers
12:56:36.082 Service scanning
12:56:54.872 Modules scanning
12:56:54.872 Disk 0 trace - called modules:
12:56:54.882 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
12:56:54.882 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800657b790]
12:56:54.882 3 CLASSPNP.SYS[fffff88001a2c43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800633a050]
12:56:56.522 AVAST engine scan C:\
14:20:19.304 Scan finished successfully
14:20:38.084 Disk 0 MBR has been saved successfully to "C:\Users\Hugomatic\Downloads\MBR.dat"
14:20:38.084 The log file has been saved successfully to "C:\Users\Hugomatic\Downloads\aswMBR.txt"
Viele Grüße |
|
14.02.2013, 15:15
| #4 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Java/Treams.JO in Quarantäne, PC wieder sicher? Ok, danke für die Erklärung  Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
14.02.2013, 19:48
| #5 |
| | Java/Treams.JO in Quarantäne, PC wieder sicher? Hallo Cosinus, wie gewünscht der CF Log: Code:
ATTFilter ComboFix 13-02-13.02 - Hugomatic 14.02.2013 19:17:35.1.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.6135.4563 [GMT 1:00]
ausgeführt von:: c:\users\Hugomatic\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
FW: FireWall *Enabled* {CE40CCC0-8ADB-6D67-25A0-C5B6438E4B57}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\users\Hugomatic\g2mdlhlpx.exe
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
c:\windows\SysWow64\WanPacket.dll
c:\windows\SysWow64\wpcap.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-01-14 bis 2013-02-14 ))))))))))))))))))))))))))))))
.
.
2013-02-14 18:21 . 2013-02-14 18:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-02-14 09:54 . 2013-02-14 09:54 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2013-02-13 16:32 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 16:32 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 16:30 . 2013-01-09 01:22 10925568 ----a-w- c:\windows\system32\ieframe.dll
2013-02-13 13:00 . 2013-01-05 05:53 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-02-13 13:00 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-02-13 13:00 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-02-13 13:00 . 2013-01-04 03:26 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-02-13 13:00 . 2013-01-04 05:46 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-02-13 13:00 . 2013-01-04 02:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-02-13 13:00 . 2013-01-04 02:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-02-13 13:00 . 2013-01-04 04:51 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-02-13 13:00 . 2013-01-04 02:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-02-13 13:00 . 2013-01-04 02:47 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-02-13 13:00 . 2013-01-03 06:00 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-02-13 13:00 . 2013-01-03 06:00 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-13 10:25 . 2013-02-13 10:25 -------- d-----w- C:\Logs
2013-02-13 09:24 . 2013-02-13 09:24 -------- d-----w- c:\users\Hugomatic\AppData\Roaming\Malwarebytes
2013-02-13 09:24 . 2013-02-13 09:24 -------- d-----w- c:\users\Hugomatic\AppData\Local\Programs
2013-02-12 16:21 . 2013-02-12 16:21 -------- d-----w- c:\programdata\Malwarebytes
2013-02-03 12:10 . 2013-02-03 12:10 -------- d-----w- c:\users\Hugomatic\.pdfsam
2013-02-03 12:07 . 2013-02-03 12:07 -------- d-----w- c:\program files\PDF Split And Merge Basic
2013-02-02 15:45 . 2013-02-02 15:45 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-14 10:03 . 2012-11-05 16:43 691568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-14 10:03 . 2011-05-14 16:00 71024 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-13 16:34 . 2009-12-19 13:53 70004024 ----a-w- c:\windows\system32\MRT.exe
2013-02-02 15:45 . 2012-05-16 18:46 861088 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2013-02-02 15:45 . 2010-04-19 17:33 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-01-04 04:43 . 2013-02-13 13:00 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-12-16 17:11 . 2012-12-21 15:06 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-21 15:06 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 15:06 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-21 15:06 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-07 13:20 . 2013-01-09 16:50 441856 ----a-w- c:\windows\system32\Wpc.dll
2012-12-07 13:15 . 2013-01-09 16:50 2746368 ----a-w- c:\windows\system32\gameux.dll
2012-12-07 12:26 . 2013-01-09 16:50 308736 ----a-w- c:\windows\SysWow64\Wpc.dll
2012-12-07 12:20 . 2013-01-09 16:50 2576384 ----a-w- c:\windows\SysWow64\gameux.dll
2012-12-07 11:20 . 2013-01-09 16:50 30720 ----a-w- c:\windows\system32\usk.rs
2012-12-07 11:20 . 2013-01-09 16:50 43520 ----a-w- c:\windows\system32\csrr.rs
2012-12-07 11:20 . 2013-01-09 16:50 23552 ----a-w- c:\windows\system32\oflc.rs
2012-12-07 11:20 . 2013-01-09 16:50 45568 ----a-w- c:\windows\system32\oflc-nz.rs
2012-12-07 11:20 . 2013-01-09 16:50 44544 ----a-w- c:\windows\system32\pegibbfc.rs
2012-12-07 11:20 . 2013-01-09 16:50 20480 ----a-w- c:\windows\system32\pegi-fi.rs
2012-12-07 11:20 . 2013-01-09 16:50 20480 ----a-w- c:\windows\system32\pegi-pt.rs
2012-12-07 11:19 . 2013-01-09 16:50 20480 ----a-w- c:\windows\system32\pegi.rs
2012-12-07 11:19 . 2013-01-09 16:50 46592 ----a-w- c:\windows\system32\fpb.rs
2012-12-07 11:19 . 2013-01-09 16:50 40960 ----a-w- c:\windows\system32\cob-au.rs
2012-12-07 11:19 . 2013-01-09 16:50 21504 ----a-w- c:\windows\system32\grb.rs
2012-12-07 11:19 . 2013-01-09 16:50 15360 ----a-w- c:\windows\system32\djctq.rs
2012-12-07 11:19 . 2013-01-09 16:50 55296 ----a-w- c:\windows\system32\cero.rs
2012-12-07 11:19 . 2013-01-09 16:50 51712 ----a-w- c:\windows\system32\esrb.rs
2012-12-07 10:46 . 2013-01-09 16:50 43520 ----a-w- c:\windows\SysWow64\csrr.rs
2012-12-07 10:46 . 2013-01-09 16:50 30720 ----a-w- c:\windows\SysWow64\usk.rs
2012-12-07 10:46 . 2013-01-09 16:50 45568 ----a-w- c:\windows\SysWow64\oflc-nz.rs
2012-12-07 10:46 . 2013-01-09 16:50 44544 ----a-w- c:\windows\SysWow64\pegibbfc.rs
2012-12-07 10:46 . 2013-01-09 16:50 20480 ----a-w- c:\windows\SysWow64\pegi-pt.rs
2012-12-07 10:46 . 2013-01-09 16:50 23552 ----a-w- c:\windows\SysWow64\oflc.rs
2012-12-07 10:46 . 2013-01-09 16:50 20480 ----a-w- c:\windows\SysWow64\pegi-fi.rs
2012-12-07 10:46 . 2013-01-09 16:50 46592 ----a-w- c:\windows\SysWow64\fpb.rs
2012-12-07 10:46 . 2013-01-09 16:50 20480 ----a-w- c:\windows\SysWow64\pegi.rs
2012-12-07 10:46 . 2013-01-09 16:50 21504 ----a-w- c:\windows\SysWow64\grb.rs
2012-12-07 10:46 . 2013-01-09 16:50 40960 ----a-w- c:\windows\SysWow64\cob-au.rs
2012-12-07 10:46 . 2013-01-09 16:50 15360 ----a-w- c:\windows\SysWow64\djctq.rs
2012-12-07 10:46 . 2013-01-09 16:50 55296 ----a-w- c:\windows\SysWow64\cero.rs
2012-12-07 10:46 . 2013-01-09 16:50 51712 ----a-w- c:\windows\SysWow64\esrb.rs
2012-11-30 05:45 . 2013-01-09 16:50 362496 ----a-w- c:\windows\system32\wow64win.dll
2012-11-30 05:45 . 2013-01-09 16:50 243200 ----a-w- c:\windows\system32\wow64.dll
2012-11-30 05:45 . 2013-01-09 16:50 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2012-11-30 05:43 . 2013-01-09 16:50 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2012-11-30 05:41 . 2013-01-09 16:50 424448 ----a-w- c:\windows\system32\KernelBase.dll
2012-11-30 05:41 . 2013-01-09 16:50 1161216 ----a-w- c:\windows\system32\kernel32.dll
2012-11-30 05:38 . 2013-01-09 16:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 16:50 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 16:50 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 16:50 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 16:50 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 16:50 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 16:50 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 16:50 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 16:50 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 16:50 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 16:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 16:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 16:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 16:50 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 16:50 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 16:50 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 16:50 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 16:50 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 16:50 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 16:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 16:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 16:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 16:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 16:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 16:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 16:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 16:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 16:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-11-30 04:53 . 2013-01-09 16:50 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll
