Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Ordner auf externer Festplatte nur noch als Verknüpfungen

Ordner auf externer Festplatte nur noch als Verknüpfungen


Plagegeister aller Art und deren Bekämpfung: Ordner auf externer Festplatte nur noch als Verknüpfungen

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Seite 2 von 2 1 2
Alt 06.05.2013, 15:46   #16
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Ordner auf externer Festplatte nur noch als Verknüpfungen - Standard

Ordner auf externer Festplatte nur noch als Verknüpfungen


aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).




TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 06.05.2013, 18:18   #17
kleinerrek
 
Ordner auf externer Festplatte nur noch als Verknüpfungen - Standard

Ordner auf externer Festplatte nur noch als Verknüpfungen


Hier die beiden Logs...

Code:
ATTFilter
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-05-06 17:30:57
-----------------------------
17:30:57.451    OS Version: Windows x64 6.1.7600 
17:30:57.451    Number of processors: 2 586 0x603
17:30:57.451    ComputerName: USER-HP  UserName: user
17:30:58.559    Initialize success
17:31:29.587    AVAST engine defs: 13050501
17:31:59.148    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
17:31:59.164    Disk 0 Vendor: ST9320325AS 0005HPM1 Size: 305245MB BusType: 11
17:31:59.164    Disk 1  \Device\Harddisk1\DR1 -> \Device\00000083
17:31:59.164    Disk 1 Vendor:   Size: 305245MB BusType: 0
17:31:59.398    Disk 0 MBR read successfully
17:31:59.398    Disk 0 MBR scan
17:31:59.429    Disk 0 Windows 7 default MBR code
17:31:59.444    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          300 MB offset 2048
17:31:59.460    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       287534 MB offset 616448
17:31:59.522    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        15360 MB offset 589486080
17:31:59.585    Disk 0 Partition 4 00     0C    FAT32 LBA MSDOS5.0     2043 MB offset 620943360
17:31:59.897    Disk 0 scanning C:\windows\system32\drivers
17:32:47.758    Service scanning
17:34:01.390    Modules scanning
17:34:01.405    Disk 0 trace - called modules:
17:34:01.437    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 
17:34:01.468    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80024e8530]
17:34:01.483    3 CLASSPNP.SYS[fffff8800160943f] -> nt!IofCallDriver -> [0xfffffa8002362c40]
17:34:01.499    5 ACPI.sys[fffff88000f5b781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8002260680]
17:34:02.497    AVAST engine scan C:\windows
17:34:22.647    AVAST engine scan C:\windows\system32
17:45:55.862    AVAST engine scan C:\windows\system32\drivers
17:46:37.580    AVAST engine scan C:\Users\user
18:01:28.544    AVAST engine scan C:\ProgramData
18:08:17.281    Scan finished successfully
18:19:40.359    Disk 0 MBR has been saved successfully to "C:\Users\user\Desktop\MBR.dat"
18:19:40.437    The log file has been saved successfully to "C:\Users\user\Desktop\aswMBR.txt"
Code:
ATTFilter
17:30:19.0877 1896  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
17:30:20.0360 1896  ============================================================
17:30:20.0360 1896  Current date / time: 2013/05/06 17:30:20.0360
17:30:20.0360 1896  SystemInfo:
17:30:20.0360 1896  
17:30:20.0360 1896  OS Version: 6.1.7600 ServicePack: 0.0
17:30:20.0360 1896  Product type: Workstation
17:30:20.0360 1896  ComputerName: USER-HP
17:30:20.0360 1896  UserName: user
17:30:20.0360 1896  Windows directory: C:\windows
17:30:20.0360 1896  System windows directory: C:\windows
17:30:20.0360 1896  Running under WOW64
17:30:20.0360 1896  Processor architecture: Intel x64
17:30:20.0360 1896  Number of processors: 2
17:30:20.0360 1896  Page size: 0x1000
17:30:20.0360 1896  Boot type: Normal boot
17:30:20.0360 1896  ============================================================
17:30:23.0356 1896  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:30:23.0371 1896  Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
17:30:25.0477 1896  ============================================================
17:30:25.0477 1896  \Device\Harddisk0\DR0:
17:30:25.0508 1896  MBR partitions:
17:30:25.0508 1896  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x96000
17:30:25.0508 1896  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x96800, BlocksNum 0x23197000
17:30:25.0508 1896  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x2322D800, BlocksNum 0x1E00000
17:30:25.0508 1896  \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x2502D800, BlocksNum 0x3FD800
17:30:25.0508 1896  \Device\Harddisk1\DR1:
17:30:25.0508 1896  MBR partitions:
17:30:25.0508 1896  \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x74705982
17:30:25.0508 1896  ============================================================
17:30:25.0540 1896  C: <-> \Device\Harddisk0\DR0\Partition2
17:30:25.0571 1896  F: <-> \Device\Harddisk0\DR0\Partition4
17:30:25.0571 1896  D: <-> \Device\Harddisk1\DR1\Partition1
17:30:25.0586 1896  ============================================================
17:30:25.0586 1896  Initialize success
17:30:25.0586 1896  ============================================================
17:31:57.0011 2372  ============================================================
17:31:57.0011 2372  Scan started
17:31:57.0011 2372  Mode: Manual; SigCheck; TDLFS; 
17:31:57.0011 2372  ============================================================
17:31:57.0837 2372  ================ Scan system memory ========================
17:31:57.0837 2372  System memory - ok
17:31:57.0853 2372  ================ Scan services =============================
17:31:58.0025 2372  [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci        C:\windows\system32\DRIVERS\1394ohci.sys
17:31:58.0399 2372  1394ohci - ok
17:31:58.0461 2372  [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI            C:\windows\system32\DRIVERS\ACPI.sys
17:31:58.0524 2372  ACPI - ok
17:31:58.0555 2372  [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi         C:\windows\system32\DRIVERS\acpipmi.sys
17:31:58.0695 2372  AcpiPmi - ok
17:31:58.0836 2372  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
17:31:58.0883 2372  AdobeARMservice - ok
17:31:59.0101 2372  [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
17:31:59.0179 2372  AdobeFlashPlayerUpdateSvc - ok
17:31:59.0288 2372  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\windows\system32\DRIVERS\adp94xx.sys
17:31:59.0351 2372  adp94xx - ok
17:31:59.0398 2372  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\windows\system32\DRIVERS\adpahci.sys
17:31:59.0476 2372  adpahci - ok
17:31:59.0616 2372  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\windows\system32\DRIVERS\adpu320.sys
17:31:59.0694 2372  adpu320 - ok
17:31:59.0741 2372  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\windows\System32\aelupsvc.dll
17:32:00.0224 2372  AeLookupSvc - ok
17:32:00.0505 2372  [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters     C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\AESTSr64.exe
17:32:00.0646 2372  AESTFilters - ok
17:32:00.0739 2372  [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD             C:\windows\system32\drivers\afd.sys
17:32:00.0895 2372  AFD - ok
17:32:00.0973 2372  [ B65F8DBA54F251906BBE8611B5A0E7AB ] AgereModemAudio C:\Program Files\LSI SoftModem\agr64svc.exe
17:32:01.0082 2372  AgereModemAudio - ok
17:32:01.0160 2372  [ A6AB6F0ACE87DA76B4C401813D18BE95 ] AgereSoftModem  C:\windows\system32\DRIVERS\agrsm64.sys
17:32:01.0316 2372  AgereSoftModem - ok
17:32:01.0379 2372  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\windows\system32\DRIVERS\agp440.sys
17:32:01.0426 2372  agp440 - ok
17:32:01.0457 2372  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\windows\System32\alg.exe
17:32:01.0566 2372  ALG - ok
17:32:01.0628 2372  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\windows\system32\DRIVERS\aliide.sys
17:32:01.0675 2372  aliide - ok
17:32:01.0722 2372  [ 5A06AB7AB4D389DFE3C109599DF0BB65 ] AMD External Events Utility C:\windows\system32\atiesrxx.exe
17:32:01.0816 2372  AMD External Events Utility - ok
17:32:01.0862 2372  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\windows\system32\DRIVERS\amdide.sys
17:32:01.0909 2372  amdide - ok
17:32:01.0940 2372  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\windows\system32\DRIVERS\amdk8.sys
17:32:02.0003 2372  AmdK8 - ok
17:32:02.0299 2372  [ 650DDCCD6657E20737433CB774521B81 ] amdkmdag        C:\windows\system32\DRIVERS\atikmdag.sys
17:32:02.0674 2372  amdkmdag - ok
17:32:02.0720 2372  [ F51B013C55B30DBE3AD59A7FE197C5BA ] amdkmdap        C:\windows\system32\DRIVERS\atikmpag.sys
17:32:02.0798 2372  amdkmdap - ok
17:32:02.0814 2372  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\windows\system32\DRIVERS\amdppm.sys
17:32:02.0876 2372  AmdPPM - ok
17:32:02.0923 2372  [ EC7EBAB00A4D8448BAB68D1E49B4BEB9 ] amdsata         C:\windows\system32\drivers\amdsata.sys
17:32:02.0939 2372  amdsata - ok
17:32:02.0986 2372  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\windows\system32\DRIVERS\amdsbs.sys
17:32:03.0001 2372  amdsbs - ok
17:32:03.0017 2372  [ DB27766102C7BF7E95140A2AA81D042E ] amdxata         C:\windows\system32\drivers\amdxata.sys
17:32:03.0048 2372  amdxata - ok
17:32:03.0110 2372  [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID           C:\windows\system32\drivers\appid.sys
17:32:03.0500 2372  AppID - ok
17:32:03.0547 2372  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\windows\System32\appidsvc.dll
17:32:03.0688 2372  AppIDSvc - ok
17:32:03.0719 2372  [ D065BE66822847B7F127D1F90158376E ] Appinfo         C:\windows\System32\appinfo.dll
17:32:03.0844 2372  Appinfo - ok
17:32:03.0906 2372  [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt         C:\windows\System32\appmgmts.dll
17:32:04.0015 2372  AppMgmt - ok
17:32:04.0093 2372  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\windows\system32\DRIVERS\arc.sys
17:32:04.0140 2372  arc - ok
17:32:04.0156 2372  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\windows\system32\DRIVERS\arcsas.sys
17:32:04.0202 2372  arcsas - ok
17:32:04.0390 2372  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\windows\system32\DRIVERS\asyncmac.sys
17:32:04.0592 2372  AsyncMac - ok
17:32:04.0639 2372  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\windows\system32\DRIVERS\atapi.sys
17:32:04.0670 2372  atapi - ok
17:32:04.0826 2372  [ 2D648572BA9A610952FCAFBA1E119C2D ] AtiHdmiService  C:\windows\system32\drivers\AtiHdmi.sys
17:32:04.0889 2372  AtiHdmiService - ok
17:32:04.0920 2372  [ E82E61F46D1336447F4DEFF8C074F13E ] AtiPcie         C:\windows\system32\DRIVERS\AtiPcie64.sys
17:32:04.0967 2372  AtiPcie - ok
17:32:05.0014 2372  [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
17:32:05.0170 2372  AudioEndpointBuilder - ok
17:32:05.0201 2372  [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv        C:\windows\System32\Audiosrv.dll
17:32:05.0263 2372  AudioSrv - ok
17:32:05.0310 2372  [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV        C:\windows\System32\AxInstSV.dll
17:32:05.0450 2372  AxInstSV - ok
17:32:05.0513 2372  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\windows\system32\DRIVERS\bxvbda.sys
17:32:05.0606 2372  b06bdrv - ok
17:32:05.0653 2372  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\windows\system32\DRIVERS\b57nd60a.sys
17:32:05.0747 2372  b57nd60a - ok
17:32:05.0840 2372  [ 825F81A6F7DD073509DB101F0BA6DC59 ] BBSvc           C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
17:32:05.0903 2372  BBSvc - ok
17:32:06.0043 2372  [ 810BE94A9E42309B3F74217AC28BC6AC ] BCM43XX         C:\windows\system32\DRIVERS\bcmwl664.sys
17:32:06.0293 2372  BCM43XX - ok
17:32:06.0340 2372  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\windows\System32\bdesvc.dll
17:32:06.0496 2372  BDESVC - ok
17:32:06.0558 2372  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\windows\system32\drivers\Beep.sys
17:32:06.0714 2372  Beep - ok
17:32:06.0808 2372  [ 4992C609A6315671463E30F6512BC022 ] BFE             C:\windows\System32\bfe.dll
17:32:06.0995 2372  BFE - ok
17:32:07.0057 2372  [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS            C:\windows\System32\qmgr.dll
17:32:07.0385 2372  BITS - ok
17:32:07.0432 2372  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\windows\system32\DRIVERS\blbdrive.sys
17:32:07.0478 2372  blbdrive - ok
17:32:07.0525 2372  [ 19D20159708E152267E53B66677A4995 ] bowser          C:\windows\system32\DRIVERS\bowser.sys
17:32:07.0619 2372  bowser - ok
17:32:07.0634 2372  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\windows\system32\DRIVERS\BrFiltLo.sys
17:32:07.0712 2372  BrFiltLo - ok
17:32:07.0728 2372  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\windows\system32\DRIVERS\BrFiltUp.sys
17:32:07.0790 2372  BrFiltUp - ok
17:32:07.0837 2372  [ 6B054C67AAA87843504E8E3C09102009 ] Browser         C:\windows\System32\browser.dll
17:32:07.0915 2372  Browser - ok
17:32:08.0305 2372  [ D9C8DC2D7EC28E3FF25C99EF17C8631A ] BrowserProtect  C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
17:32:08.0539 2372  BrowserProtect - ok
17:32:08.0586 2372  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\windows\System32\Drivers\Brserid.sys
17:32:08.0664 2372  Brserid - ok
17:32:08.0695 2372  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\windows\System32\Drivers\BrSerWdm.sys
17:32:08.0726 2372  BrSerWdm - ok
17:32:08.0789 2372  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\windows\System32\Drivers\BrUsbMdm.sys
17:32:08.0836 2372  BrUsbMdm - ok
17:32:08.0867 2372  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\windows\System32\Drivers\BrUsbSer.sys
17:32:08.0898 2372  BrUsbSer - ok
17:32:08.0960 2372  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\windows\system32\drivers\BthEnum.sys
17:32:09.0101 2372  BthEnum - ok
17:32:09.0148 2372  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\windows\system32\DRIVERS\bthmodem.sys
17:32:09.0179 2372  BTHMODEM - ok
17:32:09.0257 2372  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\windows\system32\DRIVERS\bthpan.sys
17:32:09.0335 2372  BthPan - ok
17:32:09.0413 2372  [ E10D1912634974EA273A1588C75CCB76 ] BTHPORT         C:\windows\System32\Drivers\BTHport.sys
17:32:09.0506 2372  BTHPORT - ok
17:32:09.0553 2372  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\windows\system32\bthserv.dll
17:32:09.0678 2372  bthserv - ok
17:32:09.0725 2372  [ 19B784B6ECBB3ADBB2242700FEE90BEC ] BTHUSB          C:\windows\System32\Drivers\BTHUSB.sys
17:32:09.0818 2372  BTHUSB - ok
17:32:09.0974 2372  [ 7A2CE8C1BF4DAA1F2766E21E9CA11078 ] btwampfl        C:\windows\system32\drivers\btwampfl.sys
17:32:10.0037 2372  btwampfl - ok
17:32:10.0115 2372  [ A75BF6802A967F5AACECC3C67FEBDF55 ] btwaudio        C:\windows\system32\drivers\btwaudio.sys
17:32:10.0162 2372  btwaudio - ok
17:32:10.0208 2372  [ D895DC213EDBDA5FCC53AAD1F1E0E63B ] btwavdt         C:\windows\system32\DRIVERS\btwavdt.sys
17:32:10.0286 2372  btwavdt - ok
17:32:10.0442 2372  [ 692F8648D7686D91E34A65AC698019D8 ] btwdins         C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
17:32:10.0536 2372  btwdins - ok
17:32:10.0583 2372  [ 07096D2BC22CCB6CEA5A532DF0BE8A75 ] btwl2cap        C:\windows\system32\DRIVERS\btwl2cap.sys
17:32:10.0630 2372  btwl2cap - ok
17:32:10.0692 2372  [ 6D7AA2BDE0135599C5F230D69DB3B420 ] btwrchid        C:\windows\system32\DRIVERS\btwrchid.sys
17:32:10.0739 2372  btwrchid - ok
17:32:10.0786 2372  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\windows\system32\DRIVERS\cdfs.sys
17:32:10.0879 2372  cdfs - ok
17:32:10.0910 2372  [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom           C:\windows\system32\DRIVERS\cdrom.sys
17:32:10.0957 2372  cdrom - ok
17:32:11.0020 2372  [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc     C:\windows\System32\certprop.dll
17:32:11.0098 2372  CertPropSvc - ok
17:32:11.0144 2372  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\windows\system32\DRIVERS\circlass.sys
17:32:11.0191 2372  circlass - ok
17:32:11.0238 2372  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\windows\system32\CLFS.sys
17:32:11.0285 2372  CLFS - ok
17:32:11.0347 2372  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:32:11.0378 2372  clr_optimization_v2.0.50727_32 - ok
17:32:11.0441 2372  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:32:11.0456 2372  clr_optimization_v2.0.50727_64 - ok
17:32:11.0550 2372  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:32:11.0628 2372  clr_optimization_v4.0.30319_32 - ok
17:32:11.0690 2372  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:32:11.0722 2372  clr_optimization_v4.0.30319_64 - ok
17:32:11.0753 2372  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\windows\system32\DRIVERS\CmBatt.sys
17:32:11.0800 2372  CmBatt - ok
17:32:11.0846 2372  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\windows\system32\DRIVERS\cmdide.sys
17:32:11.0878 2372  cmdide - ok
17:32:11.0924 2372  [ CA7720B73446FDDEC5C69519C1174C98 ] CNG             C:\windows\system32\Drivers\cng.sys
17:32:12.0018 2372  CNG - ok
17:32:12.0065 2372  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\windows\system32\DRIVERS\compbatt.sys
17:32:12.0096 2372  Compbatt - ok
17:32:12.0112 2372  [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus    C:\windows\system32\DRIVERS\CompositeBus.sys
17:32:12.0143 2372  CompositeBus - ok
17:32:12.0158 2372  COMSysApp - ok
17:32:12.0205 2372  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\windows\system32\DRIVERS\crcdisk.sys
17:32:12.0221 2372  crcdisk - ok
17:32:12.0268 2372  [ BAF19B633933A9FB4883D27D66C39E9A ] CryptSvc        C:\windows\system32\cryptsvc.dll
17:32:12.0377 2372  CryptSvc - ok
17:32:12.0424 2372  [ 4A6173C2279B498CD8F57CAE504564CB ] CSC             C:\windows\system32\drivers\csc.sys
17:32:12.0502 2372  CSC - ok
17:32:12.0564 2372  [ 873FBF927C06E5CEE04DEC617502F8FD ] CscService      C:\windows\System32\cscsvc.dll
17:32:12.0658 2372  CscService - ok
17:32:12.0704 2372  [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch      C:\windows\system32\rpcss.dll
17:32:12.0798 2372  DcomLaunch - ok
17:32:12.0860 2372  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\windows\System32\defragsvc.dll
17:32:12.0954 2372  defragsvc - ok
17:32:12.0985 2372  [ 9C253CE7311CA60FC11C774692A13208 ] DfsC            C:\windows\system32\Drivers\dfsc.sys
17:32:13.0063 2372  DfsC - ok
17:32:13.0094 2372  dgderdrv - ok
17:32:13.0141 2372  [ B9430166FEB246F6070A62B3554932C9 ] dg_ssudbus      C:\windows\system32\DRIVERS\ssudbus.sys
17:32:13.0172 2372  dg_ssudbus - ok
17:32:13.0235 2372  [ CE3B9562D997F69B330D181A8875960F ] Dhcp            C:\windows\system32\dhcpcore.dll
17:32:13.0406 2372  Dhcp - ok
17:32:13.0453 2372  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\windows\system32\drivers\discache.sys
17:32:13.0562 2372  discache - ok
17:32:13.0625 2372  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\windows\system32\DRIVERS\disk.sys
17:32:13.0672 2372  Disk - ok
17:32:13.0734 2372  [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache        C:\windows\System32\dnsrslvr.dll
17:32:13.0812 2372  Dnscache - ok
17:32:13.0874 2372  [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc         C:\windows\System32\dot3svc.dll
17:32:14.0046 2372  dot3svc - ok
17:32:14.0140 2372  [ B42ED0320C6E41102FDE0005154849BB ] Dot4            C:\windows\system32\DRIVERS\Dot4.sys
17:32:14.0218 2372  Dot4 - ok
17:32:14.0264 2372  [ 85135AD27E79B689335C08167D917CDE ] Dot4Print       C:\windows\system32\DRIVERS\Dot4Prt.sys
17:32:14.0342 2372  Dot4Print - ok
17:32:14.0389 2372  [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb         C:\windows\system32\DRIVERS\dot4usb.sys
17:32:14.0452 2372  dot4usb - ok
17:32:14.0498 2372  [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS             C:\windows\system32\dps.dll
17:32:14.0639 2372  DPS - ok
17:32:14.0732 2372  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\windows\system32\drivers\drmkaud.sys
17:32:14.0795 2372  drmkaud - ok
17:32:14.0966 2372  [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl         C:\windows\System32\drivers\dxgkrnl.sys
17:32:15.0107 2372  DXGKrnl - ok
17:32:15.0154 2372  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\windows\System32\eapsvc.dll
17:32:15.0263 2372  EapHost - ok
17:32:15.0434 2372  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\windows\system32\DRIVERS\evbda.sys
17:32:15.0637 2372  ebdrv - ok
17:32:15.0684 2372  [ 156F6159457D0AA7E59B62681B56EB90 ] EFS             C:\windows\System32\lsass.exe
17:32:15.0762 2372  EFS - ok
17:32:15.0856 2372  [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr         C:\windows\ehome\ehRecvr.exe
17:32:15.0980 2372  ehRecvr - ok
17:32:16.0012 2372  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\windows\ehome\ehsched.exe
17:32:16.0121 2372  ehSched - ok
17:32:16.0230 2372  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\windows\system32\DRIVERS\elxstor.sys
17:32:16.0308 2372  elxstor - ok
17:32:16.0355 2372  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\windows\system32\DRIVERS\errdev.sys
17:32:16.0402 2372  ErrDev - ok
17:32:16.0495 2372  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\windows\system32\es.dll
17:32:16.0636 2372  EventSystem - ok
17:32:16.0682 2372  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\windows\system32\drivers\exfat.sys
17:32:16.0854 2372  exfat - ok
17:32:16.0885 2372  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\windows\system32\drivers\fastfat.sys
17:32:17.0010 2372  fastfat - ok
17:32:17.0088 2372  [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax             C:\windows\system32\fxssvc.exe
17:32:17.0244 2372  Fax - ok
17:32:17.0275 2372  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\windows\system32\DRIVERS\fdc.sys
17:32:17.0338 2372  fdc - ok
17:32:17.0384 2372  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\windows\system32\fdPHost.dll
17:32:17.0509 2372  fdPHost - ok
17:32:17.0540 2372  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\windows\system32\fdrespub.dll
17:32:17.0665 2372  FDResPub - ok
17:32:17.0712 2372  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\windows\system32\drivers\fileinfo.sys
17:32:17.0759 2372  FileInfo - ok
17:32:17.0774 2372  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\windows\system32\drivers\filetrace.sys
17:32:17.0899 2372  Filetrace - ok
17:32:17.0915 2372  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\windows\system32\DRIVERS\flpydisk.sys
17:32:17.0962 2372  flpydisk - ok
17:32:18.0024 2372  [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr          C:\windows\system32\drivers\fltmgr.sys
17:32:18.0086 2372  FltMgr - ok
17:32:18.0196 2372  [ CB5E4B9C319E3C6BB363EB7E58A4A051 ] FontCache       C:\windows\system32\FntCache.dll
17:32:18.0383 2372  FontCache - ok
17:32:18.0461 2372  [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:32:18.0508 2372  FontCache3.0.0.0 - ok
17:32:18.0554 2372  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\windows\system32\drivers\FsDepends.sys
17:32:18.0601 2372  FsDepends - ok
17:32:18.0632 2372  [ 6C06701BF1DB05405804D7EB610991CE ] fssfltr         C:\windows\system32\DRIVERS\fssfltr.sys
17:32:18.0679 2372  fssfltr - ok
17:32:18.0866 2372  [ 4CE9DAC1518FF7E77BD213E6394B9D77 ] fsssvc          C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
17:32:19.0038 2372  fsssvc - ok
17:32:19.0085 2372  [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec          C:\windows\system32\drivers\Fs_Rec.sys
17:32:19.0116 2372  Fs_Rec - ok
17:32:19.0194 2372  [ 1F44F8559E61A8306ECC67BB1E168B7C ] fvevol          C:\windows\system32\DRIVERS\fvevol.sys
17:32:19.0256 2372  fvevol - ok
17:32:19.0288 2372  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\windows\system32\DRIVERS\gagp30kx.sys
17:32:19.0319 2372  gagp30kx - ok
