Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Kann CodecV & Incredibar nicht mehr entfernen (https://www.trojaner-board.de/123593-codecv-incredibar-mehr-entfernen.html)

Homunkoloss 06.09.2012 12:10
Kann CodecV & Incredibar nicht mehr entfernen
 
Hi!
Ich benutze Firefox und habe mir irgendwie MyStart IncrediBar (BrowserToolbar) und CodecV eingefangen - scheinbar gleichzeitig, denn es tauchten beide vor ner Woche zu erst auf. Ich habe beide Deinstalliert (Registry bzw das AddOn) und auch Datenreste im Explorer aufgesucht und manuell gelöscht. Aber ich habe immer noch sowohl CodecV gesteuerte Werbe-PopUps (oder zB wird jedes Wort wie "Spiel" zu nem Link mit Werbung), als auch das Problem, dass neue Tabs immer mystart.incredibar.com öffnen. Habe das versucht unter about:config zu ändern aber das reseted sich auch bei Firefox Neuinstallation immer wieder zur incredibar.

Habe mit Malwarebytes und OTL gescannt. Logs lauten wie folgt.

MBAM-log.txt
Code:
Malwarebytes Anti-Malware (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.09.06.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
alx :: ALX [Administrator]

Schutz: Aktiviert

06.09.2012 12:22:52
mbam-log-2012-09-06 (12-22-52).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 204798
Laufzeit: 5 Minute(n), 52 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
OTL.txt
Code:
OTL logfile created on: 06.09.2012 12:34:48 - Run 1
OTL by OldTimer - Version 3.2.61.0    Folder = C:\Users\alx\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,50 Gb Available Physical Memory | 62,63% Memory free
7,99 Gb Paging File | 6,04 Gb Available in Paging File | 75,59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284,56 Gb Total Space | 8,28 Gb Free Space | 2,91% Space Free | Partition Type: NTFS
Drive D: | 13,23 Gb Total Space | 2,17 Gb Free Space | 16,38% Space Free | Partition Type: NTFS
 
Computer Name: ALX | User Name: alx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.09.06 12:33:46 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Users\alx\Desktop\OTL.exe
PRC - [2012.08.22 14:14:58 | 001,193,176 | ---- | M] () -- C:\Users\alx\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2012.08.12 16:26:37 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.07.03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.06.11 15:43:46 | 002,346,496 | ---- | M] (Totem Entertainment) -- C:\Users\alx\AppData\Local\vghd\bin\vghd.exe
PRC - [2012.06.07 10:12:14 | 000,583,168 | ---- | M] (Totem Entertainment) -- C:\Users\alx\AppData\Local\vghd\bin\VirtuaGirl_Downloader.exe
PRC - [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\alx\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.05.08 10:48:12 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 10:48:05 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.08.22 14:14:58 | 001,193,176 | ---- | M] () -- C:\Users\alx\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
MOD - [2012.06.11 13:07:48 | 000,083,968 | ---- | M] () -- C:\Users\alx\AppData\Local\vghd\bin\QtVhd.dll
MOD - [2011.12.20 11:29:50 | 000,184,832 | ---- | M] () -- C:\Users\alx\AppData\Local\vghd\bin\dxmodules.dll
MOD - [2011.12.16 14:57:04 | 000,073,216 | ---- | M] () -- C:\Users\alx\AppData\Local\vghd\bin\System.dll
MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2011.06.01 14:28:02 | 000,045,056 | ---- | M] () -- C:\Users\alx\AppData\Local\vghd\bin\Windows.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2011.05.13 18:58:10 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2010.03.23 14:53:06 | 000,247,808 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009.07.02 20:16:06 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.03.02 18:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe -- (AESTFilters)
SRV - [2012.09.04 15:41:12 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.07.04 12:43:56 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.05.08 10:48:12 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.08 10:48:05 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.04.11 23:07:38 | 000,204,304 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Programme\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe -- (NitroReaderDriverReadSpool2)
SRV - [2012.03.26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012.03.26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2011.03.28 22:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.03.23 14:53:06 | 000,247,808 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe -- (STacSV)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.29 23:18:20 | 000,357,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.03.02 18:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe -- (AESTFilters)
SRV - [2009.02.22 12:00:00 | 000,129,584 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\SysWOW64\ezsvc7.dll -- (ezSharedSvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.06.20 09:42:44 | 003,678,720 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2012.05.08 10:48:13 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.08 10:48:13 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.03.20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.10.14 04:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011.09.16 17:08:07 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.05.13 18:58:16 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2011.05.13 18:57:58 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.11.13 14:10:10 | 000,871,408 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010.03.23 14:53:06 | 000,505,344 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009.11.10 13:53:40 | 000,040,976 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2009.11.10 13:53:16 | 000,058,384 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2009.11.10 13:53:00 | 000,056,336 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009.07.21 05:39:22 | 000,140,712 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.02 20:51:30 | 006,036,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.06.29 20:17:00 | 000,070,656 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\enecir.sys -- (enecir)
DRV:64bit: - [2009.06.10 23:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009.06.10 23:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009.06.10 23:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009.06.10 23:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009.06.10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.06.10 22:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009.06.10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.05 12:20:26 | 000,114,192 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009.05.23 08:52:30 | 000,215,040 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.05.08 16:08:00 | 000,020,520 | ---- | M] (GARMIN Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\grmnusb.sys -- (grmnusb)
DRV:64bit: - [2009.05.05 07:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2009.04.29 08:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2009.03.09 07:49:08 | 000,036,408 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009.01.13 19:14:58 | 000,057,608 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)
DRV:64bit: - [2009.01.13 19:14:50 | 000,015,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)
DRV:64bit: - [2009.01.13 19:14:30 | 000,034,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)
DRV:64bit: - [2009.01.13 19:14:22 | 000,022,024 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)
DRV:64bit: - [2008.06.27 08:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cnnb
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {2C7072CC-3B6A-4D18-856D-F60EF665414F}
IE:64bit: - HKLM\..\SearchScopes\{1366F70F-D4B1-41A2-9C50-344E76EADE50}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE:64bit: - HKLM\..\SearchScopes\{2C7072CC-3B6A-4D18-856D-F60EF665414F}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
IE:64bit: - HKLM\..\SearchScopes\{3CA7DAB2-1C99-4C76-88C3-55972FB79B59}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cnnb
IE - HKLM\..\SearchScopes,DefaultScope = {2C7072CC-3B6A-4D18-856D-F60EF665414F}
IE - HKLM\..\SearchScopes\{1366F70F-D4B1-41A2-9C50-344E76EADE50}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKLM\..\SearchScopes\{2C7072CC-3B6A-4D18-856D-F60EF665414F}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
IE - HKLM\..\SearchScopes\{3CA7DAB2-1C99-4C76-88C3-55972FB79B59}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cnnb
IE - HKCU\..\SearchScopes,DefaultScope = {2C7072CC-3B6A-4D18-856D-F60EF665414F}
IE - HKCU\..\SearchScopes\{1366F70F-D4B1-41A2-9C50-344E76EADE50}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKCU\..\SearchScopes\{2C7072CC-3B6A-4D18-856D-F60EF665414F}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
IE - HKCU\..\SearchScopes\{3CA7DAB2-1C99-4C76-88C3-55972FB79B59}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "google"
FF - prefs.js..browser.search.selectedEngine: "IMDb"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: 4f807b3748d91@4f807b3748d92.info:1.0
FF - prefs.js..extensions.enabledAddons: de_DE@dicts.j3e.de:20120628
FF - prefs.js..extensions.enabledAddons: fb_add_on@avm.de:1.6.3
FF - prefs.js..extensions.enabledAddons: ich@maltegoetz.de:1.4.2
FF - prefs.js..extensions.enabledAddons: kosa@kallout.com:2.2.4
FF - prefs.js..extensions.enabledAddons: searchdictcc@roughael:3.2
FF - prefs.js..extensions.enabledAddons: SkipScreen@SkipScreen:0.6.4
FF - prefs.js..extensions.enabledAddons: trackerblock@privacychoice.org:2.2
FF - prefs.js..extensions.enabledAddons: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.2.0
FF - prefs.js..extensions.enabledAddons: {1280606b-2510-4fe0-97ef-9b5a22eafe80}:0.9
FF - prefs.js..extensions.enabledAddons: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.2
FF - prefs.js..extensions.enabledAddons: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:2.0.7
FF - prefs.js..extensions.enabledAddons: {ab91efd4-6975-4081-8552-1b3922ed79e2}:1.0.15.0
FF - prefs.js..extensions.enabledAddons: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.10
FF - prefs.js..extensions.enabledAddons: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:5.9
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}:6.0.33
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35
FF - prefs.js..extensions.enabledAddons: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145
FF - prefs.js..extensions.enabledItems: de_DE@dicts.j3e.de:20110321
FF - prefs.js..extensions.enabledItems: kosa@kallout.com:2.0.1.1
FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.12.2.44172
FF - prefs.js..extensions.enabledItems: SkipScreen@SkipScreen:0.5.21amo
FF - prefs.js..extensions.enabledItems: twitternotifier@naan.net:1.9.7.3
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0.2
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.1
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:5.0.1
FF - prefs.js..extensions.enabledItems: {d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}:2.0
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4
FF - prefs.js..extensions.enabledItems: verify-u@cybits.de:1.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: fb_add_on@avm.de:1.5.5
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1
FF - prefs.js..network.proxy.autoconfig_url: "file:///C:\\Users\\alx\\AppData\\Local\\Temp\\proxtube.pac"
FF - prefs.js..network.proxy.http: "199.195.109.23"
FF - prefs.js..network.proxy.http_port: 9090
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.0: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.1: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro PDF Reader 2\npnitromozilla.dll ( )
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.12.16 21:29:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla\Firefox\components [2012.09.04 15:41:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla\Firefox\plugins [2012.08.18 23:22:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla\Thunderbird\components [2012.06.18 00:40:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla\Thunderbird\plugins [2012.08.18 23:22:47 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla\Firefox\components [2012.09.04 15:41:13 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla\Firefox\plugins [2012.08.18 23:22:47 | 000,000,000 | ---D | M]
 
[2010.03.14 02:49:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\alx\AppData\Roaming\mozilla\Extensions
[2010.03.14 02:49:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\alx\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.08.26 13:03:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\alx\AppData\Roaming\mozilla\Firefox\Profiles\ck8le8cj.default\extensions
[2012.08.19 14:36:19 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\alx\AppData\Roaming\mozilla\Firefox\Profiles\ck8le8cj.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2012.03.18 12:32:02 | 000,000,000 | ---D | M] (HP Detect) -- C:\Users\alx\AppData\Roaming\mozilla\Firefox\Profiles\ck8le8cj.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}
[2012.04.09 11:29:28 | 000,000,000 | ---D | M] (Codecv) -- C:\Users\alx\AppData\Roaming\mozilla\Firefox\Profiles\ck8le8cj.default\extensions\4f807b3748d91@4f807b3748d92.info
[2012.06.29 16:54:49 | 000,000,000 | ---D | M] (Wörterbuch Deutsch (de-DE), Hunspell-unterstützt) -- C:\Users\alx\AppData\Roaming\mozilla\Firefox\Profiles\ck8le8cj.default\extensions\de_DE@dicts.j3e.de
[2012.05.15 14:18:54 | 000,000,000 | ---D | M] ("FRITZ!Box AddOn") -- C:\Users\alx\AppData\Roaming\mozilla\Firefox\Profiles\ck8le8cj.default\extensions\fb_add_on@avm.de
[2012.05.18 15:30:57 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\alx\AppData\Roaming\mozilla\Firefox\Profiles\ck8le8cj.default\extensions\ich@maltegoetz.de
[2012.08.07 17:18:11 | 000,221,273 | ---- | M] () (No name found) -- C:\Users\alx\AppData\Roaming\mozilla\firefox\profiles\ck8le8cj.default\extensions\kosa@kallout.com.xpi
[2012.01.12 13:30:42 | 000,037,502 | ---- | M] () (No name found) -- C:\Users\alx\AppData\Roaming\mozilla\firefox\profiles\ck8le8cj.default\extensions\searchdictcc@roughael.xpi
[2012.02.22 14:07:20 | 000,072,222 | ---- | M] () (No name found) -- C:\Users\alx\AppData\Roaming\mozilla\firefox\profiles\ck8le8cj.default\extensions\SkipScreen@SkipScreen.xpi
[2012.02.18 22:21:52 | 000,049,540 | ---- | M] () (No name found) -- C:\Users\alx\AppData\Roaming\mozilla\firefox\profiles\ck8le8cj.default\extensions\trackerblock@privacychoice.org.xpi
[2011.12.22 10:12:41 | 000,108,965 | ---- | M] () (No name found) -- C:\Users\alx\AppData\Roaming\mozilla\firefox\profiles\ck8le8cj.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe80}.xpi
[2011.07.21 22:52:17 | 000,164,858 | ---- | M] () (No name found) -- C:\Users\alx\AppData\Roaming\mozilla\firefox\profiles\ck8le8cj.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}.xpi
[2012.08.22 20:46:08 | 000,341,143 | ---- | M] () (No name found) -- C:\Users\alx\AppData\Roaming\mozilla\firefox\profiles\ck8le8cj.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi
[2012.07.25 10:14:55 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\alx\AppData\Roaming\mozilla\firefox\profiles\ck8le8cj.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011.10.30 01:10:24 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\alx\AppData\Roaming\mozilla\firefox\profiles\ck8le8cj.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
[2012.08.26 13:03:42 | 000,270,021 | ---- | M] () (No name found) -- C:\Users\alx\AppData\Roaming\mozilla\firefox\profiles\ck8le8cj.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2012.08.12 17:27:06 | 000,045,226 | ---- | M] () (No name found) -- C:\Users\alx\AppData\Roaming\mozilla\firefox\profiles\ck8le8cj.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}.xpi
[2012.03.14 09:20:13 | 000,002,321 | ---- | M] () -- C:\Users\alx\AppData\Roaming\mozilla\firefox\profiles\ck8le8cj.default\searchplugins\dictcc.xml
[2012.02.01 21:06:57 | 000,012,703 | ---- | M] () -- C:\Users\alx\AppData\Roaming\mozilla\firefox\profiles\ck8le8cj.default\searchplugins\imdb.xml
[2012.02.13 17:42:19 | 000,001,330 | ---- | M] () -- C:\Users\alx\AppData\Roaming\mozilla\firefox\profiles\ck8le8cj.default\searchplugins\wikipedia-en.xml
[2012.05.29 16:07:30 | 000,002,446 | ---- | M] () -- C:\Users\alx\AppData\Roaming\mozilla\firefox\profiles\ck8le8cj.default\searchplugins\wiktionary-de.xml
[2012.05.29 16:07:13 | 000,001,336 | ---- | M] () -- C:\Users\alx\AppData\Roaming\mozilla\firefox\profiles\ck8le8cj.default\searchplugins\wiktionary-en.xml
[2011.12.15 16:58:05 | 000,002,057 | ---- | M] () -- C:\Users\alx\AppData\Roaming\mozilla\firefox\profiles\ck8le8cj.default\searchplugins\youtube-videosuche.xml
[2011.12.16 21:29:57 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012.06.20 08:38:27 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES (X86)\MOZILLA\FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012.09.01 19:04:59 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES (X86)\MOZILLA\FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SNM] C:\Program Files (x86)\SpyNoMore\SNM.exe (Illysoft LLC)
O4 - HKCU..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner64.exe" /AUTO File not found
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\alx\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\alx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopVideoPlayer.lnk = C:\Users\alx\AppData\Local\vghd\bin\vghd.exe (Totem Entertainment)
O4 - Startup: C:\Users\alx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\alx\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~4\OFFICE11\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~4\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F36DF460-6656-4356-AC69-8A37945ED217}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FA92405A-2AA9-4546-964D-8016BF7078D0}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{43c59bd6-2c71-11e1-ad77-00269ea162a6}\Shell\AutoRun\command - "" = F:\fscommand\LS_Start_Launch.cmd
O33 - MountPoints2\{43c59bd6-2c71-11e1-ad77-00269ea162a6}\Shell\Launcher\command - "" = F:\fscommand\LS_Start_Launch.cmd
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.06 12:33:41 | 000,599,040 | ---- | C] (OldTimer Tools) -- C:\Users\alx\Desktop\OTL.exe
[2012.09.06 12:21:11 | 000,000,000 | ---D | C] -- C:\Users\alx\AppData\Roaming\Malwarebytes
[2012.09.06 12:20:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.09.06 12:20:36 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.09.06 12:20:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.09.06 11:54:43 | 000,000,000 | ---D | C] -- C:\Users\alx\AppData\Roaming\DriverCure
[2012.09.06 11:54:42 | 000,000,000 | ---D | C] -- C:\Users\alx\AppData\Roaming\SpeedyPC Software
[2012.09.06 11:54:35 | 000,000,000 | ---D | C] -- C:\Users\alx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedyPC Software
[2012.09.06 11:54:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SpeedyPC Software
[2012.09.06 11:54:21 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
[2012.09.06 11:54:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpeedyPC Software
[2012.09.06 11:47:11 | 000,000,000 | ---D | C] -- C:\Users\alx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyNoMore
[2012.09.06 11:47:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpyNoMore
[2012.09.06 11:47:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpyNoMore
[2012.09.04 16:41:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
[2012.09.04 14:57:18 | 000,000,000 | ---D | C] -- C:\Users\alx\Documents\Diablo III
[2012.09.04 12:15:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
[2012.09.04 12:15:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Diablo III
[2012.09.04 09:39:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net
[2012.08.24 07:57:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.08.24 07:57:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012.08.24 07:57:46 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012.08.23 19:09:08 | 000,000,000 | ---D | C] -- C:\Users\alx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DeskBabes
[2012.08.23 19:09:01 | 000,000,000 | ---D | C] -- C:\Users\alx\AppData\Local\vghd
[2012.08.19 14:37:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.06 12:33:46 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Users\alx\Desktop\OTL.exe
[2012.09.06 11:54:47 | 000,000,440 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Registration3.job
[2012.09.06 11:54:34 | 000,000,512 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Update Version3 Startup Task.job
[2012.09.06 11:54:33 | 000,000,460 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Update Version3.job
[2012.09.06 11:54:32 | 000,000,416 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Pro.job
[2012.09.06 11:47:19 | 000,001,152 | ---- | M] () -- C:\Windows\SysWow64\windrv.sys
[2012.09.06 11:47:12 | 000,000,947 | ---- | M] () -- C:\Users\alx\Desktop\SpyNoMore.lnk
[2012.09.06 11:18:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.05 11:32:29 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.09.03 10:20:19 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.03 10:20:19 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.03 10:10:06 | 3218,235,392 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.23 19:09:09 | 000,001,119 | ---- | M] () -- C:\Users\alx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopVideoPlayer.lnk
[2012.08.21 13:28:25 | 003,058,504 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.08.20 16:52:49 | 001,619,988 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.08.20 16:52:49 | 000,699,210 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.08.20 16:52:49 | 000,654,488 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.08.20 16:52:49 | 000,149,374 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.08.20 16:52:49 | 000,122,320 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.09.06 11:54:47 | 000,000,440 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Registration3.job
[2012.09.06 11:54:34 | 000,000,512 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Update Version3 Startup Task.job
[2012.09.06 11:54:33 | 000,000,460 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Update Version3.job
[2012.09.06 11:54:27 | 000,000,416 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Pro.job
[2012.09.06 11:47:19 | 000,001,152 | ---- | C] () -- C:\Windows\SysWow64\windrv.sys
[2012.09.06 11:47:12 | 000,000,947 | ---- | C] () -- C:\Users\alx\Desktop\SpyNoMore.lnk
[2012.08.23 19:09:09 | 000,001,119 | ---- | C] () -- C:\Users\alx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopVideoPlayer.lnk
[2012.08.03 17:48:26 | 000,005,664 | ---- | C] () -- C:\Users\alx\.recently-used.xbel
[2012.07.10 20:48:37 | 000,009,064 | ---- | C] () -- C:\Users\alx\Neues Dokument 2.2012_07_10_20_48_37.0.svg
[2012.07.10 20:35:46 | 000,014,642 | ---- | C] () -- C:\Users\alx\Neues Dokument 2.2012_07_10_20_35_45.0.svg
[2012.07.01 22:00:07 | 000,000,021 | ---- | C] () -- C:\Windows\preview.ini
[2012.02.02 14:36:28 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2012.01.20 14:02:56 | 000,159,400 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011.07.31 18:43:28 | 000,000,020 | ---- | C] () -- C:\Windows\mafosav.INI
[2011.07.22 13:22:22 | 000,000,000 | ---- | C] () -- C:\Users\alx\support
[2011.01.12 21:11:41 | 000,000,118 | ---- | C] () -- C:\Windows\Podcasts.INI
[2011.01.12 12:09:19 | 000,023,761 | ---- | C] () -- C:\Windows\hpqins15.dat.temp
[2010.12.25 23:53:04 | 000,023,324 | ---- | C] () -- C:\Windows\hpqins15.dat
[2010.12.23 12:53:50 | 000,181,764 | ---- | C] () -- C:\Windows\hpoins28.dat
[2010.12.23 12:53:50 | 000,000,442 | ---- | C] () -- C:\Windows\hpomdl28.dat
[2010.11.03 11:04:28 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010.11.03 11:04:28 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010.03.26 18:43:22 | 000,000,000 | ---- | C] () -- C:\Users\alx\AppData\Roaming\wklnhst.dat
[2010.03.26 18:41:04 | 000,006,144 | ---- | C] () -- C:\Users\alx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.03.21 12:44:56 | 000,020,143 | ---- | C] () -- C:\Users\alx\AppData\Roaming\UserTile.png
 
