Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Wahrscheinlich was eingefangen. wssetup.exe erscheint beim booten; "freezed" bildschirm

Wahrscheinlich was eingefangen. wssetup.exe erscheint beim booten; "freezed" bildschirm


Plagegeister aller Art und deren Bekämpfung: Wahrscheinlich was eingefangen. wssetup.exe erscheint beim booten; "freezed" bildschirm

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Seite 2 von 3 1 2 3
Alt 07.06.2013, 15:25   #16
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Wahrscheinlich was eingefangen. wssetup.exe erscheint beim booten; "freezed" bildschirm - Standard

Wahrscheinlich was eingefangen. wssetup.exe erscheint beim booten; "freezed" bildschirm


aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).




TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 07.06.2013, 19:31   #17
Roman95
 
Wahrscheinlich was eingefangen. wssetup.exe erscheint beim booten; "freezed" bildschirm - Standard

Wahrscheinlich was eingefangen. wssetup.exe erscheint beim booten; "freezed" bildschirm


einmal aswMBR.txt:
Code:
ATTFilter
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-06-07 19:51:47
-----------------------------
19:51:47.627    OS Version: Windows x64 6.1.7601 Service Pack 1
19:51:47.627    Number of processors: 4 586 0x2A07
19:51:47.627    ComputerName: USER-PC  UserName: User
19:51:50.201    Initialize success
20:04:04.664    AVAST engine defs: 13060700
20:05:36.449    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
20:05:36.452    Disk 0 Vendor: Hitachi_HDS721050CLA362 JP2OA50E Size: 476940MB BusType: 11
20:05:36.516    Disk 0 MBR read successfully
20:05:36.519    Disk 0 MBR scan
20:05:36.525    Disk 0 Windows 7 default MBR code
20:05:36.528    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
20:05:36.539    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       476838 MB offset 206848
20:05:36.574    Disk 0 scanning C:\Windows\system32\drivers
20:05:47.408    Service scanning
20:06:09.791    Modules scanning
20:06:09.799    Disk 0 trace - called modules:
20:06:09.832    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 
20:06:09.836    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80077ee060]
20:06:09.843    3 CLASSPNP.SYS[fffff8800161743f] -> nt!IofCallDriver -> [0xfffffa8007524520]
20:06:09.847    5 ACPI.sys[fffff88000f157a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa800752e060]
20:06:11.256    AVAST engine scan C:\Windows
20:06:13.547    AVAST engine scan C:\Windows\system32
20:08:54.662    AVAST engine scan C:\Windows\system32\drivers
20:09:05.892    AVAST engine scan C:\Users\User
20:14:44.375    AVAST engine scan C:\ProgramData
20:19:56.612    Scan finished successfully
20:21:29.265    Disk 0 MBR has been saved successfully to "C:\Users\User\Desktop\MBR.dat"
20:21:29.265    The log file has been saved successfully to "C:\Users\User\Desktop\aswMBR.txt"

und hier die TDSSKiller Logfile:

Code:
ATTFilter
20:27:38.0935 5672  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
20:27:39.0512 5672  ============================================================
20:27:39.0512 5672  Current date / time: 2013/06/07 20:27:39.0512
20:27:39.0512 5672  SystemInfo:
20:27:39.0512 5672  
20:27:39.0512 5672  OS Version: 6.1.7601 ServicePack: 1.0
20:27:39.0512 5672  Product type: Workstation
20:27:39.0512 5672  ComputerName: USER-PC
20:27:39.0512 5672  UserName: User
20:27:39.0512 5672  Windows directory: C:\Windows
20:27:39.0512 5672  System windows directory: C:\Windows
20:27:39.0512 5672  Running under WOW64
20:27:39.0512 5672  Processor architecture: Intel x64
20:27:39.0512 5672  Number of processors: 4
20:27:39.0512 5672  Page size: 0x1000
20:27:39.0512 5672  Boot type: Normal boot
20:27:39.0512 5672  ============================================================
20:27:41.0166 5672  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:27:41.0166 5672  ============================================================
20:27:41.0166 5672  \Device\Harddisk0\DR0:
20:27:41.0166 5672  MBR partitions:
20:27:41.0166 5672  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
20:27:41.0166 5672  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
20:27:41.0166 5672  ============================================================
20:27:41.0197 5672  C: <-> \Device\Harddisk0\DR0\Partition2
20:27:41.0197 5672  ============================================================
20:27:41.0197 5672  Initialize success
20:27:41.0197 5672  ============================================================
20:27:48.0467 4944  ============================================================
20:27:48.0467 4944  Scan started
20:27:48.0467 4944  Mode: Manual; SigCheck; TDLFS; 
20:27:48.0467 4944  ============================================================
20:27:49.0293 4944  ================ Scan system memory ========================
20:27:49.0293 4944  System memory - ok
20:27:49.0293 4944  ================ Scan services =============================
20:27:49.0434 4944  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
20:27:49.0543 4944  1394ohci - ok
20:27:49.0574 4944  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
20:27:49.0605 4944  ACPI - ok
20:27:49.0621 4944  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
20:27:49.0668 4944  AcpiPmi - ok
20:27:49.0824 4944  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:27:49.0839 4944  AdobeARMservice - ok
20:27:49.0964 4944  [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:27:49.0980 4944  AdobeFlashPlayerUpdateSvc - ok
20:27:50.0027 4944  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
20:27:50.0058 4944  adp94xx - ok
20:27:50.0089 4944  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
20:27:50.0120 4944  adpahci - ok
20:27:50.0120 4944  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
20:27:50.0136 4944  adpu320 - ok
20:27:50.0151 4944  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
20:27:50.0229 4944  AeLookupSvc - ok
20:27:50.0261 4944  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
20:27:50.0323 4944  AFD - ok
20:27:50.0354 4944  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
20:27:50.0370 4944  agp440 - ok
20:27:50.0385 4944  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
20:27:50.0432 4944  ALG - ok
20:27:50.0463 4944  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
20:27:50.0479 4944  aliide - ok
20:27:50.0510 4944  ALSysIO - ok
20:27:50.0526 4944  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
20:27:50.0541 4944  amdide - ok
20:27:50.0557 4944  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
20:27:50.0604 4944  AmdK8 - ok
20:27:50.0651 4944  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
20:27:50.0682 4944  AmdPPM - ok
20:27:50.0729 4944  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
20:27:50.0744 4944  amdsata - ok
20:27:50.0775 4944  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
20:27:50.0791 4944  amdsbs - ok
20:27:50.0807 4944  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
20:27:50.0822 4944  amdxata - ok
20:27:50.0838 4944  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
20:27:50.0931 4944  AppID - ok
20:27:50.0947 4944  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
20:27:51.0025 4944  AppIDSvc - ok
20:27:51.0056 4944  [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo         C:\Windows\System32\appinfo.dll
20:27:51.0119 4944  Appinfo - ok
20:27:51.0150 4944  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
20:27:51.0165 4944  arc - ok
20:27:51.0181 4944  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
20:27:51.0197 4944  arcsas - ok
20:27:51.0275 4944  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
20:27:51.0290 4944  aspnet_state - ok
20:27:51.0321 4944  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
20:27:51.0384 4944  AsyncMac - ok
20:27:51.0415 4944  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
20:27:51.0415 4944  atapi - ok
20:27:51.0477 4944  [ 417B9BAB376E8E50F6770196656FD348 ] athur           C:\Windows\system32\DRIVERS\athurx.sys
20:27:51.0540 4944  athur - ok
20:27:51.0602 4944  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:27:51.0680 4944  AudioEndpointBuilder - ok
20:27:51.0680 4944  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
20:27:51.0711 4944  AudioSrv - ok
20:27:51.0789 4944  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
20:27:51.0836 4944  AxInstSV - ok
20:27:51.0930 4944  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
20:27:51.0992 4944  b06bdrv - ok
20:27:52.0055 4944  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
20:27:52.0133 4944  b57nd60a - ok
20:27:52.0179 4944  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
20:27:52.0257 4944  BDESVC - ok
20:27:52.0289 4944  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
20:27:52.0367 4944  Beep - ok
20:27:52.0413 4944  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
20:27:52.0476 4944  BFE - ok
20:27:52.0632 4944  [ 6E10DB69DB1AA96207F4B14B18FF12F8 ] BHDrvx64        C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20130531.001\BHDrvx64.sys
20:27:52.0679 4944  BHDrvx64 - ok
20:27:52.0725 4944  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
20:27:52.0819 4944  BITS - ok
20:27:52.0866 4944  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
20:27:52.0897 4944  blbdrive - ok
20:27:52.0928 4944  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
20:27:52.0991 4944  bowser - ok
20:27:53.0053 4944  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
20:27:53.0100 4944  BrFiltLo - ok
20:27:53.0131 4944  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
20:27:53.0162 4944  BrFiltUp - ok
20:27:53.0209 4944  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
20:27:53.0256 4944  Browser - ok
20:27:53.0318 4944  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
20:27:53.0459 4944  Brserid - ok
20:27:53.0505 4944  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
20:27:53.0568 4944  BrSerWdm - ok
20:27:53.0615 4944  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
20:27:53.0677 4944  BrUsbMdm - ok
20:27:53.0708 4944  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
20:27:53.0755 4944  BrUsbSer - ok
20:27:53.0771 4944  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
20:27:53.0817 4944  BTHMODEM - ok
20:27:53.0864 4944  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
20:27:53.0895 4944  bthserv - ok
20:27:53.0973 4944  [ 2C6FFCCA37B002AAB3C7C31A6D780A76 ] ccSet_N360      C:\Windows\system32\drivers\N360x64\0604010.00E\ccSetx64.sys
20:27:53.0973 4944  ccSet_N360 - ok
20:27:54.0005 4944  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
20:27:54.0067 4944  cdfs - ok
20:27:54.0098 4944  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
20:27:54.0098 4944  cdrom - ok
20:27:54.0129 4944  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
20:27:54.0192 4944  CertPropSvc - ok
20:27:54.0239 4944  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
20:27:54.0285 4944  circlass - ok
20:27:54.0317 4944  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
20:27:54.0332 4944  CLFS - ok
20:27:54.0379 4944  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:27:54.0410 4944  clr_optimization_v2.0.50727_32 - ok
20:27:54.0441 4944  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:27:54.0457 4944  clr_optimization_v2.0.50727_64 - ok
20:27:54.0519 4944  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:27:54.0535 4944  clr_optimization_v4.0.30319_32 - ok
20:27:54.0535 4944  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:27:54.0551 4944  clr_optimization_v4.0.30319_64 - ok
20:27:54.0582 4944  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
20:27:54.0613 4944  CmBatt - ok
20:27:54.0644 4944  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
20:27:54.0660 4944  cmdide - ok
20:27:54.0691 4944  [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG             C:\Windows\system32\Drivers\cng.sys
20:27:54.0738 4944  CNG - ok
20:27:54.0753 4944  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
20:27:54.0753 4944  Compbatt - ok
20:27:54.0785 4944  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
20:27:54.0816 4944  CompositeBus - ok
20:27:54.0847 4944  COMSysApp - ok
20:27:54.0863 4944  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
20:27:54.0863 4944  crcdisk - ok
20:27:54.0909 4944  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
20:27:54.0956 4944  CryptSvc - ok
20:27:55.0034 4944  [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc          C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
20:27:55.0065 4944  cvhsvc - ok
20:27:55.0097 4944  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
20:27:55.0143 4944  DcomLaunch - ok
20:27:55.0175 4944  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
20:27:55.0253 4944  defragsvc - ok
20:27:55.0299 4944  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
20:27:55.0362 4944  DfsC - ok
20:27:55.0409 4944  [ 41AC348DBD378F618CB4FDEE54270692 ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
20:27:55.0424 4944  dg_ssudbus - ok
20:27:55.0487 4944  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
20:27:55.0533 4944  Dhcp - ok
20:27:55.0549 4944  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
20:27:55.0611 4944  discache - ok
20:27:55.0658 4944  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
20:27:55.0658 4944  Disk - ok
20:27:55.0689 4944  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
20:27:55.0752 4944  Dnscache - ok
20:27:55.0783 4944  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
20:27:55.0845 4944  dot3svc - ok
20:27:55.0845 4944  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
20:27:55.0877 4944  DPS - ok
20:27:55.0908 4944  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
20:27:55.0955 4944  drmkaud - ok
20:27:56.0001 4944  [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
20:27:56.0033 4944  DXGKrnl - ok
20:27:56.0064 4944  [ D1004B64292C1A802D53CD861695ACE3 ] e1qexpress      C:\Windows\system32\DRIVERS\e1q62x64.sys
20:27:56.0064 4944  e1qexpress - ok
20:27:56.0095 4944  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
20:27:56.0157 4944  EapHost - ok
20:27:56.0251 4944  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
20:27:56.0313 4944  ebdrv - ok
20:27:56.0391 4944  [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl          C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
20:27:56.0407 4944  eeCtrl - ok
20:27:56.0423 4944  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
20:27:56.0469 4944  EFS - ok
20:27:56.0516 4944  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
20:27:56.0579 4944  ehRecvr - ok
20:27:56.0610 4944  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
20:27:56.0641 4944  ehSched - ok
20:27:56.0688 4944  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
20:27:56.0719 4944  elxstor - ok
20:27:56.0766 4944  [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
20:27:56.0781 4944  EraserUtilRebootDrv - ok
20:27:56.0797 4944  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
20:27:56.0844 4944  ErrDev - ok
20:27:56.0875 4944  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
20:27:56.0937 4944  EventSystem - ok
20:27:56.0984 4944  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
20:27:57.0000 4944  exfat - ok
20:27:57.0031 4944  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
20:27:57.0093 4944  fastfat - ok
20:27:57.0140 4944  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
20:27:57.0218 4944  Fax - ok
20:27:57.0234 4944  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
20:27:57.0265 4944  fdc - ok
20:27:57.0296 4944  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
20:27:57.0343 4944  fdPHost - ok
20:27:57.0343 4944  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
20:27:57.0405 4944  FDResPub - ok
20:27:57.0452 4944  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
20:27:57.0468 4944  FileInfo - ok
20:27:57.0468 4944  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
20:27:57.0530 4944  Filetrace - ok
20:27:57.0561 4944  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
20:27:57.0561 4944  flpydisk - ok
20:27:57.0593 4944  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
20:27:57.0593 4944  FltMgr - ok
20:27:57.0639 4944  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
20:27:57.0671 4944  FontCache - ok
20:27:57.0717 4944  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:27:57.0733 4944  FontCache3.0.0.0 - ok
20:27:57.0749 4944  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
20:27:57.0764 4944  FsDepends - ok
20:27:57.0795 4944  [ 6C06701BF1DB05405804D7EB610991CE ] fssfltr         C:\Windows\system32\DRIVERS\fssfltr.sys
20:27:57.0811 4944  fssfltr - ok
20:27:57.0905 4944  [ 4CE9DAC1518FF7E77BD213E6394B9D77 ] fsssvc          C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
20:27:57.0967 4944  fsssvc - ok
20:27:58.0045 4944  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
20:27:58.0061 4944  Fs_Rec - ok
20:27:58.0217 4944  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
20:27:58.0232 4944  fvevol - ok
20:27:58.0263 4944  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
20:27:58.0279 4944  gagp30kx - ok
20:27:58.0310 4944  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
20:27:58.0357 4944  gpsvc - ok
20:27:58.0404 4944  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:27:58.0419 4944  gupdate - ok
20:27:58.0419 4944  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:27:58.0435 4944  gupdatem - ok
20:27:58.0466 4944  [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi         C:\Windows\system32\DRIVERS\hamachi.sys
20:27:58.0482 4944  hamachi - ok
20:27:58.0513 4944  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
20:27:58.0544 4944  hcw85cir - ok
20:27:58.0591 4944  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:27:58.0638 4944  HdAudAddService - ok
20:27:58.0685 4944  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
20:27:58.0731 4944  HDAudBus - ok
20:27:58.0763 4944  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
20:27:58.0809 4944  HidBatt - ok
20:27:58.0841 4944  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
20:27:58.0887 4944  HidBth - ok
20:27:58.0919 4944  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
20:27:58.0934 4944  HidIr - ok
20:27:58.0965 4944  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
20:27:59.0028 4944  hidserv - ok
20:27:59.0059 4944  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
20:27:59.0090 4944  HidUsb - ok
20:27:59.0153 4944  [ 1256F6834307B38594CEB034BAF52568 ] HiPatchService  C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
20:27:59.0168 4944  HiPatchService ( UnsignedFile.Multi.Generic ) - warning
20:27:59.0168 4944  HiPatchService - detected UnsignedFile.Multi.Generic (1)
20:27:59.0184 4944  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
20:27:59.0262 4944  hkmsvc - ok
20:27:59.0277 4944  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:27:59.0340 4944  HomeGroupListener - ok
20:27:59.0371 4944  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:27:59.0402 4944  HomeGroupProvider - ok
20:27:59.0449 4944  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
20:27:59.0465 4944  HpSAMD - ok
20:27:59.0496 4944  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
20:27:59.0574 4944  HTTP - ok
20:27:59.0589 4944  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
20:27:59.0589 4944  hwpolicy - ok
20:27:59.0605 4944  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
20:27:59.0621 4944  i8042prt - ok
20:27:59.0652 4944  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
20:27:59.0683 4944  iaStorV - ok
20:27:59.0730 4944  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:27:59.0761 4944  idsvc - ok
20:27:59.0839 4944  [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64        C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20130606.001\IDSvia64.sys
20:27:59.0870 4944  IDSVia64 - ok
20:27:59.0886 4944  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
20:27:59.0901 4944  iirsp - ok
20:27:59.0933 4944  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
20:27:59.0995 4944  IKEEXT - ok
20:28:00.0073 4944  [ 589B94A9B73A0E819FF873743A480834 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