17:32:19.0397 2372  [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc           C:\windows\System32\gpsvc.dll
17:32:19.0506 2372  gpsvc - ok
17:32:19.0522 2372  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\windows\system32\drivers\hcw85cir.sys
17:32:19.0631 2372  hcw85cir - ok
17:32:19.0709 2372  [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
17:32:19.0802 2372  HdAudAddService - ok
17:32:19.0849 2372  [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus        C:\windows\system32\DRIVERS\HDAudBus.sys
17:32:19.0927 2372  HDAudBus - ok
17:32:19.0958 2372  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\windows\system32\DRIVERS\HidBatt.sys
17:32:20.0021 2372  HidBatt - ok
17:32:20.0099 2372  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\windows\system32\DRIVERS\hidbth.sys
17:32:20.0177 2372  HidBth - ok
17:32:20.0224 2372  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\windows\system32\DRIVERS\hidir.sys
17:32:20.0333 2372  HidIr - ok
17:32:20.0364 2372  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\windows\system32\hidserv.dll
17:32:20.0536 2372  hidserv - ok
17:32:20.0582 2372  [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb          C:\windows\system32\DRIVERS\hidusb.sys
17:32:20.0676 2372  HidUsb - ok
17:32:20.0707 2372  [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc          C:\windows\system32\kmsvc.dll
17:32:20.0848 2372  hkmsvc - ok
17:32:20.0894 2372  [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\windows\system32\ListSvc.dll
17:32:21.0004 2372  HomeGroupListener - ok
17:32:21.0066 2372  [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\windows\system32\provsvc.dll
17:32:21.0128 2372  HomeGroupProvider - ok
17:32:21.0238 2372  [ 58CC11D14D88EF70EF7ABBC75B5EEBD8 ] HP Wireless Assistant Service C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
17:32:21.0269 2372  HP Wireless Assistant Service - ok
17:32:21.0362 2372  [ 120C1CEB5E45DB0A04416242BD6C1E3E ] hpHotkeyMonitor C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
17:32:21.0409 2372  hpHotkeyMonitor - ok
17:32:21.0440 2372  [ B98EE5D4535A685634B90F7E04DE0DF7 ] HpqKbFiltr      C:\windows\system32\DRIVERS\HpqKbFiltr.sys
17:32:21.0503 2372  HpqKbFiltr - ok
17:32:21.0612 2372  [ 640E51DB253265C3EAC075866B3D2B33 ] hpqwmiex        C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
17:32:21.0690 2372  hpqwmiex - ok
17:32:21.0768 2372  [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD          C:\windows\system32\DRIVERS\HpSAMD.sys
17:32:21.0799 2372  HpSAMD - ok
17:32:21.0893 2372  [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP            C:\windows\system32\drivers\HTTP.sys
17:32:22.0064 2372  HTTP - ok
17:32:22.0096 2372  [ F17766A19145F111856378DF337A5D79 ] hwpolicy        C:\windows\system32\drivers\hwpolicy.sys
17:32:22.0142 2372  hwpolicy - ok
17:32:22.0189 2372  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\windows\system32\DRIVERS\i8042prt.sys
17:32:22.0205 2372  i8042prt - ok
17:32:22.0298 2372  [ B75E45C564E944A2657167D197AB29DA ] iaStorV         C:\windows\system32\drivers\iaStorV.sys
17:32:22.0392 2372  iaStorV - ok
17:32:22.0579 2372  [ 7A95A3AD931B97FEC5067E40636CE37F ] ICQ Service     C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
17:32:22.0626 2372  ICQ Service - ok
17:32:22.0766 2372  [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc           C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:32:22.0860 2372  idsvc - ok
17:32:22.0922 2372  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\windows\system32\DRIVERS\iirsp.sys
17:32:22.0954 2372  iirsp - ok
17:32:23.0032 2372  [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT          C:\windows\System32\ikeext.dll
17:32:23.0219 2372  IKEEXT - ok
17:32:23.0234 2372  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\windows\system32\DRIVERS\intelide.sys
17:32:23.0281 2372  intelide - ok
17:32:23.0344 2372  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\windows\system32\DRIVERS\intelppm.sys
17:32:23.0390 2372  intelppm - ok
17:32:23.0437 2372  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\windows\system32\ipbusenum.dll
17:32:23.0562 2372  IPBusEnum - ok
17:32:23.0593 2372  [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver  C:\windows\system32\DRIVERS\ipfltdrv.sys
17:32:23.0718 2372  IpFilterDriver - ok
17:32:23.0827 2372  [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc        C:\windows\System32\iphlpsvc.dll
17:32:23.0999 2372  iphlpsvc - ok
17:32:24.0030 2372  [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV         C:\windows\system32\DRIVERS\IPMIDrv.sys
17:32:24.0092 2372  IPMIDRV - ok
17:32:24.0139 2372  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\windows\system32\drivers\ipnat.sys
17:32:24.0280 2372  IPNAT - ok
17:32:24.0326 2372  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\windows\system32\drivers\irenum.sys
17:32:24.0389 2372  IRENUM - ok
17:32:24.0436 2372  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\windows\system32\DRIVERS\isapnp.sys
17:32:24.0467 2372  isapnp - ok
17:32:24.0529 2372  [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt        C:\windows\system32\DRIVERS\msiscsi.sys
17:32:24.0592 2372  iScsiPrt - ok
17:32:24.0623 2372  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\windows\system32\DRIVERS\kbdclass.sys
17:32:24.0670 2372  kbdclass - ok
17:32:24.0732 2372  [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid          C:\windows\system32\DRIVERS\kbdhid.sys
17:32:24.0779 2372  kbdhid - ok
17:32:24.0810 2372  [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso          C:\windows\system32\lsass.exe
17:32:24.0857 2372  KeyIso - ok
17:32:24.0904 2372  [ 4F4B5FDE429416877DE7143044582EB5 ] KSecDD          C:\windows\system32\Drivers\ksecdd.sys
17:32:24.0950 2372  KSecDD - ok
17:32:24.0966 2372  [ 6F40465A44ECDC1731BEFAFEC5BDD03C ] KSecPkg         C:\windows\system32\Drivers\ksecpkg.sys
17:32:25.0013 2372  KSecPkg - ok
17:32:25.0060 2372  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\windows\system32\drivers\ksthunk.sys
17:32:25.0184 2372  ksthunk - ok
17:32:25.0278 2372  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\windows\system32\msdtckrm.dll
17:32:25.0465 2372  KtmRm - ok
17:32:25.0574 2372  [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer    C:\windows\system32\srvsvc.dll
17:32:25.0684 2372  LanmanServer - ok
17:32:25.0715 2372  [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
17:32:25.0902 2372  LanmanWorkstation - ok
17:32:25.0980 2372  [ 47269F0DE1E5089C6F23BC1EC48CFC31 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
17:32:26.0027 2372  LightScribeService ( UnsignedFile.Multi.Generic ) - warning
17:32:26.0027 2372  LightScribeService - detected UnsignedFile.Multi.Generic (1)
17:32:26.0058 2372  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\windows\system32\DRIVERS\lltdio.sys
17:32:26.0183 2372  lltdio - ok
17:32:26.0214 2372  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\windows\System32\lltdsvc.dll
17:32:26.0370 2372  lltdsvc - ok
17:32:26.0401 2372  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\windows\System32\lmhsvc.dll
17:32:26.0479 2372  lmhosts - ok
17:32:26.0557 2372  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\windows\system32\DRIVERS\lsi_fc.sys
17:32:26.0588 2372  LSI_FC - ok
17:32:26.0620 2372  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\windows\system32\DRIVERS\lsi_sas.sys
17:32:26.0651 2372  LSI_SAS - ok
17:32:26.0666 2372  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\windows\system32\DRIVERS\lsi_sas2.sys
17:32:26.0698 2372  LSI_SAS2 - ok
17:32:26.0729 2372  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\windows\system32\DRIVERS\lsi_scsi.sys
17:32:26.0760 2372  LSI_SCSI - ok
17:32:26.0807 2372  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\windows\system32\drivers\luafv.sys
17:32:26.0885 2372  luafv - ok
17:32:26.0932 2372  [ 0BB97D43299910CBFBA59C461B99B910 ] MBAMProtector   C:\windows\system32\drivers\mbam.sys
17:32:26.0963 2372  MBAMProtector - ok
17:32:27.0056 2372  [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
17:32:27.0088 2372  MBAMScheduler - ok
17:32:27.0150 2372  [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
17:32:27.0197 2372  MBAMService - ok
17:32:27.0244 2372  [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc         C:\windows\system32\Mcx2Svc.dll
17:32:27.0306 2372  Mcx2Svc - ok
17:32:27.0353 2372  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\windows\system32\DRIVERS\megasas.sys
17:32:27.0368 2372  megasas - ok
17:32:27.0431 2372  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\windows\system32\DRIVERS\MegaSR.sys
17:32:27.0462 2372  MegaSR - ok
17:32:27.0540 2372  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\windows\system32\mmcss.dll
17:32:27.0602 2372  MMCSS - ok
17:32:27.0634 2372  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\windows\system32\drivers\modem.sys
17:32:27.0712 2372  Modem - ok
17:32:27.0743 2372  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\windows\system32\DRIVERS\monitor.sys
17:32:27.0790 2372  monitor - ok
17:32:27.0836 2372  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\windows\system32\DRIVERS\mouclass.sys
17:32:27.0883 2372  mouclass - ok
17:32:27.0914 2372  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\windows\system32\DRIVERS\mouhid.sys
17:32:27.0946 2372  mouhid - ok
17:32:27.0977 2372  [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr        C:\windows\system32\drivers\mountmgr.sys
17:32:27.0992 2372  mountmgr - ok
17:32:28.0148 2372  [ F8A10560B35C66F9DE212F03DAD5BFA7 ] MpFilter        C:\windows\system32\DRIVERS\MpFilter.sys
17:32:28.0195 2372  MpFilter - ok
17:32:28.0242 2372  [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio            C:\windows\system32\DRIVERS\mpio.sys
17:32:28.0289 2372  mpio - ok
17:32:28.0336 2372  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\windows\system32\drivers\mpsdrv.sys
17:32:28.0460 2372  mpsdrv - ok
17:32:28.0523 2372  [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc          C:\windows\system32\mpssvc.dll
17:32:28.0694 2372  MpsSvc - ok
17:32:28.0741 2372  [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV          C:\windows\system32\drivers\mrxdav.sys
17:32:28.0804 2372  MRxDAV - ok
17:32:28.0835 2372  [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb          C:\windows\system32\DRIVERS\mrxsmb.sys
17:32:28.0928 2372  mrxsmb - ok
17:32:28.0975 2372  [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10        C:\windows\system32\DRIVERS\mrxsmb10.sys
17:32:29.0053 2372  mrxsmb10 - ok
17:32:29.0069 2372  [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20        C:\windows\system32\DRIVERS\mrxsmb20.sys
17:32:29.0131 2372  mrxsmb20 - ok
17:32:29.0162 2372  [ 5E939CF91EA4A841DBAFE4627E0292BB ] msahci          C:\windows\system32\DRIVERS\msahci.sys
17:32:29.0194 2372  msahci - ok
17:32:29.0240 2372  [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm           C:\windows\system32\DRIVERS\msdsm.sys
17:32:29.0272 2372  msdsm - ok
17:32:29.0303 2372  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\windows\System32\msdtc.exe
17:32:29.0365 2372  MSDTC - ok
17:32:29.0428 2372  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\windows\system32\drivers\Msfs.sys
17:32:29.0537 2372  Msfs - ok
17:32:29.0568 2372  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\windows\System32\drivers\mshidkmdf.sys
17:32:29.0662 2372  mshidkmdf - ok
17:32:29.0677 2372  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\windows\system32\DRIVERS\msisadrv.sys
17:32:29.0708 2372  msisadrv - ok
17:32:29.0755 2372  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\windows\system32\iscsiexe.dll
17:32:29.0849 2372  MSiSCSI - ok
17:32:29.0864 2372  msiserver - ok
17:32:29.0911 2372  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\windows\system32\drivers\MSKSSRV.sys
17:32:30.0020 2372  MSKSSRV - ok
17:32:30.0145 2372  [ E07DEC52FF801841BA9B6878A60304FB ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
17:32:30.0208 2372  MsMpSvc - ok
17:32:30.0254 2372  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\windows\system32\drivers\MSPCLOCK.sys
17:32:30.0379 2372  MSPCLOCK - ok
17:32:30.0395 2372  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\windows\system32\drivers\MSPQM.sys
17:32:30.0535 2372  MSPQM - ok
17:32:30.0660 2372  [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC           C:\windows\system32\drivers\MsRPC.sys
17:32:30.0707 2372  MsRPC - ok
17:32:30.0738 2372  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\windows\system32\DRIVERS\mssmbios.sys
17:32:30.0785 2372  mssmbios - ok
17:32:30.0816 2372  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\windows\system32\drivers\MSTEE.sys
17:32:30.0941 2372  MSTEE - ok
17:32:30.0988 2372  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\windows\system32\DRIVERS\MTConfig.sys
17:32:31.0034 2372  MTConfig - ok
17:32:31.0081 2372  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\windows\system32\Drivers\mup.sys
17:32:31.0097 2372  Mup - ok
17:32:31.0175 2372  [ 4987E079A4530FA737A128BE54B63B12 ] napagent        C:\windows\system32\qagentRT.dll
17:32:31.0268 2372  napagent - ok
17:32:31.0331 2372  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\windows\system32\DRIVERS\nwifi.sys
17:32:31.0393 2372  NativeWifiP - ok
17:32:31.0440 2372  [ CAD515DBD07D082BB317D9928CE8962C ] NDIS            C:\windows\system32\drivers\ndis.sys
17:32:31.0518 2372  NDIS - ok
17:32:31.0549 2372  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\windows\system32\DRIVERS\ndiscap.sys
17:32:31.0627 2372  NdisCap - ok
17:32:31.0658 2372  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\windows\system32\DRIVERS\ndistapi.sys
17:32:31.0721 2372  NdisTapi - ok
17:32:31.0752 2372  [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio         C:\windows\system32\DRIVERS\ndisuio.sys
17:32:31.0830 2372  Ndisuio - ok
17:32:31.0846 2372  [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan         C:\windows\system32\DRIVERS\ndiswan.sys
17:32:31.0924 2372  NdisWan - ok
17:32:31.0955 2372  [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy         C:\windows\system32\drivers\NDProxy.sys
17:32:32.0033 2372  NDProxy - ok
17:32:32.0080 2372  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\windows\system32\DRIVERS\netbios.sys
17:32:32.0142 2372  NetBIOS - ok
17:32:32.0173 2372  [ 9162B273A44AB9DCE5B44362731D062A ] NetBT           C:\windows\system32\DRIVERS\netbt.sys
17:32:32.0251 2372  NetBT - ok
17:32:32.0267 2372  [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon        C:\windows\system32\lsass.exe
17:32:32.0298 2372  Netlogon - ok
17:32:32.0360 2372  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\windows\System32\netman.dll
17:32:32.0454 2372  Netman - ok
17:32:32.0501 2372  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\windows\System32\netprofm.dll
17:32:32.0594 2372  netprofm - ok
17:32:32.0626 2372  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:32:32.0641 2372  NetTcpPortSharing - ok
17:32:32.0688 2372  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\windows\system32\DRIVERS\nfrd960.sys
17:32:32.0719 2372  nfrd960 - ok
17:32:32.0735 2372  [ 162100E0BC8377710F9D170631921C03 ] NisDrv          C:\windows\system32\DRIVERS\NisDrvWFP.sys
17:32:32.0766 2372  NisDrv - ok
17:32:32.0860 2372  [ C6E15F2F95F9C0A6098D43510B604E52 ] NisSrv          c:\Program Files\Microsoft Security Client\NisSrv.exe
17:32:32.0938 2372  NisSrv - ok
17:32:32.0984 2372  [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc          C:\windows\System32\nlasvc.dll
17:32:33.0062 2372  NlaSvc - ok
17:32:33.0094 2372  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\windows\system32\drivers\Npfs.sys
17:32:33.0156 2372  Npfs - ok
17:32:33.0203 2372  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\windows\system32\nsisvc.dll
17:32:33.0250 2372  nsi - ok
17:32:33.0281 2372  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\windows\system32\drivers\nsiproxy.sys
17:32:33.0359 2372  nsiproxy - ok
17:32:33.0546 2372  [ 9A6089B056EA1B83B36424FC9D0A300E ] Ntfs            C:\windows\system32\drivers\Ntfs.sys
17:32:33.0749 2372  Ntfs - ok
17:32:33.0780 2372  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\windows\system32\drivers\Null.sys
17:32:33.0889 2372  Null - ok
17:32:33.0920 2372  [ A4D9C9A608A97F59307C2F2600EDC6A4 ] nvraid          C:\windows\system32\drivers\nvraid.sys
17:32:33.0967 2372  nvraid - ok
17:32:34.0014 2372  [ 6C1D5F70E7A6A3FD1C90D840EDC048B9 ] nvstor          C:\windows\system32\drivers\nvstor.sys
17:32:34.0061 2372  nvstor - ok
17:32:34.0092 2372  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\windows\system32\DRIVERS\nv_agp.sys
17:32:34.0123 2372  nv_agp - ok
17:32:34.0154 2372  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\windows\system32\DRIVERS\ohci1394.sys
17:32:34.0201 2372  ohci1394 - ok
17:32:34.0264 2372  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\windows\system32\pnrpsvc.dll
17:32:34.0357 2372  p2pimsvc - ok
17:32:34.0404 2372  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\windows\system32\p2psvc.dll
17:32:34.0498 2372  p2psvc - ok
17:32:34.0544 2372  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\windows\system32\DRIVERS\parport.sys
17:32:34.0591 2372  Parport - ok
17:32:34.0638 2372  [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr         C:\windows\system32\drivers\partmgr.sys
17:32:34.0685 2372  partmgr - ok
17:32:34.0716 2372  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\windows\System32\pcasvc.dll
17:32:34.0810 2372  PcaSvc - ok
17:32:34.0841 2372  [ F36F6504009F2FB0DFD1B17A116AD74B ] pci             C:\windows\system32\DRIVERS\pci.sys
17:32:34.0903 2372  pci - ok
17:32:34.0934 2372  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\windows\system32\DRIVERS\pciide.sys
17:32:34.0966 2372  pciide - ok
17:32:34.0997 2372  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\windows\system32\DRIVERS\pcmcia.sys
17:32:35.0044 2372  pcmcia - ok
17:32:35.0075 2372  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\windows\system32\drivers\pcw.sys
17:32:35.0106 2372  pcw - ok
17:32:35.0153 2372  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\windows\system32\drivers\peauth.sys
17:32:35.0246 2372  PEAUTH - ok
17:32:35.0387 2372  [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc     C:\windows\system32\peerdistsvc.dll
17:32:35.0512 2372  PeerDistSvc - ok
17:32:35.0870 2372  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\windows\SysWow64\perfhost.exe
17:32:35.0948 2372  PerfHost - ok
17:32:36.0042 2372  [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla             C:\windows\system32\pla.dll
17:32:36.0260 2372  pla - ok
17:32:36.0323 2372  [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay        C:\windows\system32\umpnpmgr.dll
17:32:36.0448 2372  PlugPlay - ok
17:32:36.0541 2372  [ 64CA1485214340CACC315FFDFDED73EF ] Pml Driver HPZ12 C:\windows\system32\HPZipm12.dll
17:32:36.0604 2372  Pml Driver HPZ12 - ok
17:32:36.0650 2372  PnkBstrA - ok
17:32:36.0682 2372  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\windows\system32\pnrpauto.dll
17:32:36.0728 2372  PNRPAutoReg - ok
17:32:36.0760 2372  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\windows\system32\pnrpsvc.dll
17:32:36.0791 2372  PNRPsvc - ok
17:32:36.0822 2372  [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent     C:\windows\System32\ipsecsvc.dll
17:32:36.0947 2372  PolicyAgent - ok
17:32:36.0978 2372  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\windows\system32\umpo.dll
17:32:37.0072 2372  Power - ok
17:32:37.0150 2372  [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport    C:\windows\system32\DRIVERS\raspptp.sys
17:32:37.0212 2372  PptpMiniport - ok
17:32:37.0243 2372  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\windows\system32\DRIVERS\processr.sys
17:32:37.0306 2372  Processor - ok
17:32:37.0352 2372  [ 97293447431311C06703368AD0F6C4BE ] ProfSvc         C:\windows\system32\profsvc.dll
17:32:37.0430 2372  ProfSvc - ok
17:32:37.0446 2372  [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\windows\system32\lsass.exe
17:32:37.0462 2372  ProtectedStorage - ok
17:32:37.0508 2372  [ EE992183BD8EAEFD9973F352E587A299 ] Psched          C:\windows\system32\DRIVERS\pacer.sys
17:32:37.0618 2372  Psched - ok
17:32:37.0680 2372  [ A6A7AD767BF5141665F5C675F671B3E1 ] PSI_SVC_2       c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
17:32:37.0711 2372  PSI_SVC_2 - ok
17:32:37.0742 2372  [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64        C:\windows\system32\Drivers\PxHlpa64.sys
17:32:37.0758 2372  PxHlpa64 - ok
17:32:37.0820 2372  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\windows\system32\DRIVERS\ql2300.sys
17:32:37.0898 2372  ql2300 - ok
17:32:37.0930 2372  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\windows\system32\DRIVERS\ql40xx.sys
17:32:37.0961 2372  ql40xx - ok
17:32:37.0992 2372  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\windows\system32\qwave.dll
17:32:38.0023 2372  QWAVE - ok
17:32:38.0054 2372  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\windows\system32\drivers\qwavedrv.sys
17:32:38.0101 2372  QWAVEdrv - ok
17:32:38.0132 2372  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\windows\system32\DRIVERS\rasacd.sys
17:32:38.0210 2372  RasAcd - ok
17:32:38.0226 2372  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\windows\system32\DRIVERS\AgileVpn.sys
17:32:38.0304 2372  RasAgileVpn - ok
17:32:38.0351 2372  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\windows\System32\rasauto.dll
17:32:38.0429 2372  RasAuto - ok
17:32:38.0476 2372  [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp         C:\windows\system32\DRIVERS\rasl2tp.sys
17:32:38.0569 2372  Rasl2tp - ok
17:32:38.0616 2372  [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan          C:\windows\System32\rasmans.dll
17:32:38.0694 2372  RasMan - ok
17:32:38.0710 2372  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\windows\system32\DRIVERS\raspppoe.sys
17:32:38.0788 2372  RasPppoe - ok
17:32:38.0803 2372  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\windows\system32\DRIVERS\rassstp.sys
17:32:38.0866 2372  RasSstp - ok
17:32:38.0897 2372  [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss           C:\windows\system32\DRIVERS\rdbss.sys
17:32:38.0959 2372  rdbss - ok
17:32:38.0975 2372  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\windows\system32\DRIVERS\rdpbus.sys
17:32:39.0022 2372  rdpbus - ok
17:32:39.0053 2372  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\windows\system32\DRIVERS\RDPCDD.sys
17:32:39.0100 2372  RDPCDD - ok
17:32:39.0131 2372  [ 9706B84DBABFC4B4CA46C5A82B14DFA3 ] RDPDR           C:\windows\system32\drivers\rdpdr.sys
17:32:39.0209 2372  RDPDR - ok
17:32:39.0256 2372  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\windows\system32\drivers\rdpencdd.sys
17:32:39.0302 2372  RDPENCDD - ok
17:32:39.0318 2372  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\windows\system32\drivers\rdprefmp.sys
17:32:39.0380 2372  RDPREFMP - ok
17:32:39.0412 2372  [ 447DE7E3DEA39D422C1504F245B668B1 ] RDPWD           C:\windows\system32\drivers\RDPWD.sys
17:32:39.0458 2372  RDPWD - ok
17:32:39.0505 2372  [ 634B9A2181D98F15941236886164EC8B ] rdyboost        C:\windows\system32\drivers\rdyboost.sys
17:32:39.0536 2372  rdyboost - ok
17:32:39.0583 2372  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\windows\System32\mprdim.dll
17:32:39.0646 2372  RemoteAccess - ok
17:32:39.0677 2372  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\windows\system32\regsvc.dll
17:32:39.0739 2372  RemoteRegistry - ok
17:32:39.0802 2372  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\windows\system32\DRIVERS\rfcomm.sys
17:32:39.0848 2372  RFCOMM - ok