2012-11-30 04:45 . 2013-01-09 16:50 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 16:50 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 16:50 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 16:50 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 16:50 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 16:50 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 16:50 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 16:50 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 16:50 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 16:50 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 16:50 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 16:50 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 16:50 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 16:50 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 16:50 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 16:50 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 16:50 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 16:50 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 16:50 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 16:50 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 16:50 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 16:50 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 16:50 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-14 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-08-26 98304]
"RemoteControl8"="c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-15 91432]
"PDVD8LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-15 50472]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared Files\brs.exe" [2009-04-29 75048]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-01 348664]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Play Wireless USB Adapter Utility.lnk - c:\program files (x86)\Belkin\F7D4101\V1\PBN.exe [2009-11-25 110592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [x]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [x]
R2 WLANBelkinService;Belkin WLAN service;c:\program files (x86)\Belkin\F7D4101\V1\wlansrv.exe [2009-12-28 36864]
R3 DAUpdaterSvc;Dragon Age: Origins - Inhaltsupdater;c:\dragon age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S1 avfwot;avfwot;c:\windows\system32\DRIVERS\avfwot.sys [2012-11-13 140936]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-05-12 27760]
S2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2009/12/04 12:58];c:\program files (x86)\CyberLink\PowerDVD8\000.fcl [2009-04-15 22:28 146928]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2009-01-19 334344]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-06-03 92160]
S2 AlienFusionService;Alienware Fusion Service;c:\program files\Alienware\Command Center\AlienFusionService.exe [2009-09-25 14648]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-27 202752]
S2 AntiVirFirewallService;Avira FireWall;c:\program files (x86)\Avira\AntiVir Desktop\avfwsvc.exe [2012-05-15 619472]
S2 AntiVirMailService;Avira Email Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe [2012-05-15 375760]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-15 86224]
S2 AntiVirWebService;Avira Browser Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2012-05-15 465360]
S2 IOCBIOS;IOCBIOS;c:\programdata\Intel\Extreme Tuning Utility\IOCbios\64bit\IOCBIOS.SYS [2009-07-09 27096]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-03-04 658656]
S2 XTUService;Intel(R) Extreme Tuning Utility;c:\program files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe [2009-07-27 30944]
S3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\DRIVERS\avfwim.sys [2012-11-13 114168]
S3 AWOPFilterDriver;AWOPFilterDriver;c:\windows\system32\drivers\AWOPFilterDriver.sys [2012-05-12 19464]
S3 BCMH43XX;N+ Wireless USB Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh564.sys [2009-11-06 765952]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-07-06 317480]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-02-02 15:21 1607120 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-02-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-05 10:03]
.
2013-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-10 17:47]
.
2013-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-10 17:47]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Thermal Controller"="c:\program files\Alienware\Command Center\ThermalController.exe" [2009-10-05 166200]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-06-03 7833120]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1840720]
"AlienFX Controller"="c:\program files\Alienware\Command Center\AlienwareAlienFXController.exe" [2009-10-05 58696]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.2.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{91da5e8a-3318-4f8c-b67e-5964de3ab546} - (no file)
URLSearchHooks-{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - (no file)
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
Toolbar-Locked - (no file)
WebBrowser-{91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - (no file)
WebBrowser-{FC2B76FC-2132-4D80-A9A3-1F5C6E49066B} - (no file)
HKLM-Run-Skytel - c:\program files\Realtek\Audio\HDA\Skytel.exe
HKLM-Run-ISW - c:\program files\CheckPoint\ZAForceField\ForceField.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD8\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3298486900-1751861136-877735410-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:b9,a0,dd,73,5b,ed,f9,df,8d,d4,2e,05,d8,cb,36,54,f0,ca,51,f8,33,62,93,
96,f9,e1,73,25,18,9e,38,a7,82,65,bc,64,ac,89,b0,30,21,48,e1,dd,0a,a9,2a,f3,\
"??"=hex:65,34,23,f1,ac,3e,ae,99,14,20,f8,2a,53,ca,02,2f
.
[HKEY_USERS\S-1-5-21-3298486900-1751861136-877735410-1000\Software\SecuROM\License information*]
"datasecu"=hex:bb,cf,3f,9d,8f,41,ae,36,6d,66,83,0b,dd,81,7e,dd,66,6e,8d,59,5b,
b9,78,6d,94,d5,70,73,41,74,4c,9c,59,75,8d,be,0e,41,28,5c,b2,f7,d1,ba,68,32,\
"rkeysecu"=hex:a0,ea,c6,b6,4f,78,91,3b,4f,0f,48,e0,3c,ea,0c,d5
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_168_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_168_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_168_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_168_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_168.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_168.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_168.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_168.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-02-14 19:22:40
ComboFix-quarantined-files.txt 2013-02-14 18:22
.
Vor Suchlauf: 14 Verzeichnis(se), 215.842.160.640 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 216.153.694.208 Bytes frei
.
- - End Of File - - E485BA1A89142E6EC2F1D8E0B024994D
|
|
15.02.2013, 10:45
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Java/Treams.JO in Quarantäne, PC wieder sicher? Eine Kontrolle mit OTL bitte:
__________________ --> Java/Treams.JO in Quarantäne, PC wieder sicher? |
|
15.02.2013, 12:50
| #7 |
| | Java/Treams.JO in Quarantäne, PC wieder sicher? Hallo, hier die Kontrolle. OTL Log: Code:
ATTFilter OTL logfile created on: 15.02.2013 12:30:44 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Hugomatic\Downloads 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 5,99 Gb Total Physical Memory | 4,43 Gb Available Physical Memory | 73,97% Memory free 11,98 Gb Paging File | 9,97 Gb Available in Paging File | 83,25% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 457,04 Gb Total Space | 201,33 Gb Free Space | 44,05% Space Free | Partition Type: NTFS Computer Name: HUGOMATIC-PC | User Name: Hugomatic | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_168_ActiveX.exe (Adobe Systems Incorporated) PRC - C:\Users\Hugomatic\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks) PRC - C:\Program Files (x86)\Belkin\F7D4101\V1\PBN.exe () PRC - C:\Programme\Alienware\Command Center\AlienFXHook32Mngr.exe (Alienware) PRC - C:\Programme\Alienware\Command Center\AlienwareAlienFXController.exe (Alienware Corporation) PRC - C:\Programme\Alienware\Command Center\AlienFusionController.exe () PRC - C:\Program Files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) PRC - C:\Program Files (x86)\CyberLink\Shared Files\brs.exe (cyberlink) PRC - C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.) PRC - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE () ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\a59cf850ee6b2a003167700b648ba9c7\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\77dfcfed5fd5f67d0d3edc545935bb21\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\a31a05ea4f51139b6fae4256999a538e\System.Data.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ff7c9a4f41f7cccc47e696c11b9f8469\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll () MOD - C:\Windows\assembly\GAC_MSIL\AlienLabs.MasterIOBoard.Communication.PID0x513\1.0.74.0__bebb3c8816410241\AlienLabs.MasterIOBoard.Communication.PID0x513.dll () MOD - C:\Windows\assembly\GAC_MSIL\AlienLabs.MasterIOBoard.Communication\1.0.74.0__bebb3c8816410241\AlienLabs.MasterIOBoard.Communication.dll () MOD - C:\Windows\assembly\GAC_MSIL\AlienLabs.MasterIOBoard.Communication.Core\1.0.74.0__bebb3c8816410241\AlienLabs.MasterIOBoard.Communication.Core.dll () MOD - C:\Windows\assembly\GAC_MSIL\AlienwareAlienFXModelResources\1.0.74.0__bebb3c8816410241\AlienwareAlienFXModelResources.dll () MOD - C:\Windows\assembly\GAC_MSIL\AlienwareAlienFXTools\1.0.74.0__bebb3c8816410241\AlienwareAlienFXTools.dll () MOD - C:\Windows\assembly\GAC_MSIL\AlienLabsTools\1.0.65.0__bebb3c8816410241\AlienLabsTools.dll () MOD - C:\Windows\assembly\GAC_MSIL\Alienlabs.CommandCenter.Tools\1.0.65.0__bebb3c8816410241\Alienlabs.CommandCenter.Tools.dll () MOD - C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x512\1.0.74.0__bebb3c8816410241\AlienFX.Communication.PID0x512.dll () MOD - C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x516\1.0.74.0__bebb3c8816410241\AlienFX.Communication.PID0x516.dll () MOD - C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x515\1.0.74.0__bebb3c8816410241\AlienFX.Communication.PID0x515.dll () MOD - C:\Windows\assembly\GAC_MSIL\AlienFX.DeviceDiscovery\1.0.74.0__bebb3c8816410241\AlienFX.DeviceDiscovery.dll () MOD - C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x513\1.0.74.0__bebb3c8816410241\AlienFX.Communication.PID0x513.dll () MOD - C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.Core\1.0.74.0__bebb3c8816410241\AlienFX.Communication.Core.dll () MOD - C:\Windows\assembly\GAC_MSIL\AlienFX.Communication\1.0.74.0__bebb3c8816410241\AlienFX.Communication.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll () MOD - C:\Program Files (x86)\Belkin\F7D4101\V1\PBN.exe () MOD - C:\Programme\Alienware\Command Center\AlienFusionDomain.dll () MOD - C:\Programme\Alienware\Command Center\AlienFusionController.exe () MOD - C:\Program Files (x86)\Belkin\F7D4101\V1\BelkinwcuiDLL.dll () ========== Services (SafeList) ========== SRV:64bit: - (IswSvc) -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe File not found SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirFirewallService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG) SRV - (AntiVirMailService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks) SRV - (WLANBelkinService) -- C:\Program Files (x86)\Belkin\F7D4101\V1\wlansrv.exe () SRV - (DAUpdaterSvc) -- C:\Dragon Age\bin_ship\daupdatersvc.service.exe (BioWare) SRV - (AlienFusionService) -- C:\Programme\Alienware\Command Center\AlienFusionService.exe (Alienware) SRV - (XTUService) -- C:\Program Files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe (Intel Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (IAANTMON) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) SRV - (AERTFilters) -- C:\Programme\Realtek\Audio\HDA\AERTSr64.exe (Andrea Electronics Corporation) SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) SRV - (IJPLMSVC) -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE () ========== Driver Services (SafeList) ========== DRV:64bit: - (ISWKL) -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys File not found DRV:64bit: - (avfwot) -- C:\Windows\SysNative\drivers\avfwot.sys (Avira GmbH) DRV:64bit: - (avfwim) -- C:\Windows\SysNative\drivers\avfwim.sys (Avira GmbH) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (AWOPFilterDriver) -- C:\Windows\SysNative\drivers\AWOPFilterDriver.sys () DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys () DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys () DRV:64bit: - (BCMH43XX) -- C:\Windows\SysNative\drivers\bcmwlhigh564.sys (Broadcom Corporation) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV:64bit: - (SI3132) -- C:\Windows\SysNative\drivers\SI3132.sys (Silicon Image, Inc) DRV:64bit: - (SiFilter) -- C:\Windows\SysNative\drivers\SiWinAcc.sys (Silicon Image, Inc) DRV:64bit: - (SiRemFil) -- C:\Windows\SysNative\drivers\SiRemFil.sys (Silicon Image, Inc) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (smbusp) -- C:\Windows\SysNative\drivers\intelsmb.sys (Intel Corporation) DRV:64bit: - (Blfp) -- C:\Windows\SysNative\drivers\basp.sys (Broadcom Corporation) DRV:64bit: - (acedrv11) -- C:\Windows\SysNative\drivers\acedrv11.sys (Protect Software GmbH) DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (IOCBIOS) -- C:\ProgramData\Intel\Extreme Tuning Utility\IOCbios\64bit\iOCbios.sys (Intel Corporation) DRV - ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}) -- c:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl (CyberLink Corp.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3298486900-1751861136-877735410-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://support.alienware.com [binary data] IE - HKU\S-1-5-21-3298486900-1751861136-877735410-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-3298486900-1751861136-877735410-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-21-3298486900-1751861136-877735410-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3298486900-1751861136-877735410-1000\..\SearchScopes\{57FEA219-F77E-4D8F-BBBF-74C3C6F4108C}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=39EBBF6C-D99A-4A24-A3CD-2B7C94F5A45F&apn_sauid=4F91A191-E256-45FD-85AD-2B5B98174300 IE - HKU\S-1-5-21-3298486900-1751861136-877735410-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SUNC_deDE358 IE - HKU\S-1-5-21-3298486900-1751861136-877735410-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.) FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll File not found FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker ========== Chrome ========== CHR - homepage: hxxp://www.google.com/ CHR - homepage: hxxp://www.google.com/ CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: NPCIG.dll (Enabled) = C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 7 U10 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility for IJ (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL CHR - plugin: Java Deployment Toolkit 7.0.100.18 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll O1 HOSTS File: ([2013.02.14 19:21:22 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3:64bit: - HKU\S-1-5-21-3298486900-1751861136-877735410-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKU\S-1-5-21-3298486900-1751861136-877735410-1000\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found O3 - HKU\S-1-5-21-3298486900-1751861136-877735410-1000\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found O4:64bit: - HKLM..\Run: [AlienFX Controller] C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe (Alienware Corporation) O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden" File not found O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe File not found O4:64bit: - HKLM..\Run: [Thermal Controller] C:\Program Files\Alienware\Command Center\ThermalController.exe (Alienware Corp.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BDRegion] c:\Program Files (x86)\Cyberlink\Shared Files\brs.exe (cyberlink) O4 - HKLM..\Run: [PDVD8LanguageShortcut] c:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.) O4 - HKLM..