20:28:00.0120 4944  IntcAzAudAddService - ok
20:28:00.0120 4944  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
20:28:00.0135 4944  intelide - ok
20:28:00.0167 4944  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
20:28:00.0198 4944  intelppm - ok
20:28:00.0229 4944  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
20:28:00.0291 4944  IPBusEnum - ok
20:28:00.0323 4944  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:28:00.0338 4944  IpFilterDriver - ok
20:28:00.0385 4944  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
20:28:00.0432 4944  iphlpsvc - ok
20:28:00.0447 4944  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
20:28:00.0494 4944  IPMIDRV - ok
20:28:00.0525 4944  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
20:28:00.0588 4944  IPNAT - ok
20:28:00.0619 4944  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
20:28:00.0650 4944  IRENUM - ok
20:28:00.0713 4944  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
20:28:00.0728 4944  isapnp - ok
20:28:00.0744 4944  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
20:28:00.0759 4944  iScsiPrt - ok
20:28:00.0775 4944  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
20:28:00.0791 4944  kbdclass - ok
20:28:00.0806 4944  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
20:28:00.0837 4944  kbdhid - ok
20:28:00.0884 4944  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
20:28:00.0900 4944  KeyIso - ok
20:28:00.0915 4944  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
20:28:00.0931 4944  KSecDD - ok
20:28:00.0962 4944  [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
20:28:00.0978 4944  KSecPkg - ok
20:28:00.0993 4944  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
20:28:01.0056 4944  ksthunk - ok
20:28:01.0103 4944  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
20:28:01.0134 4944  KtmRm - ok
20:28:01.0165 4944  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
20:28:01.0227 4944  LanmanServer - ok
20:28:01.0259 4944  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:28:01.0321 4944  LanmanWorkstation - ok
20:28:01.0352 4944  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
20:28:01.0415 4944  lltdio - ok
20:28:01.0446 4944  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
20:28:01.0493 4944  lltdsvc - ok
20:28:01.0524 4944  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
20:28:01.0586 4944  lmhosts - ok
20:28:01.0633 4944  [ 7F32D4C47A50E7223491E8FB9359907D ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
20:28:01.0649 4944  LMS - ok
20:28:01.0664 4944  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
20:28:01.0664 4944  LSI_FC - ok
20:28:01.0680 4944  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
20:28:01.0695 4944  LSI_SAS - ok
20:28:01.0711 4944  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
20:28:01.0711 4944  LSI_SAS2 - ok
20:28:01.0727 4944  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
20:28:01.0742 4944  LSI_SCSI - ok
20:28:01.0789 4944  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
20:28:01.0851 4944  luafv - ok
20:28:01.0883 4944  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
20:28:01.0929 4944  Mcx2Svc - ok
20:28:01.0976 4944  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
20:28:01.0992 4944  megasas - ok
20:28:02.0023 4944  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
20:28:02.0039 4944  MegaSR - ok
20:28:02.0070 4944  [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
20:28:02.0085 4944  MEIx64 - ok
20:28:02.0148 4944  [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
20:28:02.0179 4944  Microsoft Office Groove Audit Service - ok
20:28:02.0210 4944  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
20:28:02.0273 4944  MMCSS - ok
20:28:02.0288 4944  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
20:28:02.0335 4944  Modem - ok
20:28:02.0366 4944  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
20:28:02.0397 4944  monitor - ok
20:28:02.0444 4944  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
20:28:02.0460 4944  mouclass - ok
20:28:02.0475 4944  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
20:28:02.0522 4944  mouhid - ok
20:28:02.0553 4944  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
20:28:02.0569 4944  mountmgr - ok
20:28:02.0600 4944  [ 825BF0E46B4470A463AEB641480C5FCA ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:28:02.0616 4944  MozillaMaintenance - ok
20:28:02.0647 4944  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
20:28:02.0663 4944  mpio - ok
20:28:02.0694 4944  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
20:28:02.0725 4944  mpsdrv - ok
20:28:02.0756 4944  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
20:28:02.0787 4944  MpsSvc - ok
20:28:02.0803 4944  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
20:28:02.0834 4944  MRxDAV - ok
20:28:02.0834 4944  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
20:28:02.0881 4944  mrxsmb - ok
20:28:02.0897 4944  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:28:02.0928 4944  mrxsmb10 - ok
20:28:02.0943 4944  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:28:02.0959 4944  mrxsmb20 - ok
20:28:02.0959 4944  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
20:28:02.0975 4944  msahci - ok
20:28:02.0990 4944  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
20:28:03.0006 4944  msdsm - ok
20:28:03.0021 4944  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
20:28:03.0053 4944  MSDTC - ok
20:28:03.0084 4944  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
20:28:03.0146 4944  Msfs - ok
20:28:03.0177 4944  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
20:28:03.0240 4944  mshidkmdf - ok
20:28:03.0255 4944  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
20:28:03.0255 4944  msisadrv - ok
20:28:03.0287 4944  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
20:28:03.0302 4944  MSiSCSI - ok
20:28:03.0302 4944  msiserver - ok
20:28:03.0318 4944  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
20:28:03.0380 4944  MSKSSRV - ok
20:28:03.0411 4944  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
20:28:03.0489 4944  MSPCLOCK - ok
20:28:03.0505 4944  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
20:28:03.0567 4944  MSPQM - ok
20:28:03.0599 4944  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
20:28:03.0614 4944  MsRPC - ok
20:28:03.0630 4944  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
20:28:03.0630 4944  mssmbios - ok
20:28:03.0661 4944  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
20:28:03.0723 4944  MSTEE - ok
20:28:03.0739 4944  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
20:28:03.0755 4944  MTConfig - ok
20:28:03.0755 4944  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
20:28:03.0770 4944  Mup - ok
20:28:03.0833 4944  [ F2840DBFE9322F35557219AE82CC4597 ] N360            C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\ccSvcHst.exe
20:28:03.0833 4944  N360 - ok
20:28:03.0864 4944  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
20:28:03.0926 4944  napagent - ok
20:28:03.0973 4944  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
20:28:04.0035 4944  NativeWifiP - ok
20:28:04.0098 4944  [ 56540E526B46E379A476FB5BC381B290 ] NAVENG          C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20130606.039\ENG64.SYS
20:28:04.0113 4944  NAVENG - ok
20:28:04.0176 4944  [ 8A19D3991F9F14B885CDE8BC640F6B68 ] NAVEX15         C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20130606.039\EX64.SYS
20:28:04.0207 4944  NAVEX15 - ok
20:28:04.0254 4944  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
20:28:04.0285 4944  NDIS - ok
20:28:04.0301 4944  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
20:28:04.0363 4944  NdisCap - ok
20:28:04.0394 4944  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
20:28:04.0410 4944  NdisTapi - ok
20:28:04.0425 4944  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
20:28:04.0441 4944  Ndisuio - ok
20:28:04.0457 4944  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
20:28:04.0519 4944  NdisWan - ok
20:28:04.0550 4944  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
20:28:04.0597 4944  NDProxy - ok
20:28:04.0628 4944  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
20:28:04.0691 4944  NetBIOS - ok
20:28:04.0722 4944  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
20:28:04.0737 4944  NetBT - ok
20:28:04.0753 4944  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
20:28:04.0769 4944  Netlogon - ok
20:28:04.0800 4944  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
20:28:04.0878 4944  Netman - ok
20:28:04.0909 4944  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:28:04.0925 4944  NetMsmqActivator - ok
20:28:04.0940 4944  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:28:04.0956 4944  NetPipeActivator - ok
20:28:04.0971 4944  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
20:28:05.0034 4944  netprofm - ok
20:28:05.0034 4944  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:28:05.0034 4944  NetTcpActivator - ok
20:28:05.0034 4944  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:28:05.0049 4944  NetTcpPortSharing - ok
20:28:05.0096 4944  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
20:28:05.0112 4944  nfrd960 - ok
20:28:05.0143 4944  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
20:28:05.0174 4944  NlaSvc - ok
20:28:05.0205 4944  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
20:28:05.0237 4944  Npfs - ok
20:28:05.0252 4944  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
20:28:05.0299 4944  nsi - ok
20:28:05.0330 4944  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
20:28:05.0393 4944  nsiproxy - ok
20:28:05.0455 4944  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
20:28:05.0502 4944  Ntfs - ok
20:28:05.0517 4944  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
20:28:05.0580 4944  Null - ok
20:28:05.0642 4944  [ 805F0C2B9C07E4C0F74D0EF70E9E827A ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys
20:28:05.0658 4944  NVHDA - ok
20:28:05.0829 4944  [ 7A711D08F1FD1AB8149B6199F84A0EB7 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:28:05.0939 4944  nvlddmkm - ok
20:28:05.0970 4944  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
20:28:05.0970 4944  nvraid - ok
20:28:05.0985 4944  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
20:28:06.0001 4944  nvstor - ok
20:28:06.0032 4944  [ B9F3591981D761A5CA1D24C369764D96 ] nvsvc           C:\Windows\system32\nvvsvc.exe
20:28:06.0048 4944  nvsvc - ok
20:28:06.0063 4944  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
20:28:06.0063 4944  nv_agp - ok
20:28:06.0141 4944  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:28:06.0157 4944  odserv - ok
20:28:06.0188 4944  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
20:28:06.0219 4944  ohci1394 - ok
20:28:06.0266 4944  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:28:06.0282 4944  ose - ok
20:28:06.0407 4944  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
20:28:06.0485 4944  osppsvc - ok
20:28:06.0516 4944  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
20:28:06.0547 4944  p2pimsvc - ok
20:28:06.0594 4944  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
20:28:06.0609 4944  p2psvc - ok
20:28:06.0641 4944  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
20:28:06.0672 4944  Parport - ok
20:28:06.0719 4944  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
20:28:06.0734 4944  partmgr - ok
20:28:06.0750 4944  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
20:28:06.0797 4944  PcaSvc - ok
20:28:06.0828 4944  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
20:28:06.0843 4944  pci - ok
20:28:06.0859 4944  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
20:28:06.0859 4944  pciide - ok
20:28:06.0875 4944  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
20:28:06.0890 4944  pcmcia - ok
20:28:06.0890 4944  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
20:28:06.0906 4944  pcw - ok
20:28:06.0921 4944  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
20:28:06.0984 4944  PEAUTH - ok
20:28:07.0077 4944  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
20:28:07.0124 4944  PerfHost - ok
20:28:07.0187 4944  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
20:28:07.0249 4944  pla - ok
20:28:07.0311 4944  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
20:28:07.0374 4944  PlugPlay - ok
20:28:07.0405 4944  PnkBstrA - ok
20:28:07.0421 4944  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
20:28:07.0436 4944  PNRPAutoReg - ok
20:28:07.0452 4944  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
20:28:07.0467 4944  PNRPsvc - ok
20:28:07.0499 4944  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
20:28:07.0545 4944  PolicyAgent - ok
20:28:07.0592 4944  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
20:28:07.0655 4944  Power - ok
20:28:07.0686 4944  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
20:28:07.0748 4944  PptpMiniport - ok
20:28:07.0779 4944  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
20:28:07.0779 4944  Processor - ok
20:28:07.0842 4944  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
20:28:07.0873 4944  ProfSvc - ok
20:28:07.0904 4944  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:28:07.0920 4944  ProtectedStorage - ok
20:28:07.0935 4944  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
20:28:07.0998 4944  Psched - ok
20:28:08.0045 4944  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
20:28:08.0091 4944  ql2300 - ok
20:28:08.0123 4944  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
20:28:08.0123 4944  ql40xx - ok
20:28:08.0138 4944  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
20:28:08.0154 4944  QWAVE - ok
20:28:08.0169 4944  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
20:28:08.0201 4944  QWAVEdrv - ok
20:28:08.0232 4944  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
20:28:08.0263 4944  RasAcd - ok
20:28:08.0294 4944  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
20:28:08.0310 4944  RasAgileVpn - ok
20:28:08.0341 4944  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
20:28:08.0388 4944  RasAuto - ok
20:28:08.0419 4944  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
20:28:08.0481 4944  Rasl2tp - ok
20:28:08.0513 4944  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
20:28:08.0544 4944  RasMan - ok
20:28:08.0575 4944  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
20:28:08.0622 4944  RasPppoe - ok
20:28:08.0637 4944  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
20:28:08.0700 4944  RasSstp - ok
20:28:08.0731 4944  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
20:28:08.0809 4944  rdbss - ok
20:28:08.0825 4944  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
20:28:08.0840 4944  rdpbus - ok
20:28:08.0856 4944  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
20:28:08.0887 4944  RDPCDD - ok
20:28:08.0887 4944  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
20:28:08.0934 4944  RDPENCDD - ok
20:28:08.0965 4944  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
20:28:08.0981 4944  RDPREFMP - ok
20:28:09.0027 4944  [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
20:28:09.0059 4944  RdpVideoMiniport - ok
20:28:09.0090 4944  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
20:28:09.0121 4944  RDPWD - ok
20:28:09.0137 4944  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
20:28:09.0152 4944  rdyboost - ok
20:28:09.0183 4944  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
20:28:09.0246 4944  RemoteAccess - ok
20:28:09.0277 4944  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
20:28:09.0339 4944  RemoteRegistry - ok
20:28:09.0355 4944  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
20:28:09.0386 4944  RpcEptMapper - ok
20:28:09.0402 4944  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
20:28:09.0433 4944  RpcLocator - ok
20:28:09.0464 4944  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
20:28:09.0495 4944  RpcSs - ok
20:28:09.0527 4944  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
20:28:09.0542 4944  rspndr - ok
20:28:09.0573 4944  [ F4C374B1C46DE294B573BB43723AC3F6 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
20:28:09.0589 4944  RTL8167 - ok
20:28:09.0589 4944  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
20:28:09.0605 4944  SamSs - ok
20:28:09.0620 4944  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
20:28:09.0620 4944  sbp2port - ok
20:28:09.0636 4944  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
20:28:09.0667 4944  SCardSvr - ok
20:28:09.0667 4944  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
20:28:09.0714 4944  scfilter - ok
20:28:09.0745 4944  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
20:28:09.0807 4944  Schedule - ok
20:28:09.0839 4944  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
20:28:09.0870 4944  SCPolicySvc - ok
20:28:09.0901 4944  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
20:28:09.0963 4944  SDRSVC - ok
20:28:09.0995 4944  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
20:28:10.0057 4944  secdrv - ok
20:28:10.0088 4944  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
20:28:10.0119 4944  seclogon - ok
20:28:10.0119 4944  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
20:28:10.0166 4944  SENS - ok