17:32:39.0895 2372  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\windows\System32\RpcEpMap.dll
17:32:39.0942 2372  RpcEptMapper - ok
17:32:39.0973 2372  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\windows\system32\locator.exe
17:32:40.0020 2372  RpcLocator - ok
17:32:40.0051 2372  [ 7266972E86890E2B30C0C322E906B027 ] RpcSs           C:\windows\system32\rpcss.dll
17:32:40.0098 2372  RpcSs - ok
17:32:40.0145 2372  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\windows\system32\DRIVERS\rspndr.sys
17:32:40.0192 2372  rspndr - ok
17:32:40.0270 2372  [ BA3E57C89E6F63808D3F2B11E1A2AD3C ] RTL8167         C:\windows\system32\DRIVERS\Rt64win7.sys
17:32:40.0301 2372  RTL8167 - ok
17:32:40.0363 2372  [ 73157D4A4F6DA18C5148E47CB958AF58 ] rtsuvc          C:\windows\system32\DRIVERS\rtsuvc.sys
17:32:40.0472 2372  rtsuvc - ok
17:32:40.0504 2372  [ 88AF6E02AB19DF7FD07ECDF9C91E9AF6 ] s3cap           C:\windows\system32\DRIVERS\vms3cap.sys
17:32:40.0597 2372  s3cap - ok
17:32:40.0613 2372  [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs           C:\windows\system32\lsass.exe
17:32:40.0660 2372  SamSs - ok
17:32:40.0706 2372  [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port        C:\windows\system32\DRIVERS\sbp2port.sys
17:32:40.0753 2372  sbp2port - ok
17:32:40.0831 2372  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\windows\System32\SCardSvr.dll
17:32:40.0987 2372  SCardSvr - ok
17:32:41.0018 2372  [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter        C:\windows\system32\DRIVERS\scfilter.sys
17:32:41.0159 2372  scfilter - ok
17:32:41.0206 2372  [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule        C:\windows\system32\schedsvc.dll
17:32:41.0299 2372  Schedule - ok
17:32:41.0330 2372  [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc     C:\windows\System32\certprop.dll
17:32:41.0393 2372  SCPolicySvc - ok
17:32:41.0455 2372  [ 54E47AD086782D3AE9417C155CDCEB9B ] sdbus           C:\windows\system32\DRIVERS\sdbus.sys
17:32:41.0471 2372  sdbus - ok
17:32:41.0533 2372  [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC          C:\windows\System32\SDRSVC.dll
17:32:41.0627 2372  SDRSVC - ok
17:32:41.0705 2372  [ CC781378E7EDA615D2CDCA3B17829FA4 ] SeaPort         C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
17:32:41.0736 2372  SeaPort - ok
17:32:41.0767 2372  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\windows\system32\drivers\secdrv.sys
17:32:41.0845 2372  secdrv - ok
17:32:41.0876 2372  [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon        C:\windows\system32\seclogon.dll
17:32:41.0970 2372  seclogon - ok
17:32:41.0986 2372  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\windows\System32\sens.dll
17:32:42.0064 2372  SENS - ok
17:32:42.0126 2372  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\windows\system32\sensrsvc.dll
17:32:42.0204 2372  SensrSvc - ok
17:32:42.0251 2372  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\windows\system32\DRIVERS\serenum.sys
17:32:42.0266 2372  Serenum - ok
17:32:42.0313 2372  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\windows\system32\DRIVERS\serial.sys
17:32:42.0344 2372  Serial - ok
17:32:42.0376 2372  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\windows\system32\DRIVERS\sermouse.sys
17:32:42.0407 2372  sermouse - ok
17:32:42.0485 2372  [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv      C:\windows\system32\sessenv.dll
17:32:42.0547 2372  SessionEnv - ok
17:32:42.0563 2372  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\windows\system32\DRIVERS\sffdisk.sys
17:32:42.0625 2372  sffdisk - ok
17:32:42.0641 2372  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\windows\system32\DRIVERS\sffp_mmc.sys
17:32:42.0656 2372  sffp_mmc - ok
17:32:42.0688 2372  [ 178298F767FE638C9FEDCBDEF58BB5E4 ] sffp_sd         C:\windows\system32\DRIVERS\sffp_sd.sys
17:32:42.0734 2372  sffp_sd - ok
17:32:42.0766 2372  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\windows\system32\DRIVERS\sfloppy.sys
17:32:42.0828 2372  sfloppy - ok
17:32:42.0875 2372  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\windows\System32\ipnathlp.dll
17:32:43.0031 2372  SharedAccess - ok
17:32:43.0078 2372  [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\windows\System32\shsvcs.dll
17:32:43.0171 2372  ShellHWDetection - ok
17:32:43.0249 2372  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\windows\system32\DRIVERS\SiSRaid2.sys
17:32:43.0280 2372  SiSRaid2 - ok
17:32:43.0312 2372  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\windows\system32\DRIVERS\sisraid4.sys
17:32:43.0343 2372  SiSRaid4 - ok
17:32:43.0436 2372  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\windows\system32\DRIVERS\smb.sys
17:32:43.0592 2372  Smb - ok
17:32:43.0686 2372  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\windows\System32\snmptrap.exe
17:32:43.0733 2372  SNMPTRAP - ok
17:32:43.0764 2372  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\windows\system32\drivers\spldr.sys
17:32:43.0811 2372  spldr - ok
17:32:43.0858 2372  [ 567977DC43CC13C4C35ED7084C0B84D5 ] Spooler         C:\windows\System32\spoolsv.exe
17:32:43.0982 2372  Spooler - ok
17:32:44.0138 2372  [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc          C:\windows\system32\sppsvc.exe
17:32:44.0388 2372  sppsvc - ok
17:32:44.0419 2372  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\windows\system32\sppuinotify.dll
17:32:44.0560 2372  sppuinotify - ok
17:32:44.0622 2372  [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv             C:\windows\system32\DRIVERS\srv.sys
17:32:44.0731 2372  srv - ok
17:32:44.0778 2372  [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2            C:\windows\system32\DRIVERS\srv2.sys
17:32:44.0840 2372  srv2 - ok
17:32:44.0872 2372  [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet          C:\windows\system32\DRIVERS\srvnet.sys
17:32:44.0934 2372  srvnet - ok
17:32:44.0996 2372  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\windows\System32\ssdpsrv.dll
17:32:45.0121 2372  SSDPSRV - ok
17:32:45.0168 2372  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\windows\system32\sstpsvc.dll
17:32:45.0246 2372  SstpSvc - ok
17:32:45.0324 2372  [ C692C94FE55CAD0633440236022C27B3 ] ssudmdm         C:\windows\system32\DRIVERS\ssudmdm.sys
17:32:45.0355 2372  ssudmdm - ok
17:32:45.0511 2372  [ E455F5FE92EDC3CAD3F2963C5CCA47E6 ] STacSV          C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\STacSV64.exe
17:32:45.0558 2372  STacSV - ok
17:32:45.0589 2372  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\windows\system32\DRIVERS\stexstor.sys
17:32:45.0636 2372  stexstor - ok
17:32:45.0745 2372  [ 4A9D087C9A97071B9D06DB38567DA906 ] STHDA           C:\windows\system32\DRIVERS\stwrt64.sys
17:32:45.0823 2372  STHDA - ok
17:32:45.0979 2372  [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc          C:\windows\System32\wiaservc.dll
17:32:46.0120 2372  stisvc - ok
17:32:46.0198 2372  [ AD989072596AB313D7FA13BCF69573F7 ] stllssvr        c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
17:32:46.0276 2372  stllssvr - ok
17:32:46.0291 2372  [ FFD7A6F15B14234B5B0E5D49E7961895 ] storflt         C:\windows\system32\DRIVERS\vmstorfl.sys
17:32:46.0354 2372  storflt - ok
17:32:46.0385 2372  [ C40841817EF57D491F22EB103DA587CC ] StorSvc         C:\windows\system32\storsvc.dll
17:32:46.0494 2372  StorSvc - ok
17:32:46.0525 2372  [ 8FCCBEFC5C440B3C23454656E551B09A ] storvsc         C:\windows\system32\DRIVERS\storvsc.sys
17:32:46.0572 2372  storvsc - ok
17:32:46.0588 2372  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\windows\system32\DRIVERS\swenum.sys
17:32:46.0634 2372  swenum - ok
17:32:46.0728 2372  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\windows\System32\swprv.dll
17:32:46.0900 2372  swprv - ok
17:32:46.0962 2372  [ 3C80203C725C28CEA5713D1AB242880A ] SynTP           C:\windows\system32\DRIVERS\SynTP.sys
17:32:47.0040 2372  SynTP - ok
17:32:47.0118 2372  [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain         C:\windows\system32\sysmain.dll
17:32:47.0290 2372  SysMain - ok
17:32:47.0352 2372  [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\windows\System32\TabSvc.dll
17:32:47.0414 2372  TabletInputService - ok
17:32:47.0477 2372  [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv         C:\windows\System32\tapisrv.dll
17:32:47.0633 2372  TapiSrv - ok
17:32:47.0664 2372  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\windows\System32\tbssvc.dll
17:32:47.0773 2372  TBS - ok
17:32:47.0960 2372  [ 5CFB7AB8F9524D1A1E14369DE63B83CC ] Tcpip           C:\windows\system32\drivers\tcpip.sys
17:32:48.0101 2372  Tcpip - ok
17:32:48.0272 2372  [ 5CFB7AB8F9524D1A1E14369DE63B83CC ] TCPIP6          C:\windows\system32\DRIVERS\tcpip.sys
17:32:48.0382 2372  TCPIP6 - ok
17:32:48.0413 2372  [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg        C:\windows\system32\drivers\tcpipreg.sys
17:32:48.0538 2372  tcpipreg - ok
17:32:48.0569 2372  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\windows\system32\drivers\tdpipe.sys
17:32:48.0725 2372  TDPIPE - ok
17:32:48.0787 2372  [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP           C:\windows\system32\drivers\tdtcp.sys
17:32:48.0834 2372  TDTCP - ok
17:32:48.0881 2372  [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx             C:\windows\system32\DRIVERS\tdx.sys
17:32:48.0990 2372  tdx - ok
17:32:49.0224 2372  [ 839E88DB24D2D8F05B72E12B175951CA ] TeamViewer6     C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
17:32:49.0396 2372  TeamViewer6 - ok
17:32:49.0427 2372  [ C448651339196C0E869A355171875522 ] TermDD          C:\windows\system32\DRIVERS\termdd.sys
17:32:49.0458 2372  TermDD - ok
17:32:49.0614 2372  [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService     C:\windows\System32\termsrv.dll
17:32:49.0910 2372  TermService - ok
17:32:49.0957 2372  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\windows\system32\themeservice.dll
17:32:50.0035 2372  Themes - ok
17:32:50.0098 2372  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\windows\system32\mmcss.dll
17:32:50.0207 2372  THREADORDER - ok
17:32:50.0285 2372  [ DBCC20C02E8A3E43B03C304A4E40A84F ] TPM             C:\windows\system32\drivers\tpm.sys
17:32:50.0347 2372  TPM - ok
17:32:50.0394 2372  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\windows\System32\trkwks.dll
17:32:50.0534 2372  TrkWks - ok
17:32:50.0597 2372  [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
17:32:50.0659 2372  TrustedInstaller - ok
17:32:50.0706 2372  [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv        C:\windows\system32\DRIVERS\tssecsrv.sys
17:32:50.0846 2372  tssecsrv - ok
17:32:50.0956 2372  [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel          C:\windows\system32\DRIVERS\tunnel.sys
17:32:51.0112 2372  tunnel - ok
17:32:51.0268 2372  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\windows\system32\DRIVERS\uagp35.sys
17:32:51.0314 2372  uagp35 - ok
17:32:51.0408 2372  [ C06E6F4679CEB8F430B90A51D76D8D3C ] udfs            C:\windows\system32\DRIVERS\udfs.sys
17:32:51.0470 2372  udfs - ok
17:32:51.0517 2372  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\windows\system32\UI0Detect.exe
17:32:51.0564 2372  UI0Detect - ok
17:32:51.0595 2372  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\windows\system32\DRIVERS\uliagpkx.sys
17:32:51.0642 2372  uliagpkx - ok
17:32:51.0673 2372  [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus           C:\windows\system32\DRIVERS\umbus.sys
17:32:51.0720 2372  umbus - ok
17:32:51.0751 2372  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\windows\system32\DRIVERS\umpass.sys
17:32:51.0829 2372  UmPass - ok
17:32:51.0892 2372  [ AF0AC98EE5077EB844413EB54287FDE3 ] UmRdpService    C:\windows\System32\umrdp.dll
17:32:51.0954 2372  UmRdpService - ok
17:32:52.0032 2372  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\windows\System32\upnphost.dll
17:32:52.0204 2372  upnphost - ok
17:32:52.0313 2372  [ 537A4E03D7103C12D42DFD8FFDB5BDC9 ] usbccgp         C:\windows\system32\DRIVERS\usbccgp.sys
17:32:52.0406 2372  usbccgp - ok
17:32:52.0500 2372  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\windows\system32\DRIVERS\usbcir.sys
17:32:52.0578 2372  usbcir - ok
17:32:52.0640 2372  [ FBB21EBE49F6D560DB37AC25FBC68E66 ] usbehci         C:\windows\system32\DRIVERS\usbehci.sys
17:32:52.0687 2372  usbehci - ok
17:32:52.0796 2372  [ 6B7A8A99C4A459E73C286A6763EA24CC ] usbhub          C:\windows\system32\DRIVERS\usbhub.sys
17:32:52.0843 2372  usbhub - ok
17:32:52.0874 2372  [ 8C88AA7617B4CBC2E4BED61D26B33A27 ] usbohci         C:\windows\system32\DRIVERS\usbohci.sys
17:32:52.0952 2372  usbohci - ok
17:32:53.0015 2372  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\windows\system32\DRIVERS\usbprint.sys
17:32:53.0186 2372  usbprint - ok
17:32:53.0264 2372  [ F39983647BC1F3E6100778DDFE9DCE29 ] USBSTOR         C:\windows\system32\DRIVERS\USBSTOR.SYS
17:32:53.0358 2372  USBSTOR - ok
17:32:53.0389 2372  [ 0B5B3B2DF3FD1709618ACFA50B8392B0 ] usbuhci         C:\windows\system32\drivers\usbuhci.sys
17:32:53.0467 2372  usbuhci - ok
17:32:53.0530 2372  [ 7CB8C573C6E4A2714402CC0A36EAB4FE ] usbvideo        C:\windows\System32\Drivers\usbvideo.sys
17:32:53.0639 2372  usbvideo - ok
17:32:53.0701 2372  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\windows\System32\uxsms.dll
17:32:53.0810 2372  UxSms - ok
17:32:53.0920 2372  [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc        C:\windows\system32\lsass.exe
17:32:53.0966 2372  VaultSvc - ok
17:32:54.0029 2372  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\windows\system32\DRIVERS\vdrvroot.sys
17:32:54.0060 2372  vdrvroot - ok
17:32:54.0138 2372  [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds             C:\windows\System32\vds.exe
17:32:54.0232 2372  vds - ok
17:32:54.0294 2372  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\windows\system32\DRIVERS\vgapnp.sys
17:32:54.0341 2372  vga - ok
17:32:54.0388 2372  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\windows\System32\drivers\vga.sys
17:32:54.0497 2372  VgaSave - ok
17:32:54.0575 2372  [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp           C:\windows\system32\DRIVERS\vhdmp.sys
17:32:54.0622 2372  vhdmp - ok
17:32:54.0653 2372  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\windows\system32\DRIVERS\viaide.sys
17:32:54.0700 2372  viaide - ok
17:32:54.0731 2372  [ 1501699D7EDA984ABC4155A7DA5738D1 ] vmbus           C:\windows\system32\DRIVERS\vmbus.sys
17:32:54.0778 2372  vmbus - ok
17:32:54.0809 2372  [ AE10C35761889E65A6F7176937C5592C ] VMBusHID        C:\windows\system32\DRIVERS\VMBusHID.sys
17:32:54.0856 2372  VMBusHID - ok
17:32:54.0871 2372  [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr          C:\windows\system32\DRIVERS\volmgr.sys
17:32:54.0887 2372  volmgr - ok
17:32:54.0918 2372  [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx         C:\windows\system32\drivers\volmgrx.sys
17:32:54.0965 2372  volmgrx - ok
17:32:55.0012 2372  [ 9E425AC5C9A5A973273D169F43B4F5E1 ] volsnap         C:\windows\system32\drivers\volsnap.sys
17:32:55.0027 2372  volsnap - ok
17:32:55.0074 2372  [ ABD9B4A7E2D0AE51A3B8DF1AF3152D61 ] vpcbus          C:\windows\system32\DRIVERS\vpchbus.sys
17:32:55.0168 2372  vpcbus - ok
17:32:55.0230 2372  [ 8ACDA395841538CE9713A67FE8B2A3EB ] vpcnfltr        C:\windows\system32\DRIVERS\vpcnfltr.sys
17:32:55.0277 2372  vpcnfltr - ok
17:32:55.0308 2372  [ 31924E31BC315773E6D149B157DB46D5 ] vpcusb          C:\windows\system32\DRIVERS\vpcusb.sys
17:32:55.0370 2372  vpcusb - ok
17:32:55.0448 2372  [ A5D16559D80CFA1DCB98F46410BE5551 ] vpcvmm          C:\windows\system32\drivers\vpcvmm.sys
17:32:55.0511 2372  vpcvmm - ok
17:32:55.0542 2372  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\windows\system32\DRIVERS\vsmraid.sys
17:32:55.0589 2372  vsmraid - ok
17:32:55.0760 2372  [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS             C:\windows\system32\vssvc.exe
17:32:55.0885 2372  VSS - ok
17:32:55.0963 2372  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\windows\system32\DRIVERS\vwifibus.sys
17:32:56.0010 2372  vwifibus - ok
17:32:56.0057 2372  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\windows\system32\DRIVERS\vwififlt.sys
17:32:56.0104 2372  vwififlt - ok
17:32:56.0150 2372  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\windows\system32\DRIVERS\vwifimp.sys
17:32:56.0213 2372  vwifimp - ok
17:32:56.0416 2372  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\windows\system32\w32time.dll
17:32:56.0572 2372  W32Time - ok
17:32:56.0618 2372  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\windows\system32\DRIVERS\wacompen.sys
17:32:56.0665 2372  WacomPen - ok
17:32:56.0712 2372  [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP          C:\windows\system32\DRIVERS\wanarp.sys
17:32:56.0806 2372  WANARP - ok
17:32:56.0821 2372  [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6        C:\windows\system32\DRIVERS\wanarp.sys
17:32:56.0884 2372  Wanarpv6 - ok
17:32:57.0024 2372  [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine        C:\windows\system32\wbengine.exe
17:32:57.0133 2372  wbengine - ok
17:32:57.0164 2372  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\windows\System32\wbiosrvc.dll
17:32:57.0227 2372  WbioSrvc - ok
17:32:57.0274 2372  [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc         C:\windows\System32\wcncsvc.dll
17:32:57.0367 2372  wcncsvc - ok
17:32:57.0414 2372  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
17:32:57.0539 2372  WcsPlugInService - ok
17:32:57.0570 2372  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\windows\system32\DRIVERS\wd.sys
17:32:57.0617 2372  Wd - ok
17:32:57.0695 2372  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\windows\system32\drivers\Wdf01000.sys
17:32:57.0788 2372  Wdf01000 - ok
17:32:57.0866 2372  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\windows\system32\wdi.dll
17:32:57.0944 2372  WdiServiceHost - ok
17:32:57.0944 2372  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\windows\system32\wdi.dll
17:32:58.0007 2372  WdiSystemHost - ok
17:32:58.0038 2372  [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient       C:\windows\System32\webclnt.dll
17:32:58.0116 2372  WebClient - ok
17:32:58.0178 2372  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\windows\system32\wecsvc.dll
17:32:58.0303 2372  Wecsvc - ok
17:32:58.0350 2372  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\windows\System32\wercplsupport.dll
17:32:58.0475 2372  wercplsupport - ok
17:32:58.0537 2372  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\windows\System32\WerSvc.dll
17:32:58.0678 2372  WerSvc - ok
17:32:58.0771 2372  [ C48CA80FDC6926A9FC2F520379BDB635 ] WFMC_VAD        C:\windows\system32\DRIVERS\wfmcvad.sys
17:32:58.0849 2372  WFMC_VAD - ok
17:32:58.0912 2372  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\windows\system32\DRIVERS\wfplwf.sys
17:32:59.0021 2372  WfpLwf - ok
17:32:59.0068 2372  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\windows\system32\drivers\wimmount.sys
17:32:59.0099 2372  WIMMount - ok
17:32:59.0161 2372  WinDefend - ok
17:32:59.0177 2372  WinHttpAutoProxySvc - ok
17:32:59.0239 2372  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\windows\system32\wbem\WMIsvc.dll
17:32:59.0364 2372  Winmgmt - ok
17:32:59.0520 2372  [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM           C:\windows\system32\WsmSvc.dll
17:32:59.0738 2372  WinRM - ok
17:32:59.0832 2372  [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb          C:\windows\system32\DRIVERS\WinUsb.sys
17:32:59.0879 2372  WinUsb - ok
17:32:59.0988 2372  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\windows\System32\wlansvc.dll
17:33:00.0144 2372  Wlansvc - ok
17:33:00.0253 2372  [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
17:33:00.0284 2372  wlcrasvc - ok
17:33:00.0550 2372  [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:33:00.0752 2372  wlidsvc - ok
17:33:00.0846 2372  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\windows\system32\DRIVERS\wmiacpi.sys
17:33:00.0908 2372  WmiAcpi - ok
17:33:00.0986 2372  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\windows\system32\wbem\WmiApSrv.exe
17:33:01.0002 2372  wmiApSrv - ok
17:33:01.0049 2372  WMPNetworkSvc - ok
17:33:01.0096 2372  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\windows\System32\wpcsvc.dll
17:33:01.0189 2372  WPCSvc - ok
17:33:01.0220 2372  [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum      C:\windows\system32\wpdbusenum.dll
17:33:01.0314 2372  WPDBusEnum - ok
17:33:01.0345 2372  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\windows\system32\drivers\ws2ifsl.sys
17:33:01.0470 2372  ws2ifsl - ok
17:33:01.0532 2372  [ 8F9F3969933C02DA96EB0F84576DB43E ] wscsvc          C:\windows\System32\wscsvc.dll
17:33:01.0642 2372  wscsvc - ok
17:33:01.0657 2372  WSearch - ok
17:33:01.0798 2372  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\windows\system32\wuaueng.dll
17:33:01.0969 2372  wuauserv - ok
17:33:02.0032 2372  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\windows\system32\drivers\WudfPf.sys
17:33:02.0110 2372  WudfPf - ok
17:33:02.0156 2372  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\windows\system32\DRIVERS\WUDFRd.sys
17:33:02.0203 2372  WUDFRd - ok
17:33:02.0234 2372  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\windows\System32\WUDFSvc.dll
17:33:02.0281 2372  wudfsvc - ok
17:33:02.0312 2372  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\windows\System32\wwansvc.dll
17:33:02.0484 2372  WwanSvc - ok
17:33:02.0656 2372  ================ Scan global ===============================
17:33:02.0702 2372  [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
17:33:02.0780 2372  [ 3FB74FF230B5D240A57AE1C4A3D0459D ] C:\windows\system32\winsrv.dll
17:33:02.0812 2372  [ 3FB74FF230B5D240A57AE1C4A3D0459D ] C:\windows\system32\winsrv.dll
17:33:02.0858 2372  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
17:33:02.0890 2372  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
17:33:02.0921 2372  [Global] - ok
17:33:02.0921 2372  ================ Scan MBR ==================================
17:33:02.0936 2372  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
17:33:03.0389 2372  \Device\Harddisk0\DR0 - ok
17:33:03.0404 2372  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
17:33:03.0950 2372  \Device\Harddisk1\DR1 - ok
17:33:03.0950 2372  ================ Scan VBR ==================================
17:33:03.0966 2372  [ 9FBDE939037D8CA30DD4BD62C1FBD15E ] \Device\Harddisk0\DR0\Partition1
17:33:03.0982 2372  \Device\Harddisk0\DR0\Partition1 - ok
17:33:03.0997 2372  [ 72B2D65ECB6A84C747BB46FF2BD99C2D ] \Device\Harddisk0\DR0\Partition2
17:33:03.0997 2372  \Device\Harddisk0\DR0\Partition2 - ok
17:33:04.0028 2372  [ 7613837C291AE9EAE3E4B3CC5DF26FA3 ] \Device\Harddisk0\DR0\Partition3
17:33:04.0044 2372  \Device\Harddisk0\DR0\Partition3 - ok
17:33:04.0091 2372  [ 99BF7B34DEB0BC77F6BC8453F5FD0BAC ] \Device\Harddisk0\DR0\Partition4
17:33:04.0106 2372  \Device\Harddisk0\DR0\Partition4 - ok
17:33:04.0122 2372  [ 211240A86FAEA3A373A0BE3F0D56A27E ] \Device\Harddisk1\DR1\Partition1
17:33:04.0122 2372  \Device\Harddisk1\DR1\Partition1 - ok
17:33:04.0122 2372  ============================================================
17:33:04.0122 2372  Scan finished
17:33:04.0122 2372  ============================================================
17:33:04.0200 5116  Detected object count: 1
17:33:04.0200 5116  Actual detected object count: 1
17:33:12.0062 5116  LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
17:33:12.0062 5116  LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:34:22.0584 1696  Deinitialize success
__________________
Alt 06.05.2013, 20:48   #18
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Ordner auf externer Festplatte nur noch als Verknüpfungen - Standard