========== LOP Check ==========
 
[2012.09.04 09:38:17 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\.minecraft
[2012.04.21 18:23:02 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\Amazon
[2012.08.06 21:02:31 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\Artisteer
[2012.05.06 11:03:19 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\Downloaded Installations
[2012.09.06 11:54:43 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\DriverCure
[2012.09.05 12:00:46 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\Dropbox
[2012.05.04 12:02:58 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\FILEminimizerPictures
[2010.07.30 19:40:52 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\FreeVideoConverter
[2011.03.10 12:16:18 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\FRITZ!
[2011.12.23 15:36:26 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\Hitachigst
[2010.09.30 17:41:01 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\inkscape
[2010.03.15 16:11:04 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\Leadertech
[2012.08.28 22:37:01 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\Mp3tag
[2012.07.16 12:12:22 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\Nitro PDF
[2011.03.04 21:28:25 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\Notepad++
[2010.09.03 20:21:20 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\Registry Mechanic
[2012.07.04 12:45:15 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\RotMG.Production
[2012.09.06 11:54:42 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\SpeedyPC Software
[2012.09.06 11:23:32 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\Spotify
[2010.03.14 02:49:37 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\Thunderbird
[2012.08.24 09:28:54 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\uTorrent
[2010.04.01 16:35:30 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\Windows Live Writer
[2010.03.05 13:04:29 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\_MDLogs
[2010.08.31 23:13:07 | 000,000,262 | ---- | M] () -- C:\Windows\Tasks\RMSchedule.job
[2012.07.19 16:17:01 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.09.06 11:54:32 | 000,000,416 | ---- | M] () -- C:\Windows\Tasks\SpeedyPC Pro.job
[2012.09.06 11:54:47 | 000,000,440 | ---- | M] () -- C:\Windows\Tasks\SpeedyPC Registration3.job
[2012.09.06 11:54:34 | 000,000,512 | ---- | M] () -- C:\Windows\Tasks\SpeedyPC Update Version3 Startup Task.job
[2012.09.06 11:54:33 | 000,000,460 | ---- | M] () -- C:\Windows\Tasks\SpeedyPC Update Version3.job
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:364682BC
@Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:D1B5B4F1

< End of report >
OTL Extras.txt
Code:
OTL Extras logfile created on: 06.09.2012 12:34:48 - Run 1
OTL by OldTimer - Version 3.2.61.0    Folder = C:\Users\alx\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,50 Gb Available Physical Memory | 62,63% Memory free
7,99 Gb Paging File | 6,04 Gb Available in Paging File | 75,59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284,56 Gb Total Space | 8,28 Gb Free Space | 2,91% Space Free | Partition Type: NTFS
Drive D: | 13,23 Gb Total Space | 2,17 Gb Free Space | 16,38% Space Free | Partition Type: NTFS
 
Computer Name: ALX | User Name: alx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla\Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- "C:\Program Files (x86)\Microsoft\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- "C:\Program Files (x86)\Microsoft\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{13B003B6-7740-490C-8A8C-84874A5FAC83}" = lport=137 | protocol=17 | dir=in | app=system |
"{325DA056-DF12-4ED8-9D39-569A86619791}" = rport=10243 | protocol=6 | dir=out | app=system |
"{3727B647-83DD-4920-8D76-D4D6C106326E}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{395356CA-E1CA-450F-8C50-6385354E41D5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{427B4546-A6F8-4C87-BB8D-DE310B48452C}" = rport=445 | protocol=6 | dir=out | app=system |
"{52726DC1-A52A-4665-8F23-392D6436BD56}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{52B21631-8887-452E-9566-DA17AA5325EC}" = rport=138 | protocol=17 | dir=out | app=system |
"{56D159AF-764B-46B3-821F-C4BA12EB472F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{58FF0915-ED23-408D-8A9B-B16DDC3B7DD5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{594EEF36-8A27-4066-96C7-278F732F2550}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6D17F07C-3486-4664-9D57-313A50417CA8}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7150B431-B647-4B62-85C7-E43FD6D04F2B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8065D405-A7E5-45B4-BA70-ADD8FFE15FA0}" = lport=138 | protocol=17 | dir=in | app=system |
"{836B6DBE-D037-41EC-B905-2038FC56B736}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{8890C906-E5FB-4ACE-957A-A0397B859463}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{89AE6958-F934-45C9-8257-A5E5F9414D28}" = lport=10243 | protocol=6 | dir=in | app=system |
"{8BBBA242-FD4D-40C6-A2AA-CF619405AA72}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{8D4A85B9-DA2F-4E23-B879-632BF79EE11E}" = lport=445 | protocol=6 | dir=in | app=system |
"{97B40887-B583-4427-8FC6-C2328711B0B3}" = rport=139 | protocol=6 | dir=out | app=system |
"{A31A9392-1556-4A78-A246-5D0975AB52E7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{C609BAA2-64F5-4268-9263-D1A338EC3D44}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CCA21C25-FB45-44E3-81E6-1E6B95006C37}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D0411442-315C-4471-94F4-AA312067F03C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D60377EA-3839-41AD-BFBE-0B9B29F95FDB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{E448E49D-A6FB-47A9-95DE-AD05D57E19F7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{E60DDF22-E8CF-42C9-AA9F-541457C7F498}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E714284E-1AA2-4A5D-BDB1-63C75129D48F}" = rport=137 | protocol=17 | dir=out | app=system |
"{F472F24B-692B-474E-8AE4-F5AB5A461A23}" = lport=139 | protocol=6 | dir=in | app=system |
"{F4E5E7BB-0850-4FD7-B9EB-178E1A6E2E34}" = lport=2869 | protocol=6 | dir=in | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0009167E-FE81-4CAE-8309-2229CDC7BE3E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0652AE9E-CBB7-4253-B535-430B5FE9F4D3}" = protocol=6 | dir=in | app=c:\users\alx\appdata\roaming\dropbox\bin\dropbox.exe |
"{18CC167E-9187-4BE5-90B8-D99CBD20BEC9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{1F4B7235-8424-4559-B70F-B455DF76CC16}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{200987D1-EEE2-4026-80EF-076BE68E91EC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\audiosurf\engine\questviewer.exe |
"{25C778CD-A8B4-42AE-B7C4-92AD48CAEDB9}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{2DA8CE25-CC91-4283-9014-0684166ECBA1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{2E20B7FE-74A4-4AF5-AF99-3308E6FF1CB0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{394A3F8F-08AE-45A5-8AD8-C81F98B9CF91}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{4245F6E2-3A76-4D5D-AF6D-44DE11807F93}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{43B11366-9816-4D1F-A7F4-15EE66E4702A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{46379CAA-E9AA-46D8-B0FC-6FB6E997E0FC}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{4CD90FA8-7041-4BCE-950F-E9B7C4FEECE4}" = protocol=6 | dir=out | app=system |
"{5A61E3D8-C9AD-4549-8CAD-60073A3EEFCA}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{5E7182CE-3BAB-41C1-9CB9-B6B74DEC5BE8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{616A90F0-53E9-43D3-BCFE-35E5ACD59101}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{6A0AD46A-063E-4790-9E3D-FF4991FE5E57}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6B03837F-5284-4FAB-B792-1E90EAE42A69}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"{6B29720D-5D88-4340-9A97-FD856D36B7E9}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6D09F2E6-3C22-40E9-948A-ED924764E254}" = protocol=17 | dir=in | app=c:\users\alx\appdata\roaming\dropbox\bin\dropbox.exe |
"{722B7739-5423-4D97-8E2E-3634600C2B32}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{76978451-7982-40D0-972D-55A285317817}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{775EB963-9BB2-48EB-B0A3-55B65D2E499A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{7B7F2A72-398C-419C-AFF1-91E53E0E095F}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{7CDB582B-600F-44FE-9AC4-BA0C17C707BE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{820F9052-5CE4-49B5-94F8-6A98C2875E1D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8651F9F0-A2E7-4041-9CF0-FBB57AC0C742}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8A8A7919-0005-41FB-B9E8-1F32B36A48E7}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{914E3213-DC8B-478D-8A8C-0483D5A7FB14}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{946B457E-31AD-4002-A2C0-919A916D7719}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{9A066A79-67F3-427A-BEA9-61D3AF78E966}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{A13CE354-41BA-4913-8ED1-E3AC3909FF6F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A5065139-3386-4565-8159-17FD10324AF1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A658D438-16EA-49E5-AE37-799799EE5E7E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{A80C8278-2FC0-4894-8B89-36F1922B6F4D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{A8CE6D14-F52C-4EB0-A0E6-25FCDEAB1F85}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A9AE84BE-CEBA-49B4-A070-6DD8CD704A64}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{AA61204F-9909-43FD-971E-584ECFF9A0C2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{BB4F063A-2653-4A68-BD00-BF277C9DA876}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{BBD7AAEA-FE38-40EB-93CD-A1CB2FB7843C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe |
"{BE0A166B-9A49-4400-8125-7C899882C22D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{C5304CA0-6DEC-41F4-B92D-EA58E0623BDB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{C700FD97-46B1-4D98-A456-0B25E22843FB}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{CFE2C2AA-D743-4233-9798-304510B06F97}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\audiosurf\engine\questviewer.exe |
"{D5853299-F2A5-46F2-8F17-7D35470B2732}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{DFDCF05A-65C1-4807-B2B8-63F5128ED93B}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{E08DEC35-8ADB-4855-8689-F3D71ED6FA7F}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E08F4DAC-5E45-4EF6-A2E9-DD749D6EED92}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{E0F11DF4-358E-4814-B803-8D210B71F4CA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{E35D10E5-D440-4866-B606-3E719D39E7F4}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E9258ADA-54C3-4B71-9905-D9454B969C3C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{F94E7E99-F341-4117-A43E-AC6B7C68C619}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"{FBDD2786-D634-49A9-B28B-5CDB530996D6}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{FDAD1CEF-135F-412C-A9CE-D9BFBC3850EF}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{FF864A5D-EC5E-48BB-9516-41D438EDAC6D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"TCP Query User{07B0E97A-0E54-4F67-A877-8B55B83FF123}C:\program files (x86)\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe |
"TCP Query User{094766DA-1AEB-47D4-98AA-E03FF6184ED8}C:\program files (x86)\hitachi\lifestudio\lifestudio.exe" = protocol=6 | dir=in | app=c:\program files (x86)\hitachi\lifestudio\lifestudio.exe |
"TCP Query User{144AE2CD-06EF-4B6F-B070-91BF1B2F303A}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe |
"TCP Query User{169CEBC4-B5A9-4D32-9A00-B54337F615FD}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe |
"TCP Query User{1B1A95F3-447B-4344-BD05-BE714BB60FDD}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"TCP Query User{1D6493C9-4A9C-4AE5-A3DC-0343E461C780}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2609-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2609-enus-tools-downloader.exe |
"TCP Query User{20405363-E488-406A-B91A-04FBDF442692}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe |
"TCP Query User{22E0BE2C-7D93-46AF-85BA-05EAD9BD5310}C:\program files (x86)\steam\steamapps\common\magic the gathering tactics\mtgtactics.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magic the gathering tactics\mtgtactics.exe |
"TCP Query User{354DA4BE-C65C-4A3E-8DF4-EE628664DC4B}C:\users\alx\saved games\wciii\war3.exe" = protocol=6 | dir=in | app=c:\users\alx\saved games\wciii\war3.exe |
"TCP Query User{4162BCD9-DAD3-4B22-8A56-9BC5D9862107}C:\program files (x86)\world of warcraft\temp\wow-4.2.0.2552-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.0.2552-enus-tools-downloader.exe |
"TCP Query User{4B44ADB5-54B5-4B7E-84EC-69BE0E977AEE}C:\program files (x86)\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"TCP Query User{4FF4F65C-4073-47F8-81D3-F491055E3D41}C:\users\alx\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\alx\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{52343CD7-453D-4585-BFE7-B6818CE03161}C:\users\alx\saved games\cs\counter strike 1.6\hl.exe" = protocol=6 | dir=in | app=c:\users\alx\saved games\cs\counter strike 1.6\hl.exe |
"TCP Query User{7BA90C37-576E-4A16-BE28-4AA58104EC9A}C:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"TCP Query User{837496DE-B014-4614-8F1F-B059D7FB7570}C:\program files (x86)\world of warcraft\launcher.patch.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |
"TCP Query User{85BBB98D-97D8-41B9-8334-2971901EBAAF}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"TCP Query User{8EF1FD4C-2ABE-4CD8-A09B-5DBC80F8A6D0}C:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe |
"TCP Query User{934390B8-DB76-4A35-8AB7-A7E6985D49D8}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe |
"TCP Query User{9C583F8D-23BB-4B45-AE2F-D13E205E4B77}C:\users\alx\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\alx\appdata\roaming\spotify\spotify.exe |
"TCP Query User{9CABF7AD-BE9F-4D5B-9F35-BBF75DB039B5}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"TCP Query User{9D102304-09E4-4C3C-80E9-1E2C186094B0}C:\users\alx\appdata\local\vghd\bin\virtuagirl_downloader.exe" = protocol=6 | dir=in | app=c:\users\alx\appdata\local\vghd\bin\virtuagirl_downloader.exe |
"TCP Query User{C5FDF4E6-29D7-499E-921B-B567D89ACE18}C:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"TCP Query User{C968A564-3CC1-4B95-8A91-0CA0EE0209BF}C:\users\alx\appdata\local\vghd\bin\virtuagirl_downloader.exe" = protocol=6 | dir=in | app=c:\users\alx\appdata\local\vghd\bin\virtuagirl_downloader.exe |
"TCP Query User{D4B87156-1C4E-41E4-AD8C-0C35226255FD}C:\program files (x86)\mozilla\firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla\firefox\firefox.exe |
"TCP Query User{D73690A7-14FA-43E2-ADFD-6D42F47AEB07}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2685-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2685-enus-tools-downloader.exe |
"TCP Query User{DD98DE6E-E8E1-4E62-8C70-09CDB8D51062}C:\users\alx\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\alx\appdata\roaming\spotify\spotify.exe |
"TCP Query User{E6EC7AFF-5004-43A9-B6F2-B3F73DE5F507}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe |
"TCP Query User{F2936BD4-0CC1-4536-AA86-A055769A1D4C}C:\program files (x86)\ubisoft\related designs\anno 2070 demo\anno5.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070 demo\anno5.exe |
"TCP Query User{F8BE2F4D-80B9-4879-9E34-104AA3B3BD3F}C:\program files (x86)\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe |
"TCP Query User{FD942591-D65D-46C1-8424-D9B9C7DAF70C}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe |
"UDP Query User{0508A343-77DD-4B25-8B6D-0811C8C6B6F8}C:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe |
"UDP Query User{239B73CE-3F9F-4D6E-B61D-B24030B44AF6}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2685-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2685-enus-tools-downloader.exe |
"UDP Query User{3377A3CF-EDC9-4916-8EAB-7A8D36B964A8}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe |
"UDP Query User{3B1D1AC7-38C3-4D47-9320-3D90113A7B72}C:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"UDP Query User{443777AC-56AA-4479-854A-5316B60D4EDF}C:\program files (x86)\steam\steamapps\common\magic the gathering tactics\mtgtactics.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magic the gathering tactics\mtgtactics.exe |
"UDP Query User{5071DAED-EFFF-4CDD-9C8D-79A0F30F365C}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"UDP Query User{52BE2870-5B0A-4A62-9D3C-BE7FD3A7B50B}C:\program files (x86)\world of warcraft\temp\wow-4.2.0.2552-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.0.2552-enus-tools-downloader.exe |
"UDP Query User{672A2DCC-9D49-418C-9A01-407E4A3CB65D}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe |
"UDP Query User{6D070942-37C1-4B3B-8F41-835DD7C7A51E}C:\program files (x86)\hitachi\lifestudio\lifestudio.exe" = protocol=17 | dir=in | app=c:\program files (x86)\hitachi\lifestudio\lifestudio.exe |
"UDP Query User{6D3FD1C2-E971-42DF-8FB2-63B33481DF00}C:\program files (x86)\world of warcraft\launcher.patch.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |
"UDP Query User{71DC42ED-356F-4DE1-87B6-6489960348A7}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2609-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2609-enus-tools-downloader.exe |
"UDP Query User{769A28F1-1AD8-446F-ACF4-06E74D9789C2}C:\program files (x86)\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe |
"UDP Query User{7701300D-50BC-4941-84EF-DC4B46ACA791}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe |
"UDP Query User{8244723C-D0A7-4385-92F9-437CAFCD91C7}C:\program files (x86)\mozilla\firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla\firefox\firefox.exe |
"UDP Query User{835BCAE3-239B-4FF6-9E39-F362D68F712C}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe |
"UDP Query User{87EBA4CD-678F-49B3-AC21-121056A0D214}C:\program files (x86)\ubisoft\related designs\anno 2070 demo\anno5.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070 demo\anno5.exe |
"UDP Query User{8B30169A-7103-4512-AC5B-4FC1424D9A32}C:\users\alx\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\alx\appdata\roaming\spotify\spotify.exe |
"UDP Query User{9174227A-B793-4775-97BC-041485FD43DF}C:\users\alx\saved games\wciii\war3.exe" = protocol=17 | dir=in | app=c:\users\alx\saved games\wciii\war3.exe |
"UDP Query User{91B7F9F4-F221-4F64-B56A-05E1053BE6CE}C:\users\alx\appdata\local\vghd\bin\virtuagirl_downloader.exe" = protocol=17 | dir=in | app=c:\users\alx\appdata\local\vghd\bin\virtuagirl_downloader.exe |
"UDP Query User{9391228D-C749-46A6-8DD4-965C6D43F238}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe |
"UDP Query User{98E38F29-56B1-4504-8A66-C410B62197D4}C:\users\alx\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\alx\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{A18D2F1C-10EA-4B7D-9A15-C4F06F8E62CD}C:\program files (x86)\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"UDP Query User{AABF1E75-617C-4E88-BD0D-8D6451C862C6}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"UDP Query User{BD436BA4-AD71-4C50-BC17-B31895448050}C:\users\alx\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\alx\appdata\roaming\spotify\spotify.exe |
"UDP Query User{BD798980-2C0E-47B4-A80B-DDDF1CCA269B}C:\users\alx\saved games\cs\counter strike 1.6\hl.exe" = protocol=17 | dir=in | app=c:\users\alx\saved games\cs\counter strike 1.6\hl.exe |
"UDP Query User{CBFE82A4-1C1F-46E0-84E6-0D0E9D788B6D}C:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"UDP Query User{D46BE792-E32D-4E9E-BB3B-09696D46A35D}C:\program files (x86)\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe |
"UDP Query User{E53CCF35-7E2D-4C31-9B24-F366F7658E77}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe |
"UDP Query User{F756ABE1-1AB3-4615-A5BB-DDD88ADAD9B2}C:\users\alx\appdata\local\vghd\bin\virtuagirl_downloader.exe" = protocol=17 | dir=in | app=c:\users\alx\appdata\local\vghd\bin\virtuagirl_downloader.exe |
"UDP Query User{F968A326-08A4-404E-AB71-92B60B62F6A9}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86416029FF}" = Java(TM) 6 Update 29 (64-bit)
"{4237FF56-4BD0-481E-BD44-C1A8DDA9C753}_is1" = WinDS PRO 2012.7.1
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6C47240C-016E-03B5-D13E-AECAED09F2E3}" = ATI Catalyst Install Manager
"{7FD7F421-39B2-4CAC-BC41-7D83DDBAB329}" = HP 3D DriveGuard
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8753DF4D-64B0-474E-9A97-0AB5585D9A53}" = Logitech Gaming Software 5.04
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{A00C9114-40E6-4C70-A619-7DF264B23485}" = HP Deskjet F4200 All-In-One Driver Software 13.0 Rel. 3
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{ADEB3402-CFBD-00E2-0EE6-F6A3F1AFACF0}" = ccc-utility64
"{B67C01B3-8502-4BE7-AEAB-BBDE910AD3EE}" = Microsoft Web Platform Installer 2.0
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F9B292AE-1BA8-481B-9C09-1C5CABFB0E4C}" = Nitro Reader 2
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"Defraggler" = Defraggler
"FFE7D41DF3C645075BB149E21988B63996C34187" = ENE CIR Receiver Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"SP6" = Logitech SetPoint 6.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{022D2599-2316-4927-89F1-9188894CEB02}" = StarMoney
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{09CC0D0E-061D-3C7B-3881-D2EB53A8AAFC}" = CCC Help Polish
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26606D8F-3133-DBE2-8AF5-AB28F300860A}" = CCC Help Chinese Standard
"{266D0EEA-E5A6-4A08-A0EE-5391D4EA44A7}" = Catalyst Control Center - Branding
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 35
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33C17B75-EA9C-0687-9CED-03D92637B042}" = CCC Help Hungarian
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{363CEA5C-C9D0-45DD-9511-A461DBDEE94B}" = DJ_AIO_03_F4200_Software_Min
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{3FBDB7B8-7472-E895-2E5D-99D190B2D1B6}" = Catalyst Control Center InstallProxy
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = PowerRecover
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{4F46FDB9-B906-47BF-B3D5-C62E01B3C5EE}" = HP Support Assistant
"{5271C0D4-24E4-4C3D-A782-C012033FD3CF}" = AMD USB Filter Driver
"{546937C5-0529-333E-0D5E-FE3C53108806}" = CCC Help Japanese
"{54CC7901-804D-4155-B353-21F0CC9112AB}" = HP Wireless Assistant
"{55C70B62-5EF1-D527-7CAB-E50D8B3B4990}" = Catalyst Control Center Graphics Full New
"{577ED77E-25D9-1A76-4EF0-773B9C173758}" = CCC Help Portuguese
"{5B295588-59C1-4386-9F85-BB4BEDCB0D22}" = HP Customer Experience Enhancements
"{5DB4EA68-A509-D408-585C-C9D045FADF72}" = Catalyst Control Center Graphics Previews Vista
"{604CD5A1-4520-4844-B064-A3D884B77E91}" = SpeedyPC Pro
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6D335F78-1F4F-7826-56DD-4F350EA6EADD}" = CCC Help Greek
"{6EF04EAE-0354-9919-E757-F1203E6F422B}" = CCC Help Italian
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{7028B245-30A2-BD8C-31B9-6008216FBDC2}" = CCC Help French
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{779D3256-84D0-936F-18F9-A154DC85B4B4}" = Catalyst Control Center Localization All
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7F4DA5B8-6884-47F2-AEBA-D9111E420C63}" = CCC Help Danish
"{7F9A8D27-A1B9-164F-FCB1-0B64C88629CF}" = CCC Help Norwegian
"{803263F7-8CAC-DC6D-3288-8128865A7472}" = CCC Help German
"{82EF29B1-9B60-4142-A155-0599216DD053}" = LightScribe System Software
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{8CC47AA0-5774-61FC-6A59-7E1C936DB753}" = ccc-core-static
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A28867B-109A-5BBF-85C0-FC1BAA98CA1C}" = CCC Help Russian
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A8BCC9E4-9036-3029-F2BC-AA73A62DA73D}" = CCC Help Turkish
"{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}" = PixiePack Codec Pack
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B1A70A4D-549B-4C56-9C00-EF55A22E52B6}" = StarMoney
"{B51605BF-6326-4553-AE96-6D7F1813D5F5}" = HP User Guides 0154
"{B5C746E6-D961-445C-3768-5B6FAF6A1A31}" = CCC Help Spanish
"{BB367ACC-0F34-4D69-94F3-F0E667A57921}" = Star Wars: X-Wing vs. TIE Fighter v1.1.4
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C0769946-2CF1-9E8D-009B-5C413B3F01D1}" = CCC Help Czech
"{C2524280-A5CF-4458-B809-167F13FAB56D}" = F4200
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C4F7EEE5-3D99-8552-7483-B2F412838B2A}" = Catalyst Control Center Graphics Previews Common
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4C41D27-A2D5-94C6-1D08-3D470A12EAF0}" = CCC Help Swedish
"{D9D6A848-1BFD-592B-5F9D-0BA8692FDF0B}" = CCC Help Finnish
"{DCD91C2F-3A86-B328-59A0-5EED6190D983}" = Catalyst Control Center Graphics Full Existing
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E5F5CAA5-84ED-DE41-40D0-8926FE7E5F4D}" = Catalyst Control Center Graphics Light
"{E6415AEF-3B3E-43FF-AD3A-0258D854E7D6}" = Microsoft Sync Framework 2.0 Core Components (x86) DEU
"{E6CE345D-BF83-1242-9E4D-3D60A5036D87}" = CCC Help English
"{E90A1941-4989-4172-AB5C-DBCB02202A84}" = Microsoft Sync Framework 2.0 Provider Services (x86) DEU
"{EC155897-712F-5637-A5DA-6C7CE7CB5521}" = CCC Help Korean
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0580F64-44A1-C607-9364-887912B74F4D}" = CCC Help Thai
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F3F9A4E5-CD9F-4657-CF99-5CE3F7729909}" = Catalyst Control Center Core Implementation
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F5B1D41A-05B9-98E2-C350-E69D4A444CB4}" = CCC Help Chinese Traditional
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FCF0F615-6E70-B949-028F-88D32C55C2BC}" = CCC Help Dutch
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Artisteer 3" = Artisteer 3
"AudibleManager" = AudibleManager
"Audiograbber" = Audiograbber 1.83 SE
"Audiograbber-Lame" = Audiograbber Lame-MP3-Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"ClassicPro" = ClassicPro© v1.14
"Diablo III" = Diablo III
"DivX Setup" = DivX-Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FILEminimizer Pictures_is1" = FILEminimizer Pictures
"Inkscape" = Inkscape 0.48.0
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"LastFM_is1" = Last.fm 1.5.4.27091
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"Mozilla Thunderbird 15.0 (x86 de)" = Mozilla Thunderbird 15.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3tag" = Mp3tag v2.50
"Notepad++" = Notepad++
"OpenAL" = OpenAL
"SpyNoMore" = SpyNoMore 3.00
"Steam App 12900" = Audiosurf
"uTorrent" = µTorrent
"vghd" = DeskBabes
"VideoPad" = VideoPad Video Editor
"VLC media player" = VLC media player 2.0.2
"WildTangent hp Master Uninstall" = HP Games
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"World of Warcraft" = World of Warcraft
"Xvid_is1" = Xvid 1.2.2 final uninstall
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"DeskBabes_is1" = DeskBabes version 1.1.0.16
"Dropbox" = Dropbox
"Spotify" = Spotify
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 22.07.2011 07:46:59 | Computer Name = alx | Source = MsiInstaller | ID = 11308
Description =
 