20:28:10.0197 4944  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
20:28:10.0260 4944  SensrSvc - ok
20:28:10.0275 4944  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\drivers\serenum.sys
20:28:10.0322 4944  Serenum - ok
20:28:10.0369 4944  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\drivers\serial.sys
20:28:10.0400 4944  Serial - ok
20:28:10.0447 4944  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
20:28:10.0478 4944  sermouse - ok
20:28:10.0510 4944  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
20:28:10.0588 4944  SessionEnv - ok
20:28:10.0603 4944  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
20:28:10.0619 4944  sffdisk - ok
20:28:10.0634 4944  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
20:28:10.0681 4944  sffp_mmc - ok
20:28:10.0712 4944  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
20:28:10.0744 4944  sffp_sd - ok
20:28:10.0775 4944  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
20:28:10.0806 4944  sfloppy - ok
20:28:10.0853 4944  [ C6CC9297BD53E5229653303E556AA539 ] Sftfs           C:\Windows\system32\DRIVERS\Sftfslh.sys
20:28:10.0884 4944  Sftfs - ok
20:28:10.0931 4944  [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist         C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
20:28:10.0946 4944  sftlist - ok
20:28:10.0962 4944  [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay         C:\Windows\system32\DRIVERS\Sftplaylh.sys
20:28:10.0978 4944  Sftplay - ok
20:28:10.0978 4944  [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir        C:\Windows\system32\DRIVERS\Sftredirlh.sys
20:28:10.0978 4944  Sftredir - ok
20:28:10.0993 4944  [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol          C:\Windows\system32\DRIVERS\Sftvollh.sys
20:28:11.0009 4944  Sftvol - ok
20:28:11.0009 4944  [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa          C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
20:28:11.0024 4944  sftvsa - ok
20:28:11.0040 4944  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
20:28:11.0118 4944  SharedAccess - ok
20:28:11.0149 4944  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:28:11.0212 4944  ShellHWDetection - ok
20:28:11.0243 4944  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
20:28:11.0258 4944  SiSRaid2 - ok
20:28:11.0274 4944  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
20:28:11.0274 4944  SiSRaid4 - ok
20:28:11.0352 4944  [ 7C15061CD0372487903B07B9BB03AFAD ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
20:28:11.0368 4944  SkypeUpdate - ok
20:28:11.0383 4944  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
20:28:11.0446 4944  Smb - ok
20:28:11.0477 4944  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
20:28:11.0492 4944  SNMPTRAP - ok
20:28:11.0492 4944  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
20:28:11.0508 4944  spldr - ok
20:28:11.0539 4944  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
20:28:11.0570 4944  Spooler - ok
20:28:11.0617 4944  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
20:28:11.0711 4944  sppsvc - ok
20:28:11.0758 4944  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
20:28:11.0804 4944  sppuinotify - ok
20:28:11.0882 4944  [ 891793E00432FA055CF040605C260E49 ] SRTSP           C:\Windows\System32\Drivers\N360x64\0604010.00E\SRTSP64.SYS
20:28:11.0898 4944  SRTSP - ok
20:28:11.0914 4944  [ 1CB7BB3B0561FB5ECFE37F7731E8BF3E ] SRTSPX          C:\Windows\system32\drivers\N360x64\0604010.00E\SRTSPX64.SYS
20:28:11.0929 4944  SRTSPX - ok
20:28:11.0976 4944  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
20:28:12.0116 4944  srv - ok
20:28:12.0163 4944  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
20:28:12.0210 4944  srv2 - ok
20:28:12.0226 4944  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
20:28:12.0241 4944  srvnet - ok
20:28:12.0272 4944  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
20:28:12.0304 4944  SSDPSRV - ok
20:28:12.0304 4944  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
20:28:12.0335 4944  SstpSvc - ok
20:28:12.0382 4944  [ B4C983DA20E2970E21893BF0E4EE2AD8 ] ssudmdm         C:\Windows\system32\DRIVERS\ssudmdm.sys
20:28:12.0397 4944  ssudmdm - ok
20:28:12.0413 4944  Steam Client Service - ok
20:28:12.0522 4944  [ 0887B293199AA2055888FABA989ED0A6 ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
20:28:12.0538 4944  Stereo Service - ok
20:28:12.0569 4944  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
20:28:12.0569 4944  stexstor - ok
20:28:12.0600 4944  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
20:28:12.0647 4944  stisvc - ok
20:28:12.0678 4944  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
20:28:12.0678 4944  swenum - ok
20:28:12.0709 4944  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
20:28:12.0756 4944  swprv - ok
20:28:12.0787 4944  [ 8B2430762099598DA40686F754632EFD ] SymDS           C:\Windows\system32\drivers\N360x64\0604010.00E\SYMDS64.SYS
20:28:12.0818 4944  SymDS - ok
20:28:12.0850 4944  [ 5CB7F2FD7E30A0F52F93574BFC3A8041 ] SymEFA          C:\Windows\system32\drivers\N360x64\0604010.00E\SYMEFA64.SYS
20:28:12.0881 4944  SymEFA - ok
20:28:12.0928 4944  [ 898BB48C797483420DF523B2BBC1ECDB ] SymEvent        C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
20:28:12.0943 4944  SymEvent - ok
20:28:12.0990 4944  [ 5013A76CAAA1D7CF1C55214B490B4E35 ] SymIRON         C:\Windows\system32\drivers\N360x64\0604010.00E\Ironx64.SYS
20:28:13.0006 4944  SymIRON - ok
20:28:13.0021 4944  [ 3911BD0E68C010E5438A87706ABBE9AB ] SymNetS         C:\Windows\System32\Drivers\N360x64\0604010.00E\SYMNETS.SYS
20:28:13.0037 4944  SymNetS - ok
20:28:13.0068 4944  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
20:28:13.0130 4944  SysMain - ok
20:28:13.0146 4944  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:28:13.0162 4944  TabletInputService - ok
20:28:13.0177 4944  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
20:28:13.0224 4944  TapiSrv - ok
20:28:13.0255 4944  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
20:28:13.0286 4944  TBS - ok
20:28:13.0349 4944  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
20:28:13.0380 4944  Tcpip - ok
20:28:13.0411 4944  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
20:28:13.0427 4944  TCPIP6 - ok
20:28:13.0458 4944  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
20:28:13.0458 4944  tcpipreg - ok
20:28:13.0489 4944  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
20:28:13.0520 4944  TDPIPE - ok
20:28:13.0536 4944  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
20:28:13.0583 4944  TDTCP - ok
20:28:13.0614 4944  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
20:28:13.0645 4944  tdx - ok
20:28:13.0692 4944  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
20:28:13.0692 4944  TermDD - ok
20:28:13.0754 4944  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
20:28:13.0786 4944  TermService - ok
20:28:13.0801 4944  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
20:28:13.0817 4944  Themes - ok
20:28:13.0817 4944  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
20:28:13.0848 4944  THREADORDER - ok
20:28:13.0864 4944  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
20:28:13.0910 4944  TrkWks - ok
20:28:13.0957 4944  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:28:13.0988 4944  TrustedInstaller - ok
20:28:14.0004 4944  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
20:28:14.0066 4944  tssecsrv - ok
20:28:14.0129 4944  [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
20:28:14.0176 4944  TsUsbFlt - ok
20:28:14.0207 4944  [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
20:28:14.0238 4944  TsUsbGD - ok
20:28:14.0254 4944  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
20:28:14.0332 4944  tunnel - ok
20:28:14.0347 4944  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
20:28:14.0363 4944  uagp35 - ok
20:28:14.0378 4944  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
20:28:14.0425 4944  udfs - ok
20:28:14.0456 4944  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
20:28:14.0488 4944  UI0Detect - ok
20:28:14.0519 4944  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
20:28:14.0534 4944  uliagpkx - ok
20:28:14.0550 4944  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
20:28:14.0581 4944  umbus - ok
20:28:14.0612 4944  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
20:28:14.0644 4944  UmPass - ok
20:28:14.0737 4944  [ 2C16648A12999AE69A9EBF41974B0BA2 ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
20:28:14.0784 4944  UNS - ok
20:28:14.0815 4944  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
20:28:14.0878 4944  upnphost - ok
20:28:14.0924 4944  [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
20:28:14.0956 4944  USBAAPL64 ( UnsignedFile.Multi.Generic ) - warning
20:28:14.0956 4944  USBAAPL64 - detected UnsignedFile.Multi.Generic (1)
20:28:14.0987 4944  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
20:28:15.0018 4944  usbccgp - ok
20:28:15.0049 4944  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
20:28:15.0080 4944  usbcir - ok
20:28:15.0096 4944  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
20:28:15.0127 4944  usbehci - ok
20:28:15.0174 4944  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
20:28:15.0221 4944  usbhub - ok
20:28:15.0236 4944  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
20:28:15.0283 4944  usbohci - ok
20:28:15.0330 4944  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\drivers\usbprint.sys
20:28:15.0361 4944  usbprint - ok
20:28:15.0408 4944  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:28:15.0439 4944  USBSTOR - ok
20:28:15.0470 4944  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
20:28:15.0517 4944  usbuhci - ok
20:28:15.0548 4944  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
20:28:15.0611 4944  UxSms - ok
20:28:15.0642 4944  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
20:28:15.0642 4944  VaultSvc - ok
20:28:15.0673 4944  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
20:28:15.0673 4944  vdrvroot - ok
20:28:15.0689 4944  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
20:28:15.0736 4944  vds - ok
20:28:15.0767 4944  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
20:28:15.0782 4944  vga - ok
20:28:15.0798 4944  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
20:28:15.0860 4944  VgaSave - ok
20:28:15.0876 4944  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
20:28:15.0892 4944  vhdmp - ok
20:28:15.0907 4944  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
20:28:15.0907 4944  viaide - ok
20:28:15.0923 4944  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
20:28:15.0938 4944  volmgr - ok
20:28:15.0954 4944  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
20:28:15.0970 4944  volmgrx - ok
20:28:15.0970 4944  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
20:28:15.0985 4944  volsnap - ok
20:28:16.0001 4944  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
20:28:16.0016 4944  vsmraid - ok
20:28:16.0048 4944  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
20:28:16.0110 4944  VSS - ok
20:28:16.0141 4944  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
20:28:16.0172 4944  vwifibus - ok
20:28:16.0219 4944  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
20:28:16.0266 4944  vwififlt - ok
20:28:16.0313 4944  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
20:28:16.0344 4944  W32Time - ok
20:28:16.0375 4944  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
20:28:16.0406 4944  WacomPen - ok
20:28:16.0438 4944  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
20:28:16.0500 4944  WANARP - ok
20:28:16.0500 4944  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
20:28:16.0531 4944  Wanarpv6 - ok
20:28:16.0578 4944  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
20:28:16.0625 4944  wbengine - ok
20:28:16.0640 4944  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
20:28:16.0656 4944  WbioSrvc - ok
20:28:16.0656 4944  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
20:28:16.0703 4944  wcncsvc - ok
20:28:16.0750 4944  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:28:16.0781 4944  WcsPlugInService - ok
20:28:16.0828 4944  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
20:28:16.0843 4944  Wd - ok
20:28:16.0874 4944  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
20:28:16.0906 4944  Wdf01000 - ok
20:28:16.0921 4944  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
20:28:16.0952 4944  WdiServiceHost - ok
20:28:16.0952 4944  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
20:28:16.0968 4944  WdiSystemHost - ok
20:28:16.0999 4944  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
20:28:17.0046 4944  WebClient - ok
20:28:17.0077 4944  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
20:28:17.0140 4944  Wecsvc - ok
20:28:17.0171 4944  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
20:28:17.0186 4944  wercplsupport - ok
20:28:17.0202 4944  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
20:28:17.0233 4944  WerSvc - ok
20:28:17.0264 4944  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
20:28:17.0280 4944  WfpLwf - ok
20:28:17.0296 4944  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
20:28:17.0311 4944  WIMMount - ok
20:28:17.0311 4944  WinDefend - ok
20:28:17.0327 4944  WinHttpAutoProxySvc - ok
20:28:17.0358 4944  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
20:28:17.0389 4944  Winmgmt - ok
20:28:17.0467 4944  [ 0C0195C48B6B8582FA6F6373032118DA ] WinRing0_1_2_0  C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys
20:28:17.0483 4944  WinRing0_1_2_0 - ok
20:28:17.0530 4944  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
20:28:17.0592 4944  WinRM - ok
20:28:17.0654 4944  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
20:28:17.0686 4944  WinUsb - ok
20:28:17.0732 4944  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
20:28:17.0779 4944  Wlansvc - ok
20:28:17.0842 4944  [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
20:28:17.0857 4944  wlcrasvc - ok
20:28:17.0920 4944  [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:28:17.0966 4944  wlidsvc - ok
20:28:17.0998 4944  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
20:28:18.0044 4944  WmiAcpi - ok
20:28:18.0076 4944  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
20:28:18.0122 4944  wmiApSrv - ok
20:28:18.0154 4944  WMPNetworkSvc - ok
20:28:18.0185 4944  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
20:28:18.0200 4944  WPCSvc - ok
20:28:18.0216 4944  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
20:28:18.0232 4944  WPDBusEnum - ok
20:28:18.0247 4944  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
20:28:18.0294 4944  ws2ifsl - ok
20:28:18.0310 4944  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
20:28:18.0341 4944  wscsvc - ok
20:28:18.0341 4944  WSearch - ok
20:28:18.0419 4944  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
20:28:18.0466 4944  wuauserv - ok
20:28:18.0497 4944  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
20:28:18.0559 4944  WudfPf - ok
20:28:18.0590 4944  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
20:28:18.0622 4944  WUDFRd - ok
20:28:18.0668 4944  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
20:28:18.0700 4944  wudfsvc - ok
20:28:18.0746 4944  [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc         C:\Windows\System32\wwansvc.dll
20:28:18.0793 4944  WwanSvc - ok
20:28:18.0824 4944  ================ Scan global ===============================
20:28:18.0840 4944  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
20:28:18.0887 4944  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
20:28:18.0887 4944  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
20:28:18.0918 4944  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
20:28:18.0934 4944  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
20:28:18.0934 4944  [Global] - ok
20:28:18.0934 4944  ================ Scan MBR ==================================
20:28:18.0949 4944  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
20:28:19.0292 4944  \Device\Harddisk0\DR0 - ok
20:28:19.0292 4944  ================ Scan VBR ==================================
20:28:19.0308 4944  [ DB55BA76904E7682E0A9BA1D66AB7AA1 ] \Device\Harddisk0\DR0\Partition1
20:28:19.0308 4944  \Device\Harddisk0\DR0\Partition1 - ok
20:28:19.0308 4944  [ 1F0A2395790E669EA76FD12529613329 ] \Device\Harddisk0\DR0\Partition2
20:28:19.0308 4944  \Device\Harddisk0\DR0\Partition2 - ok
20:28:19.0308 4944  ============================================================
20:28:19.0308 4944  Scan finished
20:28:19.0308 4944  ============================================================
20:28:19.0324 5896  Detected object count: 2
20:28:19.0324 5896  Actual detected object count: 2
20:29:20.0633 5896  HiPatchService ( UnsignedFile.Multi.Generic ) - skipped by user
20:29:20.0633 5896  HiPatchService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:29:20.0633 5896  USBAAPL64 ( UnsignedFile.Multi.Generic ) - skipped by user
20:29:20.0633 5896  USBAAPL64 ( UnsignedFile.Multi.Generic ) - User select action: Skip
__________________
Alt 07.06.2013, 22:10   #18
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Wahrscheinlich was eingefangen. wssetup.exe erscheint beim booten; "freezed" bildschirm - Standard