Ordner auf externer Festplatte nur noch als Verknüpfungen


JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.
__________________
__________________
Alt 06.05.2013, 23:15   #19
kleinerrek
 
Ordner auf externer Festplatte nur noch als Verknüpfungen - Standard

Ordner auf externer Festplatte nur noch als Verknüpfungen


Hier die Logs...

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.3 (04.29.2013:2)
OS: Windows 7 Professional x64
Ran by user on 06.05.2013 at 23:06:41,77
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Failed to stop: [Service] browserprotect 
Failed to stop: [Service] icq service 



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\apnupdater
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D0F4A166-B8D4-48b8-9D63-80849FE137CB}
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113}
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D0F4A166-B8D4-48b8-9D63-80849FE137CB}
Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{D0F4A166-B8D4-48b8-9D63-80849FE137CB}
Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{D0F4A166-B8D4-48b8-9D63-80849FE137CB}
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-3307170189-2184238555-2358492798-1001\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\AboutURLs\\Tabs
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} 



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\escort.escortiepane
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\escort.escortiepane.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\esrv.babylonesrvc
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\esrv.babylonesrvc.1
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\1clickdownload
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylon
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\babylontoolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylontoolbar
Failed to delete: [Registry Key] HKEY_CURRENT_USER\Software\datamngr
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\datamngr
Failed to delete: [Registry Key] HKEY_CURRENT_USER\Software\datamngr_toolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\dealply
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\dealply
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\filescout
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\firstsearch
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\iminent
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\performersoft llc
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\winamp toolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\winamp toolbar
Failed to delete: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\windows\currentversion\ext\bprotectsettings
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\dnu.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\escort.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\escortapp.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\escorteng.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\escortlbr.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\esrv.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\genericasktoolbar.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\icq service.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\pricepeep.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\winamptbserver.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\yontooieclient.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\b
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\babylon.dskbnd
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\babylon.dskbnd.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bbylnapp.appcore
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bbylnapp.appcore.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bbylntlbr.bbylntlbrhlpr
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bbylntlbr.bbylntlbrhlpr.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\delta.deltaappcore
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\delta.deltaappcore.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\delta.deltadskbnd
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\delta.deltadskbnd.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\delta.deltahlpr
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\delta.deltahlpr.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdate
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloaduibrowser
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloaduibrowser.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloadupdcontroller
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloadupdcontroller.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\esrv.deltaesrvc
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\esrv.deltaesrvc.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\genericasktoolbar.toolbarwnd
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\genericasktoolbar.toolbarwnd.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\icqtoolbar.iehook
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\icqtoolbar.iehook.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\features\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\products\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\pricepeep.pricepeepbho
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\pricepeep.pricepeepbho.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\winamptb.aoltbsearch
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\winamptb.aoltbsearch.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\winamptb.aoltoolband
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\winamptb.aoltoolband.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\winamptb.downloader
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\winamptb.downloader.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\winamptb.toolbarinfo
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\winamptb.toolbarinfo.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\winamptb.toolbarparams
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\winamptb.toolbarparams.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\winamptbserver.aoltoolbarhelper
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\winamptbserver.aoltoolbarhelper.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\yontooieclient.api
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\yontooieclient.api.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\yontooieclient.layers
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\yontooieclient.layers.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\mybabylontb_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\mybabylontb_rasmancs
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\datamngr
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}
Failed to delete: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{C8D6FDBE-E27F-437B-BCA8-9FB440FBEABF}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC} 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} 
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} 
Successfully deleted: [Registry Key] "hkey_current_user\software\apn" 
Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\software\asktoolbar" 
Successfully deleted: [Registry Key] "hkey_current_user\software\ask.com" 
Successfully deleted: [Registry Key] "hkey_local_machine\software\apn" 
Successfully deleted: [Registry Key] "hkey_local_machine\software\asktoolbar" 