Error - 25.07.2011 12:25:05 | Computer Name = alx | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wmpnetwk.exe, Version: 12.0.7601.17514,
 Zeitstempel: 0x4ce7ae7f  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17625,
 Zeitstempel: 0x4de88429  Ausnahmecode: 0x0000046b  Fehleroffset: 0x000000000000cacd
ID
 des fehlerhaften Prozesses: 0x9a8  Startzeit der fehlerhaften Anwendung: 0x01cc49ee28dc0ea7
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Windows Media Player\wmpnetwk.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\system32\KERNELBASE.dll  Berichtskennung: a75fb5ca-b6da-11e0-86c4-00269ea162a6
 
Error - 01.08.2011 16:06:12 | Computer Name = alx | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: vghd.exe, Version: 1.0.5.2, Zeitstempel:
 0x4d5d1d20  Name des fehlerhaften Moduls: vghd.exe, Version: 1.0.5.2, Zeitstempel:
 0x4d5d1d20  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00012b07  ID des fehlerhaften Prozesses:
 0x12f0  Startzeit der fehlerhaften Anwendung: 0x01cc5086500048fb  Pfad der fehlerhaften
 Anwendung: C:\Users\alx\AppData\Local\vghd\bin\vghd.exe  Pfad des fehlerhaften Moduls:
 C:\Users\alx\AppData\Local\vghd\bin\vghd.exe  Berichtskennung: b3b1ee44-bc79-11e0-8db6-00269ea162a6
 
Error - 02.08.2011 16:05:30 | Computer Name = alx | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Skype.exe, Version: 4.0.0.224, Zeitstempel:
 0x49cc7813  Name des fehlerhaften Moduls: Skype.exe, Version: 4.0.0.224, Zeitstempel:
 0x49cc7813  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0010d258  ID des fehlerhaften Prozesses:
 0x39c  Startzeit der fehlerhaften Anwendung: 0x01cc514dedbf6a33  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\Skype\Phone\Skype.exe  Pfad des fehlerhaften Moduls:
 C:\Program Files (x86)\Skype\Phone\Skype.exe  Berichtskennung: c561f448-bd42-11e0-86c6-00269ea162a6
 
Error - 09.08.2011 13:36:47 | Computer Name = alx | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: winamp.exe, Version: 5.6.2.3173,
Zeitstempel: 0x4e1b6f92  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00680026  ID des fehlerhaften
 Prozesses: 0x1390  Startzeit der fehlerhaften Anwendung: 0x01cc56b5999559a0  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Winamp\winamp.exe  Pfad des fehlerhaften
 Moduls: unknown  Berichtskennung: 27bf6872-c2ae-11e0-85ad-00269ea162a6
 
Error - 15.08.2011 08:52:48 | Computer Name = alx | Source = BugSplat | ID = 1
Description =
 
Error - 16.08.2011 05:20:08 | Computer Name = alx | Source = Application Hang | ID = 1002
Description = Programm WINWORD.EXE, Version 12.0.6545.5000 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 1008    Startzeit: 01cc5bf4d411a00e    Endzeit: 0    Anwendungspfad:
C:\Program Files (x86)\Microsoft\Office12\WINWORD.EXE    Berichts-ID: 
 
Error - 16.08.2011 05:20:35 | Computer Name = alx | Source = Application Hang | ID = 1002
Description = Programm WINWORD.EXE, Version 12.0.6545.5000 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 1640    Startzeit: 01cc5bf5b10f4bad    Endzeit: 18    Anwendungspfad:
 C:\Program Files (x86)\Microsoft\Office12\WINWORD.EXE    Berichts-ID: 
 
Error - 17.08.2011 19:09:00 | Computer Name = alx | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wmpnetwk.exe, Version: 12.0.7601.17514,
 Zeitstempel: 0x4ce7ae7f  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17514,
 Zeitstempel: 0x4ce7c8f9  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000000000004e4b4
ID
 des fehlerhaften Prozesses: 0xdf4  Startzeit der fehlerhaften Anwendung: 0x01cc5d1c20b598b8
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Windows Media Player\wmpnetwk.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: e419c437-c925-11e0-849e-00269ea162a6
 
Error - 17.08.2011 19:13:12 | Computer Name = alx | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: vghd.exe, Version: 1.0.5.2, Zeitstempel:
 0x4d5d1d20  Name des fehlerhaften Moduls: vghd.exe, Version: 1.0.5.2, Zeitstempel:
 0x4d5d1d20  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00012b07  ID des fehlerhaften Prozesses:
 0x9f4  Startzeit der fehlerhaften Anwendung: 0x01cc5d32e4713a7c  Pfad der fehlerhaften
 Anwendung: C:\Users\alx\AppData\Local\vghd\bin\vghd.exe  Pfad des fehlerhaften Moduls:
 C:\Users\alx\AppData\Local\vghd\bin\vghd.exe  Berichtskennung: 7a3b4d3f-c926-11e0-849e-00269ea162a6
 
[ Hewlett-Packard Events ]
Error - 04.04.2010 08:49:53 | Computer Name = alx | Source = Hewlett-Packard | ID = 0
Description = de-DE Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
HPSF

  bei HPAssistant.Pages.DiagnoseMain.brdAssistance_MouseDown(Object sender, MouseButtonEventArgs
 e)    bei System.Windows.Input.MouseButtonEventArgs.InvokeEventHandler(Delegate
genericHandler, Object genericTarget)    bei System.Windows.RoutedEventArgs.InvokeHandler(Delegate
 handler, Object target)    bei System.Windows.RoutedEventHandlerInfo.InvokeHandler(Object
 target, RoutedEventArgs routedEventArgs)    bei System.Windows.EventRoute.InvokeHandlersImpl(Object
 source, RoutedEventArgs args, Boolean reRaised)    bei System.Windows.UIElement.RaiseEventImpl(DependencyObject
 sender, RoutedEventArgs args)    bei System.Windows.UIElement.RaiseEvent(RoutedEventArgs
 args, Boolean trusted)    bei System.Windows.Input.InputManager.ProcessStagingArea()

  bei System.Windows.Input.InputManager.ProcessInput(InputEventArgs input)    bei
 System.Windows.Input.InputProviderSite.ReportInput(InputReport inputReport)    bei
 System.Windows.Interop.HwndMouseInputProvider.ReportInput(IntPtr hwnd, InputMode
 mode, Int32 timestamp, RawMouseActions actions, Int32 x, Int32 y, Int32 wheel) 
  bei System.Windows.Interop.HwndMouseInputProvider.FilterMessage(IntPtr hwnd, Int32
 msg, IntPtr wParam, IntPtr lParam, Boolean& handled)    bei System.Windows.Interop.HwndSource.InputFilterMessage(IntPtr
 hwnd, Int32 msg, IntPtr wParam, IntPtr lParam, Boolean& handled)    bei MS.Win32.HwndWrapper.WndProc(IntPtr
 hwnd, Int32 msg, IntPtr wParam, IntPtr lParam, Boolean& handled)    bei MS.Win32.HwndSubclass.DispatcherCallbackOperation(Object
 o)    bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback,
 Object args, Boolean isSingleParameter)    bei System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
 source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)

 
[ OSession Events ]
Error - 29.06.2010 10:29:54 | Computer Name = alx | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6535.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 16
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 16.07.2010 07:58:12 | Computer Name = alx | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6535.5002, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 08.11.2010 10:04:27 | Computer Name = alx | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 14.11.2010 17:00:45 | Computer Name = alx | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 16.11.2010 17:11:14 | Computer Name = alx | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 30.11.2010 07:26:19 | Computer Name = alx | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 20.01.2011 09:01:19 | Computer Name = alx | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 03.06.2011 09:58:02 | Computer Name = alx | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 13
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 15.08.2011 08:44:24 | Computer Name = alx | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 05.12.2011 02:25:56 | Computer Name = alx | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 42
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 31.08.2012 07:04:22 | Computer Name = alx | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.

        Neue
 Signaturversion:      Vorherige Signaturversion: 1.135.81.0    Aktualisierungsquelle: %%859

        Aktualisierungsphase:
 %%853    Quellpfad: hxxp://www.microsoft.com    Signaturtyp: %%800    Aktualisierungstyp: %%803

        Benutzer:
 NT-AUTORITÄT\SYSTEM    Aktuelle Modulversion:      Vorherige Modulversion: 1.1.8704.0    Fehlercode:
 0x80240022    Fehlerbeschreibung: Die Suche des Programms nach Definitionsaktualisierungen
 ist nicht möglich.
 
Error - 01.09.2012 08:39:46 | Computer Name = alx | Source = Microsoft-Windows-TaskScheduler | ID = 413
Description = Beim Start des Aufgabenplanungsdiensts konnten Aufgaben nicht geladen
 werden. Zusätzliche Daten: Fehlerwert: 2147549183.
 