Wahrscheinlich was eingefangen. wssetup.exe erscheint beim booten; "freezed" bildschirm


unauffällig

JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.
__________________
__________________
Alt 08.06.2013, 11:03   #19
Roman95
 
Wahrscheinlich was eingefangen. wssetup.exe erscheint beim booten; "freezed" bildschirm - Standard

Wahrscheinlich was eingefangen. wssetup.exe erscheint beim booten; "freezed" bildschirm


okay also einmal JRT:
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by User on 08.06.2013 at 11:28:02,09
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\sweetpacks communicator



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\datamngr
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\freeze.com
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\applications\ilividsetupv1.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\sweetie.ietoolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\sweetie.ietoolbar.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\sweetim_urlsearchhook.toolbarurlsearchhook
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolbar3.sweetie
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolbar3.sweetie.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\bundlesweetimsetup_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\bundlesweetimsetup_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\ilividsetupv1_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\ilividsetupv1_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\searchqumediabar_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\searchqumediabar_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\setupdatamngr_searchqu_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\setupdatamngr_searchqu_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\sweetim_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\sweetim_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\sweetpacksupdatemanager_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\sweetpacksupdatemanager_rasmancs
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B0A964B1-D530-4AA6-8CFD-FDBE8816B7A3}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}



~~~ Files

Successfully deleted: [File] C:\Windows\syswow64\shoDE3D.tmp



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\sweetim"
Successfully deleted: [Folder] "C:\Users\User\AppData\Roaming\dvdvideosoftiehelpers"
Successfully deleted: [Folder] "C:\Users\User\appdata\local\ilivid player"
Successfully deleted: [Folder] "C:\Users\User\appdata\locallow\datamngr"
Successfully deleted: [Folder] "C:\Program Files (x86)\chatzum toolbar"
Successfully deleted: [Folder] "C:\Program Files (x86)\sweetim"
Successfully deleted: [Folder] "C:\ProgramData\ask" 



~~~ FireFox

Successfully deleted: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\search_results.xml"
Successfully deleted: [File] "C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\t834ptvb.default\extensions\DivXWebPlayer@divx.com.xpi" 
Successfully deleted: [File] C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\t834ptvb.default\searchplugins\askcom.xml
Successfully deleted: [File] C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\t834ptvb.default\searchplugins\sweetim.xml
Successfully deleted the following from C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\t834ptvb.default\prefs.js