\Run: [RemoteControl8] c:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3298486900-1751861136-877735410-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3298486900-1751861136-877735410-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab (Java Plug-in 10.13.2) O16 - DPF: {CAFEEFAC-0017-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab (Java Plug-in 1.7.0_13) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab (Java Plug-in 1.7.0_13) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{787314A1-2B24-4861-8134-B583E6FC6B01}: DhcpNameServer = 192.168.2.1 O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.02.15 12:14:16 | 000,000,000 | R--D | C] -- C:\Users\Hugomatic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8 [2013.02.14 19:54:38 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.02.14 19:22:42 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013.02.14 19:16:28 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.02.14 19:16:28 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.02.14 19:16:28 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.02.14 19:16:26 | 000,000,000 | ---D | C] -- C:\ComboFix [2013.02.14 19:16:25 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.02.14 19:16:17 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.02.14 10:54:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe [2013.02.14 10:54:31 | 000,000,000 | ---D | C] -- C:\Config.Msi [2013.02.14 08:49:52 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013.02.14 08:49:51 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.02.14 08:49:51 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.02.13 17:31:06 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.02.13 17:31:06 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.02.13 17:31:05 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.02.13 17:31:05 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.02.13 17:31:05 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.02.13 17:31:05 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.02.13 17:31:05 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.02.13 17:31:05 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.02.13 17:31:04 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.02.13 17:31:04 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.02.13 17:31:04 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.02.13 17:31:03 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.02.13 17:31:02 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.02.13 17:31:02 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.02.13 17:31:02 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.02.13 14:00:58 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013.02.13 14:00:57 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2013.02.13 14:00:56 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2013.02.13 14:00:50 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2013.02.13 14:00:50 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2013.02.13 14:00:50 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2013.02.13 14:00:49 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2013.02.13 14:00:49 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2013.02.13 14:00:49 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2013.02.13 14:00:48 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS [2013.02.13 11:25:59 | 000,000,000 | ---D | C] -- C:\Logs [2013.02.13 10:24:35 | 000,000,000 | ---D | C] -- C:\Users\Hugomatic\AppData\Roaming\Malwarebytes [2013.02.13 10:24:01 | 000,000,000 | ---D | C] -- C:\Users\Hugomatic\AppData\Local\Programs [2013.02.12 17:37:11 | 005,032,798 | R--- | C] (Swearware) -- C:\Users\Hugomatic\Desktop\ComboFix.exe [2013.02.12 17:21:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.02.12 17:21:29 | 000,000,000 | ---D | C] -- C:\Users\Hugomatic\Desktop\mbar [2013.02.03 13:10:21 | 000,000,000 | ---D | C] -- C:\Users\Hugomatic\.pdfsam [2013.02.03 13:07:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Split And Merge Basic [2013.02.03 13:07:20 | 000,000,000 | ---D | C] -- C:\Program Files\PDF Split And Merge Basic [2013.02.02 16:45:27 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.02.15 12:26:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.02.15 12:22:22 | 000,014,032 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.02.15 12:22:22 | 000,014,032 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.02.15 12:14:14 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.02.15 12:14:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.02.15 12:13:59 | 529,731,583 | -HS- | M] () -- C:\hiberfil.sys [2013.02.14 22:06:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.02.14 19:21:22 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013.02.14 19:16:08 | 005,032,798 | R--- | M] (Swearware) -- C:\Users\Hugomatic\Desktop\ComboFix.exe [2013.02.14 11:03:12 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.02.14 11:03:12 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.02.14 10:54:53 | 000,002,021 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2013.02.14 08:36:04 | 000,292,664 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.02.13 17:33:31 | 001,548,796 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.02.13 17:33:31 | 000,664,618 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.02.13 17:33:31 | 000,624,800 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.02.13 17:33:31 | 000,134,786 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.02.13 17:33:31 | 000,110,438 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.02.13 11:32:48 | 000,000,000 | ---- | M] () -- C:\Users\Hugomatic\defogger_reenable [2013.02.12 17:43:21 | 000,034,875 | ---- | M] () -- C:\Users\Hugomatic\Documents\combofix.odt [2013.02.02 16:45:24 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.02.02 16:45:23 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npdeployJava1.dll [2013.02.02 16:45:23 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2013.02.02 16:45:23 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013.02.02 16:45:23 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.02.02 16:45:23 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.02.02 16:22:10 | 000,002,185 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.02.14 19:16:28 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.02.14 19:16:28 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.02.14 19:16:28 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.02.14 19:16:28 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.02.14 19:16:28 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.02.14 10:54:53 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk [2013.02.14 10:54:53 | 000,002,021 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2013.02.13 11:32:48 | 000,000,000 | ---- | C] () -- C:\Users\Hugomatic\defogger_reenable [2013.02.12 17:43:19 | 000,034,875 | ---- | C] () -- C:\Users\Hugomatic\Documents\combofix.odt [2012.09.10 13:03:38 | 004,129,378 | ---- | C] () -- C:\Users\Hugomatic\ProStation Manual.pdf [2012.04.06 02:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.04.06 02:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.07.24 11:29:05 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat [2011.07.24 11:29:05 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat [2011.06.30 17:16:54 | 000,007,607 | ---- | C] () -- C:\Users\Hugomatic\AppData\Local\Resmon.ResmonCfg [2010.02.18 18:08:37 | 000,000,097 | ---- | C] () -- C:\Users\Hugomatic\AppData\Local\fusioncache.dat ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > Code:
ATTFilter OTL Extras logfile created on: 15.02.2013 12:30:44 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Hugomatic\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
5,99 Gb Total Physical Memory | 4,43 Gb Available Physical Memory | 73,97% Memory free
11,98 Gb Paging File | 9,97 Gb Available in Paging File | 83,25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 457,04 Gb Total Space | 201,33 Gb Free Space | 44,05% Space Free | Partition Type: NTFS
Computer Name: HUGOMATIC-PC | User Name: Hugomatic | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00FE80F0-1DCB-4434-A071-B24CBB9C96C9}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrsp.exe |
"{038164F5-F02D-4BED-8A32-59DEF920335A}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe |
"{09E79B72-08FF-4913-885F-639105320E43}" = protocol=6 | dir=in | app=c:\program files (x86)\reality pump\two worlds ii\twoworlds2.exe |
"{0FADFCAE-7A0C-4BCC-B0FE-5E18152A6B44}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\uplaybrowser.exe |
"{1680D63B-07D6-4F25-A340-449681A23D12}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbsp.exe |
"{1A36B73D-2986-49CE-8DDE-EB263103856A}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd8\powerdvd8.exe |
"{1E066D5D-DA62-462C-B710-320764406034}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe |
"{1EBCA0DD-BAF1-4DEC-9987-BCB994C39051}" = protocol=6 | dir=in | app=c:\dragon age\daoriginslauncher.exe |
"{20D42473-B6F8-4890-8C0D-1265A4A6D746}" = protocol=6 | dir=in | app=c:\dragon age\bin_ship\daupdatersvc.service.exe |
"{24DA52CB-20DC-4872-88CE-A70A41E54883}" = protocol=17 | dir=in | app=c:\windows\syswow64\zonelabs\vsmon.exe |
"{25A2D7E8-5030-4E56-B46C-5FB180A6D430}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrsp.exe |