Error - 01.09.2012 08:40:10 | Computer Name = alx | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
  [verify-U]_System
 
Error - 01.09.2012 08:42:40 | Computer Name = alx | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Microsoft .NET Framework NGEN v4.0.30319_X86 erreicht.
 
Error - 03.09.2012 04:10:26 | Computer Name = alx | Source = Microsoft-Windows-TaskScheduler | ID = 413
Description = Beim Start des Aufgabenplanungsdiensts konnten Aufgaben nicht geladen
 werden. Zusätzliche Daten: Fehlerwert: 2147549183.
 
Error - 03.09.2012 04:10:58 | Computer Name = alx | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
  [verify-U]_System
 
Error - 03.09.2012 04:12:10 | Computer Name = alx | Source = WMPNetworkSvc | ID = 866300
Description =
 
Error - 04.09.2012 04:52:17 | Computer Name = alx | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 04.09.2012 13:52:53 | Computer Name = alx | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst ShellHWDetection erreicht.
 
Error - 06.09.2012 05:18:32 | Computer Name = alx | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst lmhosts erreicht.
 
 
< End of report >

cosinus 06.09.2012 16:27
Bitte erstmal routinemäßig einen Vollscan mit malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset




Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log

Homunkoloss 16.09.2012 16:42
Erst einmal meine Entschuldigung für die Verspätung, die Scans haben mehr Zeit in Anspruch genommen als gedacht, so dass ich sie hab weiterlaufen lassen, als ich jetzt für ne Woche weg war...:wtf:

Weder Malwarebytes, noch ESET haben irgendetwas gefunden. Daher agibt es ach keine Log von ESET. Die von Malwarebytes lautet:
Code:
Malwarebytes Anti-Malware (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.09.06.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
alx :: ALX [Administrator]

Schutz: Aktiviert

06.09.2012 18:14:16
mbam-log-2012-09-06 (18-14-16).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 675706
Laufzeit: 6 Stunde(n), 16 Minute(n), 40 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

cosinus 16.09.2012 18:58
adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)

Homunkoloss 17.09.2012 11:56
Code:
# AdwCleaner v2.002 - Datei am 09/17/2012 um 12:56:07 erstellt
# Aktualisiert am 16/09/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : alx - ALX
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\alx\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gefunden : C:\Users\alx\AppData\Local\vghd

***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v15.0 (de)

Profilname : default
Datei : C:\Users\alx\AppData\Roaming\Mozilla\Firefox\Profiles\ck8le8cj.default\prefs.js

Gefunden : user_pref("extensions.4f807b3748d97.scode", "(function(){try{if('aol.com,mystart.incredibar.com,prem[...]
Gefunden : user_pref("extensions.skipscreen.hostMatchStr", "hxxp://www.4shared.com/(get|audio|file|document|dir[...]

*************************

AdwCleaner[R1].txt - [992 octets] - [17/09/2012 12:56:07]

########## EOF - C:\AdwCleaner[R1].txt - [1051 octets] ##########

cosinus 17.09.2012 12:34
adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x=fortlaufende Nummer)

Homunkoloss 17.09.2012 14:30
Code:
# AdwCleaner v2.002 - Datei am 09/17/2012 um 15:23:35 erstellt
# Aktualisiert am 16/09/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : alx - ALX
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\alx\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\Users\alx\AppData\Local\vghd

***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v8.0.7601.17514

Wiederhergestellt : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v15.0 (de)

Profilname : default
Datei : C:\Users\alx\AppData\Roaming\Mozilla\Firefox\Profiles\ck8le8cj.default\prefs.js

Gelöscht : user_pref("extensions.4f807b3748d97.scode", "(function(){try{if('aol.com,mystart.incredibar.com,prem[...]
Gelöscht : user_pref("extensions.skipscreen.hostMatchStr", "hxxp://www.4shared.com/(get|audio|file|document|dir[...]

*************************

AdwCleaner[R1].txt - [1120 octets] - [17/09/2012 15:23:05]
AdwCleaner[S1].txt - [1711 octets] - [17/09/2012 15:23:35]

########## EOF - C:\AdwCleaner[S1].txt - [1771 octets] ##########

cosinus 17.09.2012 14:56
Hätte da mal drei Fragen bevor es weiter geht (wir sind noch nicht fertig!)

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?
3.) Die Werbeeinblendungen bzw Weiterleitungen wie zB Incredibar oder Mystart sind nun weg?

Homunkoloss 17.09.2012 15:31
1.) Habe vorher keinen Unterschied in der Funktion bemerkt, folglich jetzt auch keine Änderung zum Besseren.

2.) Habe 2 leere Ordner gefunden, die aber zu bereits deinstallierten Programmen gehörten. Ansonsten fehlt nix.

3.) Weiterleitungen sind behoben so weit ich das sehe (neues fenster / tab), aber die Werbelink-Einblendungen (by text-enhance) sind immer noch da.

cosinus 17.09.2012 19:56
Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Homunkoloss 26.09.2012 16:01
Code:
OTL logfile created on: 26.09.2012 12:50:55 - Run 3
OTL by OldTimer - Version 3.2.68.0    Folder = C:\Users\alx\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,61 Gb Available Physical Memory | 65,24% Memory free
7,99 Gb Paging File | 6,44 Gb Available in Paging File | 80,57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284,56 Gb Total Space | 5,61 Gb Free Space | 1,97% Space Free | Partition Type: NTFS
Drive D: | 13,23 Gb Total Space | 2,17 Gb Free Space | 16,38% Space Free | Partition Type: NTFS
 
Computer Name: ALX | User Name: alx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\alx\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\alx\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Users\alx\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\alx\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard Company)
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe (Andrea Electronics Corporation)
SRV - (NitroReaderDriverReadSpool2) -- C:\Programme\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe (Nitro PDF Software)
SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe (IDT, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (LBTServ) -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe (Andrea Electronics Corporation)
SRV - (ezSharedSvc) -- C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Qualcomm Atheros Communications, Inc.)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard Company)
DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard Company)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (enecir) -- C:\Windows\SysNative\drivers\enecir.sys (ENE TECHNOLOGY INC.)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corp)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Research Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (grmnusb) -- C:\Windows\SysNative\drivers\grmnusb.sys (GARMIN Corp.)
DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (WmXlCore) -- C:\Windows\SysNative\drivers\WmXlCore.sys (Logitech Inc.)
DRV:64bit: - (WmVirHid) -- C:\Windows\SysNative\drivers\WmVirHid.sys (Logitech Inc.)
DRV:64bit: - (WmFilter) -- C:\Windows\SysNative\drivers\WmFilter.sys (Logitech Inc.)
DRV:64bit: - (WmBEnum) -- C:\Windows\SysNative\drivers\WmBEnum.sys (Logitech Inc.)
DRV:64bit: - (adfs) -- C:\Windows\SysNative\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cnnb
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{1366F70F-D4B1-41A2-9C50-344E76EADE50}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE:64bit: - HKLM\..\SearchScopes\{2C7072CC-3B6A-4D18-856D-F60EF665414F}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
IE:64bit: - HKLM\..\SearchScopes\{3CA7DAB2-1C99-4C76-88C3-55972FB79B59}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cnnb
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{1366F70F-D4B1-41A2-9C50-344E76EADE50}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKLM\..\SearchScopes\{2C7072CC-3B6A-4D18-856D-F60EF665414F}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
IE - HKLM\..\SearchScopes\{3CA7DAB2-1C99-4C76-88C3-55972FB79B59}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-21-2782641458-2596408217-2259115555-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cnnb
IE - HKU\S-1-5-21-2782641458-2596408217-2259115555-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cnnb
IE - HKU\S-1-5-21-2782641458-2596408217-2259115555-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2782641458-2596408217-2259115555-1001\..\SearchScopes\{1366F70F-D4B1-41A2-9C50-344E76EADE50}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKU\S-1-5-21-2782641458-2596408217-2259115555-1001\..\SearchScopes\{2C7072CC-3B6A-4D18-856D-F60EF665414F}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
IE - HKU\S-1-5-21-2782641458-2596408217-2259115555-1001\..\SearchScopes\{3CA7DAB2-1C99-4C76-88C3-55972FB79B59}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE - HKU\S-1-5-21-2782641458-2596408217-2259115555-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: 4f807b3748d91@4f807b3748d92.info:1.0
FF - prefs.js..extensions.enabledAddons: de_DE@dicts.j3e.de:20120628
FF - prefs.js..extensions.enabledAddons: fb_add_on@avm.de:1.6.3
FF - prefs.js..extensions.enabledAddons: kosa@kallout.com:2.2.4
FF - prefs.js..extensions.enabledAddons: SkipScreen@SkipScreen:0.6.4
FF - prefs.js..extensions.enabledAddons: trackerblock@privacychoice.org:2.2
FF - prefs.js..extensions.enabledAddons: {1280606b-2510-4fe0-97ef-9b5a22eafe80}:0.9
FF - prefs.js..extensions.enabledAddons: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.2
FF - prefs.js..extensions.enabledAddons: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:2.0.7
FF - prefs.js..extensions.enabledAddons: {ab91efd4-6975-4081-8552-1b3922ed79e2}:1.0.15.0
FF - prefs.js..extensions.enabledAddons: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.10
FF - prefs.js..extensions.enabledAddons: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145
FF - prefs.js..extensions.enabledAddons: ich@maltegoetz.de:1.4.3
FF - prefs.js..extensions.enabledAddons: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.2.1
FF - prefs.js..extensions.enabledAddons: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:6.0
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}:6.0.33
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35
FF - prefs.js..extensions.enabledAddons: searchdictcc@roughael:3.4
FF - prefs.js..extensions.enabledItems: de_DE@dicts.j3e.de:20110321
FF - prefs.js..extensions.enabledItems: kosa@kallout.com:2.0.1.1
FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.12.2.44172
FF - prefs.js..extensions.enabledItems: SkipScreen@SkipScreen:0.5.21amo
FF - prefs.js..extensions.enabledItems: twitternotifier@naan.net:1.9.7.3
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0.2
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.1
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:5.0.1
FF - prefs.js..extensions.enabledItems: {d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}:2.0
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4
FF - prefs.js..extensions.enabledItems: verify-u@cybits.de:1.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: fb_add_on@avm.de:1.5.5
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1
FF - prefs.js..network.proxy.autoconfig_url: "file:///C:\\Users\\alx\\AppData\\Local\\Temp\\proxtube.pac"
FF - prefs.js..network.proxy.http: "199.195.109.23"
FF - prefs.js..network.proxy.http_port: 9090
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.0: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.1: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro PDF Reader 2\npnitromozilla.dll ( )
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.12.16 21:29:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla\Firefox\components [2012.09.07 17:43:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla\Firefox\plugins [2012.09.07 17:43:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla\Thunderbird\components [2012.06.18 00:40:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla\Thunderbird\plugins [2012.08.18 23:22:47 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla\Firefox\components [2012.09.07 17:43:44 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla\Firefox\plugins [2012.09.07 17:43:07 | 000,000,000 | ---D | M]
 
[2010.03.14 02:49:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\alx\AppData\Roaming\mozilla\Extensions
[2010.03.14 02:49:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\alx\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.09.24 14:21:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\alx\AppData\Roaming\mozilla\Firefox\Profiles\ck8le8cj.default\extensions
[2012.09.16 15:53:29 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\alx\AppData\Roaming\mozilla\Firefox\Profiles\ck8le8cj.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2012.03.18 12:32:02 | 000,000,000 | ---D | M] (HP Detect) -- C:\Users\alx\AppData\Roaming\mozilla\Firefox\Profiles\ck8le8cj.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}
[2012.04.09 11:29:28 | 000,000,000 | ---D | M] (Codecv) -- C:\Users\alx\AppData\Roaming\mozilla\Firefox\Profiles\ck8le8cj.default\extensions\4f807b3748d91@4f807b3748d92.info
[2012.06.29 16:54:49 | 000,000,000 | ---D | M] (Wörterbuch Deutsch (de-DE), Hunspell-unterstützt) -- C:\Users\alx\AppData\Roaming\mozilla\Firefox\Profiles\ck8le8cj.default\extensions\de_DE@dicts.j3e.de
[2012.05.15 14:18:54 | 000,000,000 | ---D | M] ("FRITZ!Box AddOn") -- C:\Users\alx\AppData\Roaming\mozilla\Firefox\Profiles\ck8le8cj.default\extensions\fb_add_on@avm.de
[2012.09.16 15:53:28 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\alx\AppData\Roaming\mozilla\Firefox\Profiles\ck8le8cj.default\extensions\ich@maltegoetz.de
[2012.08.07 17:18:11 | 000,221,273 | ---- | M] () (No name found) -- C:\Users\alx\AppData\Roaming\mozilla\firefox\profiles\ck8le8cj.default\extensions\kosa@kallout.com.xpi
[2012.09.24 14:21:13 | 000,037,531 | ---- | M] () (No name found) -- C:\Users\alx\AppData\Roaming\mozilla\firefox\profiles\ck8le8cj.default\extensions\searchdictcc@roughael.xpi
[2012.02.22 14:07:20 | 000,072,222 | ---- | M] () (No name found) -- C:\Users\alx\AppData\Roaming\mozilla\firefox\profiles\ck8le8cj.default\extensions\SkipScreen@SkipScreen.xpi
[2012.02.18 22:21:52 | 000,049,540 | ---- | M] () (No name found) -- C:\Users\alx\AppData\Roaming\mozilla\firefox\profiles\ck8le8cj.default\extensions\trackerblock@privacychoice.org.xpi
[2011.12.22 10:12:41 | 000,108,965 | ---- | M] () (No name found) -- C:\Users\alx\AppData\Roaming\mozilla\firefox\profiles\ck8le8cj.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe80}.xpi
[2011.07.21 22:52:17 | 000,164,858 | ---- | M] () (No name found) -- C:\Users\alx\AppData\Roaming\mozilla\firefox\profiles\ck8le8cj.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}.xpi
[2012.08.22 20:46:08 | 000,341,143 | ---- | M] () (No name found) -- C:\Users\alx\AppData\Roaming\mozilla\firefox\profiles\ck8le8cj.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi
[2012.07.25 10:14:55 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\alx\AppData\Roaming\mozilla\firefox\profiles\ck8le8cj.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011.10.30 01:10:24 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\alx\AppData\Roaming\mozilla\firefox\profiles\ck8le8cj.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
[2012.09.14 20:10:47 | 000,270,876 | ---- | M] () (No name found) -- C:\Users\alx\AppData\Roaming\mozilla\firefox\profiles\ck8le8cj.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2012.09.16 15:53:29 | 000,045,208 | ---- | M] () (No name found) -- C:\Users\alx\AppData\Roaming\mozilla\firefox\profiles\ck8le8cj.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}.xpi
[2012.03.14 09:20:13 | 000,002,321 | ---- | M] () -- C:\Users\alx\AppData\Roaming\mozilla\firefox\profiles\ck8le8cj.default\searchplugins\dictcc.xml
[2012.02.01 21:06:57 | 000,012,703 | ---- | M] () -- C:\Users\alx\AppData\Roaming\mozilla\firefox\profiles\ck8le8cj.default\searchplugins\imdb.xml
[2012.02.13 17:42:19 | 000,001,330 | ---- | M] () -- C:\Users\alx\AppData\Roaming\mozilla\firefox\profiles\ck8le8cj.default\searchplugins\wikipedia-en.xml
[2012.05.29 16:07:30 | 000,002,446 | ---- | M] () -- C:\Users\alx\AppData\Roaming\mozilla\firefox\profiles\ck8le8cj.default\searchplugins\wiktionary-de.xml
[2012.05.29 16:07:13 | 000,001,336 | ---- | M] () -- C:\Users\alx\AppData\Roaming\mozilla\firefox\profiles\ck8le8cj.default\searchplugins\wiktionary-en.xml
[2011.12.15 16:58:05 | 000,002,057 | ---- | M] () -- C:\Users\alx\AppData\Roaming\mozilla\firefox\profiles\ck8le8cj.default\searchplugins\youtube-videosuche.xml
[2011.12.16 21:29:57 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012.09.07 17:43:05 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES (X86)\MOZILLA\FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012.09.07 17:43:05 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES (X86)\MOZILLA\FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [SNM] C:\Program Files (x86)\SpyNoMore\SNM.exe /startup File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2782641458-2596408217-2259115555-1001..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner64.exe" /AUTO File not found
O4 - HKU\S-1-5-21-2782641458-2596408217-2259115555-1001..\Run: [Spotify Web Helper] C:\Users\alx\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\alx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopVideoPlayer.lnk =  File not found
O4 - Startup: C:\Users\alx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\alx\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O7 - HKU\S-1-5-21-2782641458-2596408217-2259115555-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O7 - HKU\S-1-5-21-2782641458-2596408217-2259115555-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKU\S-1-5-21-2782641458-2596408217-2259115555-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~4\OFFICE11\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~4\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2782641458-2596408217-2259115555-1001\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2782641458-2596408217-2259115555-1001\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2782641458-2596408217-2259115555-1001\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2782641458-2596408217-2259115555-1001\..Trusted Domains: sony.com ([]* in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F36DF460-6656-4356-AC69-8A37945ED217}: DhcpNameServer = 192.168.181.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FA92405A-2AA9-4546-964D-8016BF7078D0}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{43c59bd6-2c71-11e1-ad77-00269ea162a6}\Shell\AutoRun\command - "" = F:\fscommand\LS_Start_Launch.cmd
O33 - MountPoints2\{43c59bd6-2c71-11e1-ad77-00269ea162a6}\Shell\Launcher\command - "" = F:\fscommand\LS_Start_Launch.cmd
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs: ezSharedSvc - C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS)
 