user_pref("browser.search.defaultengine", "Ask.com");
user_pref("id_chatzum_softonic_installed_version", "1.0.20");
user_pref("keyword.URL", "hxxp://search.chatzum.com/?orig=DS&affid=62&cztbid=1135807630&q=");
Emptied folder: C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\t834ptvb.default\minidumps [137 files]



~~~ Chrome

Successfully deleted: [Folder] C:\Users\User\appdata\local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 08.06.2013 at 11:30:49,59
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
adwCleaner:

Code:
ATTFilter
# AdwCleaner v2.302 - Datei am 08/06/2013 um 11:32:56 erstellt
# Aktualisiert am 06/06/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : User - USER-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\User\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Windows\Installer\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\ChatZum Toolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKLM\Software\ChatZum Toolbar
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\9EE58E3C298524145B73CBBED3CAC4D3
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\EB6AF8AEEB922FA4392548F13812E50B
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\9EE58E3C298524145B73CBBED3CAC4D3
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\EB6AF8AEEB922FA4392548F13812E50B
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\DataMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16576

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v21.0 (de)

-\\ Google Chrome v27.0.1453.110

*************************

AdwCleaner[S1].txt - [5168 octets] - [08/06/2013 11:32:56]

########## EOF - C:\AdwCleaner[S1].txt - [5228 octets] ##########
und die beiden OTL logs:

Code:
ATTFilter
OTL logfile created on: 08.06.2013 11:38:33 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\User\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 6,31 Gb Available Physical Memory | 79,11% Memory free
15,96 Gb Paging File | 14,16 Gb Available in Paging File | 88,67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 297,68 Gb Free Space | 63,93% Space Free | Partition Type: NTFS
 
Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\User\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
PRC - C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Drakonia Configurator\trayicon.exe ()
PRC - C:\Program Files (x86)\Drakonia Configurator\hid.exe ()
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
MOD - C:\Program Files (x86)\Drakonia Configurator\trayicon.exe ()
MOD - C:\Program Files (x86)\Drakonia Configurator\hid.exe ()
MOD - C:\Program Files (x86)\Drakonia Configurator\language.dll ()
MOD - C:\Program Files (x86)\Drakonia Configurator\HidDevice.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (HiPatchService) -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe (Hi-Rez Studios)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (N360) -- C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\ccSvcHst.exe (Symantec Corporation)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\N360x64\0604010.00E\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\N360x64\0604010.00E\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (ccSet_N360) -- C:\Windows\SysNative\drivers\N360x64\0604010.00E\ccsetx64.sys (Symantec Corporation)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\N360x64\0604010.00E\symefa64.sys (Symantec Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\N360x64\0604010.00E\symnets.sys (Symantec Corporation)
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\N360x64\0604010.00E\ironx64.sys (Symantec Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\N360x64\0604010.00E\symds64.sys (Symantec Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (athur) -- C:\Windows\SysNative\drivers\athurx.sys (Atheros Communications, Inc.)
DRV:64bit: - (e1qexpress) -- C:\Windows\SysNative\drivers\e1q62x64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20130531.001\BHDrvx64.sys (Symantec Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20130607.024\ex64.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20130607.024\eng64.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20130607.001\IDSviA64.sys (Symantec Corporation)
DRV - (WinRing0_1_2_0) -- C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys (OpenLibSys.org)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{1}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-3875668534-1040412707-397656691-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKU\S-1-5-21-3875668534-1040412707-397656691-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKU\S-1-5-21-3875668534-1040412707-397656691-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-3875668534-1040412707-397656691-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3875668534-1040412707-397656691-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-3875668534-1040412707-397656691-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DA FA E2 F5 BC 0D CD 01  [binary data]
IE - HKU\S-1-5-21-3875668534-1040412707-397656691-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-3875668534-1040412707-397656691-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-3875668534-1040412707-397656691-1000\..\SearchScopes\{1}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-3875668534-1040412707-397656691-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ChatZumSearch"
FF - prefs.js..browser.search.order.1: "ChatZumSearch"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: "false"
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\User\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\User\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\IPSFFPlgn\ [2013.03.15 20:36:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\coFFPlgn\ [2013.06.08 11:36:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.04.16 17:05:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions
[2013.06.08 11:30:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\t834ptvb.default\extensions
[2013.05.08 18:12:24 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\t834ptvb.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.05.24 11:43:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013.05.24 11:43:12 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: hxxp://www.google.de/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\27.0.1453.94\pdf.dll
CHR - plugin: Norton Confidential (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.6.10_0\npcoplgn.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U9 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.10 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Norton Identity Protection = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.11.8_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\IPS\IPSBHO.DLL (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\coIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [GamingMouse] C:\Program Files (x86)\Drakonia Configurator\hid.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3875668534-1040412707-397656691-1000..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe File not found
O4 - HKU\S-1-5-21-3875668534-1040412707-397656691-1000..\Run: [ccleaner] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
O4 - HKU\S-1-5-21-3875668534-1040412707-397656691-1000..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\S-1-5-21-3875668534-1040412707-397656691-1000..\Run: [Spotify Web Helper] C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKU\S-1-5-21-3875668534-1040412707-397656691-1000..\Run: [Vidalia] "C:\Program Files (x86)\Vidalia Bridge Bundle\Vidalia\vidalia.exe" File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\User\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\User\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C6AE0045-4806-444A-9F16-F4A9337AAC71}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{75945b2d-9926-11e2-9c27-5404a6c4f180}\Shell - "" = AutoRun
O33 - MountPoints2\{75945b2d-9926-11e2-9c27-5404a6c4f180}\Shell\AutoRun\command - "" = F:\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
File not found -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Neue Funktion 1
[2013.06.08 11:28:00 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.06.08 11:27:39 | 000,000,000 | ---D | C] -- C:\JRT
[2013.06.08 11:26:18 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\User\Desktop\JRT.exe
[2013.06.07 20:24:27 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\User\Desktop\tdsskiller.exe
[2013.06.07 13:39:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2013.06.07 13:37:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.06.07 13:35:56 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\mbar
[2013.06.06 18:43:55 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2013.06.05 23:34:22 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump
[2013.06.05 18:07:38 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\NVIDIA
[2013.06.05 17:45:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2013.06.05 17:40:43 | 027,775,776 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2013.06.05 17:40:43 | 021,096,736 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2013.06.05 17:40:43 | 015,143,904 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2013.06.05 17:40:43 | 009,233,688 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2013.06.05 17:40:43 | 007,682,960 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2013.06.05 17:40:43 | 007,641,832 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2013.06.05 17:40:43 | 002,942,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2013.06.05 17:40:43 | 002,754,336 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2013.06.05 17:40:43 | 002,363,680 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2013.06.05 17:40:43 | 002,002,720 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2013.06.05 17:40:43 | 001,832,224 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6432018.dll
[2013.06.05 17:40:43 | 001,511,712 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6432018.dll
[2013.06.05 17:40:43 | 000,925,648 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2013.06.05 17:40:43 | 000,550,176 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvFBC64.dll
[2013.06.05 17:40:43 | 000,518,944 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvIFR64.dll
[2013.06.05 17:40:43 | 000,443,168 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvFBC.dll
[2013.06.05 17:40:43 | 000,421,152 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvIFR.dll
[2013.06.05 17:40:43 | 000,266,448 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
[2013.06.05 17:40:43 | 000,218,592 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglshim64.dll
[2013.06.05 17:40:43 | 000,214,448 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
[2013.06.05 17:40:43 | 000,194,848 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys
[2013.06.05 17:40:43 | 000,181,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglshim32.dll
[2013.06.05 17:40:43 | 000,031,520 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll
[2013.06.05 17:40:40 | 025,256,224 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2013.06.05 17:40:40 | 017,560,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2013.05.25 18:11:33 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\LolClient
[2013.05.24 11:43:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.05.19 20:54:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vidalia Bridge Bundle
[2013.05.19 20:54:44 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Vidalia
[2013.05.15 16:38:51 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.05.15 16:38:51 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.05.15 16:38:51 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.05.15 16:38:50 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.05.15 16:38:50 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.05.15 16:38:50 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.05.15 16:38:50 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013.05.15 16:38:50 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013.05.15 16:38:50 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013.05.15 16:38:50 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.05.15 16:38:50 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013.05.15 16:38:50 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.05.15 16:38:49 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.05.15 16:38:49 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.05.15 16:38:49 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.05.15 14:03:03 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2013.05.15 14:03:03 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2013.05.15 14:02:45 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2013.05.15 14:02:45 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2013.05.15 14:02:45 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2013.05.15 14:02:45 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2013.05.15 14:02:35 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll
[2013.05.12 15:43:36 | 000,566,048 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvStreaming.exe
[2013.05.09 20:03:11 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll
[2013.05.09 20:03:11 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll
[2013.05.09 20:03:08 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll
[2013.05.09 19:56:58 | 000,000,000 | ---D | C] -- C:\Riot Games
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.08 11:35:15 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.06.08 11:34:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.08 11:34:39 | 2133,573,631 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.08 11:32:14 | 000,640,135 | ---- | M] () -- C:\Users\User\Desktop\adwcleaner.exe
[2013.06.08 11:27:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3875668534-1040412707-397656691-1000UA.job
[2013.06.08 11:26:21 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\User\Desktop\JRT.exe
[2013.06.08 11:15:23 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.06.08 11:15:22 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.08 10:32:57 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.08 10:32:57 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.08 10:29:59 | 001,614,892 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.06.08 10:29:59 | 000,697,284 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.06.08 10:29:59 | 000,652,602 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.06.08 10:29:59 | 000,148,322 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.06.08 10:29:59 | 000,121,276 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.06.07 20:24:41 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\User\Desktop\tdsskiller.exe
[2013.06.07 20:21:29 | 000,000,512 | ---- | M] () -- C:\Users\User\Desktop\MBR.dat