"{29C61B44-0F92-48D1-899B-830EA6020E85}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{2BDED0D1-EBC2-4FB7-B63A-D918575E9D69}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreedii.exe |
"{2C34BDFF-9C8F-421F-9D70-11F52E727A38}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysis.exe |
"{2E2E38E6-0503-448F-9626-360CBBFAA46D}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{31321D17-93EB-49C3-B148-3E4D7BCC857A}" = protocol=17 | dir=in | app=c:\program files (x86)\deep silver\sacred 2 - gold\system\sacred2.exe |
"{351E8D68-0BD1-454D-8505-1F303D74BE45}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\assassinscreedrevelations.exe |
"{35A3D5DF-405B-487F-93D2-C3C1DBAFC4B1}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysisdedicatedserver.exe |
"{3BCD4BEE-D4D7-4648-AB69-0DB3651FF166}" = protocol=6 | dir=in | app=c:\dragon age\bin_ship\daorigins.exe |
"{4BB1AE14-1D84-427D-A937-0FC8678EEE9A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{4C85BDD2-0D82-41F8-9305-A433A96896A2}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis.exe |
"{541EBEC0-7EF1-47F2-8368-9E57A9664E04}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{566C9EF0-FC8D-45CF-9512-46F6F4BC24F1}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{5975A1D8-D1B3-4FB8-BB23-B790A48C1A02}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{6787D9C8-8B05-4C03-94BA-90C2EF1AF564}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{6B3ABD99-5823-4D03-8FE6-90D7EBD59497}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreedii.exe |
"{747E2F9E-DFC4-4713-9EC1-E9D27AEAE66D}" = protocol=6 | dir=in | app=c:\program files (x86)\unreal tournament 3 (lg)\binaries\ut3.exe |
"{7C2E5ED5-10CF-4D26-8932-919FB9DEADA0}" = protocol=17 | dir=in | app=c:\dragon age\bin_ship\daorigins.exe |
"{7CD53D4D-E043-4BE7-AD9C-84D1D26F7165}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\assassinscreedbrotherhood.exe |
"{7F16A3D2-2126-4A2A-8D75-44A3691EDB7E}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrmp.exe |
"{80F546B4-0A9C-4129-A5B9-B87B2BA73997}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreediigame.exe |
"{8A9F476D-53ED-427F-9AAA-A9A2470AB342}" = protocol=6 | dir=in | app=c:\program files (x86)\deep silver\sacred 2 - gold\system\sacred2.exe |
"{8E70EE16-6945-474E-BECE-D624268EE510}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbmp.exe |
"{90FB8D19-9B31-4BB3-B511-67FFF8DC98AA}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\uplaybrowser.exe |
"{92AF711C-CCA8-45F8-887A-C083A6B256DF}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\assassinscreedbrotherhood.exe |
"{9C715D5C-D04C-4D59-B274-88E538BB1112}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{9F3B501C-5018-4A36-9B3F-60C19F6B0551}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{A1A35A1B-2DFE-4677-8BDE-176498E3CF3F}" = protocol=6 | dir=in | app=c:\program files (x86)\deep silver\sacred 2 - gold\system\s2gs.exe |
"{A24300E5-F2B2-4520-8003-AB4989926DA1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{A5A50408-D708-4DFA-A69A-085C60D11860}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{ADB92EC1-3DFF-4265-BBBC-744EA4E67D44}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbsp.exe |
"{B3DD45FD-49CB-492B-9B7A-AF8A5DE8F3C8}" = protocol=17 | dir=in | app=c:\windows\syswow64\zonelabs\vsmon.exe |
"{BDEE0490-78EF-426B-9DCF-98CC87C988BE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{C1E53C6C-6C8A-443C-9E59-1A303913D10F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{C23F5C61-E714-4E86-987E-C1C3C0B47572}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrmp.exe |
"{C528B8CC-2716-4191-94EE-328CD78B8969}" = protocol=6 | dir=in | app=c:\windows\syswow64\zonelabs\vsmon.exe |
"{C57DD692-31BF-4FE8-BAF0-470EE31CC575}" = protocol=17 | dir=in | app=c:\dragon age\daoriginslauncher.exe |
"{C5FBFD34-4A62-45A9-A3E3-2B12C1F64491}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis.exe |
"{C699DD47-34A4-46E5-8E8C-139335AA449C}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreediigame.exe |
"{C9FB4CB7-62B4-406A-BBFE-5BF04DB8694C}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\assassinscreedrevelations.exe |
"{CBC335B8-DFEA-4F73-B01A-6D9C258C9B1D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{CBFA15B1-4526-487C-9E7A-97164ED4E920}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{CED8196E-C321-4109-8AC0-F4091C4F84FA}" = protocol=6 | dir=in | app=c:\windows\syswow64\zonelabs\vsmon.exe |
"{D41DE1CF-E958-4838-8BEC-83738F6E1205}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{D764A164-761E-4B99-9C27-8C3F7EABD167}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{D76BC965-6156-4D41-A760-613E3159B546}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{DB193F07-BEC1-4FE0-8BE8-8D7B9C639E72}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\uplaybrowser.exe |
"{DB1D4A78-596E-40FA-9653-F6BD5C91B85D}" = protocol=17 | dir=in | app=c:\dragon age\bin_ship\daupdatersvc.service.exe |
"{DB2219D0-C483-487C-A56A-776EB735D072}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\uplaybrowser.exe |
"{DFDD853A-4F4E-466E-9F3F-000F2E614EBB}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysis.exe |
"{E1B0B810-C1B6-41B5-8374-3C7A201E0CAE}" = protocol=17 | dir=in | app=c:\program files (x86)\reality pump\two worlds ii\twoworlds2.exe |
"{E1DF79F8-6374-4758-9707-7C138BC0F484}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{E4C465C6-4124-400F-BA8B-9C4C16E4D6C7}" = protocol=17 | dir=in | app=c:\program files (x86)\deep silver\sacred 2 - gold\system\s2gs.exe |
"{E581981C-05E2-4CC1-B670-D26DC6E95C2C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{E608582A-34AB-425F-9640-6E08315FF407}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{E66E66CC-024B-44FB-A069-EE71265C44A8}" = protocol=17 | dir=in | app=c:\program files (x86)\unreal tournament 3 (lg)\binaries\ut3.exe |
"{E910728F-F2D6-4877-8D55-17159716557F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{F2149C7F-2987-4A0B-A56C-1619EDCC3DB4}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbmp.exe |
"{F79FC874-B686-4715-8B7A-09E621028FC5}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysisdedicatedserver.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP610_series" = Canon MP610 series
"{2E98C5B7-D64C-4D7E-BFC3-A7D078569F28}" = Broadcom NetXtreme-I Netlink Driver and Management Installer
"{35FBBE37-D205-B85B-A072-F306AF0DA6AB}" = ccc-utility64
"{5831C6D6-309D-DBB5-14F7-FEE57086CEE7}" = AMD Catalyst Install Manager
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{9B9DBB81-1F48-48B0-8CB3-051311DC73F7}" = Adobe Photoshop Lightroom 2.7 64-bit
"{AE1E0DFB-A3D9-451C-AA7F-46FD390400D4}" = Command Center
"{C91B24F6-1629-11E2-B696-21676188709B}" = PDF Split And Merge Basic
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CanonMyPrinter" = Canon My Printer
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SMBus" = Intel(R) SMBus
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{01F7C7DB-3112-5099-C9E7-DD287AE5CD34}" = CCC Help Greek
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0A957041-A0D3-8227-0B1C-34A0B9B4BCE9}" = Catalyst Control Center Graphics Full New
"{0EC66655-20A4-DC5F-3145-B60C54F1BEDC}" = Catalyst Control Center Localization All
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}" = Risen
"{1633A40C-B60C-54A8-79EC-1D83F24F3102}" = CCC Help Russian
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1D824414-EEA0-8288-A694-ADB2C96C2420}" = Catalyst Control Center Graphics Light
"{1E897CA6-5DA8-449D-5F0F-64473BCF7A92}" = CCC Help Dutch
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool Help
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{30204391-70DE-706C-1907-50E0CEEEE763}" = CCC Help Spanish
"{33A22B2D-55BA-4508-B767-BF2E9C21A73F}" = Assassin's Creed Revelations 1.03
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{34E1B3D3-D636-3D6A-8089-CD055365A84D}" = CCC Help Danish
"{368ba326-73ad-4351-84ed-3c0a7a52cc53}" = Nero Rescue Agent
"{481BD864-726E-2B54-1F55-26623C47B9F4}" = CCC Help Finnish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B271648-43CB-DD31-FF24-E7B06D3EE72A}" = Catalyst Control Center InstallProxy
"{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}" = OpenOffice.org 3.4
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5FF85B8C-4BE5-99FA-895A-7876E3279C0B}" = Catalyst Control Center InstallProxy
"{61CF87C1-172B-3594-0504-69AEB723C61B}" = Catalyst Control Center Graphics Full Existing
"{62ac81f6-bdd3-4110-9d36-3e9eaab40999}" = Nero CoverDesigner
"{62AE603D-5599-C19C-1FD6-457B803E86A3}" = Skins
"{62EA3947-00F0-CD3C-B4F1-409D03353E8C}" = CCC Help Norwegian
"{66896432-C843-3937-AFC5-9A753F2ACE55}" = Catalyst Control Center Core Implementation
"{6B388EFD-35DF-AB18-37B6-498784F38C92}" = CCC Help Hungarian