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.)
MsConfig:64bit - StartUpFolder: C:^Users^alx^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^DesktopVideoPlayer.LNK -  - File not found
MsConfig:64bit - StartUpFolder: C:^Users^alx^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk - C:\Users\alx\AppData\Roaming\Dropbox\bin\Dropbox.exe - (Dropbox, Inc.)
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MsConfig:64bit - StartUpReg: Easybits Recovery - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: EvtMgr6 - hkey= - key= - C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
MsConfig:64bit - StartUpReg: HP Software Update - hkey= - key= - C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
MsConfig:64bit - StartUpReg: HPCam_Menu - hkey= - key= - c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
MsConfig:64bit - StartUpReg: LightScribe Control Panel - hkey= - key= - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: StartCCC - hkey= - key= - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: SysTrayApp - hkey= - key= - C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)
MsConfig:64bit - StartUpReg: UpdatePRCShortCut - hkey= - key= - C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
MsConfig:64bit - StartUpReg: WinampAgent - hkey= - key= - C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
MsConfig:64bit - StartUpReg: WirelessAssistant - hkey= - key= - C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "services" - Reg Error: Key error.
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MsMpSvc - c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: MsMpSvc - c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2} - C:\Program Files (x86)\PixiePack Codec Pack\InstallerHelper.exe
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: vidc.i420 - C:\Windows\SysWow64\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.VSPX - C:\Windows\SysWow64\vspxvfw.dll ()
Drivers32: vidc.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\SysWow64\yv12vfw.dll (www.helixcommunity.org)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.26 12:30:50 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\alx\Desktop\OTL.exe
[2012.09.16 18:13:28 | 000,029,712 | ---- | C] (Nitro PDF Software) -- C:\Windows\SysNative\nitrolocalmon2.dll
[2012.09.16 18:13:28 | 000,017,936 | ---- | C] (Nitro PDF Software) -- C:\Windows\SysNative\nitrolocalui2.dll
[2012.09.16 18:13:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nitro PDF
[2012.09.16 18:13:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nitro PDF Reader 2
[2012.09.16 18:13:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nitro PDF
[2012.09.16 16:01:31 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012.09.06 12:21:11 | 000,000,000 | ---D | C] -- C:\Users\alx\AppData\Roaming\Malwarebytes
[2012.09.06 12:20:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.09.06 11:54:43 | 000,000,000 | ---D | C] -- C:\Users\alx\AppData\Roaming\DriverCure
[2012.09.06 11:54:42 | 000,000,000 | ---D | C] -- C:\Users\alx\AppData\Roaming\SpeedyPC Software
[2012.09.06 11:54:21 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
[2012.09.04 16:41:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
[2012.09.04 14:57:18 | 000,000,000 | ---D | C] -- C:\Users\alx\Documents\Diablo III
[2012.09.04 12:15:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
[2012.09.04 12:15:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Diablo III
[2012.09.04 09:39:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.26 12:30:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\alx\Desktop\OTL.exe
[2012.09.26 10:24:06 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.09.26 08:52:03 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012.09.26 08:51:55 | 000,697,082 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.09.26 08:51:55 | 000,652,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.09.26 08:51:55 | 000,148,346 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.09.26 08:51:55 | 000,121,292 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.09.26 08:35:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.25 12:13:08 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.25 12:13:08 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.25 12:03:05 | 3218,235,392 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.16 19:37:33 | 000,000,744 | ---- | M] () -- C:\Users\alx\.recently-used.xbel
[2012.09.16 19:36:41 | 000,012,564 | ---- | M] () -- C:\Users\alx\Desktop\Gilwell Logo.png
[2012.09.16 16:27:58 | 001,619,988 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.09.13 01:52:54 | 000,029,712 | ---- | M] (Nitro PDF Software) -- C:\Windows\SysNative\nitrolocalmon2.dll
[2012.09.13 01:52:54 | 000,017,936 | ---- | M] (Nitro PDF Software) -- C:\Windows\SysNative\nitrolocalui2.dll
[2012.09.06 11:47:19 | 000,001,152 | ---- | M] () -- C:\Windows\SysWow64\windrv.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.09.16 19:37:33 | 000,000,744 | ---- | C] () -- C:\Users\alx\.recently-used.xbel
[2012.09.16 19:11:14 | 000,012,564 | ---- | C] () -- C:\Users\alx\Desktop\Gilwell Logo.png
[2012.09.16 18:13:22 | 000,002,507 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nitro Reader 2.lnk
[2012.09.06 11:47:19 | 000,001,152 | ---- | C] () -- C:\Windows\SysWow64\windrv.sys
[2012.07.10 20:48:37 | 000,009,064 | ---- | C] () -- C:\Users\alx\Neues Dokument 2.2012_07_10_20_48_37.0.svg
[2012.07.10 20:35:46 | 000,014,642 | ---- | C] () -- C:\Users\alx\Neues Dokument 2.2012_07_10_20_35_45.0.svg
[2012.07.01 22:00:07 | 000,000,021 | ---- | C] () -- C:\Windows\preview.ini
[2012.02.02 14:36:28 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2012.01.20 14:02:56 | 000,159,400 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011.07.31 18:43:28 | 000,000,020 | ---- | C] () -- C:\Windows\mafosav.INI
[2011.07.22 13:22:22 | 000,000,000 | ---- | C] () -- C:\Users\alx\support
[2011.01.12 21:11:41 | 000,000,118 | ---- | C] () -- C:\Windows\Podcasts.INI
[2011.01.12 12:09:19 | 000,023,761 | ---- | C] () -- C:\Windows\hpqins15.dat.temp
[2010.12.25 23:53:04 | 000,023,324 | ---- | C] () -- C:\Windows\hpqins15.dat
[2010.12.23 12:53:50 | 000,181,764 | ---- | C] () -- C:\Windows\hpoins28.dat
[2010.12.23 12:53:50 | 000,000,442 | ---- | C] () -- C:\Windows\hpomdl28.dat
[2010.11.03 11:04:28 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010.11.03 11:04:28 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010.03.26 18:43:22 | 000,000,000 | ---- | C] () -- C:\Users\alx\AppData\Roaming\wklnhst.dat
[2010.03.26 18:41:04 | 000,006,144 | ---- | C] () -- C:\Users\alx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.03.21 12:44:56 | 000,020,143 | ---- | C] () -- C:\Users\alx\AppData\Roaming\UserTile.png
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.09.04 09:38:17 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\.minecraft
[2012.04.21 18:23:02 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\Amazon
[2012.08.06 21:02:31 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\Artisteer
[2012.09.16 18:09:44 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\Downloaded Installations
[2012.09.06 11:54:43 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\DriverCure
[2012.09.25 12:05:31 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\Dropbox
[2012.05.04 12:02:58 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\FILEminimizerPictures
[2010.07.30 19:40:52 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\FreeVideoConverter
[2011.03.10 12:16:18 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\FRITZ!
[2011.12.23 15:36:26 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\Hitachigst
[2010.09.30 17:41:01 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\inkscape
[2010.03.15 16:11:04 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\Leadertech
[2012.08.28 22:37:01 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\Mp3tag
[2012.09.16 18:08:47 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\Nitro PDF
[2011.03.04 21:28:25 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\Notepad++
[2010.09.03 20:21:20 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\Registry Mechanic
[2012.07.04 12:45:15 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\RotMG.Production
[2012.09.06 11:54:42 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\SpeedyPC Software
[2012.09.18 22:18:16 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\Spotify
[2010.03.14 02:49:37 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\Thunderbird
[2012.09.26 13:40:24 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\uTorrent
[2010.04.01 16:35:30 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\Windows Live Writer
[2010.03.05 13:04:29 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\_MDLogs
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.09.04 09:38:17 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\.minecraft
[2011.02.16 16:22:55 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\Adobe
[2012.04.21 18:23:02 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\Amazon
[2012.08.06 21:02:30 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\Apple Computer
[2012.08.06 21:02:31 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\Artisteer
[2010.03.05 12:55:59 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\ATI
[2012.03.19 14:55:03 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\Avira
[2010.05.17 13:54:28 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\CyberLink
[2010.10.13 15:53:15 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\DivX
[2012.09.16 18:09:44 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\Downloaded Installations
[2012.09.06 11:54:43 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\DriverCure
[2012.09.25 12:05:31 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\Dropbox
[2012.05.04 12:02:58 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\FILEminimizerPictures
[2010.07.30 19:40:52 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\FreeVideoConverter
[2011.03.10 12:16:18 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\FRITZ!
[2010.03.13 23:20:54 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\hewlett-packard
[2011.12.23 15:36:26 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\Hitachigst
[2010.12.23 13:09:23 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\HP
[2010.03.17 14:43:23 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\HP Support Assistant
[2010.03.05 11:50:41 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\HP TCS
[2010.05.05 15:57:44 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\hpqlog
[2012.07.09 18:00:25 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\HpUpdate
[2010.03.05 12:55:27 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\Identities
[2010.09.30 17:41:01 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\inkscape
[2010.03.15 16:11:04 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\Leadertech
[2010.03.15 16:08:07 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\Logishrd
[2010.03.15 16:11:40 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\Logitech
[2010.03.05 12:57:53 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\Macromedia
[2012.09.06 12:21:11 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\Malwarebytes
[2009.11.24 11:11:53 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\Media Center Programs
[2011.02.16 16:22:55 | 000,000,000 | --SD | M] -- C:\Users\alx\AppData\Roaming\Microsoft
[2010.03.05 14:19:29 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\Mozilla
[2012.08.28 22:37:01 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\Mp3tag
[2012.02.04 16:27:00 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\NCH Software
[2012.09.16 18:08:47 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\Nitro PDF
[2011.03.04 21:28:25 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\Notepad++
[2010.09.03 20:21:20 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\Registry Mechanic
[2012.07.04 12:45:15 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\RotMG.Production
[2012.08.24 08:01:27 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\Skype
[2012.09.06 11:54:42 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\SpeedyPC Software
[2012.09.18 22:18:16 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\Spotify
[2010.03.14 02:49:37 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\Thunderbird
[2012.09.26 13:40:24 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\uTorrent
[2012.09.26 10:34:20 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\vlc
[2011.09.28 01:51:11 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\Winamp
[2010.04.01 16:35:30 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\Windows Live Writer
[2010.10.20 17:11:15 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\WinRAR
[2010.03.05 13:04:29 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\_MDLogs
 
< %APPDATA%\*.exe /s >
[2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\alx\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2012.05.24 20:39:24 | 000,872,144 | ---- | M] (Dropbox, Inc.) -- C:\Users\alx\AppData\Roaming\Dropbox\bin\DropboxUpdateHelper.exe
[2012.05.24 20:39:56 | 000,177,280 | ---- | M] (Dropbox, Inc.) -- C:\Users\alx\AppData\Roaming\Dropbox\bin\Uninstall.exe
[2011.02.16 16:28:19 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\alx\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2010.03.15 16:11:02 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Users\alx\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
[2011.02.16 15:24:43 | 000,010,134 | R--- | M] () -- C:\Users\alx\AppData\Roaming\Microsoft\Installer\{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}\ARPPRODUCTICON.exe
[2011.10.28 16:34:06 | 000,018,488 | ---- | M] (Hewlett-Packard Company) -- C:\Users\alx\AppData\Roaming\Mozilla\Firefox\Profiles\ck8le8cj.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\Setup.exe
[2008.02.13 09:07:36 | 000,393,216 | ---- | M] () -- C:\Users\alx\AppData\Roaming\NCH Software\Components\aacenc3\aacenc3.exe
[2007.11.27 09:41:32 | 000,405,504 | ---- | M] () -- C:\Users\alx\AppData\Roaming\NCH Software\Components\mp3el2\lame.exe
[2012.01.25 16:46:26 | 001,465,393 | ---- | M] () -- C:\Users\alx\AppData\Roaming\NCH Software\Components\x264enc2\x264enc2.exe
[2012.08.22 14:15:11 | 005,576,408 | ---- | M] (Spotify Ltd) -- C:\Users\alx\AppData\Roaming\Spotify\spotify.exe
[2012.08.22 14:14:59 | 000,114,904 | ---- | M] () -- C:\Users\alx\AppData\Roaming\Spotify\SpotifyLauncher.exe
[2012.08.22 14:14:58 | 001,193,176 | ---- | M] () -- C:\Users\alx\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2009.12.20 01:00:00 | 000,037,520 | ---- | M] (perl.org) MD5=2852D57385C4709EAAE2F9DB01AD3672 -- C:\xampp\perl\site\lib\auto\Win32\EventLog\EventLog.dll
[2007.05.17 21:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files (x86)\CyberLink\PowerDirector\EventLog.dll
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.07.14 03:15:21 | 000,462,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\FirewallAPI.dll
 
<          >
[2009.07.14 07:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009.07.14 07:08:49 | 000,032,640 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.03.05 12:55:16 | 000,000,326 | ---- | C] () -- C:\Windows\Tasks\HPCeeScheduleForalx.job
[2010.03.26 01:46:11 | 000,001,100 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2010.03.26 01:46:12 | 000,001,104 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2010.08.30 21:44:34 | 000,000,262 | ---- | C] () -- C:\Windows\Tasks\RMSchedule.job
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:364682BC
@Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:D1B5B4F1

< End of report >

cosinus 26.09.2012 16:39
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)


Code:
:OTL
FF - user.js - File not found
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cnnb
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{1366F70F-D4B1-41A2-9C50-344E76EADE50}: "URL" = http://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE:64bit: - HKLM\..\SearchScopes\{2C7072CC-3B6A-4D18-856D-F60EF665414F}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
IE:64bit: - HKLM\..\SearchScopes\{3CA7DAB2-1C99-4C76-88C3-55972FB79B59}: "URL" = http://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cnnb
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{1366F70F-D4B1-41A2-9C50-344E76EADE50}: "URL" = http://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKLM\..\SearchScopes\{2C7072CC-3B6A-4D18-856D-F60EF665414F}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
IE - HKLM\..\SearchScopes\{3CA7DAB2-1C99-4C76-88C3-55972FB79B59}: "URL" = http://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE - HKU\S-1-5-21-2782641458-2596408217-2259115555-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cnnb
IE - HKU\S-1-5-21-2782641458-2596408217-2259115555-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cnnb
IE - HKU\S-1-5-21-2782641458-2596408217-2259115555-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2782641458-2596408217-2259115555-1001\..\SearchScopes\{1366F70F-D4B1-41A2-9C50-344E76EADE50}: "URL" = http://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKU\S-1-5-21-2782641458-2596408217-2259115555-1001\..\SearchScopes\{2C7072CC-3B6A-4D18-856D-F60EF665414F}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
IE - HKU\S-1-5-21-2782641458-2596408217-2259115555-1001\..\SearchScopes\{3CA7DAB2-1C99-4C76-88C3-55972FB79B59}: "URL" = http://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
O4 - HKLM..\Run: []  File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\alx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopVideoPlayer.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O7 - HKU\S-1-5-21-2782641458-2596408217-2259115555-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O7 - HKU\S-1-5-21-2782641458-2596408217-2259115555-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKU\S-1-5-21-2782641458-2596408217-2259115555-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{43c59bd6-2c71-11e1-ad77-00269ea162a6}\Shell\AutoRun\command - "" = F:\fscommand\LS_Start_Launch.cmd
O33 - MountPoints2\{43c59bd6-2c71-11e1-ad77-00269ea162a6}\Shell\Launcher\command - "" = F:\fscommand\LS_Start_Launch.cmd
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:364682BC
@Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:D1B5B4F1
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Homunkoloss 26.09.2012 20:57
Code:
All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1366F70F-D4B1-41A2-9C50-344E76EADE50}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1366F70F-D4B1-41A2-9C50-344E76EADE50}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2C7072CC-3B6A-4D18-856D-F60EF665414F}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2C7072CC-3B6A-4D18-856D-F60EF665414F}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3CA7DAB2-1C99-4C76-88C3-55972FB79B59}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA7DAB2-1C99-4C76-88C3-55972FB79B59}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1366F70F-D4B1-41A2-9C50-344E76EADE50}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1366F70F-D4B1-41A2-9C50-344E76EADE50}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2C7072CC-3B6A-4D18-856D-F60EF665414F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2C7072CC-3B6A-4D18-856D-F60EF665414F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3CA7DAB2-1C99-4C76-88C3-55972FB79B59}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA7DAB2-1C99-4C76-88C3-55972FB79B59}\ not found.
HKU\S-1-5-21-2782641458-2596408217-2259115555-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKU\S-1-5-21-2782641458-2596408217-2259115555-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_USERS\S-1-5-21-2782641458-2596408217-2259115555-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-2782641458-2596408217-2259115555-1001\Software\Microsoft\Internet Explorer\SearchScopes\{1366F70F-D4B1-41A2-9C50-344E76EADE50}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1366F70F-D4B1-41A2-9C50-344E76EADE50}\ not found.
Registry key HKEY_USERS\S-1-5-21-2782641458-2596408217-2259115555-1001\Software\Microsoft\Internet Explorer\SearchScopes\{2C7072CC-3B6A-4D18-856D-F60EF665414F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2C7072CC-3B6A-4D18-856D-F60EF665414F}\ not found.
Registry key HKEY_USERS\S-1-5-21-2782641458-2596408217-2259115555-1001\Software\Microsoft\Internet Explorer\SearchScopes\{3CA7DAB2-1C99-4C76-88C3-55972FB79B59}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA7DAB2-1C99-4C76-88C3-55972FB79B59}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
C:\Users\alx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopVideoPlayer.lnk moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideFastUserSwitching deleted successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\WallpaperStyle deleted successfully.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\WallpaperStyle not found.
Registry value HKEY_USERS\S-1-5-21-2782641458-2596408217-2259115555-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\WallpaperStyle deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2782641458-2596408217-2259115555-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableLockWorkstation deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2782641458-2596408217-2259115555-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableChangePassword deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{43c59bd6-2c71-11e1-ad77-00269ea162a6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{43c59bd6-2c71-11e1-ad77-00269ea162a6}\ not found.
File F:\fscommand\LS_Start_Launch.cmd not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{43c59bd6-2c71-11e1-ad77-00269ea162a6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{43c59bd6-2c71-11e1-ad77-00269ea162a6}\ not found.
File F:\fscommand\LS_Start_Launch.cmd not found.
ADS C:\ProgramData\Temp:364682BC deleted successfully.
ADS C:\ProgramData\Temp:D1B5B4F1 deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\alx\Desktop\cmd.bat deleted successfully.
C:\Users\alx\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: alx
->Temp folder emptied: 47522917 bytes
->Temporary Internet Files folder emptied: 305299691 bytes
->Java cache emptied: 12380251 bytes
->FireFox cache emptied: 482336374 bytes
->Flash cache emptied: 123384 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56502 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 561679995 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50233 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 668 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 1.344,00 mb
 
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
Error: Unble to create default HOSTS file!
 