[2013.06.07 13:32:34 | 013,169,742 | ---- | M] () -- C:\Users\User\Desktop\mbar-1.06.0.1003.zip
[2013.06.07 12:27:00 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3875668534-1040412707-397656691-1000Core.job
[2013.06.06 18:43:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2013.05.25 16:14:24 | 000,866,720 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013.05.25 16:14:24 | 000,788,896 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013.05.16 19:14:58 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.05.16 19:14:58 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.05.15 17:45:24 | 000,413,624 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.05.12 23:42:27 | 027,775,776 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2013.05.12 23:42:27 | 025,256,224 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2013.05.12 23:42:27 | 021,096,736 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2013.05.12 23:42:27 | 017,560,352 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2013.05.12 23:42:27 | 015,910,736 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2013.05.12 23:42:27 | 015,143,904 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2013.05.12 23:42:27 | 013,403,168 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2013.05.12 23:42:27 | 012,426,216 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2013.05.12 23:42:27 | 009,233,688 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2013.05.12 23:42:27 | 007,682,960 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2013.05.12 23:42:27 | 007,641,832 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2013.05.12 23:42:27 | 006,324,360 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2013.05.12 23:42:27 | 002,942,240 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2013.05.12 23:42:27 | 002,935,696 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2013.05.12 23:42:27 | 002,754,336 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2013.05.12 23:42:27 | 002,597,344 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2013.05.12 23:42:27 | 002,363,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2013.05.12 23:42:27 | 002,002,720 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2013.05.12 23:42:27 | 001,832,224 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6432018.dll
[2013.05.12 23:42:27 | 001,511,712 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6432018.dll
[2013.05.12 23:42:27 | 001,059,560 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvumdshimx.dll
[2013.05.12 23:42:27 | 000,925,648 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2013.05.12 23:42:27 | 000,550,176 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\NvFBC64.dll
[2013.05.12 23:42:27 | 000,518,944 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\NvIFR64.dll
[2013.05.12 23:42:27 | 000,443,168 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvFBC.dll
[2013.05.12 23:42:27 | 000,421,152 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvIFR.dll
[2013.05.12 23:42:27 | 000,266,448 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
[2013.05.12 23:42:27 | 000,218,592 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglshim64.dll
[2013.05.12 23:42:27 | 000,214,448 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
[2013.05.12 23:42:27 | 000,181,488 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglshim32.dll
[2013.05.12 23:42:27 | 000,020,536 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2013.05.12 22:34:14 | 006,491,936 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2013.05.12 22:34:14 | 003,514,656 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2013.05.12 22:34:12 | 002,555,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll
[2013.05.12 22:34:12 | 000,063,776 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll
[2013.05.12 22:34:11 | 000,237,856 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2013.05.12 15:43:36 | 000,566,048 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvStreaming.exe
[2013.05.09 20:03:13 | 000,001,722 | ---- | M] () -- C:\Users\Public\Desktop\League of Legends spielen .lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.06.08 11:32:09 | 000,640,135 | ---- | C] () -- C:\Users\User\Desktop\adwcleaner.exe
[2013.06.07 20:21:29 | 000,000,512 | ---- | C] () -- C:\Users\User\Desktop\MBR.dat
[2013.06.07 13:30:24 | 013,169,742 | ---- | C] () -- C:\Users\User\Desktop\mbar-1.06.0.1003.zip
[2013.06.05 17:40:43 | 000,020,536 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2013.05.09 20:03:13 | 000,001,722 | ---- | C] () -- C:\Users\Public\Desktop\League of Legends spielen .lnk
[2013.03.18 10:57:37 | 001,184,699 | ---- | C] () -- C:\Windows\unins000.exe
[2013.03.18 10:57:37 | 000,021,106 | ---- | C] () -- C:\Windows\unins000.dat
[2013.02.05 17:52:50 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2013.02.05 17:52:50 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2013.02.05 17:52:50 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2013.02.05 17:52:50 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012.11.11 13:04:33 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012.08.10 16:30:02 | 000,283,032 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.08.10 16:29:56 | 003,130,440 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_blr.exe
[2012.08.10 16:29:56 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.04.08 10:56:54 | 000,007,607 | ---- | C] () -- C:\Users\User\AppData\Local\Resmon.ResmonCfg
[2012.03.24 12:49:29 | 000,037,102 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2012.03.24 12:48:57 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012.03.24 12:48:53 | 000,026,799 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2011.12.19 18:26:40 | 001,591,850 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

Code:
ATTFilter
OTL Extras logfile created on: 08.06.2013 11:38:33 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\User\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 6,31 Gb Available Physical Memory | 79,11% Memory free
15,96 Gb Paging File | 14,16 Gb Available in Paging File | 88,67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 297,68 Gb Free Space | 63,93% Space Free | Partition Type: NTFS
 
Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[HKEY_USERS\S-1-5-21-3875668534-1040412707-397656691-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1D19EEB1-FB59-45CA-86C5-F9D268B1FDC2}" = rport=139 | protocol=6 | dir=out | app=system | 
"{37497BCD-48C1-49EA-8269-8DF211697FE1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3DBF0340-E504-47AC-AFC2-1A46F37BEF54}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{409D7B92-5C2A-4D9D-BEC4-222F31A4B85C}" = rport=445 | protocol=6 | dir=out | app=system | 
"{41038BB0-716D-47D9-B627-5C6F61A1D823}" = rport=137 | protocol=17 | dir=out | app=system | 
"{461F4DE0-C4F8-4EAA-B8A7-8775948AD14A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{52FEED40-E079-4755-A415-41DA35BD1ABD}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{66931FC3-9D59-4B30-9B76-198B3339876C}" = lport=139 | protocol=6 | dir=in | app=system | 
"{8BE7AD09-132D-47F4-B9D3-6CFC190E6DEB}" = lport=137 | protocol=17 | dir=in | app=system | 
"{9096979F-B54E-48F9-9677-932C445CD8C7}" = lport=445 | protocol=6 | dir=in | app=system | 
"{9524862D-F1E8-4B38-8180-753A1DB83964}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A6E82863-1126-4BEB-8DA2-283985472B57}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
"{C48F6EB7-7600-4B71-BAE6-63DF88746D44}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{DDA61BDB-0952-423E-977A-8899A67246F8}" = lport=138 | protocol=17 | dir=in | app=system | 
"{F9C8AF6E-F866-4142-BF2D-11E7FCB8ED31}" = rport=138 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04CE7B3C-3D11-4BE8-9B06-60713A77E490}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
"{09551A1A-5C22-4153-82BF-E925F990C094}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{0B263491-04AB-4848-BE81-A9DDD0C008DF}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{0B76CC09-8C83-4527-9D7B-10A55AFB548A}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe | 
"{0C973672-C361-41EF-84DF-F0511EDDCA8E}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | 
"{10BC2BAB-0873-4D6E-8E25-039513D6E10A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{17B11D9A-1941-4883-B997-55790E8DA6DD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe | 
"{189ACB74-5DE7-46DD-B4D3-84873E5ECA27}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii public test\diablo iii.exe | 
"{1941DDE8-9F45-4CE8-8542-E5965EAFCFC4}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
"{1B2F7ED1-2D0A-4D49-ADFC-9E68E6FE8639}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe | 
"{1CC0F46E-22C7-474E-9627-5D7B14254270}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{216C38FE-4C42-4246-B80E-32FEB240B4E7}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{229F073B-CBD9-4A89-9382-51FD44FAAD13}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{2DC3840B-7F6D-4DD6-893F-E51029977639}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
"{2F981E85-9CD1-43B8-8FF4-51FA53E1A9CD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | 
"{32F9DBB0-0046-4D60-8117-FB5CBDD21038}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{37C4CE3B-03FA-4440-91B3-D2AFFED60088}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{3E2301EA-BC5C-446D-B3EC-F0BDFE7AE30E}" = protocol=6 | dir=in | app=c:\users\user\appdata\roaming\dropbox\bin\dropbox.exe | 
"{3F3651A3-AD38-4DFD-A404-8FC6F19F8F3A}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii public test.exe | 
"{427C0A69-20E7-4969-9D85-959132343BD4}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii public test.exe | 
"{42D5DA4D-90F7-4583-A827-56BA24E313FD}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{47E599E3-9A0C-4B2E-A7BA-1ADC123DE621}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{59A6ECB5-5BBF-4D20-8573-4D2E270CB6D3}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{68034611-651B-4111-BA39-986E5FBF0FE7}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | 
"{6F0B6CBE-AE5F-4410-B887-D41A64F45336}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | 
"{6FA7B9E8-558D-4ED6-87F8-A8552F47116B}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe | 
"{70B4D567-122C-430D-8503-33193B57F113}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 
"{71206AA9-D8BD-4518-BABC-6F6E016BAF4B}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe | 
"{71B7C519-C2B2-49A6-9ED3-E8C9182F96EA}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe | 
"{72FCF7E8-36A4-4E2D-9BDD-4BE52F898FBD}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{765F4A88-41B8-4834-BBA8-44750C1431AD}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"{7800664F-FEF1-4CF1-BF6F-8CA18B341B93}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
"{7D838815-4F28-40D6-9D65-6A38A009C8EC}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | 
"{7FD06932-7F5E-4542-B3B2-7D292F53AB71}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | 
"{8494ECD6-6042-41F0-88A8-6D1F3033C544}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{86A9C5F4-0D93-45AE-A930-0494AFC1EBFA}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | 
"{86BEDF8A-6DA4-4F2D-BB08-09682017D7C1}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{8A0B8B14-1A50-49BD-9045-F4E6379A8827}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{8AA07F25-F4C9-4C63-A223-83AC1A8E7EA5}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"{92BD1500-8F67-46FF-A220-96D964384C8F}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{94195B46-8212-4B52-96A8-5D260618A7E6}" = protocol=6 | dir=in | app=c:\users\user\appdata\roaming\spotify\spotify.exe | 
"{9EAAD62D-4C40-4D3D-974E-DA52CAC25C8C}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe | 
"{9F01DE18-6C7D-4108-993F-AB1898176EF6}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"{A3B2DDE2-5F24-43EA-BFF7-456D009309A0}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{A5A07AC2-D0AD-4068-AD52-9CF86031DE2F}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe | 
"{A93346F1-89CB-4ABC-B1D0-8C9DC11E803E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{A94358E5-C85F-4EA2-89F1-E23E190DB68B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | 
"{AB3E009D-854E-4AB0-A07D-E0BC27295FA2}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | 
"{AC4F50FA-3C16-4140-A482-934CDBE1B7DA}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | 
"{AED03753-0350-40D4-8E12-062EC447EA8D}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{AEDAA7ED-DC1A-458A-AEE3-A11C8477B7C1}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe | 
"{B0C6DD09-D281-4B7E-ACD6-8A4DAFB980DD}" = protocol=17 | dir=in | app=c:\users\user\appdata\roaming\dropbox\bin\dropbox.exe | 
"{B21ECB06-2E94-4E08-84BD-B6C6EEE6CFFD}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{B2C0018E-9AD4-419B-9362-CDFC6D3BD999}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{B5D4A058-0CE4-4849-88AA-C7B023541457}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | 
"{BB5F44DD-2D76-40E4-A615-FA8FD3CAC79E}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | 
"{BC5E7027-7154-4406-B8ED-1641038BF064}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"{BC83A41E-208C-4D9E-9DDD-94D7190B31C1}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii public test\diablo iii.exe | 
"{BE04AE10-A8F9-4A09-9EFE-5A5D3161922B}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe | 
"{C3035FC6-D652-4D42-BB0B-8723B86B48EE}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{C46EE356-223C-4C45-BCFC-6B2433496FB6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{C7CBB4C9-47C3-4064-9BAF-83627379E892}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe | 
"{C8A64448-6DE5-4A83-B9C2-5B89457D3F1D}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 
"{CEB07B1E-581A-48E9-A823-DA071E3EED93}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{E383E9E5-7127-4066-A552-9EE3D32ACBFE}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | 
"{E787E37F-5610-4B0F-82D0-9AAC0E0808F2}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe | 
"{EDCFD113-3B5E-4AA1-974F-BAD9834CFE78}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{F35E1571-34B0-464E-92D3-DC9F3110C3A4}" = protocol=17 | dir=in | app=c:\users\user\appdata\roaming\spotify\spotify.exe | 
"{FA5EB1C5-B229-4D85-9C49-8244862E1139}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | 
"{FD020707-0D38-47B7-B07D-E71C5101FDCE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{FF7F5921-B225-4550-A6EE-DAFAE5DB540F}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"TCP Query User{221812AA-397C-41A7-84BE-C83EB6ECA255}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe | 
"TCP Query User{2FD52AC7-8AC9-44D6-8F43-BFDD1C927F3E}C:\program files (x86)\activision\call of duty black ops ii\t6zm.exe" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty black ops ii\t6zm.exe | 
"TCP Query User{3C057966-171E-470A-9AA9-EE131EFB9203}C:\program files\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\java.exe | 