"{6DB66382-0C4E-FEA5-F6B9-037714E7D695}" = CCC Help Chinese Traditional
"{72198521-36AE-472E-EDC1-36E9E66EF706}" = CCC Help Portuguese
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72B59E5A-CF45-4528-8227-7EDF5EC772BE}" = Intel Extreme Tuning Utility
"{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD(R)
"{74cc0977-aec9-4d27-8883-888baff04160}" = Nero 9 Essentials
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights
"{818395BC-8C56-9DBB-06DB-7A5C4FAA1EAA}" = CCC Help Polish
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8402C81C-7202-B07E-E556-5DCF9C91A37A}" = CCC Help Italian
"{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{88E62BD7-A532-48F6-8428-D949BB93A2D7}" = Play Wireless USB Adapter
"{8C87ECBD-9B68-ABA9-9EB0-2545C2746C3B}" = CCC Help Turkish
"{91A9CEFA-1506-B9BA-1663-1205B55BC51C}" = CCC Help French
"{91EE7DC4-F14A-4A98-B6A9-D2851D9EA213}" = CCC Help English
"{9685F3F9-5581-07A7-90B7-CFF046694FCA}" = CCC Help Swedish
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A69D7B32-2BE9-42BF-B576-69B5E0FF7394}" = Catalyst Control Center - Branding
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A933D9C3-56EF-68F4-BECA-05BE7337918F}" = CCC Help German
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.01) - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{BCBDC685-EF9F-FE17-A5B7-FAD72A41997B}" = CCC Help Japanese
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{BE4BA698-8533-4F77-9559-C7F3F78C0B05}" = Assassin's Creed Brotherhood
"{C20FF6AA-1CE7-ABC5-6B74-2D644731E3D2}" = CCC Help Thai
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed Help
"{ce96f5a5-584d-4f8f-aa3e-9baed413db72}" = Nero CoverDesigner Help
"{D4E45F96-61E5-0C00-8972-228B9BFFB091}" = Catalyst Control Center Graphics Previews Vista
"{D5A9DA4B-E4F9-FB49-017D-769FC540F1F0}" = EA Download Manager UI
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{E26B007E-4F63-6F24-D440-2A509A89C00E}" = Catalyst Control Center Graphics Previews Common
"{E4EE40C4-29E4-D860-78C0-72B9B29C4184}" = CCC Help Czech
"{E56B8E1D-8E90-46DC-AE55-EBA87ED69A5F}" = WHS ProStation
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed Help
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EC79D1A6-1D7D-B7A3-B113-1591E6CA78DF}" = CCC Help Korean
"{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B}" = The Witcher 2
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F12614C4-BF95-57EC-BFB3-04F934A8ED8A}" = ccc-core-static
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{f6bdd7c5-89ed-4569-9318-469aa9732572}" = Nero BurnRights Help
"{FA5D0718-40E2-7FEE-BB9B-028162A7B2FC}" = CCC Help Chinese Standard
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Avira AntiVir Desktop" = Avira Internet Security 2012
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"Canon MP610 series Benutzerregistrierung" = Canon MP610 series Benutzerregistrierung
"CANONIJPLM100" = PIXMA Extended Survey Program
"CanonSolutionMenu" = Canon Utilities Solution Menu
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"Crysis WARHEAD(R)" = Crysis WARHEAD(R)
"Diablo III" = Diablo III
"DPP" = Canon Utilities Digital Photo Professional 3.9
"Drakensang_is1" = Drakensang
"Drakensang_TRoT_is1" = Drakensang - Am Fluss der Zeit
"EA Download Manager" = EA Download Manager
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"EOS Utility" = Canon Utilities EOS Utility
"Google Chrome" = Google Chrome
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{72B59E5A-CF45-4528-8227-7EDF5EC772BE}" = Intel Extreme Tuning Utility
"InstallShield_{88E62BD7-A532-48F6-8428-D949BB93A2D7}" = Play Wireless USB Adapter
"InstallShield_{AE1E0DFB-A3D9-451C-AA7F-46FD390400D4}" = Command Center
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"MyCamera Download Plugin" = CANON iMAGE GATEWAY MyCamera Download Plugin
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"PunkBusterSvc" = PunkBuster Services
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Two Worlds II" = Two Worlds II
"WFTK" = Canon Utilities WFT Utility
"World of Warcraft" = World of Warcraft
"YTdetect" = Yahoo! Detect
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3298486900-1751861136-877735410-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 5.1.0.880
"InstallShield_{E56B8E1D-8E90-46DC-AE55-EBA87ED69A5F}" = WHS ProStation
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 12.02.2013 11:51:55 | Computer Name = Hugomatic-PC | Source = XTUservice | ID = 0
Description = ------------------------------------------------------------------------------
2013-02-12,
16:51:55.1197035 : Error : Unhandled exception detected while executing virtual
device command response.: CDV(READ_ITEM_DEFAULT, 370, MEMORY_FREQUENCY_MONITOR)
: Inputs=[ (HOST_CLOCK_FREQUENCY,133) (MEMORY_MULTIPLIER,) ] := Error calculating
derived value! Calling StackTrace: bei Intel.PerfTune.VirtualDevices.VirtualClockDevice._CalculateDerivedValue(IVirtualDeviceCommandProcessing
vdcmdproc, ItemId derivedItem, IDictionary`2 inputList) bei Intel.PerfTune.VirtualDevices.VirtualClockDevice._DerivedMonitorFinalizeResult(CommandTrackingKey
CompletedItemIdAndEventId, IComparable& FinalizedReturnValue) bei Intel.PerfTune.VirtualDevices.DefaultDerivedMonitorDeviceImplementation._FinalizeDerivedRead(IVirtualDeviceCommandMessage
vdcmdmsg, ErrorTypes status, CommandTrackingKey completedItemIdAndEventId, List`1
errors) bei Intel.PerfTune.VirtualDevices.DefaultDerivedMonitorDeviceImplementation._LoadValueToTrackingDictionary(IVirtualDeviceCommandMessage
sender, EventId currentEvent, ItemId currentItemId, ErrorTypes status, Object valueReturned,
List`1 ErrorInfo) bei Intel.PerfTune.VirtualDevices.DefaultVirtualDeviceImpl._ProcessReadItemDefault(IVirtualDeviceCommandProcessing
cmdMsg) bei Intel.PerfTune.VirtualDevices.DefaultVirtualDeviceImpl._ProcessCommandRequest(IVirtualDeviceCommandProcessing
cmdMsg) bei Intel.PerfTune.VirtualDevices.VirtualDeviceCommandProcessor._VdMessageProcessor()
bei System.Threading.ThreadHelper.ThreadStart_Context(Object state) bei System.Threading.ExecutionContext.Run(ExecutionContext
executionContext, ContextCallback callback, Object state) bei System.Threading.ThreadHelper.ThreadStart()
Error - 13.02.2013 03:04:05 | Computer Name = Hugomatic-PC | Source = XTUservice | ID = 0
Description = ------------------------------------------------------------------------------
2013-02-13,
08:04:05.0924871 : Error : Unhandled exception detected while executing virtual
device command response.: CDV(READ_ITEM_DEFAULT, 370, MEMORY_FREQUENCY_MONITOR)
: Inputs=[ (HOST_CLOCK_FREQUENCY,133) (MEMORY_MULTIPLIER,) ] := Error calculating
derived value! Calling StackTrace: bei Intel.PerfTune.VirtualDevices.VirtualClockDevice._CalculateDerivedValue(IVirtualDeviceCommandProcessing
vdcmdproc, ItemId derivedItem, IDictionary`2 inputList) bei Intel.PerfTune.VirtualDevices.VirtualClockDevice._DerivedMonitorFinalizeResult(CommandTrackingKey
CompletedItemIdAndEventId, IComparable& FinalizedReturnValue) bei Intel.PerfTune.VirtualDevices.DefaultDerivedMonitorDeviceImplementation._FinalizeDerivedRead(IVirtualDeviceCommandMessage
vdcmdmsg, ErrorTypes status, CommandTrackingKey completedItemIdAndEventId, List`1
errors) bei Intel.PerfTune.VirtualDevices.DefaultDerivedMonitorDeviceImplementation._LoadValueToTrackingDictionary(IVirtualDeviceCommandMessage
sender, EventId currentEvent, ItemId currentItemId, ErrorTypes status, Object valueReturned,
List`1 ErrorInfo) bei Intel.PerfTune.VirtualDevices.DefaultVirtualDeviceImpl._ProcessReadItemDefault(IVirtualDeviceCommandProcessing
cmdMsg) bei Intel.PerfTune.VirtualDevices.DefaultVirtualDeviceImpl._ProcessCommandRequest(IVirtualDeviceCommandProcessing
cmdMsg) bei Intel.PerfTune.VirtualDevices.VirtualDeviceCommandProcessor._VdMessageProcessor()
bei System.Threading.ThreadHelper.ThreadStart_Context(Object state) bei System.Threading.ExecutionContext.Run(ExecutionContext
executionContext, ContextCallback callback, Object state) bei System.Threading.ThreadHelper.ThreadStart()
Error - 13.02.2013 03:39:29 | Computer Name = Hugomatic-PC | Source = XTUservice | ID = 0
Description = ------------------------------------------------------------------------------
2013-02-13,
08:39:29.0157028 : Error : Unhandled exception detected while executing virtual
device command response.: CDV(READ_ITEM_DEFAULT, 370, MEMORY_FREQUENCY_MONITOR)
: Inputs=[ (HOST_CLOCK_FREQUENCY,133) (MEMORY_MULTIPLIER,) ] := Error calculating
derived value! Calling StackTrace: bei Intel.PerfTune.VirtualDevices.VirtualClockDevice._CalculateDerivedValue(IVirtualDeviceCommandProcessing
vdcmdproc, ItemId derivedItem, IDictionary`2 inputList) bei Intel.PerfTune.VirtualDevices.VirtualClockDevice._DerivedMonitorFinalizeResult(CommandTrackingKey