OTL by OldTimer - Version 3.2.68.0 log created on 09262012_210500

Files\Folders moved on Reboot...
C:\Users\alx\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

cosinus 27.09.2012 15:42
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtg4nzy0ywy5/settings_2012-09-04.png

Homunkoloss 27.09.2012 18:07
Code:
19:05:14.0484 5432  TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
19:05:14.0654 5432  ============================================================
19:05:14.0654 5432  Current date / time: 2012/09/27 19:05:14.0654
19:05:14.0654 5432  SystemInfo:
19:05:14.0654 5432 
19:05:14.0654 5432  OS Version: 6.1.7601 ServicePack: 1.0
19:05:14.0654 5432  Product type: Workstation
19:05:14.0654 5432  ComputerName: ALX
19:05:14.0654 5432  UserName: alx
19:05:14.0654 5432  Windows directory: C:\Windows
19:05:14.0654 5432  System windows directory: C:\Windows
19:05:14.0654 5432  Running under WOW64
19:05:14.0654 5432  Processor architecture: Intel x64
19:05:14.0654 5432  Number of processors: 2
19:05:14.0654 5432  Page size: 0x1000
19:05:14.0654 5432  Boot type: Normal boot
19:05:14.0654 5432  ============================================================
19:05:16.0840 5432  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:05:16.0840 5432  ============================================================
19:05:16.0840 5432  \Device\Harddisk0\DR0:
19:05:16.0840 5432  MBR partitions:
19:05:16.0840 5432  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
19:05:16.0840 5432  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x23921000
19:05:16.0840 5432  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x23985000, BlocksNum 0x1A75800
19:05:16.0840 5432  \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x253FA800, BlocksNum 0x33AB0
19:05:16.0840 5432  ============================================================
19:05:16.0880 5432  C: <-> \Device\Harddisk0\DR0\Partition2
19:05:16.0910 5432  D: <-> \Device\Harddisk0\DR0\Partition3
19:05:16.0910 5432  ============================================================
19:05:16.0910 5432  Initialize success
19:05:16.0910 5432  ============================================================
19:05:44.0280 4328  ============================================================
19:05:44.0280 4328  Scan started
19:05:44.0280 4328  Mode: Manual; SigCheck; TDLFS;
19:05:44.0280 4328  ============================================================
19:05:44.0560 4328  ================ Scan system memory ========================
19:05:44.0560 4328  System memory - ok
19:05:44.0560 4328  ================ Scan services =============================
19:05:44.0700 4328  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
19:05:44.0800 4328  1394ohci - ok
19:05:44.0830 4328  [ 5C368F4B04ED2A923E6AFCA2D37BAFF5 ] Accelerometer  C:\Windows\system32\DRIVERS\Accelerometer.sys
19:05:44.0870 4328  Accelerometer - ok
19:05:44.0890 4328  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
19:05:44.0910 4328  ACPI - ok
19:05:44.0930 4328  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi        C:\Windows\system32\drivers\acpipmi.sys
19:05:44.0990 4328  AcpiPmi - ok
19:05:45.0030 4328  [ 2F0683FD2DF1D92E891CACA14B45A8C1 ] adfs            C:\Windows\system32\drivers\adfs.sys
19:05:45.0040 4328  adfs - ok
19:05:45.0190 4328  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:05:45.0230 4328  AdobeARMservice - ok
19:05:45.0272 4328  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx        C:\Windows\system32\DRIVERS\adp94xx.sys
19:05:45.0302 4328  adp94xx - ok
19:05:45.0332 4328  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci        C:\Windows\system32\DRIVERS\adpahci.sys
19:05:45.0352 4328  adpahci - ok
19:05:45.0372 4328  [ E109549C90F62FB570B9540C4B148E54 ] adpu320        C:\Windows\system32\DRIVERS\adpu320.sys
19:05:45.0382 4328  adpu320 - ok
19:05:45.0412 4328  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc    C:\Windows\System32\aelupsvc.dll
19:05:45.0542 4328  AeLookupSvc - ok
19:05:45.0622 4328  [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
19:05:45.0672 4328  AESTFilters - ok
19:05:45.0722 4328  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD            C:\Windows\system32\drivers\afd.sys
19:05:45.0772 4328  AFD - ok
19:05:45.0832 4328  [ 98022774D9930ECBB292E70DB7601DF6 ] AgereSoftModem  C:\Windows\system32\DRIVERS\agrsm64.sys
19:05:45.0902 4328  AgereSoftModem - ok
19:05:45.0952 4328  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
19:05:45.0962 4328  agp440 - ok
19:05:45.0992 4328  [ 3290D6946B5E30E70414990574883DDB ] ALG            C:\Windows\System32\alg.exe
19:05:46.0032 4328  ALG - ok
19:05:46.0062 4328  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
19:05:46.0072 4328  aliide - ok
19:05:46.0122 4328  [ D0D8877969011D1B0ED9C3C55A9A9108 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
19:05:46.0172 4328  AMD External Events Utility - ok
19:05:46.0192 4328  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
19:05:46.0202 4328  amdide - ok
19:05:46.0242 4328  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8          C:\Windows\system32\DRIVERS\amdk8.sys
19:05:46.0272 4328  AmdK8 - ok
19:05:46.0292 4328  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
19:05:46.0312 4328  AmdPPM - ok
19:05:46.0342 4328  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata        C:\Windows\system32\drivers\amdsata.sys
19:05:46.0352 4328  amdsata - ok
19:05:46.0382 4328  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
19:05:46.0402 4328  amdsbs - ok
19:05:46.0412 4328  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata        C:\Windows\system32\drivers\amdxata.sys
19:05:46.0432 4328  amdxata - ok
19:05:46.0552 4328  [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
19:05:46.0592 4328  AntiVirSchedulerService - ok
19:05:46.0612 4328  [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
19:05:46.0622 4328  AntiVirService - ok
19:05:46.0672 4328  [ 89A69C3F2F319B43379399547526D952 ] AppID          C:\Windows\system32\drivers\appid.sys
19:05:46.0792 4328  AppID - ok
19:05:46.0822 4328  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
19:05:46.0872 4328  AppIDSvc - ok
19:05:46.0912 4328  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo        C:\Windows\System32\appinfo.dll
19:05:46.0962 4328  Appinfo - ok
19:05:47.0002 4328  [ C484F8CEB1717C540242531DB7845C4E ] arc            C:\Windows\system32\DRIVERS\arc.sys
19:05:47.0012 4328  arc - ok
19:05:47.0022 4328  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
19:05:47.0042 4328  arcsas - ok
19:05:47.0132 4328  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
19:05:47.0142 4328  aspnet_state - ok
19:05:47.0182 4328  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
19:05:47.0232 4328  AsyncMac - ok
19:05:47.0252 4328  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi          C:\Windows\system32\drivers\atapi.sys
19:05:47.0272 4328  atapi - ok
19:05:47.0392 4328  [ B4421D8CDADC441F76BA39532A3E3414 ] athr            C:\Windows\system32\DRIVERS\athrx.sys
19:05:47.0492 4328  athr - ok
19:05:47.0552 4328  [ 38467FF83C2B4265D51F418812A91E3C ] AtiHdmiService  C:\Windows\system32\drivers\AtiHdmi.sys
19:05:47.0562 4328  AtiHdmiService - ok
19:05:47.0692 4328  [ C5758BF1DFD762A5B17041FF061B7750 ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
19:05:47.0822 4328  atikmdag - ok
19:05:47.0862 4328  [ 7C5D273E29DCC5505469B299C6F29163 ] AtiPcie        C:\Windows\system32\DRIVERS\AtiPcie.sys
19:05:47.0882 4328  AtiPcie - ok
19:05:47.0912 4328  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:05:47.0972 4328  AudioEndpointBuilder - ok
19:05:47.0982 4328  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
19:05:48.0032 4328  AudioSrv - ok
19:05:48.0102 4328  [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
19:05:48.0132 4328  avgntflt - ok
19:05:48.0142 4328  [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
19:05:48.0162 4328  avipbb - ok
19:05:48.0172 4328  [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
19:05:48.0182 4328  avkmgr - ok
19:05:48.0212 4328  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
19:05:48.0272 4328  AxInstSV - ok
19:05:48.0312 4328  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv        C:\Windows\system32\DRIVERS\bxvbda.sys
19:05:48.0442 4328  b06bdrv - ok
19:05:48.0612 4328  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
19:05:48.0652 4328  b57nd60a - ok
19:05:48.0702 4328  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
19:05:48.0732 4328  BDESVC - ok
19:05:48.0752 4328  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
19:05:48.0802 4328  Beep - ok
19:05:48.0842 4328  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE            C:\Windows\System32\bfe.dll
19:05:48.0892 4328  BFE - ok
19:05:48.0922 4328  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
19:05:48.0982 4328  BITS - ok
19:05:49.0002 4328  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
19:05:49.0032 4328  blbdrive - ok
19:05:49.0052 4328  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
19:05:49.0082 4328  bowser - ok
19:05:49.0132 4328  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:05:49.0162 4328  BrFiltLo - ok
19:05:49.0172 4328  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:05:49.0202 4328  BrFiltUp - ok
19:05:49.0242 4328  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser        C:\Windows\System32\browser.dll
19:05:49.0312 4328  Browser - ok
19:05:49.0352 4328  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid        C:\Windows\System32\Drivers\Brserid.sys
19:05:49.0382 4328  Brserid - ok
19:05:49.0402 4328  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
19:05:49.0432 4328  BrSerWdm - ok
19:05:49.0442 4328  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
19:05:49.0472 4328  BrUsbMdm - ok
19:05:49.0482 4328  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
19:05:49.0502 4328  BrUsbSer - ok
19:05:49.0542 4328  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
19:05:49.0572 4328  BTHMODEM - ok
19:05:49.0612 4328  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv        C:\Windows\system32\bthserv.dll
19:05:49.0652 4328  bthserv - ok
19:05:49.0682 4328  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
19:05:49.0732 4328  cdfs - ok
19:05:49.0762 4328  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom          C:\Windows\system32\DRIVERS\cdrom.sys
19:05:49.0792 4328  cdrom - ok
19:05:49.0822 4328  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc    C:\Windows\System32\certprop.dll
19:05:49.0872 4328  CertPropSvc - ok
19:05:49.0912 4328  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
19:05:49.0922 4328  circlass - ok
19:05:49.0962 4328  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
19:05:49.0982 4328  CLFS - ok
19:05:50.0042 4328  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:05:50.0102 4328  clr_optimization_v2.0.50727_32 - ok
19:05:50.0152 4328  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:05:50.0172 4328  clr_optimization_v2.0.50727_64 - ok
19:05:50.0232 4328  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:05:50.0262 4328  clr_optimization_v4.0.30319_32 - ok
19:05:50.0272 4328  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:05:50.0292 4328  clr_optimization_v4.0.30319_64 - ok
19:05:50.0312 4328  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
19:05:50.0342 4328  CmBatt - ok
19:05:50.0372 4328  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
19:05:50.0382 4328  cmdide - ok
19:05:50.0432 4328  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG            C:\Windows\system32\Drivers\cng.sys
19:05:50.0474 4328  CNG - ok
19:05:50.0564 4328  [ F9A79C5B27037821112C50A9C8FB367A ] Com4QLBEx      C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
19:05:50.0574 4328  Com4QLBEx - ok
19:05:50.0584 4328  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
19:05:50.0594 4328  Compbatt - ok
19:05:50.0624 4328  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
19:05:50.0654 4328  CompositeBus - ok
19:05:50.0664 4328  COMSysApp - ok
19:05:50.0694 4328  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk        C:\Windows\system32\DRIVERS\crcdisk.sys
19:05:50.0714 4328  crcdisk - ok
19:05:50.0774 4328  [ 4F5414602E2544A4554D95517948B705 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
19:05:50.0824 4328  CryptSvc - ok
19:05:50.0874 4328  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
19:05:50.0934 4328  DcomLaunch - ok
19:05:50.0964 4328  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc      C:\Windows\System32\defragsvc.dll
19:05:51.0024 4328  defragsvc - ok
19:05:51.0054 4328  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
19:05:51.0104 4328  DfsC - ok
19:05:51.0124 4328  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
19:05:51.0194 4328  Dhcp - ok
19:05:51.0224 4328  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
19:05:51.0264 4328  discache - ok
19:05:51.0294 4328  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
19:05:51.0304 4328  Disk - ok
19:05:51.0334 4328  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
19:05:51.0364 4328  Dnscache - ok
19:05:51.0394 4328  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc        C:\Windows\System32\dot3svc.dll
19:05:51.0454 4328  dot3svc - ok
19:05:51.0494 4328  [ B42ED0320C6E41102FDE0005154849BB ] Dot4            C:\Windows\system32\DRIVERS\Dot4.sys
19:05:51.0524 4328  Dot4 - ok
19:05:51.0564 4328  [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print      C:\Windows\system32\DRIVERS\Dot4Prt.sys
19:05:51.0584 4328  Dot4Print - ok
19:05:51.0594 4328  [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb        C:\Windows\system32\DRIVERS\dot4usb.sys
19:05:51.0614 4328  dot4usb - ok
19:05:51.0644 4328  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS            C:\Windows\system32\dps.dll
19:05:51.0694 4328  DPS - ok
19:05:51.0724 4328  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud        C:\Windows\system32\drivers\drmkaud.sys
19:05:51.0754 4328  drmkaud - ok
19:05:51.0794 4328  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl        C:\Windows\System32\drivers\dxgkrnl.sys
19:05:51.0824 4328  DXGKrnl - ok
19:05:51.0864 4328  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost        C:\Windows\System32\eapsvc.dll
19:05:51.0914 4328  EapHost - ok
19:05:52.0024 4328  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv          C:\Windows\system32\DRIVERS\evbda.sys
19:05:52.0104 4328  ebdrv - ok
19:05:52.0144 4328  [ C118A82CD78818C29AB228366EBF81C3 ] EFS            C:\Windows\System32\lsass.exe
19:05:52.0204 4328  EFS - ok
19:05:52.0254 4328  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor        C:\Windows\system32\DRIVERS\elxstor.sys
19:05:52.0274 4328  elxstor - ok
19:05:52.0304 4328  [ 524C79054636D2E5751169005006460B ] enecir          C:\Windows\system32\DRIVERS\enecir.sys
19:05:52.0334 4328  enecir - ok
19:05:52.0374 4328  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
19:05:52.0424 4328  ErrDev - ok
19:05:52.0474 4328  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem    C:\Windows\system32\es.dll
19:05:52.0534 4328  EventSystem - ok
19:05:52.0564 4328  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat          C:\Windows\system32\drivers\exfat.sys
19:05:52.0624 4328  exfat - ok
19:05:52.0654 4328  ezSharedSvc - ok
19:05:52.0674 4328  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat        C:\Windows\system32\drivers\fastfat.sys
19:05:52.0724 4328  fastfat - ok
19:05:52.0774 4328  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax            C:\Windows\system32\fxssvc.exe
19:05:52.0824 4328  Fax - ok
19:05:52.0844 4328  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc            C:\Windows\system32\DRIVERS\fdc.sys
19:05:52.0854 4328  fdc - ok
19:05:52.0884 4328  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost        C:\Windows\system32\fdPHost.dll
19:05:52.0944 4328  fdPHost - ok
19:05:52.0964 4328  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
19:05:53.0004 4328  FDResPub - ok
19:05:53.0024 4328  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
19:05:53.0044 4328  FileInfo - ok
19:05:53.0054 4328  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace      C:\Windows\system32\drivers\filetrace.sys
19:05:53.0104 4328  Filetrace - ok
19:05:53.0124 4328  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
19:05:53.0134 4328  flpydisk - ok
19:05:53.0174 4328  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
19:05:53.0194 4328  FltMgr - ok
19:05:53.0244 4328  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache      C:\Windows\system32\FntCache.dll
19:05:53.0294 4328  FontCache - ok
19:05:53.0344 4328  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:05:53.0364 4328  FontCache3.0.0.0 - ok
19:05:53.0394 4328  [ D43703496149971890703B4B1B723EAC ] FsDepends      C:\Windows\system32\drivers\FsDepends.sys
19:05:53.0404 4328  FsDepends - ok
19:05:53.0444 4328  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
19:05:53.0454 4328  Fs_Rec - ok
19:05:53.0514 4328  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
19:05:53.0534 4328  fvevol - ok
19:05:53.0584 4328  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
19:05:53.0594 4328  gagp30kx - ok
19:05:53.0634 4328  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc          C:\Windows\System32\gpsvc.dll
19:05:53.0694 4328  gpsvc - ok
19:05:53.0734 4328  [ 2ED7FF3E1ADA4092632393781518B3A7 ] grmnusb        C:\Windows\system32\drivers\grmnusb.sys
19:05:53.0764 4328  grmnusb - ok
19:05:53.0824 4328  [ F02A533F517EB38333CB12A9E8963773 ] gupdate        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:05:53.0844 4328  gupdate - ok
19:05:53.0864 4328  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:05:53.0874 4328  gupdatem - ok
19:05:53.0894 4328  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
19:05:53.0924 4328  hcw85cir - ok
19:05:53.0964 4328  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:05:53.0994 4328  HdAudAddService - ok
19:05:54.0024 4328  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
19:05:54.0054 4328  HDAudBus - ok
19:05:54.0054 4328  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt        C:\Windows\system32\DRIVERS\HidBatt.sys
19:05:54.0084 4328  HidBatt - ok
19:05:54.0104 4328  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
19:05:54.0144 4328  HidBth - ok
19:05:54.0184 4328  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr          C:\Windows\system32\DRIVERS\hidir.sys
19:05:54.0214 4328  HidIr - ok
19:05:54.0234 4328  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv        C:\Windows\system32\hidserv.dll
19:05:54.0284 4328  hidserv - ok
19:05:54.0314 4328  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
19:05:54.0324 4328  HidUsb - ok
19:05:54.0344 4328  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
19:05:54.0394 4328  hkmsvc - ok
19:05:54.0424 4328  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:05:54.0454 4328  HomeGroupListener - ok
19:05:54.0484 4328  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:05:54.0514 4328  HomeGroupProvider - ok
19:05:54.0544 4328  [ 0141816A095A3F5A83FFA5B4A47B8023 ] HP Health Check Service C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
19:05:54.0574 4328  HP Health Check Service ( UnsignedFile.Multi.Generic ) - warning
19:05:54.0574 4328  HP Health Check Service - detected UnsignedFile.Multi.Generic (1)
19:05:54.0604 4328  [ 4E0BEC0F78096FFD6D3314B497FC49D3 ] hpdskflt        C:\Windows\system32\DRIVERS\hpdskflt.sys
19:05:54.0614 4328  hpdskflt - ok
19:05:54.0714 4328  [ 1DAE5C46D42B02A6D5862E1482EFB390 ] hpqcxs08        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
19:05:54.0744 4328  hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
19:05:54.0744 4328  hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
19:05:54.0794 4328  [ 99E8EEF42FE2F4AF29B08C3355DD7685 ] hpqddsvc        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
19:05:54.0814 4328  hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
19:05:54.0814 4328  hpqddsvc - detected UnsignedFile.Multi.Generic (1)
19:05:54.0844 4328  [ 9AF482D058BE59CC28BCE52E7C4B747C ] HpqKbFiltr      C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
19:05:54.0874 4328  HpqKbFiltr - ok
19:05:54.0944 4328  [ FDF273A845F1FFCCEADF363AAF47582F ] hpqwmiex        C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
19:05:54.0974 4328  hpqwmiex - ok
19:05:55.0004 4328  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
19:05:55.0014 4328  HpSAMD - ok
19:05:55.0034 4328  [ FC7C13B5A9E9BE23B7AE72BBC7FDB278 ] hpsrv          C:\Windows\system32\Hpservice.exe
19:05:55.0044 4328  hpsrv - ok
19:05:55.0074 4328  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