"TCP Query User{83004427-98A5-4178-9B69-D5AD6B797625}C:\program files (x86)\starcraft ii\versions\base21029\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base21029\sc2.exe | 
"TCP Query User{A335958E-9636-47D0-9257-41B0161F878A}C:\program files (x86)\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xfire\xfire.exe | 
"TCP Query User{A85C178F-03F3-48CA-99FE-FDA2BFA3E179}C:\users\user\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\roaming\spotify\spotify.exe | 
"TCP Query User{A8ED0086-C317-4C0C-8FAA-8834BF02BE71}C:\program files (x86)\activision\call of duty black ops ii\t6sp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty black ops ii\t6sp.exe | 
"TCP Query User{BA115C60-51BC-436A-93E2-43165F347728}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{D0CFD3D7-7B7C-46AF-91AD-7623B66E0ED7}C:\programdata\battle.net\agent\agent.1267\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | 
"UDP Query User{25B4EB9A-A642-4ECE-AA70-4EBC1731EB38}C:\program files (x86)\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xfire\xfire.exe | 
"UDP Query User{32B89ABC-8430-4ADA-92DE-6AC0D08B4FA7}C:\program files (x86)\activision\call of duty black ops ii\t6sp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty black ops ii\t6sp.exe | 
"UDP Query User{3953610E-7AE7-452A-9E7A-6C780DEF0080}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe | 
"UDP Query User{3B7A7742-0A85-4432-AEF2-81131FB3E350}C:\users\user\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{5C81F320-70A6-463E-9454-4C7305B4733A}C:\programdata\battle.net\agent\agent.1267\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | 
"UDP Query User{68E6E13B-9498-4881-9631-348E01A70A43}C:\program files (x86)\starcraft ii\versions\base21029\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base21029\sc2.exe | 
"UDP Query User{8E534E5B-7D38-4F69-A73F-24339DB556FC}C:\program files\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\java.exe | 
"UDP Query User{B6A19C18-4839-490D-9517-5004465312AF}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{CCB9C814-8597-4521-B961-7ECF85223D9F}C:\program files (x86)\activision\call of duty black ops ii\t6zm.exe" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty black ops ii\t6zm.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp 1.0 RC3
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1C55470A-7C9E-4C63-B466-6AFFC69E94E9}" = Windows Live Family Safety
"{26A24AE4-039D-4CA4-87B4-2F86417003FF}" = Java(TM) 7 Update 3 (64-bit)
"{2DF4C5DD-7417-301D-935D-939D3B7B5997}" = Microsoft Help Viewer 1.0 Language Pack - DEU
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 320.18
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 320.18
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 320.18
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 320.18
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.24.2
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{C3EAE456-7E7A-451F-80EF-F34C7A13C558}" = Microsoft SQL Server Compact 3.5 SP2 x64 DEU
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU
"WinRAR archiver" = WinRAR 4.11 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1E03C8BE-0848-430F-BECA-7D7709401626}" = TP-LINK Wireless Client Utility
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF010}" = Tribes Ascend
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}" = Hi-Rez Studios Authenticate and Update Service
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{5A08C9D1-37AD-4A8D-90D3-33F92C578AA5}" = Microsoft SQL Server System CLR Types
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{781B39EC-2E18-41FC-9B00-B84E4FFCA85F}" = ICQ7M
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader Extreme
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A106D33E-6B43-42C0-9BFC-D03303261FA7}" = Microsoft SQL Server 2008 R2 Management Objects
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7B243AA-6D4C-4575-A873-6F01A1EFC5E2}}_is1" = Drakonia Configurator
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C720FA29-E544-4D07-8A25-E83D2311B0DF}" = Mindjet MindManager Viewer 7
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFCB8616-A5D1-4281-80E8-389F685BFAE2}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Diablo III" = Diablo III
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.32.918
"Game Booster_is1" = Game Booster 3
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"N360" = Norton 360
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"PokerStars.eu" = PokerStars.eu
"PunkBusterSvc" = PunkBuster Services
"StarCraft II" = StarCraft II
"Steam App 42680" = Call of Duty: Modern Warfare 3
"Steam App 42690" = Call of Duty: Modern Warfare 3 - Multiplayer
"Steam App 42750" = Call of Duty: Modern Warfare 3 - Dedicated Server
"Steam App 440" = Team Fortress 2
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3875668534-1040412707-397656691-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"MyFreeCodec" = MyFreeCodec
"Spotify" = Spotify
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 08.06.2013 05:36:34 | Computer Name = User-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 08.06.2013 05:37:38 | Computer Name = User-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information.  Too many failures while downloading ranges: 2
 
Error - 08.06.2013 05:38:19 | Computer Name = User-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Stream product id=0x0066): Streaming Failed
 
[ System Events ]
Error - 08.06.2013 05:35:10 | Computer Name = User-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.    Modulpfad:
 C:\Windows\system32\athExt.dll  Fehlercode: 126  
 
 
< End of report >

Alt 09.06.2013, 21:09   #20
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Wahrscheinlich was eingefangen. wssetup.exe erscheint beim booten; "freezed" bildschirm - Standard

Wahrscheinlich was eingefangen. wssetup.exe erscheint beim booten; "freezed" bildschirm


Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Vollscan mit Malwarebytes Anti-Malware (MBAM) (falls du vor kurzem erst einen Vollscan gemacht hast, reicht auch ein Quickscan (spart Zeit), das dann mir bitte auch mitteilen)

Hinweis: Denk bitte vorher daran, Malwarebytes Anti-Malware über den Updatebutton zu aktualisieren!

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


__________________
Logfiles bitte immer in CODE-Tags posten

Alt 11.06.2013, 15:49   #21
Roman95
 
Wahrscheinlich was eingefangen. wssetup.exe erscheint beim booten; "freezed" bildschirm - Standard

Wahrscheinlich was eingefangen. wssetup.exe erscheint beim booten; "freezed" bildschirm


log von MBAM:
Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.06.10.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16576
User :: USER-PC [Administrator]

10.06.2013 15:11:31
MBAM-log-2013-06-10 (16-17-29).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|Q:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 419183
Laufzeit: 56 Minute(n), 24 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Program Files (x86)\Activision\Call of Duty Black Ops II\buddha.dll (Malware.Gen.SKR) -> Keine Aktion durchgeführt.

(Ende)
ESET hat mir das ausgespuckt:
Code:
ATTFilter
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\5a4bc1e0-4163b9ca	multiple threats
Hatte vorhin wieder starke Probleme mit dem Bild. Bleibt immer für einige sekunden stehen... Könnte das evtl auch an dem NVIDEA-Treiber liegen den ich letztens aktualisiert hab? Ist immerhin n treiber für die Grafikkarte :/

Alt 11.06.2013, 16:02   #22
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Wahrscheinlich was eingefangen. wssetup.exe erscheint beim booten; "freezed" bildschirm - Standard

Wahrscheinlich was eingefangen. wssetup.exe erscheint beim booten; "freezed" bildschirm


Zitat:
C:\Program Files (x86)\Activision\Call of Duty Black Ops II\buddha.dll (Malware.Gen.SKR)
Was genau soll das sein, Quelle der Datei?
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 11.06.2013, 17:03   #23
Roman95
 
Wahrscheinlich was eingefangen. wssetup.exe erscheint beim booten; "freezed" bildschirm - Standard

Wahrscheinlich was eingefangen. wssetup.exe erscheint beim booten; "freezed" bildschirm


Das war n Crack von Black Ops II singleplayer den ich aber eigentlich schon gelöscht habe.

Alt 11.06.2013, 22:35   #24
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Wahrscheinlich was eingefangen. wssetup.exe erscheint beim booten; "freezed" bildschirm - Standard

Wahrscheinlich was eingefangen. wssetup.exe erscheint beim booten; "freezed" bildschirm


Sieht man ja wie du den gelöscht hast
Dir ist klar, dass wir die Verwendung von Cracks und anderen illegalen Dingen in keinster Weise unterstützen?
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 11.06.2013, 23:26   #25
Roman95
 
Wahrscheinlich was eingefangen. wssetup.exe erscheint beim booten; "freezed" bildschirm - Standard

Wahrscheinlich was eingefangen. wssetup.exe erscheint beim booten; "freezed" bildschirm


anscheinend hatte ich ihn nicht komplett runtergeschmissen... aber das hat das Programm ja jetzt gemacht. ja ist mir klar, habe den auch nur kurz angespielt und dann gelöscht. aber das ist ja im Moment nicht mein Hauptproblem sondern das mein pc rumspinnt

Alt 12.06.2013, 08:34   #26
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Wahrscheinlich was eingefangen. wssetup.exe erscheint beim booten; "freezed" bildschirm - Standard

Wahrscheinlich was eingefangen. wssetup.exe erscheint beim booten; "freezed" bildschirm


Zitat:
aber das ist ja im Moment nicht mein Hauptproblem sondern das mein pc rumspinnt
Cracks verwenden und dann hinterher wundern, dass der PC spinnt? Ist das dein Ernst?
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 12.06.2013, 11:54   #27
Roman95
 
Wahrscheinlich was eingefangen. wssetup.exe erscheint beim booten; "freezed" bildschirm - Unglücklich

Wahrscheinlich was eingefangen. wssetup.exe erscheint beim booten; "freezed" bildschirm


Naja, jeder macht mal Fehler und ich werde diesen ganz bestimmt nicht nochmal machen .
Aber der Crack ist höchstwahrscheinlich nicht das Problem, da die Probleme wesentlich später auftraten.

Ich weiß das Cracks illegal sind und ich verstehe deinen Standpunkt; ich bin ja selbst für mich zu dem Schluss gekommen, dass es falsch ist sowas zu installieren (deswegen hatte ich ihn wie gesagt gelöscht, zumindest hab ich das gedacht...). Aber Ich kann es jetzt nun nicht mehr ändern und hoffe das du mir trotzdem noch hilfts

Alt 12.06.2013, 12:53   #28
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Wahrscheinlich was eingefangen. wssetup.exe erscheint beim booten; "freezed" bildschirm - Standard

Wahrscheinlich was eingefangen. wssetup.exe erscheint beim booten; "freezed" bildschirm


Da dein System offenbar immer noch spinnt, in einem Log aber ein Crack ersichtlich war, kann ich dir noch Hilfe bei der Datensicherung und Neuinstallation des Rechners bieten.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 12.06.2013, 13:33   #29
Roman95
 
Wahrscheinlich was eingefangen. wssetup.exe erscheint beim booten; "freezed" bildschirm - Standard

Wahrscheinlich was eingefangen. wssetup.exe erscheint beim booten; "freezed" bildschirm


Könnte es denn vllt am Grafiktreiber liegen? Habe den Aktualisiert und danach hats mit den Problemen angefangen

Alt 12.06.2013, 15:35   #30
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Wahrscheinlich was eingefangen. wssetup.exe erscheint beim booten; "freezed" bildschirm - Standard

Wahrscheinlich was eingefangen. wssetup.exe erscheint beim booten; "freezed" bildschirm


Was hast du an meinem Posting nicht verstanden?
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort
Seite 2 von 3 1 2 3

Themen zu Wahrscheinlich was eingefangen. wssetup.exe erscheint beim booten; "freezed" bildschirm
anderer, beitrag, beratung, bildschirm, booten, computer, ebenfalls, einfach, entschieden, erhalte, forum, frage, fängt, gesuch, gesucht, hoffe, interne, internet, mauszeiger, nichts, problem, reagiert, sekunden, wahrscheinlich, ähnliches


« ebay trojaner | Win32.HLLM.Graz entfernen, brauche Hilfe »


Ähnliche Themen: Wahrscheinlich was eingefangen. wssetup.exe erscheint beim booten; "freezed" bildschirm


  1. Windows 7: Beim öffnen aller Programme erscheint ein Fenster:"ungültiges Bild".
    Log-Analyse und Auswertung - 26.06.2015 (32)
  2. Windows 7: Beim Öffnen von Programmen erscheint die Fehlermeldung "ungültiges Bild"
    Log-Analyse und Auswertung - 22.06.2015 (7)
  3. Es erscheint beim Starten die meldung: Die Ausnahme "unknown software exception" (0
    Plagegeister aller Art und deren Bekämpfung - 03.05.2015 (38)
  4. Windows Vista - "Bluescreen beim Booten - komme nicht weiter"
    Log-Analyse und Auswertung - 29.08.2014 (15)
  5. Beim Treiber Update "wiederspenstige" Software eingefangen. "SpeedUpMyComputer"
    Plagegeister aller Art und deren Bekämpfung - 27.05.2014 (3)
  6. Win7: Nach Neustart erscheint RunDLL-Window mit "Problem beim Starten von C:\Program Files (x86)\HomeTab\TBUpdater.dll"
    Plagegeister aller Art und deren Bekämpfung - 17.12.2013 (8)
  7. Beim Starten der Internetexplorer (IE11,Crome,usw.) erscheint immer die Seite " do-search"
    Plagegeister aller Art und deren Bekämpfung - 22.11.2013 (19)
  8. Win7: Nach Neustart erscheint RunDLL-Window mit "Problem beim Starten von C:\Program Files (x86)\HomeTab\TBUpdater.dll"
    Log-Analyse und Auswertung - 04.11.2013 (7)
  9. wssetup.exe erscheint beim Starten
    Plagegeister aller Art und deren Bekämpfung - 12.06.2013 (11)
  10. "BKA-Trojaner" auf Windows Vista - weißer Bildschirm nach dem Booten
    Plagegeister aller Art und deren Bekämpfung - 07.06.2013 (12)
  11. Beim Start von Windows XP erscheint ein Fenster mit dem Hinweis: "Es wurde ein ActiveX Steuerelement blockiert..."
    Plagegeister aller Art und deren Bekämpfung - 11.03.2013 (39)
  12. Blauer Bildschirm beim booten von USB (Bekämpfung d."Weißer Bildschirm-please wait")
    Log-Analyse und Auswertung - 08.07.2012 (6)
  13. "Windows Recovery" + AVG führte zu Endlosschleife beim Booten
    Plagegeister aller Art und deren Bekämpfung - 25.04.2011 (11)
  14. Windows XP öffnet beim booten immer "eigene Dateien"
    Log-Analyse und Auswertung - 22.08.2010 (0)
  15. Programm "sdfsdf" (lsass.exe) erscheint beim Herunterfahren
    Plagegeister aller Art und deren Bekämpfung - 23.07.2010 (8)
  16. Could not open file "bla" beim booten
    Alles rund um Windows - 19.05.2007 (2)
  17. fenster "Verbinden mit" erscheint beim Windows Start 3x
    Plagegeister aller Art und deren Bekämpfung - 25.01.2005 (12)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Wahrscheinlich was eingefangen. wssetup.exe erscheint beim booten; "freezed" bildschirm - aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop. Starte die aswMBR.exe - ( aswMBR.exe Anleitung ) Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator - Wahrscheinlich was eingefangen. wssetup.exe erscheint beim booten; "freezed" bildschirm...
Archiv
Du betrachtest: Wahrscheinlich was eingefangen. wssetup.exe erscheint beim booten; "freezed" bildschirm auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55