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\babylon"
Failed to delete: [Folder] "C:\ProgramData\browserprotect"
Successfully deleted: [Folder] "C:\ProgramData\tarma installer"
Successfully deleted: [Folder] "C:\ProgramData\winamp toolbar"
Successfully deleted: [Folder] "C:\Users\user\AppData\Roaming\babsolution"
Successfully deleted: [Folder] "C:\Users\user\AppData\Roaming\babylon"
Successfully deleted: [Folder] "C:\Users\user\AppData\Roaming\dealply"
Successfully deleted: [Folder] "C:\Users\user\AppData\Roaming\dvdvideosoftiehelpers"
Successfully deleted: [Folder] "C:\Users\user\AppData\Roaming\file scout"
Successfully deleted: [Folder] "C:\Users\user\AppData\Roaming\opencandy"
Successfully deleted: [Folder] "C:\Users\user\appdata\local\winamp toolbar"
Successfully deleted: [Folder] "C:\Users\user\appdata\locallow\babylontoolbar"
Successfully deleted: [Folder] "C:\Program Files (x86)\babylontoolbar"
Successfully deleted: [Folder] "C:\Program Files (x86)\dealply"
Successfully deleted: [Folder] "C:\Program Files (x86)\delta"
Successfully deleted: [Folder] "C:\Program Files (x86)\file scout"
Successfully deleted: [Folder] "C:\Program Files (x86)\icq6toolbar"
Successfully deleted: [Folder] "C:\Program Files (x86)\pricepeep"
Successfully deleted: [Folder] "C:\Program Files (x86)\winamp toolbar"
Successfully deleted: [Folder] "C:\Program Files (x86)\yontoo"
Successfully deleted: [Folder] "C:\Program Files (x86)\Common Files\software update utility"
Successfully deleted: [Folder] "C:\Users\user\AppData\Roaming\microsoft\windows\start menu\programs\BrowserProtect"
Successfully deleted: [Folder] "C:\Users\user\AppData\Roaming\microsoft\windows\start menu\programs\dealply"
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{16AA060E-C355-484E-9829-C562E557432E}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{2D0ACEFE-6290-4795-B77C-152483D41E72}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{54DD4132-3D01-43D2-9353-99A5C0B1C8CE}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{5A5756B6-F89B-413A-99B2-551342ABE805}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{6E22A84B-835D-47FB-BF9A-8BF014D0FEBC}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{841F4FBA-70BE-483C-A246-4D4A89A21BC6}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{8D9F78D6-FB3B-4D8E-A5D6-C9942D0F5618}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{B089394F-790D-4637-8E44-BEC91946C3FC}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{CE89514F-A7D0-4EE1-BDBD-A5033307E474}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{DD4833CD-44A1-43BB-B9FD-D90CF12DA604}
Successfully deleted: [Folder] "C:\ProgramData\ask" 
Successfully deleted: [Folder] "C:\Users\user\appdata\locallow\asktoolbar" 
Successfully deleted: [Folder] "C:\Program Files (x86)\ask.com" 
Successfully deleted: [Folder] "C:\windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}" 



~~~ FireFox

Failed to delete: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml"
Successfully deleted: [File] C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\yhe2fwoh.default\user.js
Successfully deleted: [File] C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\yhe2fwoh.default\bprotector_extensions.sqlite
Successfully deleted: [File] C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\yhe2fwoh.default\bprotector_prefs.js
Successfully deleted: [File] "C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\yhe2fwoh.default\extensions\DivXWebPlayer@divx.com.xpi" 
Successfully deleted: [File] C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\yhe2fwoh.default\extensions\pricepeep@getpricepeep.com.xpi
Successfully deleted: [File] C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\yhe2fwoh.default\searchplugins\askcom.xml
Failed to delete: [File] C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\yhe2fwoh.default\searchplugins\babylon.xml
Successfully deleted: [File] C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\yhe2fwoh.default\searchplugins\browserprotect.xml
Successfully deleted: [File] C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\yhe2fwoh.default\searchplugins\delta.xml
Successfully deleted: [File] C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\yhe2fwoh.default\searchplugins\web search.xml
Successfully deleted: [Folder] C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\yhe2fwoh.default\jetpack
Successfully deleted: [Folder] C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\yhe2fwoh.default\extensions\pricepeep@getpricepeep.com
Successfully deleted: [Folder] C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\yhe2fwoh.default\extensions\toolbar@ask.com
Successfully deleted: [Folder] C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\yhe2fwoh.default\extensions\toolbar@web.de
Successfully deleted: [Folder] C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\yhe2fwoh.default\extensions\{ACAA314B-EEBA-48E4-AD47-84E31C44796C}
Successfully deleted the following from C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\yhe2fwoh.default\prefs.js

user_pref("aol_toolbar.surf.date", "323");
user_pref("aol_toolbar.surf.lastDate", "29");
user_pref("aol_toolbar.surf.lastMonth", "0");
user_pref("aol_toolbar.surf.lastYear", "2013");
user_pref("aol_toolbar.surf.month", "2951");
user_pref("aol_toolbar.surf.prevMonth", "1603");
user_pref("aol_toolbar.surf.total", "4585");
user_pref("aol_toolbar.surf.week", "660");
user_pref("aol_toolbar.surf.year", "2951");
user_pref("browser.search.defaultengine", "Ask.com");
user_pref("browser.search.defaulturl", "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.9&q=");
user_pref("browser.search.selectedEngine", "Delta Search");
user_pref("extensions.asktb.abar-war-regex", "conduit\\.com");
user_pref("extensions.asktb.autofill-competitor-query-enabled", true);
user_pref("extensions.asktb.cbid", "^U3");
user_pref("extensions.asktb.config-updated", false);
user_pref("extensions.asktb.crumb", "2013.03.24+06.05.10-toolbar008iad-DE-T2xkZW5idXJnLEdlcm1hbnk%3D");
user_pref("extensions.asktb.default-channel-url-mask", "hxxp://de.ask.com/web?q={query}&qsrc={qsrc}&o={o}&l={l}&gct=bar");
user_pref("extensions.asktb.displaybehavior", "");
user_pref("extensions.asktb.displaytext", "");
user_pref("extensions.asktb.dtid", "^YYYYYY^YY^DE");
user_pref("extensions.asktb.dyn-weather-do-locid-lookup-weatherWidget", false);
user_pref("extensions.asktb.dyn-weather-locid-weatherWidget", "GMMV1943");
user_pref("extensions.asktb.dyn-weather-tempunit-weatherWidget", "C");
user_pref("extensions.asktb.ff-original-keyword-url", "");
user_pref("extensions.asktb.ff19-config-first-run", "true");
user_pref("extensions.asktb.fresh-install", false);
user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com\", \"www.facebook.com\", \"www.playsushi.com\", \"WWW.google.com\", \"hxxp
user_pref("extensions.asktb.keyword-toggled-in-session", false);
user_pref("extensions.asktb.l", "dis");
user_pref("extensions.asktb.last-config-req", "1367837915482");
user_pref("extensions.asktb.locale", "de_DE");
user_pref("extensions.asktb.location", "Oldenburg,Germany");
user_pref("extensions.asktb.lstation", "");
user_pref("extensions.asktb.new-tab-opt-out", true);
user_pref("extensions.asktb.news-native-on", true);
user_pref("extensions.asktb.o", "100000027");
user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
user_pref("extensions.asktb.pstate", "");
user_pref("extensions.asktb.qsrc", "2871");
user_pref("extensions.asktb.r", "19");
user_pref("extensions.asktb.search-suggestions-enabled", true);
user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", false);
user_pref("extensions.asktb.socialmini-first", true);
user_pref("extensions.asktb.socialmini-interval", "1200000");
user_pref("extensions.asktb.socialmini-max-char-ticker", "33");
user_pref("extensions.asktb.socialmini-max-items", "30");
user_pref("extensions.asktb.socialmini-native-on", true);
user_pref("extensions.asktb.socialmini-speed", "10000");
user_pref("extensions.asktb.socialmini-transition-first-open", false);
user_pref("extensions.asktb.to", "");
user_pref("extensions.asktb.v", "3.15.15.100013");
user_pref("extensions.asktb.volume", "");
user_pref("extensions.delta.admin", false);
user_pref("extensions.delta.aflt", "babsst");
user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
user_pref("extensions.delta.autoRvrt", "false");
user_pref("extensions.delta.dfltLng", "en");
user_pref("extensions.delta.excTlbr", false);
user_pref("extensions.delta.ffxUnstlRst", true);
user_pref("extensions.delta.id", "62c3ebff00000000000070f395b4a815");
user_pref("extensions.delta.instlDay", "15831");
user_pref("extensions.delta.instlRef", "sst");
user_pref("extensions.delta.newTab", false);
user_pref("extensions.delta.prdct", "delta");
user_pref("extensions.delta.prtnrId", "delta");
user_pref("extensions.delta.rvrt", "false");
user_pref("extensions.delta.smplGrp", "none");
user_pref("extensions.delta.tlbrId", "base");
user_pref("extensions.delta.tlbrSrchUrl", "");
user_pref("extensions.delta.vrsn", "1.8.16.16");
user_pref("extensions.delta.vrsni", "1.8.16.16");
user_pref("extensions.delta.vrsnTs", "1.8.16.1614:51:26");
user_pref("extensions.helperbar.SmartbarDisabled", true);
user_pref("extensions.helperbar.SmartbarStateMinimaized", true);
user_pref("extensions.vshare@toolbar.update.enabled", false);
user_pref("vshare.install.date", "1313850166");
user_pref("vshare.install.dumpFileCount", 0);
user_pref("vshare.install.dumpFileDisabled", false);
user_pref("vshare.install.finished", "1.0.0");
user_pref("vshare.install.fresh", "false");
user_pref("vshare.install.guid", "{c9bf93b0-80e8-44fd-bdd8-751d7a2e7238}");
user_pref("vshare.install.isHidden", true);
user_pref("vshare.install.istoolbarhp", true);
user_pref("vshare.install.istoolbarsearch", true);
user_pref("vshare.install.laststatreq", "1312848000000");
user_pref("vshare.install.newtab", false);
user_pref("vshare.install.overlayVersion", 1);
user_pref("vshare.install.userHPSettings", "hxxp://de.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official");
user_pref("vshare.install.userSPSettings", "Google");
Emptied folder: C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\yhe2fwoh.default\minidumps [5 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 06.05.2013 at 23:33:02,40
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter
# AdwCleaner v2.300 - Datei am 06/05/2013 um 23:48:35 erstellt
# Aktualisiert am 28/04/2013 von Xplode
# Betriebssystem : Windows 7 Professional  (64 bits)
# Benutzer : user - USER-HP
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\user\Downloads\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****

Gestoppt & Gelöscht : BrowserProtect
Gestoppt & Gelöscht : ICQ Service

***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
Gelöscht mit Neustart : C:\ProgramData\BrowserProtect
Ordner Gelöscht : C:\Program Files (x86)\AddLyrics
Ordner Gelöscht : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelöscht : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\BI
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\Delta
Schlüssel Gelöscht : HKCU\Software\delta LTD
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
Schlüssel Gelöscht : HKCU\Software\5d48ddae16eba17
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{38A066B0-DD5F-4226-AC4F-6A27C1BFB892}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{5D723752-5899-47E8-99B4-62C824EF9E13}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{3BF3DED5-0FC8-4207-AC09-AA7B5AF4E408}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{507591C2-2F4E-46A7-92D6-E6CFF82E5F26}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{538CD77C-BFDD-49B0-9562-77419CAB89D1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\Delta
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\5d48ddae16eba17
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{57BCA5FA-5DBB-45A2-B558-1755C3F6253B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6EF4E91D-DDD5-4478-BCA7-DA04435934C0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{841FD004-57A2-4B49-BBDB-5897394619DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B38D6EDE-390B-4620-8365-29E16459EBDA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E1164984-B567-47BD-A7FF-240C2594404A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EF7BD87A-8024-11E2-F316-F3E56188709B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F20F11FD-203E-45A9-B7BB-AFC1B4FEA7A6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE178B09-C8AA-4734-804D-1849BCCA0C29}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0F54B66A-21CF-4548-AE59-A6B83EE6676F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1B97A696-5576-43AC-A73B-E1D2C78F21E8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{51A971CA-D36E-4D13-A799-2CF0A491D04D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{56FBEA9F-EF93-4318-B75F-A96FC7C7BD7B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66DD22B9-6521-4B05-97DB-0EBC00B1DA5D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{75BF416E-4326-45B5-8A2D-AE32D05B930B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{78B3C85E-44FF-4DC8-B3AD-156F39DC75E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{841FD004-57A2-4B49-BBDB-5897394619DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E1164984-B567-47BD-A7FF-240C2594404A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E19FDA06-5BDF-43C2-B794-BCD8A4C2051F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FAB076F5-E4DD-4EA4-AFEE-F18BF972B057}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A8C2644D-BF72-4A89-A88C-D85F565F2F46}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF7BD87A-8024-11E2-F316-F3E56188709B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Delta
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ICQToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\PricePeep
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Winamp Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0F54B66A-21CF-4548-AE59-A6B83EE6676F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1B97A696-5576-43AC-A73B-E1D2C78F21E8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{51A971CA-D36E-4D13-A799-2CF0A491D04D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{56FBEA9F-EF93-4318-B75F-A96FC7C7BD7B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66DD22B9-6521-4B05-97DB-0EBC00B1DA5D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{75BF416E-4326-45B5-8A2D-AE32D05B930B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{78B3C85E-44FF-4DC8-B3AD-156F39DC75E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{841FD004-57A2-4B49-BBDB-5897394619DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1164984-B567-47BD-A7FF-240C2594404A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E19FDA06-5BDF-43C2-B794-BCD8A4C2051F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FAB076F5-E4DD-4EA4-AFEE-F18BF972B057}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Tarma Installer
Schlüssel Gelöscht : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKU\S-1-5-21-3307170189-2184238555-2358492798-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Wert Gelöscht : HKLM\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist [1]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.7600.17267

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=3b73a36e-06e3-4ff4-89c1-d9e1d163d6e4&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}&installDate=01/01/1970 --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=3b73a36e-06e3-4ff4-89c1-d9e1d163d6e4&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}&installDate=01/01/1970 --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - bProtectTabs] = hxxp://www2.delta-search.com/?affID=119816&tt=gc_050513_d9114_gc_&babsrc=NT_ss&mntrId=62C370F395B4A815 --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=3b73a36e-06e3-4ff4-89c1-d9e1d163d6e4&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}&installDate=01/01/1970 --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=3b73a36e-06e3-4ff4-89c1-d9e1d163d6e4&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}&installDate=01/01/1970 --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\SearchUrl - Default] = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=3b73a36e-06e3-4ff4-89c1-d9e1d163d6e4&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}&installDate=01/01/1970 --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl - Default] = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=3b73a36e-06e3-4ff4-89c1-d9e1d163d6e4&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}&installDate=01/01/1970 --> hxxp://www.google.com

-\\ Mozilla Firefox v20.0.1 (de)

*************************

AdwCleaner[S1].txt - [22811 octets] - [06/05/2013 23:48:35]

########## EOF - C:\AdwCleaner[S1].txt - [22872 octets] ##########

Alt 06.05.2013, 23:16   #20
kleinerrek
 
Ordner auf externer Festplatte nur noch als Verknüpfungen - Standard

Ordner auf externer Festplatte nur noch als Verknüpfungen


und die überprüfung mit OTL...

Code:
ATTFilter
OTL logfile created on: 5/6/2013 11:57:15 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\user\Downloads
64bit- Professional  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.75 Gb Total Physical Memory | 0.52 Gb Available Physical Memory | 29.66% Memory free
3.49 Gb Paging File | 1.63 Gb Available in Paging File | 46.70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 280.79 Gb Total Space | 185.61 Gb Free Space | 66.10% Space Free | Partition Type: NTFS
Drive D: | 931.28 Gb Total Space | 668.43 Gb Free Space | 71.78% Space Free | Partition Type: FAT32
Drive F: | 1.99 Gb Total Space | 0.00 Gb Free Space | 0.21% Space Free | Partition Type: FAT32
 
Computer Name: USER-HP | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\user\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
PRC - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
PRC - C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\Wi-Fi MediaConnect.exe (Koninklijke Philips Electronics N.V.)
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe (Hewlett-Packard Company)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe (Broadcom Corporation.)
PRC - C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\HTSRecover.exe ()
PRC - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\7d8f6866864f78cf83d3701641c46178\System.ServiceProcess.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\40c7a89fe2cbf3c12a2c39e034da54cf\System.Xaml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\b8e60f81fd56934c9f9da7b15bee3376\PresentationFramework.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\932901ff0ad5e365ffbe705d7459a37e\PresentationCore.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\7cd4aa51f6e6b9330b8f50bba8bb62c6\System.Configuration.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\b519f42484e1d488662a9a8a87cb8849\System.Core.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\fc476bbac36944e352c2f547352ffa64\System.Xml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\8abaedf6aecb073b22f8801aa0b8babf\WindowsBase.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System\f93dca0e4baa1dcb37cf75392b7c89da\System.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6a1ccc1e1a79ce267d3d1808af382cd6\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\HTSRecover.exe ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV:64bit: - (HP Wireless Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Hewlett-Packard)
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (AgereModemAudio) -- C:\Program Files\LSI SoftModem\agr64svc.exe (LSI Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\AESTSr64.exe (Andrea Electronics Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (TeamViewer6) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (hpHotkeyMonitor) -- C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe (Hewlett-Packard Company)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (STacSV) -- C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\STacSV64.exe (IDT, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (AESTFilters) -- C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\AESTSr64.exe (Andrea Electronics Corporation)
SRV - (PSI_SVC_2) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)
DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)
DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (btwampfl) -- C:\Windows\SysNative\drivers\btwampfl.sys (Broadcom Corporation.)
DRV:64bit: - (rtsuvc) -- C:\Windows\SysNative\drivers\rtsuvc.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie64.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys (Hewlett-Packard Company)
DRV:64bit: - (WFMC_VAD) -- C:\Windows\SysNative\drivers\wfmcvad.sys (WiFi Media Connect)
DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/10
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{D7C5183A-7397-4D9C-9B0E-BC8D16744586}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/10
IE - HKLM\..\SearchScopes,DefaultScope = 
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-3307170189-2184238555-2358492798-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10
IE - HKU\S-1-5-21-3307170189-2184238555-2358492798-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com
IE - HKU\S-1-5-21-3307170189-2184238555-2358492798-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-3307170189-2184238555-2358492798-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-3307170189-2184238555-2358492798-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com
IE - HKU\S-1-5-21-3307170189-2184238555-2358492798-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com
IE - HKU\S-1-5-21-3307170189-2184238555-2358492798-1001\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-3307170189-2184238555-2358492798-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: toolbar%40web.de:2.5
FF - prefs.js..extensions.enabledAddons: lrcsing%40msingsoftware.net:1.111
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - prefs.js..extensions.enabledItems: {3b73a36e-06e3-4ff4-89c1-d9e1d163d6e4}:1.0
FF - prefs.js..extensions.enabledItems: helperbar@helperbar.com:1.0
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.2
FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:5.0.67.0
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\user\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/04/18 10:38:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/02/22 09:36:16 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\lrcsing@msingsoftware.net: C:\Program Files (x86)\LyricSing\FF\ [2013/02/28 16:37:53 | 000,000,000 | ---D | M]
 
[2010/12/24 23:27:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions
[2013/05/06 23:25:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\yhe2fwoh.default\extensions
[2012/07/26 16:32:15 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\yhe2fwoh.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012/03/27 18:44:40 | 000,000,000 | ---D | M] (vShare) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\yhe2fwoh.default\extensions\vshare@toolbar
[2013/03/25 11:12:43 | 000,549,639 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\yhe2fwoh.default\extensions\toolbar@web.de.xpi
[2012/12/11 22:18:50 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\yhe2fwoh.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2011/08/20 16:22:27 | 000,090,116 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\yhe2fwoh.default\extensions\{dd05fd3d-18df-4ce4-ae53-e795339c5f01}.xpi
[2013/04/02 19:52:35 | 000,001,050 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\yhe2fwoh.default\searchplugins\11-suche.xml
[2013/04/02 19:52:36 | 000,002,418 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\yhe2fwoh.default\searchplugins\englische-ergebnisse.xml
[2013/04/02 19:52:35 | 000,010,701 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\yhe2fwoh.default\searchplugins\gmx-suche.xml
[2013/04/02 19:52:36 | 000,002,432 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\yhe2fwoh.default\searchplugins\lastminute.xml
[2013/04/02 19:52:35 | 000,005,682 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\yhe2fwoh.default\searchplugins\webde-suche.xml
[2013/01/24 11:27:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013/02/28 16:37:53 | 000,000,000 | ---D | M] ("Lyrics Sing") -- C:\PROGRAM FILES (X86)\LYRICSING\FF
[2013/04/18 10:37:59 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/06/28 17:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
 
O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Lyrics Sing) - {C16A630A-DE50-4432-8D5B-5A7D92727D4C} - C:\Program Files (x86)\LyricSing\lrsing.dll (MSingSoftware)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3307170189-2184238555-2358492798-1001..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKU\S-1-5-21-3307170189-2184238555-2358492798-1001..\Run: [Facebook Update] C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-3307170189-2184238555-2358492798-1001..\Run: [Hoolapp Android] "C:\Users\user\AppData\Roaming\HOOLAP~1\Hoolapp.exe" /Minimized File not found