19:05:55.0134 4328  HTTP - ok
19:05:55.0164 4328  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
19:05:55.0174 4328  hwpolicy - ok
19:05:55.0214 4328  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
19:05:55.0224 4328  i8042prt - ok
19:05:55.0264 4328  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV        C:\Windows\system32\drivers\iaStorV.sys
19:05:55.0294 4328  iaStorV - ok
19:05:55.0354 4328  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc          C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:05:55.0424 4328  idsvc - ok
19:05:55.0584 4328  [ A87261EF1546325B559374F5689CF5BC ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
19:05:55.0757 4328  igfx - ok
19:05:55.0787 4328  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp          C:\Windows\system32\DRIVERS\iirsp.sys
19:05:55.0801 4328  iirsp - ok
19:05:55.0836 4328  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
19:05:55.0906 4328  IKEEXT - ok
19:05:55.0916 4328  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
19:05:55.0936 4328  intelide - ok
19:05:55.0968 4328  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
19:05:55.0984 4328  intelppm - ok
19:05:56.0008 4328  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum      C:\Windows\system32\ipbusenum.dll
19:05:56.0058 4328  IPBusEnum - ok
19:05:56.0078 4328  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:05:56.0169 4328  IpFilterDriver - ok
19:05:56.0189 4328  [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
19:05:56.0230 4328  iphlpsvc - ok
19:05:56.0260 4328  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV        C:\Windows\system32\drivers\IPMIDrv.sys
19:05:56.0300 4328  IPMIDRV - ok
19:05:56.0330 4328  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT          C:\Windows\system32\drivers\ipnat.sys
19:05:56.0390 4328  IPNAT - ok
19:05:56.0410 4328  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
19:05:56.0440 4328  IRENUM - ok
19:05:56.0450 4328  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
19:05:56.0460 4328  isapnp - ok
19:05:56.0500 4328  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
19:05:56.0510 4328  iScsiPrt - ok
19:05:56.0560 4328  [ F8844B00C10E386C704C610E95A9847D ] JMCR            C:\Windows\system32\DRIVERS\jmcr.sys
19:05:56.0630 4328  JMCR - ok
19:05:56.0650 4328  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
19:05:56.0670 4328  kbdclass - ok
19:05:56.0690 4328  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
19:05:56.0710 4328  kbdhid - ok
19:05:56.0720 4328  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
19:05:56.0740 4328  KeyIso - ok
19:05:56.0780 4328  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
19:05:56.0810 4328  KSecDD - ok
19:05:56.0850 4328  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg        C:\Windows\system32\Drivers\ksecpkg.sys
19:05:56.0870 4328  KSecPkg - ok
19:05:56.0890 4328  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk        C:\Windows\system32\drivers\ksthunk.sys
19:05:56.0940 4328  ksthunk - ok
19:05:56.0970 4328  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm          C:\Windows\system32\msdtckrm.dll
19:05:57.0020 4328  KtmRm - ok
19:05:57.0050 4328  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
19:05:57.0090 4328  LanmanServer - ok
19:05:57.0130 4328  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:05:57.0180 4328  LanmanWorkstation - ok
19:05:57.0280 4328  [ 6771CAC91BB89E15B13C27F1E3CDD320 ] LBTServ        C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
19:05:57.0320 4328  LBTServ - ok
19:05:57.0340 4328  [ CEB6E18DCFAD5C72B81C7DA1AC3C1CC1 ] LHidFilt        C:\Windows\system32\DRIVERS\LHidFilt.Sys
19:05:57.0350 4328  LHidFilt - ok
19:05:57.0410 4328  [ 83D8BE94E1CBCBE2EA8372DB1A95A159 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
19:05:57.0450 4328  LightScribeService ( UnsignedFile.Multi.Generic ) - warning
19:05:57.0450 4328  LightScribeService - detected UnsignedFile.Multi.Generic (1)
19:05:57.0480 4328  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
19:05:57.0540 4328  lltdio - ok
19:05:57.0560 4328  [ C1185803384AB3FEED115F79F109427F ] lltdsvc        C:\Windows\System32\lltdsvc.dll
19:05:57.0620 4328  lltdsvc - ok
19:05:57.0630 4328  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts        C:\Windows\System32\lmhsvc.dll
19:05:57.0670 4328  lmhosts - ok
19:05:57.0690 4328  [ F9E48F18BE4D2B365F138987B8E7885B ] LMouFilt        C:\Windows\system32\DRIVERS\LMouFilt.Sys
19:05:57.0700 4328  LMouFilt - ok
19:05:57.0720 4328  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
19:05:57.0730 4328  LSI_FC - ok
19:05:57.0760 4328  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS        C:\Windows\system32\DRIVERS\lsi_sas.sys
19:05:57.0780 4328  LSI_SAS - ok
19:05:57.0790 4328  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:05:57.0810 4328  LSI_SAS2 - ok
19:05:57.0820 4328  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:05:57.0840 4328  LSI_SCSI - ok
19:05:57.0870 4328  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv          C:\Windows\system32\drivers\luafv.sys
19:05:57.0910 4328  luafv - ok
19:05:57.0940 4328  [ 51B20B742C9E35ADE40B840F6F4F5EE2 ] LUsbFilt        C:\Windows\system32\Drivers\LUsbFilt.Sys
19:05:57.0950 4328  LUsbFilt - ok
19:05:57.0960 4328  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas        C:\Windows\system32\DRIVERS\megasas.sys
19:05:57.0980 4328  megasas - ok
19:05:57.0990 4328  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
19:05:58.0010 4328  MegaSR - ok
19:05:58.0050 4328  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS          C:\Windows\system32\mmcss.dll
19:05:58.0090 4328  MMCSS - ok
19:05:58.0110 4328  [ 800BA92F7010378B09F9ED9270F07137 ] Modem          C:\Windows\system32\drivers\modem.sys
19:05:58.0160 4328  Modem - ok
19:05:58.0180 4328  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor        C:\Windows\system32\DRIVERS\monitor.sys
19:05:58.0210 4328  monitor - ok
19:05:58.0240 4328  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
19:05:58.0250 4328  mouclass - ok
19:05:58.0290 4328  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
19:05:58.0310 4328  mouhid - ok
19:05:58.0330 4328  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
19:05:58.0340 4328  mountmgr - ok
19:05:58.0430 4328  [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:05:58.0470 4328  MozillaMaintenance - ok
19:05:58.0530 4328  [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
19:05:58.0560 4328  MpFilter - ok
19:05:58.0590 4328  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
19:05:58.0610 4328  mpio - ok
19:05:58.0630 4328  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
19:05:58.0670 4328  mpsdrv - ok
19:05:58.0710 4328  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
19:05:58.0770 4328  MpsSvc - ok
19:05:58.0800 4328  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
19:05:58.0820 4328  MRxDAV - ok
19:05:58.0840 4328  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
19:05:58.0880 4328  mrxsmb - ok
19:05:58.0920 4328  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:05:58.0940 4328  mrxsmb10 - ok
19:05:58.0950 4328  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:05:58.0960 4328  mrxsmb20 - ok
19:05:58.0990 4328  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
19:05:59.0000 4328  msahci - ok
19:05:59.0010 4328  [ DB801A638D011B9633829EB6F663C900 ] msdsm          C:\Windows\system32\drivers\msdsm.sys
19:05:59.0030 4328  msdsm - ok
19:05:59.0050 4328  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC          C:\Windows\System32\msdtc.exe
19:05:59.0090 4328  MSDTC - ok
19:05:59.0110 4328  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
19:05:59.0150 4328  Msfs - ok
19:05:59.0180 4328  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf      C:\Windows\System32\drivers\mshidkmdf.sys
19:05:59.0230 4328  mshidkmdf - ok
19:05:59.0240 4328  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
19:05:59.0250 4328  msisadrv - ok
19:05:59.0290 4328  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI        C:\Windows\system32\iscsiexe.dll
19:05:59.0330 4328  MSiSCSI - ok
19:05:59.0330 4328  msiserver - ok
19:05:59.0360 4328  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV        C:\Windows\system32\drivers\MSKSSRV.sys
19:05:59.0400 4328  MSKSSRV - ok
19:05:59.0500 4328  [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc        c:\Program Files\Microsoft Security Client\MsMpEng.exe
19:05:59.0530 4328  MsMpSvc - ok
19:05:59.0590 4328  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
19:05:59.0680 4328  MSPCLOCK - ok
19:05:59.0700 4328  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM          C:\Windows\system32\drivers\MSPQM.sys
19:05:59.0760 4328  MSPQM - ok
19:05:59.0790 4328  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC          C:\Windows\system32\drivers\MsRPC.sys
19:05:59.0810 4328  MsRPC - ok
19:05:59.0840 4328  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
19:05:59.0850 4328  mssmbios - ok
19:05:59.0880 4328  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE          C:\Windows\system32\drivers\MSTEE.sys
19:05:59.0920 4328  MSTEE - ok
19:05:59.0950 4328  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
19:05:59.0970 4328  MTConfig - ok
19:06:00.0000 4328  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup            C:\Windows\system32\Drivers\mup.sys
19:06:00.0010 4328  Mup - ok
19:06:00.0040 4328  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
19:06:00.0100 4328  napagent - ok
19:06:00.0140 4328  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP    C:\Windows\system32\DRIVERS\nwifi.sys
19:06:00.0180 4328  NativeWifiP - ok
19:06:00.0220 4328  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
19:06:00.0250 4328  NDIS - ok
19:06:00.0270 4328  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap        C:\Windows\system32\DRIVERS\ndiscap.sys
19:06:00.0330 4328  NdisCap - ok
19:06:00.0340 4328  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
19:06:00.0400 4328  NdisTapi - ok
19:06:00.0430 4328  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio        C:\Windows\system32\DRIVERS\ndisuio.sys
19:06:00.0480 4328  Ndisuio - ok
19:06:00.0500 4328  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan        C:\Windows\system32\DRIVERS\ndiswan.sys
19:06:00.0560 4328  NdisWan - ok
19:06:00.0590 4328  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy        C:\Windows\system32\drivers\NDProxy.sys
19:06:00.0630 4328  NDProxy - ok
19:06:00.0690 4328  [ 2334DC48997BA203B794DF3EE70521DB ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
19:06:00.0720 4328  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
19:06:00.0720 4328  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
19:06:00.0800 4328  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS        C:\Windows\system32\DRIVERS\netbios.sys
19:06:00.0960 4328  NetBIOS - ok
19:06:00.0990 4328  [ 09594D1089C523423B32A4229263F068 ] NetBT          C:\Windows\system32\DRIVERS\netbt.sys
19:06:01.0040 4328  NetBT - ok
19:06:01.0060 4328  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
19:06:01.0070 4328  Netlogon - ok
19:06:01.0110 4328  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
19:06:01.0170 4328  Netman - ok
19:06:01.0220 4328  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:06:01.0260 4328  NetMsmqActivator - ok
19:06:01.0280 4328  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:06:01.0290 4328  NetPipeActivator - ok
19:06:01.0310 4328  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
19:06:01.0370 4328  netprofm - ok
19:06:01.0390 4328  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:06:01.0400 4328  NetTcpActivator - ok
19:06:01.0400 4328  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:06:01.0420 4328  NetTcpPortSharing - ok
19:06:01.0560 4328  [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64        C:\Windows\system32\DRIVERS\netw5v64.sys
19:06:01.0680 4328  netw5v64 - ok
19:06:01.0700 4328  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960        C:\Windows\system32\DRIVERS\nfrd960.sys
19:06:01.0720 4328  nfrd960 - ok
19:06:01.0780 4328  [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
19:06:01.0820 4328  NisDrv - ok
19:06:01.0860 4328  [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv          c:\Program Files\Microsoft Security Client\NisSrv.exe
19:06:01.0890 4328  NisSrv - ok
19:06:01.0960 4328  [ F007C2D3283F910D2F7436A7260F5A88 ] NitroReaderDriverReadSpool2 C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe
19:06:01.0970 4328  NitroReaderDriverReadSpool2 - ok
19:06:02.0010 4328  [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc          C:\Windows\System32\nlasvc.dll
19:06:02.0060 4328  NlaSvc - ok
19:06:02.0080 4328  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
19:06:02.0120 4328  Npfs - ok
19:06:02.0150 4328  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi            C:\Windows\system32\nsisvc.dll
19:06:02.0200 4328  nsi - ok
19:06:02.0210 4328  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
19:06:02.0250 4328  nsiproxy - ok
19:06:02.0300 4328  [ A2F74975097F52A00745F9637451FDD8 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
19:06:02.0340 4328  Ntfs - ok
19:06:02.0360 4328  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
19:06:02.0400 4328  Null - ok
19:06:02.0420 4328  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
19:06:02.0430 4328  nvraid - ok
19:06:02.0450 4328  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
19:06:02.0470 4328  nvstor - ok
19:06:02.0490 4328  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
19:06:02.0510 4328  nv_agp - ok
19:06:02.0590 4328  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:06:02.0660 4328  odserv - ok
19:06:02.0680 4328  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
19:06:02.0700 4328  ohci1394 - ok
19:06:02.0750 4328  [ 5A432A042DAE460ABE7199B758E8606C ] ose            C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:06:02.0770 4328  ose - ok
19:06:02.0800 4328  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
19:06:02.0830 4328  p2pimsvc - ok
19:06:02.0850 4328  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
19:06:02.0870 4328  p2psvc - ok
19:06:02.0900 4328  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport        C:\Windows\system32\DRIVERS\parport.sys
19:06:02.0910 4328  Parport - ok
19:06:02.0960 4328  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr        C:\Windows\system32\drivers\partmgr.sys
19:06:02.0990 4328  partmgr - ok
19:06:03.0010 4328  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
19:06:03.0040 4328  PcaSvc - ok
19:06:03.0070 4328  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci            C:\Windows\system32\drivers\pci.sys
19:06:03.0080 4328  pci - ok
19:06:03.0090 4328  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
19:06:03.0110 4328  pciide - ok
19:06:03.0130 4328  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
19:06:03.0150 4328  pcmcia - ok
19:06:03.0180 4328  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw            C:\Windows\system32\drivers\pcw.sys
19:06:03.0190 4328  pcw - ok
19:06:03.0210 4328  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
19:06:03.0270 4328  PEAUTH - ok
19:06:03.0360 4328  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
19:06:03.0400 4328  PerfHost - ok
19:06:03.0460 4328  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla            C:\Windows\system32\pla.dll
19:06:03.0540 4328  pla - ok
19:06:03.0610 4328  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
19:06:03.0670 4328  PlugPlay - ok
19:06:03.0770 4328  [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
19:06:03.0790 4328  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
19:06:03.0790 4328  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
19:06:03.0800 4328  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg    C:\Windows\system32\pnrpauto.dll
19:06:03.0830 4328  PNRPAutoReg - ok
19:06:03.0840 4328  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc        C:\Windows\system32\pnrpsvc.dll
19:06:03.0860 4328  PNRPsvc - ok
19:06:03.0890 4328  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent    C:\Windows\System32\ipsecsvc.dll
19:06:03.0950 4328  PolicyAgent - ok
19:06:03.0980 4328  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power          C:\Windows\system32\umpo.dll
19:06:04.0040 4328  Power - ok
19:06:04.0080 4328  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
19:06:04.0120 4328  PptpMiniport - ok
19:06:04.0140 4328  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor      C:\Windows\system32\DRIVERS\processr.sys
19:06:04.0170 4328  Processor - ok
19:06:04.0220 4328  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc        C:\Windows\system32\profsvc.dll
19:06:04.0290 4328  ProfSvc - ok
19:06:04.0310 4328  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:06:04.0320 4328  ProtectedStorage - ok
19:06:04.0350 4328  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
19:06:04.0390 4328  Psched - ok
19:06:04.0440 4328  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
19:06:04.0490 4328  ql2300 - ok
19:06:04.0500 4328  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
19:06:04.0520 4328  ql40xx - ok
19:06:04.0542 4328  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE          C:\Windows\system32\qwave.dll
19:06:04.0582 4328  QWAVE - ok
19:06:04.0612 4328  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
19:06:04.0642 4328  QWAVEdrv - ok
19:06:04.0652 4328  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
19:06:04.0712 4328  RasAcd - ok
19:06:04.0732 4328  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn    C:\Windows\system32\DRIVERS\AgileVpn.sys
19:06:04.0792 4328  RasAgileVpn - ok
19:06:04.0802 4328  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto        C:\Windows\System32\rasauto.dll
19:06:04.0842 4328  RasAuto - ok
19:06:04.0872 4328  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp        C:\Windows\system32\DRIVERS\rasl2tp.sys
19:06:04.0912 4328  Rasl2tp - ok
19:06:04.0942 4328  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
19:06:04.0992 4328  RasMan - ok
19:06:05.0032 4328  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
19:06:05.0082 4328  RasPppoe - ok
19:06:05.0102 4328  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp        C:\Windows\system32\DRIVERS\rassstp.sys
19:06:05.0152 4328  RasSstp - ok
19:06:05.0172 4328  [ 77F665941019A1594D887A74F301FA2F ] rdbss          C:\Windows\system32\DRIVERS\rdbss.sys
19:06:05.0222 4328  rdbss - ok
19:06:05.0252 4328  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
19:06:05.0282 4328  rdpbus - ok
19:06:05.0292 4328  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
19:06:05.0332 4328  RDPCDD - ok
19:06:05.0362 4328  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
19:06:05.0412 4328  RDPENCDD - ok
19:06:05.0442 4328  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
19:06:05.0482 4328  RDPREFMP - ok
19:06:05.0522 4328  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD          C:\Windows\system32\drivers\RDPWD.sys
19:06:05.0582 4328  RDPWD - ok
19:06:05.0622 4328  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
19:06:05.0652 4328  rdyboost - ok
19:06:05.0682 4328  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
19:06:05.0742 4328  RemoteAccess - ok
19:06:05.0771 4328  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
19:06:05.0824 4328  RemoteRegistry - ok
19:06:05.0904 4328  [ 498EB62A160674E793FA40FD65390625 ] RichVideo      C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
19:06:05.0924 4328  RichVideo - ok
19:06:05.0944 4328  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
19:06:06.0034 4328  RpcEptMapper - ok
19:06:06.0044 4328  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
19:06:06.0064 4328  RpcLocator - ok
19:06:06.0094 4328  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs          C:\Windows\system32\rpcss.dll
19:06:06.0144 4328  RpcSs - ok
19:06:06.0174 4328  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
19:06:06.0224 4328  rspndr - ok
19:06:06.0254 4328  [ B49DC435AE3695BAC5623DD94B05732D ] RTL8167        C:\Windows\system32\DRIVERS\Rt64win7.sys
19:06:06.0304 4328  RTL8167 - ok
19:06:06.0334 4328  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs          C:\Windows\system32\lsass.exe
19:06:06.0344 4328  SamSs - ok
19:06:06.0364 4328  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
19:06:06.0384 4328  sbp2port - ok
19:06:06.0404 4328  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
19:06:06.0464 4328  SCardSvr - ok
19:06:06.0484 4328  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