CompletedItemIdAndEventId, IComparable& FinalizedReturnValue) bei Intel.PerfTune.VirtualDevices.DefaultDerivedMonitorDeviceImplementation._FinalizeDerivedRead(IVirtualDeviceCommandMessage
vdcmdmsg, ErrorTypes status, CommandTrackingKey completedItemIdAndEventId, List`1
errors) bei Intel.PerfTune.VirtualDevices.DefaultDerivedMonitorDeviceImplementation._LoadValueToTrackingDictionary(IVirtualDeviceCommandMessage
sender, EventId currentEvent, ItemId currentItemId, ErrorTypes status, Object valueReturned,
List`1 ErrorInfo) bei Intel.PerfTune.VirtualDevices.DefaultVirtualDeviceImpl._ProcessReadItemDefault(IVirtualDeviceCommandProcessing
cmdMsg) bei Intel.PerfTune.VirtualDevices.DefaultVirtualDeviceImpl._ProcessCommandRequest(IVirtualDeviceCommandProcessing
cmdMsg) bei Intel.PerfTune.VirtualDevices.VirtualDeviceCommandProcessor._VdMessageProcessor()
bei System.Threading.ThreadHelper.ThreadStart_Context(Object state) bei System.Threading.ExecutionContext.Run(ExecutionContext
executionContext, ContextCallback callback, Object state) bei System.Threading.ThreadHelper.ThreadStart()
Error - 13.02.2013 07:00:30 | Computer Name = Hugomatic-PC | Source = XTUservice | ID = 0
Description = ------------------------------------------------------------------------------
2013-02-13,
12:00:30.3764976 : Error : Unhandled exception detected while executing virtual
device command response.: CDV(READ_ITEM_DEFAULT, 370, MEMORY_FREQUENCY_MONITOR)
: Inputs=[ (HOST_CLOCK_FREQUENCY,133) (MEMORY_MULTIPLIER,) ] := Error calculating
derived value! Calling StackTrace: bei Intel.PerfTune.VirtualDevices.VirtualClockDevice._CalculateDerivedValue(IVirtualDeviceCommandProcessing
vdcmdproc, ItemId derivedItem, IDictionary`2 inputList) bei Intel.PerfTune.VirtualDevices.VirtualClockDevice._DerivedMonitorFinalizeResult(CommandTrackingKey
CompletedItemIdAndEventId, IComparable& FinalizedReturnValue) bei Intel.PerfTune.VirtualDevices.DefaultDerivedMonitorDeviceImplementation._FinalizeDerivedRead(IVirtualDeviceCommandMessage
vdcmdmsg, ErrorTypes status, CommandTrackingKey completedItemIdAndEventId, List`1
errors) bei Intel.PerfTune.VirtualDevices.DefaultDerivedMonitorDeviceImplementation._LoadValueToTrackingDictionary(IVirtualDeviceCommandMessage
sender, EventId currentEvent, ItemId currentItemId, ErrorTypes status, Object valueReturned,
List`1 ErrorInfo) bei Intel.PerfTune.VirtualDevices.DefaultVirtualDeviceImpl._ProcessReadItemDefault(IVirtualDeviceCommandProcessing
cmdMsg) bei Intel.PerfTune.VirtualDevices.DefaultVirtualDeviceImpl._ProcessCommandRequest(IVirtualDeviceCommandProcessing
cmdMsg) bei Intel.PerfTune.VirtualDevices.VirtualDeviceCommandProcessor._VdMessageProcessor()
bei System.Threading.ThreadHelper.ThreadStart_Context(Object state) bei System.Threading.ExecutionContext.Run(ExecutionContext
executionContext, ContextCallback callback, Object state) bei System.Threading.ThreadHelper.ThreadStart()
Error - 14.02.2013 03:36:53 | Computer Name = Hugomatic-PC | Source = XTUservice | ID = 0
Description = ------------------------------------------------------------------------------
2013-02-14,
08:36:53.9253676 : Error : Unhandled exception detected while executing virtual
device command response.: CDV(READ_ITEM_DEFAULT, 370, MEMORY_FREQUENCY_MONITOR)
: Inputs=[ (HOST_CLOCK_FREQUENCY,133) (MEMORY_MULTIPLIER,) ] := Error calculating
derived value! Calling StackTrace: bei Intel.PerfTune.VirtualDevices.VirtualClockDevice._CalculateDerivedValue(IVirtualDeviceCommandProcessing
vdcmdproc, ItemId derivedItem, IDictionary`2 inputList) bei Intel.PerfTune.VirtualDevices.VirtualClockDevice._DerivedMonitorFinalizeResult(CommandTrackingKey
CompletedItemIdAndEventId, IComparable& FinalizedReturnValue) bei Intel.PerfTune.VirtualDevices.DefaultDerivedMonitorDeviceImplementation._FinalizeDerivedRead(IVirtualDeviceCommandMessage
vdcmdmsg, ErrorTypes status, CommandTrackingKey completedItemIdAndEventId, List`1
errors) bei Intel.PerfTune.VirtualDevices.DefaultDerivedMonitorDeviceImplementation._LoadValueToTrackingDictionary(IVirtualDeviceCommandMessage
sender, EventId currentEvent, ItemId currentItemId, ErrorTypes status, Object valueReturned,
List`1 ErrorInfo) bei Intel.PerfTune.VirtualDevices.DefaultVirtualDeviceImpl._ProcessReadItemDefault(IVirtualDeviceCommandProcessing
cmdMsg) bei Intel.PerfTune.VirtualDevices.DefaultVirtualDeviceImpl._ProcessCommandRequest(IVirtualDeviceCommandProcessing
cmdMsg) bei Intel.PerfTune.VirtualDevices.VirtualDeviceCommandProcessor._VdMessageProcessor()
bei System.Threading.ThreadHelper.ThreadStart_Context(Object state) bei System.Threading.ExecutionContext.Run(ExecutionContext
executionContext, ContextCallback callback, Object state) bei System.Threading.ThreadHelper.ThreadStart()
Error - 14.02.2013 04:09:52 | Computer Name = Hugomatic-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Hugomatic\AppData\Local\Microsoft\Windows\Temporary
Internet Files\Content.IE5\SZHD8UL3\esetsmartinstaller_enu.exe". Fehler in Manifest-
oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion
steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt
stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 14.02.2013 04:10:40 | Computer Name = Hugomatic-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Hugomatic\AppData\Local\Microsoft\Windows\Temporary
Internet Files\Content.IE5\SZHD8UL3\esetsmartinstaller_enu.exe". Fehler in Manifest-
oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion
steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt
stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 14.02.2013 14:01:28 | Computer Name = Hugomatic-PC | Source = XTUservice | ID = 0
Description = ------------------------------------------------------------------------------
2013-02-14,
19:01:28.7105572 : Error : Unhandled exception detected while executing virtual
device command response.: CDV(READ_ITEM_DEFAULT, 370, MEMORY_FREQUENCY_MONITOR)
: Inputs=[ (HOST_CLOCK_FREQUENCY,133) (MEMORY_MULTIPLIER,) ] := Error calculating
derived value! Calling StackTrace: bei Intel.PerfTune.VirtualDevices.VirtualClockDevice._CalculateDerivedValue(IVirtualDeviceCommandProcessing
vdcmdproc, ItemId derivedItem, IDictionary`2 inputList) bei Intel.PerfTune.VirtualDevices.VirtualClockDevice._DerivedMonitorFinalizeResult(CommandTrackingKey
CompletedItemIdAndEventId, IComparable& FinalizedReturnValue) bei Intel.PerfTune.VirtualDevices.DefaultDerivedMonitorDeviceImplementation._FinalizeDerivedRead(IVirtualDeviceCommandMessage
vdcmdmsg, ErrorTypes status, CommandTrackingKey completedItemIdAndEventId, List`1
errors) bei Intel.PerfTune.VirtualDevices.DefaultDerivedMonitorDeviceImplementation._LoadValueToTrackingDictionary(IVirtualDeviceCommandMessage
sender, EventId currentEvent, ItemId currentItemId, ErrorTypes status, Object valueReturned,
List`1 ErrorInfo) bei Intel.PerfTune.VirtualDevices.DefaultVirtualDeviceImpl._ProcessReadItemDefault(IVirtualDeviceCommandProcessing
cmdMsg) bei Intel.PerfTune.VirtualDevices.DefaultVirtualDeviceImpl._ProcessCommandRequest(IVirtualDeviceCommandProcessing
cmdMsg) bei Intel.PerfTune.VirtualDevices.VirtualDeviceCommandProcessor._VdMessageProcessor()
bei System.Threading.ThreadHelper.ThreadStart_Context(Object state) bei System.Threading.ExecutionContext.Run(ExecutionContext
executionContext, ContextCallback callback, Object state) bei System.Threading.ThreadHelper.ThreadStart()
Error - 15.02.2013 04:16:36 | Computer Name = Hugomatic-PC | Source = XTUservice | ID = 0
Description = ------------------------------------------------------------------------------
2013-02-15,
09:16:36.9705591 : Error : Unhandled exception detected while executing virtual
device command response.: CDV(READ_ITEM_DEFAULT, 370, MEMORY_FREQUENCY_MONITOR)
: Inputs=[ (HOST_CLOCK_FREQUENCY,133) (MEMORY_MULTIPLIER,) ] := Error calculating
derived value! Calling StackTrace: bei Intel.PerfTune.VirtualDevices.VirtualClockDevice._CalculateDerivedValue(IVirtualDeviceCommandProcessing
vdcmdproc, ItemId derivedItem, IDictionary`2 inputList) bei Intel.PerfTune.VirtualDevices.VirtualClockDevice._DerivedMonitorFinalizeResult(CommandTrackingKey
CompletedItemIdAndEventId, IComparable& FinalizedReturnValue) bei Intel.PerfTune.VirtualDevices.DefaultDerivedMonitorDeviceImplementation._FinalizeDerivedRead(IVirtualDeviceCommandMessage
vdcmdmsg, ErrorTypes status, CommandTrackingKey completedItemIdAndEventId, List`1
errors) bei Intel.PerfTune.VirtualDevices.DefaultDerivedMonitorDeviceImplementation._LoadValueToTrackingDictionary(IVirtualDeviceCommandMessage
sender, EventId currentEvent, ItemId currentItemId, ErrorTypes status, Object valueReturned,