O4 - HKU\S-1-5-21-3307170189-2184238555-2358492798-1001..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup File not found
O4 - HKU\S-1-5-21-3307170189-2184238555-2358492798-1001..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-3307170189-2184238555-2358492798-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\user\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\user\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //FWEvent.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.17.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{25225FD9-0DD5-4458-A0EC-AE7A7B71B860}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~3\browse~2\261249~1.132\{c16c1~1\browse~1.dll) -  File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{ad629bb1-0366-11e2-adf4-70f395d6c6cd}\Shell - "" = AutoRun
O33 - MountPoints2\{ad629bb1-0366-11e2-adf4-70f395d6c6cd}\Shell\AutoRun\command - "" = D:\SecureDataUSBDrive.exe
O33 - MountPoints2\{bedbe687-7f32-11e1-a15a-70f395d6c6cd}\Shell - "" = AutoRun
O33 - MountPoints2\{bedbe687-7f32-11e1-a15a-70f395d6c6cd}\Shell\AutoRun\command - "" = D:\iStudio.exe
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\SecureDataUSBDrive.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/05/06 23:54:31 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte
[2013/05/06 23:06:28 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
[2013/05/06 23:06:09 | 000,000,000 | ---D | C] -- C:\JRT
[2013/05/06 15:41:56 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\mbar
[2013/05/06 14:52:34 | 000,000,000 | ---D | C] -- C:\Users\user\Local Settings
[2013/05/06 14:51:07 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Google
[2013/05/06 13:27:15 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\Ferienjob
[2013/04/16 09:51:14 | 000,000,000 | ---D | C] -- C:\a31be1a34763227e3b22996d
[2013/04/10 18:39:11 | 003,138,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mstscax.dll
[2013/04/10 18:39:04 | 002,691,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mstscax.dll
[2013/04/10 18:39:02 | 000,131,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\aaclient.dll
[2013/04/10 18:39:01 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\aaclient.dll
[2013/04/10 18:39:01 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\tsgqec.dll
[2013/04/10 18:39:01 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\tsgqec.dll
[2013/04/10 18:38:06 | 000,735,744 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2013/04/10 18:37:55 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\html.iec
[2013/04/10 18:37:52 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iepeers.dll
[2013/04/10 18:37:51 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\html.iec
[2013/04/10 18:37:51 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2013/04/10 18:37:49 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2013/04/10 18:37:47 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2013/04/10 18:37:46 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iepeers.dll
[2013/04/10 18:37:46 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2013/04/10 18:37:46 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\licmgr10.dll
[2013/04/10 18:37:45 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2013/04/10 18:37:45 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2013/04/10 18:37:44 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\licmgr10.dll
[2013/04/10 18:37:44 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msfeedssync.exe
[2013/04/10 18:37:44 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeedssync.exe
[2013/04/10 18:37:15 | 005,497,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe
[2013/04/10 18:37:11 | 003,958,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe
[2013/04/10 18:37:11 | 003,902,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe
[2013/04/10 18:37:10 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\smss.exe
[2013/04/10 18:37:09 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\csrsrv.dll
[2013/04/10 18:37:08 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\apisetschema.dll
[2013/04/09 21:10:18 | 000,000,000 | ---D | C] -- C:\windows\Minidump
 
========== Files - Modified Within 30 Days ==========
 
[2013/05/06 23:58:35 | 000,020,720 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/06 23:58:35 | 000,020,720 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/06 23:50:48 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/05/06 23:50:41 | 1875,439,616 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/06 23:35:45 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/05/06 19:42:03 | 000,000,924 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-3307170189-2184238555-2358492798-1001UA.job
[2013/05/06 18:19:40 | 000,000,512 | ---- | M] () -- C:\Users\user\Desktop\MBR.dat
[2013/05/06 13:42:01 | 000,000,902 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-3307170189-2184238555-2358492798-1001Core.job
[2013/05/06 13:01:52 | 001,498,742 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/05/06 13:01:52 | 000,656,294 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2013/05/06 13:01:52 | 000,616,800 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/05/06 13:01:52 | 000,130,894 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2013/05/06 13:01:52 | 000,107,180 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/04/16 16:10:59 | 000,287,136 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013/04/16 09:40:17 | 000,000,328 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleForuser.job
[2013/04/15 19:00:20 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013/04/09 21:10:10 | 256,125,924 | ---- | M] () -- C:\windows\MEMORY.DMP
 
========== Files Created - No Company Name ==========
 
[2013/05/06 18:19:40 | 000,000,512 | ---- | C] () -- C:\Users\user\Desktop\MBR.dat
[2013/04/09 21:10:10 | 256,125,924 | ---- | C] () -- C:\windows\MEMORY.DMP
[2012/12/18 11:06:10 | 000,030,568 | ---- | C] () -- C:\windows\MusiccityDownload.exe
[2012/12/18 11:06:06 | 000,974,848 | ---- | C] () -- C:\windows\SysWow64\cis-2.4.dll
[2012/12/18 11:06:06 | 000,081,920 | ---- | C] () -- C:\windows\SysWow64\issacapi_bs-2.3.dll
[2012/12/18 11:06:06 | 000,065,536 | ---- | C] () -- C:\windows\SysWow64\issacapi_pe-2.3.dll
[2012/12/18 11:06:06 | 000,057,344 | ---- | C] () -- C:\windows\SysWow64\issacapi_se-2.3.dll
[2012/05/12 15:35:41 | 002,434,856 | ---- | C] () -- C:\windows\SysWow64\pbsvc_bc2.exe
[2012/04/16 20:31:43 | 000,270,240 | ---- | C] () -- C:\windows\SysWow64\PnkBstrB.exe
[2012/04/16 20:31:37 | 000,076,888 | ---- | C] () -- C:\windows\SysWow64\PnkBstrA.exe
[2012/01/23 21:42:23 | 000,000,193 | ---- | C] () -- C:\windows\WORDPAD.INI
[2011/12/28 10:58:47 | 000,000,001 | ---- | C] () -- C:\windows\SysWow64\SI.bin
 
========== ZeroAccess Check ==========
 
[2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 07:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 06:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
Code:
ATTFilter
OTL Extras logfile created on: 5/6/2013 11:57:15 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\user\Downloads
64bit- Professional  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.75 Gb Total Physical Memory | 0.52 Gb Available Physical Memory | 29.66% Memory free
3.49 Gb Paging File | 1.63 Gb Available in Paging File | 46.70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 280.79 Gb Total Space | 185.61 Gb Free Space | 66.10% Space Free | Partition Type: NTFS
Drive D: | 931.28 Gb Total Space | 668.43 Gb Free Space | 71.78% Space Free | Partition Type: FAT32
Drive F: | 1.99 Gb Total Space | 0.00 Gb Free Space | 0.21% Space Free | Partition Type: FAT32
 
Computer Name: USER-HP | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-3307170189-2184238555-2358492798-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Users\user\AppData\Roaming\File Scout\filescout.exe" /open "%1"
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Users\user\AppData\Roaming\File Scout\filescout.exe" /open "%1"
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0951A5F1-7974-4483-9D21-17242545AC91}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{09676768-3274-403B-B993-22CD17FBBF07}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{1B5AEF2B-4DFA-4808-B269-90F833F77032}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{1BCA18B7-BE19-4CB7-BBBE-5FE92B35CD02}" = lport=137 | protocol=17 | dir=in | app=system | 
"{1F65C60D-3976-4435-9CCA-90FF379068DE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{384B98F9-1EF7-4344-A67E-2C72766F91DC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3CB17E84-6BB0-4DE7-9B3C-F9BD7B5189A4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{43752490-4D71-49FC-AC2F-B5F870397556}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{44476FA8-3D75-449C-8E67-93D71FEE9F26}" = lport=138 | protocol=17 | dir=in | app=system | 
"{5235F4B4-7531-4F3D-AD33-4F89A63B1081}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{588CAAC0-0D04-4897-8D8E-7DCFB31C3104}" = rport=137 | protocol=17 | dir=out | app=system | 
"{5C748D25-C72E-4BAB-93C9-74E076A727E9}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{5EFF9C7C-3837-4C60-B89F-8F1E38FFAF10}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{658F12B5-C343-49E8-BE8A-DDB80AB9B7E2}" = lport=445 | protocol=6 | dir=in | app=system | 
"{666A1B2E-726B-4B58-8976-51CD1DB10BC8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{72CF411C-2B2E-4F97-B3EA-3167EB753233}" = lport=139 | protocol=6 | dir=in | app=system | 
"{9496B68D-D933-4006-9C36-E98CCE646065}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9DF6E88F-DD1F-462F-A748-3DF5909B3822}" = rport=445 | protocol=6 | dir=out | app=system | 
"{A7F8070F-5F64-440C-B4CA-5296510981A3}" = rport=138 | protocol=17 | dir=out | app=system | 
"{AA9F9964-D795-4214-A274-34E78AB03E66}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{B464F4F9-1610-40A5-912B-C5D23BB29D7E}" = rport=139 | protocol=6 | dir=out | app=system | 
"{BFD83276-B330-4688-A46A-868C41610F88}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{DE60A561-43F5-425D-8EB8-0B611122318B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F7DE44D5-DB67-46B6-AD82-0B6C61700DDA}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{FD8ED4DE-3F5D-48CF-AEED-9C05FBBF509D}" = lport=2869 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08FEF671-5B13-4C34-9054-765DD20B6859}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{0B082C3C-ABC8-4C3D-B138-969F5178EC6C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{0C5DB281-1B8D-4ABD-B4A8-1B53EF7EA58E}" = protocol=6 | dir=out | app=system | 
"{0E2C9C05-881E-4C91-9E78-07C782D8C660}" = protocol=6 | dir=in | app=c:\program files (x86)\philips\wi-fi mediaconnect\wi-fi mediaconnect.exe | 
"{13B2AD62-5264-4A05-84E5-AFE4B1F0B81E}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"{1628A4C1-E3DF-4F2F-ABAD-99DD08127BBE}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{1B8119E6-53B2-43B8-9283-BD28A56572E3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{1D08B5B9-0029-4232-88BC-ED97015BB0E5}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"{1E7507F3-E0AF-4BE8-BEA8-DCFBB94407B2}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{1E85F613-CCE4-4929-AEED-E4E7574A5F2A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{2403C92B-3CBF-4BE4-9681-8469FEC4D0B5}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\need for speed(tm) hot pursuit\launcher.exe | 
"{24D5565E-A493-4CC9-9581-4244C4BD3ED8}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\fifa 12\game\fifa.exe | 
"{254119C9-C4C6-4379-8421-1AF0970A389F}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{2691431B-2315-4131-9687-01DABC48A501}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2updater.exe | 
"{2C9BB818-7FE9-4B6F-8D13-E965F88E8F92}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{2EAB2D71-B303-452A-84F5-4B13B4799F80}" = protocol=17 | dir=in | app=c:\users\user\appdata\roaming\spotify\spotify.exe | 
"{3516A187-CD7D-4108-9342-4E9A0CCCC402}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe | 
"{37F686A3-4D52-45C3-B01B-9E8B5B1D68BB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{3C0704E8-50D6-4374-8124-43C77E512AA7}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{459A432F-D8F7-498E-9885-4F4446787EB5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{46F20ADA-C08E-4E12-B47B-7FFA25097F79}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\fifa 12\game\fifa.exe | 
"{4F5D5251-1E4F-45FF-84AE-99BD38316FD0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{51A22DD2-6EEC-4A5D-810E-EFDBFD96AD1B}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2updater.exe | 
"{63852FF2-2659-4653-8AB9-8E241226A423}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe | 
"{67B7AA3B-0A27-48CE-B9E7-731894A908EC}" = protocol=17 | dir=in | app=c:\program files (x86)\philips\wi-fi mediaconnect\wi-fi mediaconnect.exe | 
"{6D0C7B5F-9365-4979-99B5-267885898042}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{70DA69EF-7E94-4BD5-BF59-8DE587854179}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{76FC1A24-32AA-48E0-ACA8-3E9D04F28850}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\need for speed(tm) hot pursuit\launcher.exe | 
"{7A9306CA-02E0-4309-A721-9EF2EA5A2B81}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{7AF66CEC-0DFF-4274-981A-20D234B42506}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe | 
"{7D466574-DB24-402E-BF14-EE139E18B4FA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8058E4B7-35B5-4B49-B7E8-2DC651BBB4D7}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{8587261C-FDE1-4A9B-95B4-22BAE365EE09}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\mass effect 3 demo\binaries\win32\masseffect3demo.exe | 
"{8CF01586-81B1-4768-B958-38C232B924D7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{99B076CB-09B8-4DFA-B6BD-037F90439905}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{9D7C26F3-83CE-4359-B272-6F990E6ED2F6}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\mass effect 3 demo\binaries\win32\masseffect3demo.exe | 
"{A491A6BC-D189-4EC0-81C7-F073769B6D25}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{A4A4A8C2-607E-4B7C-832E-72F237FF4934}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{A9152C6B-A0CE-418F-9B45-58703DAE43F1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{ADD6AB90-3433-448A-B751-F8E7CFC8A6DF}" = dir=in | app=c:\users\user\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"{AEC3526C-6ADA-4F2C-A237-4C42C30265BE}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{B6636784-356D-48C4-BE8F-344C9F2200DA}" = protocol=17 | dir=in | app=c:\users\user\appdata\roaming\dropbox\bin\dropbox.exe | 
"{B85CBECF-31DA-4245-95E3-1DD518BB92DA}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{CABD7842-9847-4DCD-BA54-F8F68F458C52}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\the sims 3 teaser\game\bin\ts3teaser.exe | 
"{D3B88AFF-400D-4BC7-9617-93C5ABA0CD8C}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe | 
"{DA80CCA5-7034-4341-AA47-6461463C2708}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{EC27B194-79BE-4F39-9C2F-E73B60C84158}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"{F0CCEB70-5A14-40DB-9A18-C2AD8BF51302}" = protocol=6 | dir=in | app=c:\users\user\appdata\roaming\spotify\spotify.exe | 
"{F118B5F8-C498-43CD-8915-35A75BA16A39}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\the sims 3 teaser\game\bin\ts3teaser.exe | 
"{F29EAEE6-AD32-4617-873C-900E951706FF}" = protocol=6 | dir=in | app=c:\users\user\appdata\roaming\dropbox\bin\dropbox.exe | 
"{F6309064-AC93-44BD-9692-33E0AC2EDDDE}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"TCP Query User{0B0C0B1F-72E6-4314-857B-9F4F0D7F2D92}C:\program files (x86)\electronic arts\need for speed(tm) hot pursuit\nfs11.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\need for speed(tm) hot pursuit\nfs11.exe | 
"TCP Query User{19BE626D-DC3D-4F17-B570-C3B37497430E}C:\program files (x86)\icq7.5\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"TCP Query User{8270B03C-A2AD-486A-83C0-9830799959CD}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"TCP Query User{D0402389-4303-44D0-91D5-65EA2911651C}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | 
"TCP Query User{DD5AAD67-B33A-4A91-A296-6D5463305DFB}C:\program files (x86)\philips\wi-fi mediaconnect\wi-fi mediaconnect.exe" = protocol=6 | dir=in | app=c:\program files (x86)\philips\wi-fi mediaconnect\wi-fi mediaconnect.exe | 
"TCP Query User{F13679BE-C72A-43AA-A2DC-E93AC5B8F38E}C:\program files (x86)\ea games\battlefield heroes\bfheroes.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield heroes\bfheroes.exe | 
"TCP Query User{FE65B116-D830-443D-84C6-643212708C15}C:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe | 
"UDP Query User{072101E1-A062-43BF-A686-BC654FA04669}C:\program files (x86)\icq7.5\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"UDP Query User{32FEF3F1-F936-454F-B3C1-66D72401E474}C:\program files (x86)\philips\wi-fi mediaconnect\wi-fi mediaconnect.exe" = protocol=17 | dir=in | app=c:\program files (x86)\philips\wi-fi mediaconnect\wi-fi mediaconnect.exe | 
"UDP Query User{56D939D7-35CF-4452-B596-ACEF5E44CDAE}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"UDP Query User{87434793-2183-4DE1-9774-68133D2A533F}C:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe | 
"UDP Query User{91559415-5995-42DB-B668-AED1674D64F1}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | 
"UDP Query User{D07972B4-6C41-46BC-A60C-00A70D2BEB74}C:\program files (x86)\electronic arts\need for speed(tm) hot pursuit\nfs11.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\need for speed(tm) hot pursuit\nfs11.exe | 
"UDP Query User{F4AE70EF-98A3-48BE-B23D-024E32699479}C:\program files (x86)\ea games\battlefield heroes\bfheroes.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield heroes\bfheroes.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{014C6C60-4916-48F7-916E-E8048E12E9F1}" = HP HotKey Support
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1C55470A-7C9E-4C63-B466-6AFFC69E94E9}" = Windows Live Family Safety
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{2C69D297-A524-1FB1-5C00-1C52363E044F}" = ccc-utility64
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = Broadcom 2070 Bluetooth 3.0
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{560932B5-8702-7FB8-01AE-265EA44FAEEB}" = ATI Catalyst Install Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C7AE4EC3-9C13-4213-8457-74D16B353F91}" = HP Web Camera
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EC720706-3F19-4B7F-BDDD-E31D9B3921D2}" = HP Wireless Assistant
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"CCleaner" = CCleaner
"LSI Soft Modem" = LSI HDA Modem
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{36C95AD3-D330-4BAA-884A-9F3EFD15A5EA}" = Corel Home Office
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{04801E42-B1A6-4C52-9F3D-CADB5A050433}" = HP Software Setup
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{0A5D6971-7347-4914-A090-0EA445B28917}" = Die Sims™ 3-Teaser
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B2187A6-8ACC-4012-9817-9221211EF407}" = Corel Home Office - IPM
"{0C7A1F10-3965-190D-3409-B0DD7C45C0EE}" = CCC Help Italian
"{0CE0711D-A5E3-4E98-B3C0-0227A5E000CA}" = Angry Birds
"{14B61ABC-D4A7-BCF5-92BE-95CEB8DF4374}" = CCC Help Czech
"{16CA9DAC-6A40-4204-A826-33C4D52A266C}" = Catalyst Control Center - Branding
"{1A1E33D2-9824-454A-B8CB-50072118635A}" = Corel Home Office - CS Templates
"{1C598CE5-344B-997B-FF33-2976D689C0AC}" = CCC Help Greek
"{1D11E96F-0405-4B99-8356-5750B1D9FAE9}" = Corel Home Office - JP Templates
"{1D61E881-43CD-447B-9E6B-D2C6138B2862}" = HP Webcam
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{20071984-5EB1-4881-8EDB-082532ACEC6D}" = Heroes of Might and Magic V
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{26D19512-874B-4EDA-B7F1-779850B2AD5A}" = Corel Home Office - CT Templates
"{2DA697D7-FED3-4DE2-A174-92A2A12F9688}" = HP SoftPaq Download Manager
"{32A3A4F4-B792-11D6-A78A-00B0D0170100}" = Java SE Development Kit 7 Update 10
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{36C95AD3-D330-4BAA-884A-9F3EFD15A5EA}" = Corel Home Office
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39C5A498-FA1A-2473-34D1-6755E5A1BC99}" = CCC Help German
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B4911AA-98AA-F2E0-1BF4-2E2737D1C95C}" = Catalyst Control Center InstallProxy
"{5017D60D-C0A5-4CC8-8D2F-0BDA1ADF39D0}" = Corel Home Office - Templates1
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator Business
"{5478075D-1797-1C4C-B3F0-DC8ECCA7D5C3}" = Catalyst Control Center Localization All
"{553C904F-57A2-4113-888E-BA0C3D1C69C0}" = Microsoft VC9 runtime libraries
"{558ED580-6168-AF04-C71F-E63B0E149E21}" = CCC Help Korean
"{5746E4F9-77C6-47E8-A737-A5975A57B4AA}" = Corel Home Office - KR Templates
"{5BF8E079-D6E2-4323-B794-75152371122A}" = Windows 7 Default Setting
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{66FF4C48-0083-4E60-8556-B883AB200092}" = Heroes of Might and Magic V - Tribes of the East
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFDE3BE-BC01-45A4-9D06-BBF5AD207313}" = LightScribe System Software
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}" = RollerCoaster Tycoon 2
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79CF6EF9-8C9A-F284-5042-B5B54645B5F8}" = CCC Help Norwegian
"{7D66971C-652B-4065-A6B1-B3EE313C254B}" = BlueJ
"{7F30B436-1196-1401-9A4F-CFF6C10D6EBA}" = CCC Help Polish
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 5.2.0
"{8215AC14-BFC2-4ECC-96D6-1030202F8BDF}" = Visual C++ 8.0 x86 Runtime Setup Package
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83A606F5-BF6F-42ED-9F33-B9F74297CDED}" = Need for Speed(TM) Hot Pursuit
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84EC6CDF-E378-0EBA-E4C2-BBD5489CD4EF}" = CCC Help Japanese
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{919D10CE-CADB-8D08-3429-7FB1DFA3B043}" = CCC Help Spanish
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AC1B0B-02D1-4FAA-9C1E-C92ECA74921A}" = HP Setup
"{9978D298-9AA1-99EE-9975-18AAEF34DE0C}" = CCC Help Dutch
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CD3BB19-993E-469D-9E1F-B57A175C1411}" = HP Software Framework
"{9D4D0B44-0A55-1905-5CF4-8A6EC311673F}" = CCC Help Russian
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A005479C-7D10-A4CB-0BAD-5D8765E141C6}" = CCC Help Turkish
"{A1683CA7-4850-4A21-982B-C6D853C79AF7}" = Mass Effect™ 3 Demo
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA58346A-A5D7-4659-91D6-38D07345BDCF}" = Wi-Fi MediaConnect
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{AC76BA86-7AD7-2447-0000-900000000003}" = Chinese Simplified Fonts Support For Adobe Reader 9
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{C1DE827D-8A61-4A77-9CCF-31AD84CC1FB6}" = HP Documentation
"{C2036B7D-C21E-38E9-FB0B-3746E82B898B}" = CCC Help Hungarian
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D10B94E4-8545-CA0F-EDE9-41F62272A0DE}" = CCC Help Portuguese
"{D35A9E39-05F9-0D80-C41C-71B2FDCBE5E9}" = CCC Help Chinese Standard
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5C1E5E2-11A5-4905-ACC6-6DDD5E3B7705}" = Visual C++ 8.0 x64 Runtime Setup Package
"{D9989A13-B173-4048-B8A5-93C204DCB1B3}" = HP ESU for Microsoft Windows 7
"{DB393B0B-4A5D-7B50-AD80-3772372C4243}" = CCC Help Thai
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}" = HP Webcam Driver
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E4756B93-69FF-D723-D7F8-97FFE73A0D2C}" = CCC Help French
"{E4C82543-E98E-E66D-84A7-9C9235ADF9CE}" = CCC Help English
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E684A226-D7B1-4B14-9778-44AD48A654F0}" = Corel Home Office
"{E74EA3B1-7192-489D-9A57-0AE918FEC001}" = Corel Home Office - Launcher
"{E8CA17C0-5A35-3CF1-C50F-1E9783FFB08B}" = CCC Help Swedish
"{EA8ADAA9-6671-4839-A51E-0C6792B78F3E}" = FIFA 12
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator Business v10
"{F0261797-E2ED-8BEC-7B6F-A7C0A0E478FF}" = ccc-core-static
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F45048A1-12C4-4B08-A3EB-32D88033368A}" = Corel Home Office - Templates RU
"{F6CEF69E-35EA-6086-6D7D-21E89FD70B16}" = CCC Help Finnish
"{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}" = Realtek Ethernet Controller All-In-One Windows Driver
"{F8801800-9E88-3AB1-21DA-E50EFA0F771E}" = CCC Help Danish
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FC6256BB-BDD4-AB91-451B-86896F236769}" = CCC Help Chinese Traditional
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.34.1015