19:06:06.0524 4328  scfilter - ok
19:06:06.0564 4328  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
19:06:06.0624 4328  Schedule - ok
19:06:06.0654 4328  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc    C:\Windows\System32\certprop.dll
19:06:06.0684 4328  SCPolicySvc - ok
19:06:06.0734 4328  [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus          C:\Windows\system32\drivers\sdbus.sys
19:06:06.0754 4328  sdbus - ok
19:06:06.0794 4328  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
19:06:06.0824 4328  SDRSVC - ok
19:06:06.0844 4328  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
19:06:06.0894 4328  secdrv - ok
19:06:06.0914 4328  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
19:06:06.0964 4328  seclogon - ok
19:06:06.0974 4328  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
19:06:07.0034 4328  SENS - ok
19:06:07.0064 4328  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
19:06:07.0084 4328  SensrSvc - ok
19:06:07.0114 4328  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum        C:\Windows\system32\DRIVERS\serenum.sys
19:06:07.0134 4328  Serenum - ok
19:06:07.0154 4328  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
19:06:07.0174 4328  Serial - ok
19:06:07.0214 4328  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
19:06:07.0244 4328  sermouse - ok
19:06:07.0284 4328  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
19:06:07.0324 4328  SessionEnv - ok
19:06:07.0364 4328  [ A554811BCD09279536440C964AE35BBF ] sffdisk        C:\Windows\system32\drivers\sffdisk.sys
19:06:07.0384 4328  sffdisk - ok
19:06:07.0414 4328  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
19:06:07.0444 4328  sffp_mmc - ok
19:06:07.0454 4328  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd        C:\Windows\system32\drivers\sffp_sd.sys
19:06:07.0484 4328  sffp_sd - ok
19:06:07.0514 4328  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy        C:\Windows\system32\DRIVERS\sfloppy.sys
19:06:07.0544 4328  sfloppy - ok
19:06:07.0584 4328  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
19:06:07.0644 4328  SharedAccess - ok
19:06:07.0674 4328  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:06:07.0724 4328  ShellHWDetection - ok
19:06:07.0744 4328  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:06:07.0764 4328  SiSRaid2 - ok
19:06:07.0784 4328  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
19:06:07.0804 4328  SiSRaid4 - ok
19:06:07.0854 4328  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate    C:\Program Files (x86)\Skype\Updater\Updater.exe
19:06:07.0954 4328  SkypeUpdate - ok
19:06:07.0984 4328  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb            C:\Windows\system32\DRIVERS\smb.sys
19:06:08.0034 4328  Smb - ok
19:06:08.0074 4328  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
19:06:08.0094 4328  SNMPTRAP - ok
19:06:08.0104 4328  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr          C:\Windows\system32\drivers\spldr.sys
19:06:08.0124 4328  spldr - ok
19:06:08.0174 4328  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler        C:\Windows\System32\spoolsv.exe
19:06:08.0224 4328  Spooler - ok
19:06:08.0334 4328  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
19:06:08.0434 4328  sppsvc - ok
19:06:08.0454 4328  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify    C:\Windows\system32\sppuinotify.dll
19:06:08.0514 4328  sppuinotify - ok
19:06:08.0574 4328  [ 88E5162E58C8919CC873F5D8946197CF ] sptd            C:\Windows\system32\Drivers\sptd.sys
19:06:08.0584 4328  Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 88E5162E58C8919CC873F5D8946197CF
19:06:08.0584 4328  sptd ( LockedFile.Multi.Generic ) - warning
19:06:08.0584 4328  sptd - detected LockedFile.Multi.Generic (1)
19:06:08.0614 4328  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv            C:\Windows\system32\DRIVERS\srv.sys
19:06:08.0664 4328  srv - ok
19:06:08.0694 4328  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
19:06:08.0724 4328  srv2 - ok
19:06:08.0744 4328  [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA      C:\Windows\system32\DRIVERS\VSTAZL6.SYS
19:06:08.0764 4328  SrvHsfHDA - ok
19:06:08.0804 4328  [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92      C:\Windows\system32\DRIVERS\VSTDPV6.SYS
19:06:08.0854 4328  SrvHsfV92 - ok
19:06:08.0884 4328  [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac    C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
19:06:08.0924 4328  SrvHsfWinac - ok
19:06:08.0934 4328  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
19:06:08.0964 4328  srvnet - ok
19:06:08.0994 4328  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV        C:\Windows\System32\ssdpsrv.dll
19:06:09.0054 4328  SSDPSRV - ok
19:06:09.0074 4328  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc        C:\Windows\system32\sstpsvc.dll
19:06:09.0124 4328  SstpSvc - ok
19:06:09.0194 4328  [ 7595D53EE8E8B0BAA9A2DDDE867EBB0C ] STacSV          C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe
19:06:09.0244 4328  STacSV - ok
19:06:09.0294 4328  Steam Client Service - ok
19:06:09.0314 4328  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
19:06:09.0334 4328  stexstor - ok
19:06:09.0384 4328  [ DFFBC024DFC7BB05B2129E05CBC7A201 ] STHDA          C:\Windows\system32\DRIVERS\stwrt64.sys
19:06:09.0414 4328  STHDA - ok
19:06:09.0454 4328  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
19:06:09.0494 4328  stisvc - ok
19:06:09.0524 4328  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
19:06:09.0534 4328  swenum - ok
19:06:09.0564 4328  [ E08E46FDD841B7184194011CA1955A0B ] swprv          C:\Windows\System32\swprv.dll
19:06:09.0614 4328  swprv - ok
19:06:09.0674 4328  [ AC3CC98B1BDB6540021D3FFB105AC2B9 ] SynTP          C:\Windows\system32\DRIVERS\SynTP.sys
19:06:09.0694 4328  SynTP - ok
19:06:09.0744 4328  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain        C:\Windows\system32\sysmain.dll
19:06:09.0794 4328  SysMain - ok
19:06:09.0824 4328  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:06:09.0864 4328  TabletInputService - ok
19:06:09.0884 4328  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv        C:\Windows\System32\tapisrv.dll
19:06:09.0924 4328  TapiSrv - ok
19:06:09.0944 4328  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS            C:\Windows\System32\tbssvc.dll
19:06:09.0994 4328  TBS - ok
19:06:10.0084 4328  [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip          C:\Windows\system32\drivers\tcpip.sys
19:06:10.0144 4328  Tcpip - ok
19:06:10.0174 4328  [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
19:06:10.0224 4328  TCPIP6 - ok
19:06:10.0254 4328  [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
19:06:10.0294 4328  tcpipreg - ok
19:06:10.0324 4328  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
19:06:10.0354 4328  TDPIPE - ok
19:06:10.0384 4328  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP          C:\Windows\system32\drivers\tdtcp.sys
19:06:10.0444 4328  TDTCP - ok
19:06:10.0474 4328  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx            C:\Windows\system32\DRIVERS\tdx.sys
19:06:10.0524 4328  tdx - ok
19:06:10.0544 4328  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
19:06:10.0564 4328  TermDD - ok
19:06:10.0604 4328  [ 2E648163254233755035B46DD7B89123 ] TermService    C:\Windows\System32\termsrv.dll
19:06:10.0664 4328  TermService - ok
19:06:10.0684 4328  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
19:06:10.0714 4328  Themes - ok
19:06:10.0744 4328  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER    C:\Windows\system32\mmcss.dll
19:06:10.0794 4328  THREADORDER - ok
19:06:10.0804 4328  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
19:06:10.0844 4328  TrkWks - ok
19:06:10.0894 4328  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:06:10.0964 4328  TrustedInstaller - ok
19:06:10.0984 4328  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
19:06:11.0024 4328  tssecsrv - ok
19:06:11.0064 4328  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
19:06:11.0094 4328  TsUsbFlt - ok
19:06:11.0144 4328  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
19:06:11.0184 4328  tunnel - ok
19:06:11.0214 4328  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
19:06:11.0224 4328  uagp35 - ok
19:06:11.0264 4328  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
19:06:11.0314 4328  udfs - ok
19:06:11.0354 4328  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect      C:\Windows\system32\UI0Detect.exe
19:06:11.0374 4328  UI0Detect - ok
19:06:11.0394 4328  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
19:06:11.0404 4328  uliagpkx - ok
19:06:11.0444 4328  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus          C:\Windows\system32\drivers\umbus.sys
19:06:11.0464 4328  umbus - ok
19:06:11.0504 4328  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
19:06:11.0564 4328  UmPass - ok
19:06:11.0594 4328  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
19:06:11.0644 4328  upnphost - ok
19:06:11.0684 4328  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
19:06:11.0704 4328  usbaudio - ok
19:06:11.0734 4328  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp        C:\Windows\system32\DRIVERS\usbccgp.sys
19:06:11.0774 4328  usbccgp - ok
19:06:11.0804 4328  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
19:06:11.0824 4328  usbcir - ok
19:06:11.0864 4328  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci        C:\Windows\system32\DRIVERS\usbehci.sys
19:06:11.0884 4328  usbehci - ok
19:06:11.0904 4328  [ 44D9C773FEBFF10593B50DDFC2D6BC27 ] usbfilter      C:\Windows\system32\DRIVERS\usbfilter.sys
19:06:11.0914 4328  usbfilter - ok
19:06:11.0954 4328  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
19:06:11.0984 4328  usbhub - ok
19:06:12.0004 4328  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci        C:\Windows\system32\DRIVERS\usbohci.sys
19:06:12.0014 4328  usbohci - ok
19:06:12.0044 4328  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
19:06:12.0074 4328  usbprint - ok
19:06:12.0104 4328  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan        C:\Windows\system32\DRIVERS\usbscan.sys
19:06:12.0134 4328  usbscan - ok
19:06:12.0154 4328  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR        C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:06:12.0194 4328  USBSTOR - ok
19:06:12.0214 4328  [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci        C:\Windows\system32\DRIVERS\usbuhci.sys
19:06:12.0244 4328  usbuhci - ok
19:06:12.0274 4328  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
19:06:12.0294 4328  usbvideo - ok
19:06:12.0314 4328  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms          C:\Windows\System32\uxsms.dll
19:06:12.0374 4328  UxSms - ok
19:06:12.0384 4328  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
19:06:12.0394 4328  VaultSvc - ok
19:06:12.0424 4328  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
19:06:12.0444 4328  vdrvroot - ok
19:06:12.0474 4328  [ 8D6B481601D01A456E75C3210F1830BE ] vds            C:\Windows\System32\vds.exe
19:06:12.0524 4328  vds - ok
19:06:12.0554 4328  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga            C:\Windows\system32\DRIVERS\vgapnp.sys
19:06:12.0574 4328  vga - ok
19:06:12.0594 4328  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave        C:\Windows\System32\drivers\vga.sys
19:06:12.0644 4328  VgaSave - ok
19:06:12.0674 4328  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp          C:\Windows\system32\drivers\vhdmp.sys
19:06:12.0694 4328  vhdmp - ok
19:06:12.0714 4328  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
19:06:12.0724 4328  viaide - ok
19:06:12.0734 4328  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
19:06:12.0744 4328  volmgr - ok
19:06:12.0774 4328  [ A255814907C89BE58B79EF2F189B843B ] volmgrx        C:\Windows\system32\drivers\volmgrx.sys
19:06:12.0794 4328  volmgrx - ok
19:06:12.0814 4328  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap        C:\Windows\system32\drivers\volsnap.sys
19:06:12.0834 4328  volsnap - ok
19:06:12.0854 4328  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid        C:\Windows\system32\DRIVERS\vsmraid.sys
19:06:12.0874 4328  vsmraid - ok
19:06:12.0914 4328  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS            C:\Windows\system32\vssvc.exe
19:06:12.0984 4328  VSS - ok
19:06:13.0004 4328  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
19:06:13.0034 4328  vwifibus - ok
19:06:13.0054 4328  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
19:06:13.0074 4328  vwififlt - ok
19:06:13.0104 4328  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time        C:\Windows\system32\w32time.dll
19:06:13.0144 4328  W32Time - ok
19:06:13.0184 4328  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
19:06:13.0204 4328  WacomPen - ok
19:06:13.0244 4328  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
19:06:13.0304 4328  WANARP - ok
19:06:13.0304 4328  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
19:06:13.0344 4328  Wanarpv6 - ok
19:06:13.0434 4328  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc    C:\Windows\system32\Wat\WatAdminSvc.exe
19:06:13.0514 4328  WatAdminSvc - ok
19:06:13.0574 4328  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
19:06:13.0614 4328  wbengine - ok
19:06:13.0654 4328  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
19:06:13.0674 4328  WbioSrvc - ok
19:06:13.0704 4328  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc        C:\Windows\System32\wcncsvc.dll
19:06:13.0744 4328  wcncsvc - ok
19:06:13.0754 4328  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:06:13.0774 4328  WcsPlugInService - ok
19:06:13.0794 4328  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
19:06:13.0814 4328  Wd - ok
19:06:13.0844 4328  [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
19:06:13.0864 4328  Wdf01000 - ok
19:06:13.0894 4328  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
19:06:13.0964 4328  WdiServiceHost - ok
19:06:13.0964 4328  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost  C:\Windows\system32\wdi.dll
19:06:13.0984 4328  WdiSystemHost - ok
19:06:14.0014 4328  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient      C:\Windows\System32\webclnt.dll
19:06:14.0054 4328  WebClient - ok
19:06:14.0064 4328  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
19:06:14.0124 4328  Wecsvc - ok
19:06:14.0134 4328  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport  C:\Windows\System32\wercplsupport.dll
19:06:14.0184 4328  wercplsupport - ok
19:06:14.0224 4328  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
19:06:14.0274 4328  WerSvc - ok
19:06:14.0304 4328  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
19:06:14.0344 4328  WfpLwf - ok
19:06:14.0374 4328  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
19:06:14.0384 4328  WIMMount - ok
19:06:14.0414 4328  WinDefend - ok
19:06:14.0434 4328  WinHttpAutoProxySvc - ok
19:06:14.0474 4328  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt        C:\Windows\system32\wbem\WMIsvc.dll
19:06:14.0534 4328  Winmgmt - ok
19:06:14.0584 4328  [ BCB1310604AA415C4508708975B3931E ] WinRM          C:\Windows\system32\WsmSvc.dll
19:06:14.0664 4328  WinRM - ok
19:06:14.0714 4328  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
19:06:14.0744 4328  WinUsb - ok
19:06:14.0784 4328  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc        C:\Windows\System32\wlansvc.dll
19:06:14.0834 4328  Wlansvc - ok
19:06:14.0974 4328  [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc        C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:06:15.0034 4328  wlidsvc - ok
19:06:15.0074 4328  [ 14DC5897BC6C4E03C023AD80ABB7F539 ] WmBEnum        C:\Windows\system32\drivers\WmBEnum.sys
19:06:15.0084 4328  WmBEnum - ok
19:06:15.0134 4328  [ 2DE0A0CEA49972C82C7E9D36BD4C1247 ] WmFilter        C:\Windows\system32\drivers\WmFilter.sys
19:06:15.0144 4328  WmFilter - ok
19:06:15.0174 4328  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi        C:\Windows\system32\drivers\wmiacpi.sys
19:06:15.0204 4328  WmiAcpi - ok
19:06:15.0224 4328  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
19:06:15.0254 4328  wmiApSrv - ok
19:06:15.0274 4328  WMPNetworkSvc - ok
19:06:15.0294 4328  [ 53C12AE1183F3F7787F1F1835001CCC0 ] WmVirHid        C:\Windows\system32\drivers\WmVirHid.sys
19:06:15.0304 4328  WmVirHid - ok
19:06:15.0324 4328  [ C807E470CCA24F5E479DA4872A7D2121 ] WmXlCore        C:\Windows\system32\drivers\WmXlCore.sys
19:06:15.0334 4328  WmXlCore - ok
19:06:15.0364 4328  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
19:06:15.0384 4328  WPCSvc - ok
19:06:15.0414 4328  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
19:06:15.0444 4328  WPDBusEnum - ok
19:06:15.0474 4328  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl        C:\Windows\system32\drivers\ws2ifsl.sys
19:06:15.0534 4328  ws2ifsl - ok
19:06:15.0554 4328  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
19:06:15.0584 4328  wscsvc - ok
19:06:15.0594 4328  WSearch - ok
19:06:15.0694 4328  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
19:06:15.0764 4328  wuauserv - ok
19:06:15.0784 4328  [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
19:06:15.0844 4328  WudfPf - ok
19:06:15.0864 4328  [ CF8D590BE3373029D57AF80914190682 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
19:06:15.0914 4328  WUDFRd - ok
19:06:15.0944 4328  [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc        C:\Windows\System32\WUDFSvc.dll
19:06:15.0984 4328  wudfsvc - ok
19:06:16.0014 4328  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc        C:\Windows\System32\wwansvc.dll
19:06:16.0044 4328  WwanSvc - ok
19:06:16.0094 4328  [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7        C:\Windows\system32\DRIVERS\yk62x64.sys
19:06:16.0124 4328  yukonw7 - ok
19:06:16.0154 4328  [verify-U]_System - ok
19:06:16.0164 4328  ================ Scan global ===============================
19:06:16.0194 4328  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
19:06:16.0214 4328  [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
19:06:16.0224 4328  [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
19:06:16.0254 4328  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
19:06:16.0274 4328  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
19:06:16.0274 4328  [Global] - ok
19:06:16.0274 4328  ================ Scan MBR ==================================
19:06:16.0284 4328  [ 80063A27F44478B1A9B3E74C2F4343C7 ] \Device\Harddisk0\DR0
19:06:16.0544 4328  \Device\Harddisk0\DR0 - ok
19:06:16.0544 4328  ================ Scan VBR ==================================
19:06:16.0554 4328  [ 07940DB04C9042CEE2C599EBEA7363A5 ] \Device\Harddisk0\DR0\Partition1
19:06:16.0554 4328  \Device\Harddisk0\DR0\Partition1 - ok
19:06:16.0584 4328  [ 746A4F7787ADF6BDE2496981A7E4DCF4 ] \Device\Harddisk0\DR0\Partition2
19:06:16.0584 4328  \Device\Harddisk0\DR0\Partition2 - ok
19:06:16.0624 4328  [ 31E7900D016F35E58100E7A1E5F05330 ] \Device\Harddisk0\DR0\Partition3
19:06:16.0624 4328  \Device\Harddisk0\DR0\Partition3 - ok
19:06:16.0644 4328  [ BC9F6B4A0A1729AC16489670180545B9 ] \Device\Harddisk0\DR0\Partition4
19:06:16.0644 4328  \Device\Harddisk0\DR0\Partition4 - ok
19:06:16.0644 4328  ============================================================
19:06:16.0644 4328  Scan finished
19:06:16.0644 4328  ============================================================
19:06:16.0654 5916  Detected object count: 7
19:06:16.0654 5916  Actual detected object count: 7
19:06:41.0384 5916  HP Health Check Service ( UnsignedFile.Multi.Generic ) - skipped by user
19:06:41.0384 5916  HP Health Check Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:06:41.0384 5916  hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
19:06:41.0384 5916  hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:06:41.0394 5916  hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
19:06:41.0394 5916  hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:06:41.0394 5916  LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
19:06:41.0394 5916  LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:06:41.0394 5916  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
19:06:41.0394 5916  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:06:41.0394 5916  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
19:06:41.0394 5916  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:06:41.0394 5916  sptd ( LockedFile.Multi.Generic ) - skipped by user
19:06:41.0394 5916  sptd ( LockedFile.Multi.Generic ) - User select action: Skip


Alle Zeitangaben in WEZ +1. Es ist jetzt 09:44 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131