List`1 ErrorInfo) bei Intel.PerfTune.VirtualDevices.DefaultVirtualDeviceImpl._ProcessReadItemDefault(IVirtualDeviceCommandProcessing
cmdMsg) bei Intel.PerfTune.VirtualDevices.DefaultVirtualDeviceImpl._ProcessCommandRequest(IVirtualDeviceCommandProcessing
cmdMsg) bei Intel.PerfTune.VirtualDevices.VirtualDeviceCommandProcessor._VdMessageProcessor()
bei System.Threading.ThreadHelper.ThreadStart_Context(Object state) bei System.Threading.ExecutionContext.Run(ExecutionContext
executionContext, ContextCallback callback, Object state) bei System.Threading.ThreadHelper.ThreadStart()
Error - 15.02.2013 07:15:15 | Computer Name = Hugomatic-PC | Source = XTUservice | ID = 0
Description = ------------------------------------------------------------------------------
2013-02-15,
12:15:15.0304078 : Error : Unhandled exception detected while executing virtual
device command response.: CDV(READ_ITEM_DEFAULT, 370, MEMORY_FREQUENCY_MONITOR)
: Inputs=[ (HOST_CLOCK_FREQUENCY,133) (MEMORY_MULTIPLIER,) ] := Error calculating
derived value! Calling StackTrace: bei Intel.PerfTune.VirtualDevices.VirtualClockDevice._CalculateDerivedValue(IVirtualDeviceCommandProcessing
vdcmdproc, ItemId derivedItem, IDictionary`2 inputList) bei Intel.PerfTune.VirtualDevices.VirtualClockDevice._DerivedMonitorFinalizeResult(CommandTrackingKey
CompletedItemIdAndEventId, IComparable& FinalizedReturnValue) bei Intel.PerfTune.VirtualDevices.DefaultDerivedMonitorDeviceImplementation._FinalizeDerivedRead(IVirtualDeviceCommandMessage
vdcmdmsg, ErrorTypes status, CommandTrackingKey completedItemIdAndEventId, List`1
errors) bei Intel.PerfTune.VirtualDevices.DefaultDerivedMonitorDeviceImplementation._LoadValueToTrackingDictionary(IVirtualDeviceCommandMessage
sender, EventId currentEvent, ItemId currentItemId, ErrorTypes status, Object valueReturned,
List`1 ErrorInfo) bei Intel.PerfTune.VirtualDevices.DefaultVirtualDeviceImpl._ProcessReadItemDefault(IVirtualDeviceCommandProcessing
cmdMsg) bei Intel.PerfTune.VirtualDevices.DefaultVirtualDeviceImpl._ProcessCommandRequest(IVirtualDeviceCommandProcessing
cmdMsg) bei Intel.PerfTune.VirtualDevices.VirtualDeviceCommandProcessor._VdMessageProcessor()
bei System.Threading.ThreadHelper.ThreadStart_Context(Object state) bei System.Threading.ExecutionContext.Run(ExecutionContext
executionContext, ContextCallback callback, Object state) bei System.Threading.ThreadHelper.ThreadStart()
[ System Events ]
Error - 15.02.2013 04:15:21 | Computer Name = Hugomatic-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "ZoneAlarm Toolbar ISWKL" wurde aufgrund folgenden Fehlers
nicht gestartet: %%3
Error - 15.02.2013 04:15:21 | Computer Name = Hugomatic-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "ZoneAlarm Toolbar IswSvc" ist vom Dienst "ZoneAlarm Toolbar
ISWKL" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%3
Error - 15.02.2013 04:15:55 | Computer Name = Hugomatic-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Alienware Fusion Service erreicht.
Error - 15.02.2013 04:15:55 | Computer Name = Hugomatic-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Alienware Fusion Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 15.02.2013 04:15:55 | Computer Name = Hugomatic-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Belkin WLAN service erreicht.
Error - 15.02.2013 04:15:55 | Computer Name = Hugomatic-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Belkin WLAN service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 15.02.2013 07:14:05 | Computer Name = Hugomatic-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "ZoneAlarm Toolbar ISWKL" wurde aufgrund folgenden Fehlers
nicht gestartet: %%3
Error - 15.02.2013 07:14:05 | Computer Name = Hugomatic-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "ZoneAlarm Toolbar IswSvc" ist vom Dienst "ZoneAlarm Toolbar
ISWKL" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%3
Error - 15.02.2013 07:14:20 | Computer Name = Hugomatic-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Belkin WLAN service erreicht.
Error - 15.02.2013 07:14:20 | Computer Name = Hugomatic-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Belkin WLAN service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
< End of report >
|
|
15.02.2013, 13:10
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Java/Treams.JO in Quarantäne, PC wieder sicher? Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.02.2013, 17:08
| #9 |
| | Java/Treams.JO in Quarantäne, PC wieder sicher? Hier die beiden Logs. Malwarebytes: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.02.15.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Hugomatic :: HUGOMATIC-PC [Administrator] Schutz: Deaktiviert 15.02.2013 15:27:20 mbam-log-2013-02-15 (15-27-20).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 225987 Laufzeit: 1 Minute(n), 8 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) ESET: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=eac0cf4278578f42816bfb52b76bbbc5
# engine=13163
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-02-15 03:51:35
# local_time=2013-02-15 04:51:35 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1801 16775165 100 99 13172 24116148 2397 0
# compatibility_mode=5893 16776574 100 94 41378270 112573345 0 0
# scanned=173358
# found=0
# cleaned=0
# scan_time=4143
|
|
16.02.2013, 14:49
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Java/Treams.JO in Quarantäne, PC wieder sicher? Sieht soweit ok aus Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
18.02.2013, 15:00
| #11 |
| | Java/Treams.JO in Quarantäne, PC wieder sicher? Hallo Cosinus, weitere Funde habe ich nicht. Was mich allerdings wundert ist, dass während dieser ganzen Scannerei meine versteckten Ordner u. Dateien sich immer wieder mal verstecken und ich sie neu anzeigen lassen muss. Ist das ein Effekt von OTL oder irgendeinem anderen der hier verwendeten Programme? Viele Grüße |
|
20.02.2013, 00:41
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Java/Treams.JO in Quarantäne, PC wieder sicher? Siehe http://www.trojaner-board.de/59624-a...-sichtbar.html Dann wären wir durch!  Die Programme, die hier zum Einsatz kamen, können alle wieder runter. Combofix entfernen (nur relevant wenn es hier benutzt wurde!) : Start/Ausführen (Tastenkombination WIN+R), dort den Befehl combofix /uninstall eintippen und ausführen Mit Hilfe von OTL kannst du auch viele andere Tools entfernen: Starte dazu einfach OTL und klicke auf Bereinigung. Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen. Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken. Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden. Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern. Microsoftupdate Windows XP:Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren. Windows Vista/7: Start, Systemsteuerung, Windows-Update PDF-Reader aktualisieren Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast) Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader. Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers: Prüfen => Adobe - Flash Player Downloadlinks findest du hier => Browsers and Plugins - FilePony.de Alle Plugins im Firefox-Browser kannst du auch ganz einfach hier auf Aktualität prüfen => https://www.mozilla.org/de/plugincheck Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind. Java-Update Veraltete Java-Installationen sind ein großes Sicherheitsrisiko, daher solltest Du die alten Versionen deinstallieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software (bzw. Programme und Funktionen) und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
20.02.2013, 10:26
| #13 |
| | Java/Treams.JO in Quarantäne, PC wieder sicher? Hallo Cosinus, wie man die Ordner sichtbar macht ist mir schon klar, ich habe mich nur gewundert und gefragt ob einer der vielen hier verwendeten Scanner die Einstellungen quasi auf die Standardwerte zurücksetzt (und nicht der böse versteckte Datei-verstecker-Virus  ). Edith: OK, es ist OTLVielen Dank auf jeden Fall für deine Hilfe, ich habe einige neue Programme und sonstige hilfreiche und sicherheitsrelevante Dinge kennengelernt. Meinen Respekt vor eurer Arbeit hier im Forum, hätte bei der Masse an Themen fast erwartet, dass ich irgendwo untergehe. Viele Grüße Geändert von Hugomatic (20.02.2013 um 10:39 Uhr) |
|
| Themen zu Java/Treams.JO in Quarantäne, PC wieder sicher? |
| antivir, appdatalow, aswmbr, autorun, avira, bho, browser, canon, desktop, error, februar 2013, firefox, flash player, frage, google, helper, homepage, iexplore.exe, install.exe, internet, internet browser, logfile, neu aufsetzen, object, plug-in, programm, realtek, registrierungsdatenbank, registry, rundll, security, software, virus, windows |
Linear-Darstellung