"Heroes of Might and Magic IV" = Heroes of Might and Magic® IV The Gathering Storm
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"IrfanView" = IrfanView (remove only)
"lrcsing@msingsoftware.net" = Lyrics Sing
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"TeamViewer 6" = TeamViewer 6
"VLC media player" = VLC media player 2.0.2
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3307170189-2184238555-2358492798-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes (user)
"Dropbox" = Dropbox
"MyFreeCodec" = MyFreeCodec
"Spotify" = Spotify
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Hewlett-Packard Events ]
Error - 8/13/2011 2:33:45 PM | Computer Name = user-HP | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\081113083313.xml
 File not created by asset agent
 
Error - 8/13/2011 2:34:02 PM | Computer Name = user-HP | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\081113083346.xml
 File not created by asset agent
 
Error - 8/21/2011 8:54:30 AM | Computer Name = user-HP | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\081121025358.xml
 File not created by asset agent
 
Error - 8/27/2011 2:08:25 PM | Computer Name = user-HP | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\081127080822.xml
 File not created by asset agent
 
Error - 9/7/2011 11:50:43 AM | Computer Name = user-HP | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\091107055010.xml
 File not created by asset agent
 
Error - 9/17/2011 2:39:56 PM | Computer Name = user-HP | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\091117083949.xml
 File not created by asset agent
 
Error - 9/24/2011 2:35:00 PM | Computer Name = user-HP | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\091124083428.xml
 File not created by asset agent
 
Error - 10/30/2011 8:59:28 AM | Computer Name = user-HP | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\101130015856.xml
 File not created by asset agent
 
Error - 10/30/2011 9:00:01 AM | Computer Name = user-HP | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\101130015929.xml
 File not created by asset agent
 
Error - 11/1/2011 1:15:48 PM | Computer Name = user-HP | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\111101061514.xml
 File not created by asset agent
 
[ HP Wireless Assistant Events ]
Error - 8/26/2012 12:53:04 PM | Computer Name = user-HP | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597    bei HP_Common.CaslWrapper.GetDeviceInfo(List`1&
 radioList)     bei HPPA_Service.CurrentConfiguration.ReloadRadioList()
 
Error - 9/9/2012 4:46:35 AM | Computer Name = user-HP | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597    bei HP_Common.CaslWrapper.GetDeviceInfo(List`1&
 radioList)     bei HPPA_Service.CurrentConfiguration.ReloadRadioList()
 
Error - 9/9/2012 11:35:50 AM | Computer Name = user-HP | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597    bei HP_Common.CaslWrapper.GetDeviceInfo(List`1&
 radioList)     bei HPPA_Service.CurrentConfiguration.ReloadRadioList()
 
Error - 10/4/2012 4:06:55 PM | Computer Name = user-HP | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597    bei HP_Common.CaslWrapper.GetDeviceInfo(List`1&
 radioList)     bei HPPA_Service.CurrentConfiguration.ReloadRadioList()
 
Error - 10/24/2012 10:31:32 AM | Computer Name = user-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Aufruf wurde durch Messagefilter
 abgebrochen. (Ausnahme von HRESULT: 0x80010002 (RPC_E_CALL_CANCELED))    bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
 errorCode, IntPtr errorInfo)     bei System.Management.ManagementScope.InitializeGuts(Object
 o)     bei System.Management.ManagementScope.Initialize()     bei System.Management.ManagementObjectSearcher.Initialize()

   bei System.Management.ManagementObjectSearcher.Get()     bei HPPA_Service.CurrentConfiguration.FindDevice(String
 hostPath, String portName)     bei HPPA_Service.CurrentConfiguration.ApplyDeviceManagerState(List`1
 radios)     bei HPPA_Service.CurrentConfiguration.ReloadRadioList()
 
Error - 1/21/2013 5:14:39 AM | Computer Name = user-HP | Source = HP WA Application | ID = 0
Description = HardwareAccess.UnableToConnectException Application.ApplicationStartup;
 failed to create hardware layer Fehler in der Anwendung.    bei HardwareAccess.Hardware..ctor(Dispatcher
 dispatcher, ServicePort port, Int32 timeout)     bei HardwareAccess.Hardware.Create(Dispatcher
 dispatcher, ServicePort port, Int32 timeout)     bei HPWA_Main.App.ApplicationStartup(Object
 sender, StartupEventArgs args)
 
Error - 1/21/2013 5:15:21 AM | Computer Name = user-HP | Source = HP WA Application | ID = 0
Description = MainWindow.ShowImpl; not initialized, closing application...
 
Error - 4/10/2013 6:51:09 PM | Computer Name = user-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Aufruf wurde durch Messagefilter
 abgebrochen. (Ausnahme von HRESULT: 0x80010002 (RPC_E_CALL_CANCELED))    bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
 errorCode, IntPtr errorInfo)     bei System.Management.ManagementScope.InitializeGuts(Object
 o)     bei System.Management.ManagementScope.Initialize()     bei System.Management.ManagementObject.Initialize(Boolean
 getObject)     bei System.Management.ManagementBaseObject.get_Properties()     bei 
System.Management.ManagementBaseObject.GetPropertyValue(String propertyName)     bei
 HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
 
Error - 4/18/2013 4:41:18 AM | Computer Name = user-HP | Source = HP WA Application | ID = 0
Description = HardwareAccess.UnableToConnectException Application.ApplicationStartup;
 failed to create hardware layer Fehler in der Anwendung.    bei HardwareAccess.Hardware..ctor(Dispatcher
 dispatcher, ServicePort port, Int32 timeout)     bei HardwareAccess.Hardware.Create(Dispatcher
 dispatcher, ServicePort port, Int32 timeout)     bei HPWA_Main.App.ApplicationStartup(Object
 sender, StartupEventArgs args)
 
Error - 4/18/2013 4:43:25 AM | Computer Name = user-HP | Source = HP WA Application | ID = 0
Description = MainWindow.ShowImpl; not initialized, closing application...
 
[ System Events ]
Error - 5/6/2013 5:41:49 PM | Computer Name = user-HP | Source = DCOM | ID = 10010
Description = 
 
 
< End of report >


Alt 06.05.2013, 23:17   #21
kleinerrek
 
Ordner auf externer Festplatte nur noch als Verknüpfungen - Standard

Ordner auf externer Festplatte nur noch als Verknüpfungen


und die überprüfung mit OTL...

Code:
ATTFilter
OTL logfile created on: 5/6/2013 11:57:15 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\user\Downloads
64bit- Professional  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.75 Gb Total Physical Memory | 0.52 Gb Available Physical Memory | 29.66% Memory free
3.49 Gb Paging File | 1.63 Gb Available in Paging File | 46.70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 280.79 Gb Total Space | 185.61 Gb Free Space | 66.10% Space Free | Partition Type: NTFS
Drive D: | 931.28 Gb Total Space | 668.43 Gb Free Space | 71.78% Space Free | Partition Type: FAT32
Drive F: | 1.99 Gb Total Space | 0.00 Gb Free Space | 0.21% Space Free | Partition Type: FAT32
 
Computer Name: USER-HP | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\user\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
PRC - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
PRC - C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\Wi-Fi MediaConnect.exe (Koninklijke Philips Electronics N.V.)
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe (Hewlett-Packard Company)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe (Broadcom Corporation.)
PRC - C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\HTSRecover.exe ()
PRC - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\7d8f6866864f78cf83d3701641c46178\System.ServiceProcess.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\40c7a89fe2cbf3c12a2c39e034da54cf\System.Xaml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\b8e60f81fd56934c9f9da7b15bee3376\PresentationFramework.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\932901ff0ad5e365ffbe705d7459a37e\PresentationCore.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\7cd4aa51f6e6b9330b8f50bba8bb62c6\System.Configuration.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\b519f42484e1d488662a9a8a87cb8849\System.Core.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\fc476bbac36944e352c2f547352ffa64\System.Xml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\8abaedf6aecb073b22f8801aa0b8babf\WindowsBase.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System\f93dca0e4baa1dcb37cf75392b7c89da\System.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6a1ccc1e1a79ce267d3d1808af382cd6\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\HTSRecover.exe ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV:64bit: - (HP Wireless Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Hewlett-Packard)
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (AgereModemAudio) -- C:\Program Files\LSI SoftModem\agr64svc.exe (LSI Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\AESTSr64.exe (Andrea Electronics Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (TeamViewer6) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (hpHotkeyMonitor) -- C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe (Hewlett-Packard Company)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (STacSV) -- C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\STacSV64.exe (IDT, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (AESTFilters) -- C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\AESTSr64.exe (Andrea Electronics Corporation)
SRV - (PSI_SVC_2) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)
DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)
DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (btwampfl) -- C:\Windows\SysNative\drivers\btwampfl.sys (Broadcom Corporation.)
DRV:64bit: - (rtsuvc) -- C:\Windows\SysNative\drivers\rtsuvc.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie64.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys (Hewlett-Packard Company)
DRV:64bit: - (WFMC_VAD) -- C:\Windows\SysNative\drivers\wfmcvad.sys (WiFi Media Connect)
DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/10
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{D7C5183A-7397-4D9C-9B0E-BC8D16744586}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/10
IE - HKLM\..\SearchScopes,DefaultScope = 
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-3307170189-2184238555-2358492798-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10
IE - HKU\S-1-5-21-3307170189-2184238555-2358492798-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com
IE - HKU\S-1-5-21-3307170189-2184238555-2358492798-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-3307170189-2184238555-2358492798-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-3307170189-2184238555-2358492798-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com
IE - HKU\S-1-5-21-3307170189-2184238555-2358492798-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com
IE - HKU\S-1-5-21-3307170189-2184238555-2358492798-1001\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-3307170189-2184238555-2358492798-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: toolbar%40web.de:2.5
FF - prefs.js..extensions.enabledAddons: lrcsing%40msingsoftware.net:1.111
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - prefs.js..extensions.enabledItems: {3b73a36e-06e3-4ff4-89c1-d9e1d163d6e4}:1.0
FF - prefs.js..extensions.enabledItems: helperbar@helperbar.com:1.0
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.2
FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:5.0.67.0
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\user\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/04/18 10:38:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/02/22 09:36:16 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\lrcsing@msingsoftware.net: C:\Program Files (x86)\LyricSing\FF\ [2013/02/28 16:37:53 | 000,000,000 | ---D | M]
 
[2010/12/24 23:27:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions
[2013/05/06 23:25:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\yhe2fwoh.default\extensions
[2012/07/26 16:32:15 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\yhe2fwoh.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012/03/27 18:44:40 | 000,000,000 | ---D | M] (vShare) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\yhe2fwoh.default\extensions\vshare@toolbar
[2013/03/25 11:12:43 | 000,549,639 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\yhe2fwoh.default\extensions\toolbar@web.de.xpi
[2012/12/11 22:18:50 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\yhe2fwoh.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2011/08/20 16:22:27 | 000,090,116 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\yhe2fwoh.default\extensions\{dd05fd3d-18df-4ce4-ae53-e795339c5f01}.xpi
[2013/04/02 19:52:35 | 000,001,050 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\yhe2fwoh.default\searchplugins\11-suche.xml
[2013/04/02 19:52:36 | 000,002,418 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\yhe2fwoh.default\searchplugins\englische-ergebnisse.xml
[2013/04/02 19:52:35 | 000,010,701 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\yhe2fwoh.default\searchplugins\gmx-suche.xml
[2013/04/02 19:52:36 | 000,002,432 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\yhe2fwoh.default\searchplugins\lastminute.xml
[2013/04/02 19:52:35 | 000,005,682 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\yhe2fwoh.default\searchplugins\webde-suche.xml
[2013/01/24 11:27:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013/02/28 16:37:53 | 000,000,000 | ---D | M] ("Lyrics Sing") -- C:\PROGRAM FILES (X86)\LYRICSING\FF
[2013/04/18 10:37:59 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/06/28 17:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
 
O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Lyrics Sing) - {C16A630A-DE50-4432-8D5B-5A7D92727D4C} - C:\Program Files (x86)\LyricSing\lrsing.dll (MSingSoftware)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3307170189-2184238555-2358492798-1001..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKU\S-1-5-21-3307170189-2184238555-2358492798-1001..\Run: [Facebook Update] C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-3307170189-2184238555-2358492798-1001..\Run: [Hoolapp Android] "C:\Users\user\AppData\Roaming\HOOLAP~1\Hoolapp.exe" /Minimized File not found
O4 - HKU\S-1-5-21-3307170189-2184238555-2358492798-1001..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup File not found
O4 - HKU\S-1-5-21-3307170189-2184238555-2358492798-1001..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-3307170189-2184238555-2358492798-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\user\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\user\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //FWEvent.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.17.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{25225FD9-0DD5-4458-A0EC-AE7A7B71B860}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~3\browse~2\261249~1.132\{c16c1~1\browse~1.dll) -  File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{ad629bb1-0366-11e2-adf4-70f395d6c6cd}\Shell - "" = AutoRun
O33 - MountPoints2\{ad629bb1-0366-11e2-adf4-70f395d6c6cd}\Shell\AutoRun\command - "" = D:\SecureDataUSBDrive.exe
O33 - MountPoints2\{bedbe687-7f32-11e1-a15a-70f395d6c6cd}\Shell - "" = AutoRun
O33 - MountPoints2\{bedbe687-7f32-11e1-a15a-70f395d6c6cd}\Shell\AutoRun\command - "" = D:\iStudio.exe
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\SecureDataUSBDrive.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/05/06 23:54:31 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte
[2013/05/06 23:06:28 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
[2013/05/06 23:06:09 | 000,000,000 | ---D | C] -- C:\JRT
[2013/05/06 15:41:56 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\mbar
[2013/05/06 14:52:34 | 000,000,000 | ---D | C] -- C:\Users\user\Local Settings
[2013/05/06 14:51:07 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Google
[2013/05/06 13:27:15 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\Ferienjob
[2013/04/16 09:51:14 | 000,000,000 | ---D | C] -- C:\a31be1a34763227e3b22996d
[2013/04/10 18:39:11 | 003,138,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mstscax.dll
[2013/04/10 18:39:04 | 002,691,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mstscax.dll
[2013/04/10 18:39:02 | 000,131,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\aaclient.dll
[2013/04/10 18:39:01 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\aaclient.dll
[2013/04/10 18:39:01 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\tsgqec.dll
[2013/04/10 18:39:01 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\tsgqec.dll
[2013/04/10 18:38:06 | 000,735,744 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2013/04/10 18:37:55 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\html.iec
[2013/04/10 18:37:52 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iepeers.dll
[2013/04/10 18:37:51 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\html.iec
[2013/04/10 18:37:51 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2013/04/10 18:37:49 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2013/04/10 18:37:47 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2013/04/10 18:37:46 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iepeers.dll
[2013/04/10 18:37:46 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2013/04/10 18:37:46 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\licmgr10.dll
[2013/04/10 18:37:45 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2013/04/10 18:37:45 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2013/04/10 18:37:44 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\licmgr10.dll
[2013/04/10 18:37:44 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msfeedssync.exe
[2013/04/10 18:37:44 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeedssync.exe
[2013/04/10 18:37:15 | 005,497,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe
[2013/04/10 18:37:11 | 003,958,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe
[2013/04/10 18:37:11 | 003,902,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe
[2013/04/10 18:37:10 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\smss.exe
[2013/04/10 18:37:09 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\csrsrv.dll
[2013/04/10 18:37:08 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\apisetschema.dll
[2013/04/09 21:10:18 | 000,000,000 | ---D | C] -- C:\windows\Minidump
 
========== Files - Modified Within 30 Days ==========
 
[2013/05/06 23:58:35 | 000,020,720 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/06 23:58:35 | 000,020,720 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/06 23:50:48 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/05/06 23:50:41 | 1875,439,616 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/06 23:35:45 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/05/06 19:42:03 | 000,000,924 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-3307170189-2184238555-2358492798-1001UA.job
[2013/05/06 18:19:40 | 000,000,512 | ---- | M] () -- C:\Users\user\Desktop\MBR.dat
[2013/05/06 13:42:01 | 000,000,902 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-3307170189-2184238555-2358492798-1001Core.job
[2013/05/06 13:01:52 | 001,498,742 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/05/06 13:01:52 | 000,656,294 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2013/05/06 13:01:52 | 000,616,800 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/05/06 13:01:52 | 000,130,894 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2013/05/06 13:01:52 | 000,107,180 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/04/16 16:10:59 | 000,287,136 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013/04/16 09:40:17 | 000,000,328 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleForuser.job
[2013/04/15 19:00:20 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013/04/09 21:10:10 | 256,125,924 | ---- | M] () -- C:\windows\MEMORY.DMP
 
========== Files Created - No Company Name ==========
 
[2013/05/06 18:19:40 | 000,000,512 | ---- | C] () -- C:\Users\user\Desktop\MBR.dat
[2013/04/09 21:10:10 | 256,125,924 | ---- | C] () -- C:\windows\MEMORY.DMP
[2012/12/18 11:06:10 | 000,030,568 | ---- | C] () -- C:\windows\MusiccityDownload.exe
[2012/12/18 11:06:06 | 000,974,848 | ---- | C] () -- C:\windows\SysWow64\cis-2.4.dll
[2012/12/18 11:06:06 | 000,081,920 | ---- | C] () -- C:\windows\SysWow64\issacapi_bs-2.3.dll
[2012/12/18 11:06:06 | 000,065,536 | ---- | C] () -- C:\windows\SysWow64\issacapi_pe-2.3.dll
[2012/12/18 11:06:06 | 000,057,344 | ---- | C] () -- C:\windows\SysWow64\issacapi_se-2.3.dll
[2012/05/12 15:35:41 | 002,434,856 | ---- | C] () -- C:\windows\SysWow64\pbsvc_bc2.exe
[2012/04/16 20:31:43 | 000,270,240 | ---- | C] () -- C:\windows\SysWow64\PnkBstrB.exe
[2012/04/16 20:31:37 | 000,076,888 | ---- | C] () -- C:\windows\SysWow64\PnkBstrA.exe
[2012/01/23 21:42:23 | 000,000,193 | ---- | C] () -- C:\windows\WORDPAD.INI
[2011/12/28 10:58:47 | 000,000,001 | ---- | C] () -- C:\windows\SysWow64\SI.bin
 
========== ZeroAccess Check ==========
 
[2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 07:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 06:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
Code:
ATTFilter
OTL Extras logfile created on: 5/6/2013 11:57:15 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\user\Downloads
64bit- Professional  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.75 Gb Total Physical Memory | 0.52 Gb Available Physical Memory | 29.66% Memory free
3.49 Gb Paging File | 1.63 Gb Available in Paging File | 46.70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 280.79 Gb Total Space | 185.61 Gb Free Space | 66.10% Space Free | Partition Type: NTFS
Drive D: | 931.28 Gb Total Space | 668.43 Gb Free Space | 71.78% Space Free | Partition Type: FAT32
Drive F: | 1.99 Gb Total Space | 0.00 Gb Free Space | 0.21% Space Free | Partition Type: FAT32
 
Computer Name: USER-HP | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-3307170189-2184238555-2358492798-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Users\user\AppData\Roaming\File Scout\filescout.exe" /open "%1"
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Users\user\AppData\Roaming\File Scout\filescout.exe" /open "%1"
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0951A5F1-7974-4483-9D21-17242545AC91}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{09676768-3274-403B-B993-22CD17FBBF07}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{1B5AEF2B-4DFA-4808-B269-90F833F77032}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{1BCA18B7-BE19-4CB7-BBBE-5FE92B35CD02}" = lport=137 | protocol=17 | dir=in | app=system | 
"{1F65C60D-3976-4435-9CCA-90FF379068DE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{384B98F9-1EF7-4344-A67E-2C72766F91DC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3CB17E84-6BB0-4DE7-9B3C-F9BD7B5189A4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{43752490-4D71-49FC-AC2F-B5F870397556}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{44476FA8-3D75-449C-8E67-93D71FEE9F26}" = lport=138 | protocol=17 | dir=in | app=system | 
"{5235F4B4-7531-4F3D-AD33-4F89A63B1081}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{588CAAC0-0D04-4897-8D8E-7DCFB31C3104}" = rport=137 | protocol=17 | dir=out | app=system | 
"{5C748D25-C72E-4BAB-93C9-74E076A727E9}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{5EFF9C7C-3837-4C60-B89F-8F1E38FFAF10}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{658F12B5-C343-49E8-BE8A-DDB80AB9B7E2}" = lport=445 | protocol=6 | dir=in | app=system | 
"{666A1B2E-726B-4B58-8976-51CD1DB10BC8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{72CF411C-2B2E-4F97-B3EA-3167EB753233}" = lport=139 | protocol=6 | dir=in | app=system | 
"{9496B68D-D933-4006-9C36-E98CCE646065}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9DF6E88F-DD1F-462F-A748-3DF5909B3822}" = rport=445 | protocol=6 | dir=out | app=system | 
"{A7F8070F-5F64-440C-B4CA-5296510981A3}" = rport=138 | protocol=17 | dir=out | app=system | 
"{AA9F9964-D795-4214-A274-34E78AB03E66}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{B464F4F9-1610-40A5-912B-C5D23BB29D7E}" = rport=139 | protocol=6 | dir=out | app=system | 
"{BFD83276-B330-4688-A46A-868C41610F88}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{DE60A561-43F5-425D-8EB8-0B611122318B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F7DE44D5-DB67-46B6-AD82-0B6C61700DDA}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{FD8ED4DE-3F5D-48CF-AEED-9C05FBBF509D}" = lport=2869 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08FEF671-5B13-4C34-9054-765DD20B6859}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{0B082C3C-ABC8-4C3D-B138-969F5178EC6C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{0C5DB281-1B8D-4ABD-B4A8-1B53EF7EA58E}" = protocol=6 | dir=out | app=system | 
"{0E2C9C05-881E-4C91-9E78-07C782D8C660}" = protocol=6 | dir=in | app=c:\program files (x86)\philips\wi-fi mediaconnect\wi-fi mediaconnect.exe | 
"{13B2AD62-5264-4A05-84E5-AFE4B1F0B81E}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"{1628A4C1-E3DF-4F2F-ABAD-99DD08127BBE}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{1B8119E6-53B2-43B8-9283-BD28A56572E3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{1D08B5B9-0029-4232-88BC-ED97015BB0E5}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"{1E7507F3-E0AF-4BE8-BEA8-DCFBB94407B2}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{1E85F613-CCE4-4929-AEED-E4E7574A5F2A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{2403C92B-3CBF-4BE4-9681-8469FEC4D0B5}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\need for speed(tm) hot pursuit\launcher.exe | 
"{24D5565E-A493-4CC9-9581-4244C4BD3ED8}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\fifa 12\game\fifa.exe | 
"{254119C9-C4C6-4379-8421-1AF0970A389F}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{2691431B-2315-4131-9687-01DABC48A501}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2updater.exe | 
"{2C9BB818-7FE9-4B6F-8D13-E965F88E8F92}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{2EAB2D71-B303-452A-84F5-4B13B4799F80}" = protocol=17 | dir=in | app=c:\users\user\appdata\roaming\spotify\spotify.exe | 
"{3516A187-CD7D-4108-9342-4E9A0CCCC402}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe | 
"{37F686A3-4D52-45C3-B01B-9E8B5B1D68BB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{3C0704E8-50D6-4374-8124-43C77E512AA7}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{459A432F-D8F7-498E-9885-4F4446787EB5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{46F20ADA-C08E-4E12-B47B-7FFA25097F79}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\fifa 12\game\fifa.exe | 
"{4F5D5251-1E4F-45FF-84AE-99BD38316FD0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{51A22DD2-6EEC-4A5D-810E-EFDBFD96AD1B}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2updater.exe | 
"{63852FF2-2659-4653-8AB9-8E241226A423}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe | 
"{67B7AA3B-0A27-48CE-B9E7-731894A908EC}" = protocol=17 | dir=in | app=c:\program files (x86)\philips\wi-fi mediaconnect\wi-fi mediaconnect.exe | 
"{6D0C7B5F-9365-4979-99B5-267885898042}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{70DA69EF-7E94-4BD5-BF59-8DE587854179}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{76FC1A24-32AA-48E0-ACA8-3E9D04F28850}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\need for speed(tm) hot pursuit\launcher.exe | 
"{7A9306CA-02E0-4309-A721-9EF2EA5A2B81}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{7AF66CEC-0DFF-4274-981A-20D234B42506}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe | 
"{7D466574-DB24-402E-BF14-EE139E18B4FA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8058E4B7-35B5-4B49-B7E8-2DC651BBB4D7}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{8587261C-FDE1-4A9B-95B4-22BAE365EE09}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\mass effect 3 demo\binaries\win32\masseffect3demo.exe | 
"{8CF01586-81B1-4768-B958-38C232B924D7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{99B076CB-09B8-4DFA-B6BD-037F90439905}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{9D7C26F3-83CE-4359-B272-6F990E6ED2F6}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\mass effect 3 demo\binaries\win32\masseffect3demo.exe | 
"{A491A6BC-D189-4EC0-81C7-F073769B6D25}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{A4A4A8C2-607E-4B7C-832E-72F237FF4934}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{A9152C6B-A0CE-418F-9B45-58703DAE43F1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{ADD6AB90-3433-448A-B751-F8E7CFC8A6DF}" = dir=in | app=c:\users\user\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"{AEC3526C-6ADA-4F2C-A237-4C42C30265BE}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{B6636784-356D-48C4-BE8F-344C9F2200DA}" = protocol=17 | dir=in | app=c:\users\user\appdata\roaming\dropbox\bin\dropbox.exe | 
"{B85CBECF-31DA-4245-95E3-1DD518BB92DA}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{CABD7842-9847-4DCD-BA54-F8F68F458C52}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\the sims 3 teaser\game\bin\ts3teaser.exe | 
"{D3B88AFF-400D-4BC7-9617-93C5ABA0CD8C}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe | 
"{DA80CCA5-7034-4341-AA47-6461463C2708}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{EC27B194-79BE-4F39-9C2F-E73B60C84158}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"{F0CCEB70-5A14-40DB-9A18-C2AD8BF51302}" = protocol=6 | dir=in | app=c:\users\user\appdata\roaming\spotify\spotify.exe | 
"{F118B5F8-C498-43CD-8915-35A75BA16A39}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\the sims 3 teaser\game\bin\ts3teaser.exe | 
"{F29EAEE6-AD32-4617-873C-900E951706FF}" = protocol=6 | dir=in | app=c:\users\user\appdata\roaming\dropbox\bin\dropbox.exe | 
"{F6309064-AC93-44BD-9692-33E0AC2EDDDE}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"TCP Query User{0B0C0B1F-72E6-4314-857B-9F4F0D7F2D92}C:\program files (x86)\electronic arts\need for speed(tm) hot pursuit\nfs11.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\need for speed(tm) hot pursuit\nfs11.exe | 
"TCP Query User{19BE626D-DC3D-4F17-B570-C3B37497430E}C:\program files (x86)\icq7.5\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"TCP Query User{8270B03C-A2AD-486A-83C0-9830799959CD}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"TCP Query User{D0402389-4303-44D0-91D5-65EA2911651C}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | 
"TCP Query User{DD5AAD67-B33A-4A91-A296-6D5463305DFB}C:\program files (x86)\philips\wi-fi mediaconnect\wi-fi mediaconnect.exe" = protocol=6 | dir=in | app=c:\program files (x86)\philips\wi-fi mediaconnect\wi-fi mediaconnect.exe | 
"TCP Query User{F13679BE-C72A-43AA-A2DC-E93AC5B8F38E}C:\program files (x86)\ea games\battlefield heroes\bfheroes.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield heroes\bfheroes.exe | 
"TCP Query User{FE65B116-D830-443D-84C6-643212708C15}C:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe | 
"UDP Query User{072101E1-A062-43BF-A686-BC654FA04669}C:\program files (x86)\icq7.5\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"UDP Query User{32FEF3F1-F936-454F-B3C1-66D72401E474}C:\program files (x86)\philips\wi-fi mediaconnect\wi-fi mediaconnect.exe" = protocol=17 | dir=in | app=c:\program files (x86)\philips\wi-fi mediaconnect\wi-fi mediaconnect.exe | 
"UDP Query User{56D939D7-35CF-4452-B596-ACEF5E44CDAE}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"UDP Query User{87434793-2183-4DE1-9774-68133D2A533F}C:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe | 
"UDP Query User{91559415-5995-42DB-B668-AED1674D64F1}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | 
"UDP Query User{D07972B4-6C41-46BC-A60C-00A70D2BEB74}C:\program files (x86)\electronic arts\need for speed(tm) hot pursuit\nfs11.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\need for speed(tm) hot pursuit\nfs11.exe | 
"UDP Query User{F4AE70EF-98A3-48BE-B23D-024E32699479}C:\program files (x86)\ea games\battlefield heroes\bfheroes.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield heroes\bfheroes.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{014C6C60-4916-48F7-916E-E8048E12E9F1}" = HP HotKey Support
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1C55470A-7C9E-4C63-B466-6AFFC69E94E9}" = Windows Live Family Safety
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{2C69D297-A524-1FB1-5C00-1C52363E044F}" = ccc-utility64
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = Broadcom 2070 Bluetooth 3.0
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{560932B5-8702-7FB8-01AE-265EA44FAEEB}" = ATI Catalyst Install Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C7AE4EC3-9C13-4213-8457-74D16B353F91}" = HP Web Camera
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EC720706-3F19-4B7F-BDDD-E31D9B3921D2}" = HP Wireless Assistant
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"CCleaner" = CCleaner
"LSI Soft Modem" = LSI HDA Modem
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{36C95AD3-D330-4BAA-884A-9F3EFD15A5EA}" = Corel Home Office
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{04801E42-B1A6-4C52-9F3D-CADB5A050433}" = HP Software Setup
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{0A5D6971-7347-4914-A090-0EA445B28917}" = Die Sims™ 3-Teaser
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B2187A6-8ACC-4012-9817-9221211EF407}" = Corel Home Office - IPM
"{0C7A1F10-3965-190D-3409-B0DD7C45C0EE}" = CCC Help Italian
"{0CE0711D-A5E3-4E98-B3C0-0227A5E000CA}" = Angry Birds
"{14B61ABC-D4A7-BCF5-92BE-95CEB8DF4374}" = CCC Help Czech
"{16CA9DAC-6A40-4204-A826-33C4D52A266C}" = Catalyst Control Center - Branding
"{1A1E33D2-9824-454A-B8CB-50072118635A}" = Corel Home Office - CS Templates
"{1C598CE5-344B-997B-FF33-2976D689C0AC}" = CCC Help Greek
"{1D11E96F-0405-4B99-8356-5750B1D9FAE9}" = Corel Home Office - JP Templates
"{1D61E881-43CD-447B-9E6B-D2C6138B2862}" = HP Webcam
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{20071984-5EB1-4881-8EDB-082532ACEC6D}" = Heroes of Might and Magic V
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{26D19512-874B-4EDA-B7F1-779850B2AD5A}" = Corel Home Office - CT Templates
"{2DA697D7-FED3-4DE2-A174-92A2A12F9688}" = HP SoftPaq Download Manager
"{32A3A4F4-B792-11D6-A78A-00B0D0170100}" = Java SE Development Kit 7 Update 10
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{36C95AD3-D330-4BAA-884A-9F3EFD15A5EA}" = Corel Home Office
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39C5A498-FA1A-2473-34D1-6755E5A1BC99}" = CCC Help German
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B4911AA-98AA-F2E0-1BF4-2E2737D1C95C}" = Catalyst Control Center InstallProxy
"{5017D60D-C0A5-4CC8-8D2F-0BDA1ADF39D0}" = Corel Home Office - Templates1
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator Business
"{5478075D-1797-1C4C-B3F0-DC8ECCA7D5C3}" = Catalyst Control Center Localization All
"{553C904F-57A2-4113-888E-BA0C3D1C69C0}" = Microsoft VC9 runtime libraries
"{558ED580-6168-AF04-C71F-E63B0E149E21}" = CCC Help Korean
"{5746E4F9-77C6-47E8-A737-A5975A57B4AA}" = Corel Home Office - KR Templates
"{5BF8E079-D6E2-4323-B794-75152371122A}" = Windows 7 Default Setting
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{66FF4C48-0083-4E60-8556-B883AB200092}" = Heroes of Might and Magic V - Tribes of the East
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFDE3BE-BC01-45A4-9D06-BBF5AD207313}" = LightScribe System Software
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}" = RollerCoaster Tycoon 2
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79CF6EF9-8C9A-F284-5042-B5B54645B5F8}" = CCC Help Norwegian
"{7D66971C-652B-4065-A6B1-B3EE313C254B}" = BlueJ
"{7F30B436-1196-1401-9A4F-CFF6C10D6EBA}" = CCC Help Polish
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 5.2.0
"{8215AC14-BFC2-4ECC-96D6-1030202F8BDF}" = Visual C++ 8.0 x86 Runtime Setup Package
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83A606F5-BF6F-42ED-9F33-B9F74297CDED}" = Need for Speed(TM) Hot Pursuit
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84EC6CDF-E378-0EBA-E4C2-BBD5489CD4EF}" = CCC Help Japanese
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{919D10CE-CADB-8D08-3429-7FB1DFA3B043}" = CCC Help Spanish
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AC1B0B-02D1-4FAA-9C1E-C92ECA74921A}" = HP Setup
"{9978D298-9AA1-99EE-9975-18AAEF34DE0C}" = CCC Help Dutch
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CD3BB19-993E-469D-9E1F-B57A175C1411}" = HP Software Framework
"{9D4D0B44-0A55-1905-5CF4-8A6EC311673F}" = CCC Help Russian
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A005479C-7D10-A4CB-0BAD-5D8765E141C6}" = CCC Help Turkish
"{A1683CA7-4850-4A21-982B-C6D853C79AF7}" = Mass Effect™ 3 Demo
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA58346A-A5D7-4659-91D6-38D07345BDCF}" = Wi-Fi MediaConnect
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{AC76BA86-7AD7-2447-0000-900000000003}" = Chinese Simplified Fonts Support For Adobe Reader 9
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{C1DE827D-8A61-4A77-9CCF-31AD84CC1FB6}" = HP Documentation
"{C2036B7D-C21E-38E9-FB0B-3746E82B898B}" = CCC Help Hungarian
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D10B94E4-8545-CA0F-EDE9-41F62272A0DE}" = CCC Help Portuguese
"{D35A9E39-05F9-0D80-C41C-71B2FDCBE5E9}" = CCC Help Chinese Standard
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5C1E5E2-11A5-4905-ACC6-6DDD5E3B7705}" = Visual C++ 8.0 x64 Runtime Setup Package
"{D9989A13-B173-4048-B8A5-93C204DCB1B3}" = HP ESU for Microsoft Windows 7
"{DB393B0B-4A5D-7B50-AD80-3772372C4243}" = CCC Help Thai
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}" = HP Webcam Driver
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E4756B93-69FF-D723-D7F8-97FFE73A0D2C}" = CCC Help French
"{E4C82543-E98E-E66D-84A7-9C9235ADF9CE}" = CCC Help English
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E684A226-D7B1-4B14-9778-44AD48A654F0}" = Corel Home Office
"{E74EA3B1-7192-489D-9A57-0AE918FEC001}" = Corel Home Office - Launcher
"{E8CA17C0-5A35-3CF1-C50F-1E9783FFB08B}" = CCC Help Swedish
"{EA8ADAA9-6671-4839-A51E-0C6792B78F3E}" = FIFA 12
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator Business v10
"{F0261797-E2ED-8BEC-7B6F-A7C0A0E478FF}" = ccc-core-static
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F45048A1-12C4-4B08-A3EB-32D88033368A}" = Corel Home Office - Templates RU
"{F6CEF69E-35EA-6086-6D7D-21E89FD70B16}" = CCC Help Finnish
"{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}" = Realtek Ethernet Controller All-In-One Windows Driver
"{F8801800-9E88-3AB1-21DA-E50EFA0F771E}" = CCC Help Danish
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FC6256BB-BDD4-AB91-451B-86896F236769}" = CCC Help Chinese Traditional
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.34.1015
"Heroes of Might and Magic IV" = Heroes of Might and Magic® IV The Gathering Storm
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"IrfanView" = IrfanView (remove only)
"lrcsing@msingsoftware.net" = Lyrics Sing
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"TeamViewer 6" = TeamViewer 6
"VLC media player" = VLC media player 2.0.2
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3307170189-2184238555-2358492798-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes (user)
"Dropbox" = Dropbox
"MyFreeCodec" = MyFreeCodec
"Spotify" = Spotify
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Hewlett-Packard Events ]
Error - 8/13/2011 2:33:45 PM | Computer Name = user-HP | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\081113083313.xml
 File not created by asset agent
 
Error - 8/13/2011 2:34:02 PM | Computer Name = user-HP | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\081113083346.xml
 File not created by asset agent
 
Error - 8/21/2011 8:54:30 AM | Computer Name = user-HP | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\081121025358.xml
 File not created by asset agent
 
Error - 8/27/2011 2:08:25 PM | Computer Name = user-HP | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\081127080822.xml
 File not created by asset agent
 
Error - 9/7/2011 11:50:43 AM | Computer Name = user-HP | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\091107055010.xml
 File not created by asset agent
 
Error - 9/17/2011 2:39:56 PM | Computer Name = user-HP | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\091117083949.xml
 File not created by asset agent
 
Error - 9/24/2011 2:35:00 PM | Computer Name = user-HP | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\091124083428.xml
 File not created by asset agent
 
Error - 10/30/2011 8:59:28 AM | Computer Name = user-HP | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\101130015856.xml
 File not created by asset agent
 
Error - 10/30/2011 9:00:01 AM | Computer Name = user-HP | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\101130015929.xml
 File not created by asset agent
 
Error - 11/1/2011 1:15:48 PM | Computer Name = user-HP | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\111101061514.xml
 File not created by asset agent
 
[ HP Wireless Assistant Events ]
Error - 8/26/2012 12:53:04 PM | Computer Name = user-HP | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597    bei HP_Common.CaslWrapper.GetDeviceInfo(List`1&
 radioList)     bei HPPA_Service.CurrentConfiguration.ReloadRadioList()
 
Error - 9/9/2012 4:46:35 AM | Computer Name = user-HP | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597    bei HP_Common.CaslWrapper.GetDeviceInfo(List`1&
 radioList)     bei HPPA_Service.CurrentConfiguration.ReloadRadioList()
 
Error - 9/9/2012 11:35:50 AM | Computer Name = user-HP | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597    bei HP_Common.CaslWrapper.GetDeviceInfo(List`1&
 radioList)     bei HPPA_Service.CurrentConfiguration.ReloadRadioList()
 
Error - 10/4/2012 4:06:55 PM | Computer Name = user-HP | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597    bei HP_Common.CaslWrapper.GetDeviceInfo(List`1&
 radioList)     bei HPPA_Service.CurrentConfiguration.ReloadRadioList()
 
Error - 10/24/2012 10:31:32 AM | Computer Name = user-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Aufruf wurde durch Messagefilter
 abgebrochen. (Ausnahme von HRESULT: 0x80010002 (RPC_E_CALL_CANCELED))    bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
 errorCode, IntPtr errorInfo)     bei System.Management.ManagementScope.InitializeGuts(Object
 o)     bei System.Management.ManagementScope.Initialize()     bei System.Management.ManagementObjectSearcher.Initialize()

   bei System.Management.ManagementObjectSearcher.Get()     bei HPPA_Service.CurrentConfiguration.FindDevice(String
 hostPath, String portName)     bei HPPA_Service.CurrentConfiguration.ApplyDeviceManagerState(List`1
 radios)     bei HPPA_Service.CurrentConfiguration.ReloadRadioList()
 
Error - 1/21/2013 5:14:39 AM | Computer Name = user-HP | Source = HP WA Application | ID = 0
Description = HardwareAccess.UnableToConnectException Application.ApplicationStartup;
 failed to create hardware layer Fehler in der Anwendung.    bei HardwareAccess.Hardware..ctor(Dispatcher
 dispatcher, ServicePort port, Int32 timeout)     bei HardwareAccess.Hardware.Create(Dispatcher
 dispatcher, ServicePort port, Int32 timeout)     bei HPWA_Main.App.ApplicationStartup(Object
 sender, StartupEventArgs args)
 
Error - 1/21/2013 5:15:21 AM | Computer Name = user-HP | Source = HP WA Application | ID = 0
Description = MainWindow.ShowImpl; not initialized, closing application...
 
Error - 4/10/2013 6:51:09 PM | Computer Name = user-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Aufruf wurde durch Messagefilter
 abgebrochen. (Ausnahme von HRESULT: 0x80010002 (RPC_E_CALL_CANCELED))    bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
 errorCode, IntPtr errorInfo)     bei System.Management.ManagementScope.InitializeGuts(Object
 o)     bei System.Management.ManagementScope.Initialize()     bei System.Management.ManagementObject.Initialize(Boolean
 getObject)     bei System.Management.ManagementBaseObject.get_Properties()     bei 
System.Management.ManagementBaseObject.GetPropertyValue(String propertyName)     bei
 HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
 
Error - 4/18/2013 4:41:18 AM | Computer Name = user-HP | Source = HP WA Application | ID = 0
Description = HardwareAccess.UnableToConnectException Application.ApplicationStartup;
 failed to create hardware layer Fehler in der Anwendung.    bei HardwareAccess.Hardware..ctor(Dispatcher
 dispatcher, ServicePort port, Int32 timeout)     bei HardwareAccess.Hardware.Create(Dispatcher
 dispatcher, ServicePort port, Int32 timeout)     bei HPWA_Main.App.ApplicationStartup(Object
 sender, StartupEventArgs args)
 
Error - 4/18/2013 4:43:25 AM | Computer Name = user-HP | Source = HP WA Application | ID = 0
Description = MainWindow.ShowImpl; not initialized, closing application...
 
[ System Events ]
Error - 5/6/2013 5:41:49 PM | Computer Name = user-HP | Source = DCOM | ID = 10010
Description = 
 
 
< End of report >

Alt 07.05.2013, 10:22   #22
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Ordner auf externer Festplatte nur noch als Verknüpfungen - Standard

Ordner auf externer Festplatte nur noch als Verknüpfungen


Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Vollscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 07.05.2013, 20:38   #23
kleinerrek
 
Ordner auf externer Festplatte nur noch als Verknüpfungen - Standard

Ordner auf externer Festplatte nur noch als Verknüpfungen


Hier schonmal Malewarebaytes fund... ich habe noch nichts weiter gelöscht..

bis jetzt sind auch die ordner auf der externen festplatte nicht wieder aufgetaucht...

Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.05.07.04

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
user :: USER-HP [Administrator]

07.05.2013 18:59:06
MBAM-log-2013-05-07 (21-34-55).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 543196
Laufzeit: 2 Stunde(n), 12 Minute(n), 59 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKLM\SYSTEM\CurrentControlSet\Services\IBUpdaterService (PUP.InstallBrain) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Antwort
Seite 2 von 2 1 2

Themen zu Ordner auf externer Festplatte nur noch als Verknüpfungen
durchgeführt, erfahrung, erreiche, externe, externe festplatte, externer, festplatte, forum, gen, hoffnung, links, lösung, musik, ordner, ordner nur verknüpfungen, platte, recycler, recycler ordner noch da, recycler virus, retten, scan, sichtbar, speicherplatz, spiegel, threads, unsichtbar, verknüpfungen, versucht, woche


« werde Iminent nicht los | Virenprogramme hängen sich auf, Incredibar wurde angezeigt »


Ähnliche Themen: Ordner auf externer Festplatte nur noch als Verknüpfungen


  1. PUM.UserWLoad, trojan.ransom gefunden, auf externer Festplatte nur noch Verknüpfungen seitdem, die jetzt unzugänglich sind
    Plagegeister aller Art und deren Bekämpfung - 04.04.2013 (24)
  2. Dateien auf externer Festplatte werden nur noch als Verknüpfungen angezeigt
    Plagegeister aller Art und deren Bekämpfung - 30.03.2013 (17)
  3. ordner auf externer Festplatte sind nur noch Verknüpfungen!?
    Plagegeister aller Art und deren Bekämpfung - 19.12.2012 (2)
  4. Ordner auf externer Festplatte sind nur noch Verknüpfungen! RECYCLER
    Log-Analyse und Auswertung - 31.10.2012 (25)
  5. externe Festplatte: Ordner nur noch als Verknüpfungen vorhanden
    Log-Analyse und Auswertung - 02.07.2012 (1)
  6. Ordner auf externer Festplatte nur noch Verknüpfungen
    Log-Analyse und Auswertung - 23.01.2012 (1)
  7. ordner in externer festplatte nur verknüpfungen?! Windows cannot find `K: RECYCLER/ 470a1245. hilfe!
    Log-Analyse und Auswertung - 19.12.2011 (13)
  8. Ordner auf externer Festplatte und USB Stick nur über Verknüpfungen erreichbar
    Log-Analyse und Auswertung - 14.11.2011 (20)
  9. Ordner auf externer Festplatte werden nur noch als Verknüpfungen angezeigt, die sich nicht öffnen
    Log-Analyse und Auswertung - 17.10.2011 (24)
  10. Ordner auf externer Festplatte nur noch als Verknüpfungen
    Log-Analyse und Auswertung - 25.09.2011 (22)
  11. Ordner auf externer Festplatte nur noch als Verknüpfungen
    Log-Analyse und Auswertung - 14.09.2011 (5)
  12. Auf externer Festplatte nur Verknüpfungen der Ordner zu sehen
    Plagegeister aller Art und deren Bekämpfung - 22.08.2011 (2)
  13. Alle Ordner auf externer Festplatte nur noch Verknüpfungen!
    Log-Analyse und Auswertung - 20.07.2011 (5)
  14. Ordner auf externer Festplatte nur noch als Verknüpfungen
    Log-Analyse und Auswertung - 24.06.2011 (8)
  15. Problem mit externer Festplatte: Ordner werden nur als nicht zu öffnende Verknüpfungen angezeigt
    Log-Analyse und Auswertung - 14.06.2011 (1)
  16. Ordner auf der Festplatte werden nur noch als Verknüpfungen dargestellt
    Mülltonne - 02.05.2011 (2)
  17. Dateien und Ordner auf externer Festplatte nur noch Shortcuts (zu piwutx.exe)
    Plagegeister aller Art und deren Bekämpfung - 26.04.2011 (5)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Ordner auf externer Festplatte nur noch als Verknüpfungen - aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop. Starte die aswMBR.exe - ( aswMBR.exe Anleitung ) Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator - Ordner auf externer Festplatte nur noch als Verknüpfungen...
Archiv
Du betrachtest: Ordner auf externer Festplatte nur noch als Verknüpfungen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130