Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Outlook versendet selbstständig Mails (https://www.trojaner-board.de/128847-outlook-versendet-selbststaendig-mails.html)

Amadeus_2 30.12.2012 12:20
Outlook versendet selbstständig Mails
 
Hallo, all ihr Speziallisten!
Vor drei Tagen wurde von meinem Outlook (Gmx) an alle gespeicherten Email-Adressen verschiedene Mails mit Links (ohne zusätzlichen Text, ohne Betreff) versendet. Gleichzeitig bemerkte mein Avira ein verstecktes Objekt.
Ich habe nun mein Passwort bei Gmx geändert, auch AdwClean, Malwarebytes und SuperAntiSpyware drüber laufen lassen. Vielleicht hätte ich diese Programme nicht ohne eure Anweisung verwenden sollen. Jedenfalls hat alles nichts genützt, das versteckte Objekt ist immer noch da.
Wie komme ich an dieses Objekt heran? Ersuche Euch um Untersützung.

Code:
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Samstag, 29. Dezember 2012  22:47


Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer  : Avira Free Antivirus
Seriennummer  : 0000149996-ADJIE-0000001
Plattform      : Windows (TM) Vista Ultimate
Windowsversion : (Service Pack 2)  [6.0.6002]
Boot Modus    : Normal gebootet
Benutzername  : SYSTEM
Computername  : ADMIN-01

Versionsinformationen:
BUILD.DAT      : 13.0.0.2890    48567 Bytes  05.12.2012 17:11:00
AVSCAN.EXE    : 13.6.0.402    639264 Bytes  14.12.2012 17:37:12
AVSCANRC.DLL  : 13.4.0.360    64800 Bytes  14.12.2012 17:37:12
LUKE.DLL      : 13.6.0.400    67360 Bytes  14.12.2012 17:37:28
AVSCPLR.DLL    : 13.6.0.402    93984 Bytes  10.12.2012 16:42:49
AVREG.DLL      : 13.6.0.406    248096 Bytes  10.12.2012 16:42:49
avlode.dll    : 13.6.1.402    428832 Bytes  10.12.2012 16:42:50
avlode.rdf    : 13.0.0.26      7958 Bytes  10.12.2012 16:42:49
VBASE000.VDF  : 7.10.0.0    19875328 Bytes  06.11.2009 14:50:29
VBASE001.VDF  : 7.11.0.0    13342208 Bytes  14.12.2010 14:50:31
VBASE002.VDF  : 7.11.19.170 14374912 Bytes  20.12.2011 14:50:34
VBASE003.VDF  : 7.11.21.238  4472832 Bytes  01.02.2012 14:50:36
VBASE004.VDF  : 7.11.26.44  4329472 Bytes  28.03.2012 14:50:37
VBASE005.VDF  : 7.11.34.116  4034048 Bytes  29.06.2012 14:42:40
VBASE006.VDF  : 7.11.41.250  4902400 Bytes  06.09.2012 14:42:40
VBASE007.VDF  : 7.11.50.230  3904512 Bytes  22.11.2012 15:44:44
VBASE008.VDF  : 7.11.50.231    2048 Bytes  22.11.2012 15:44:44
VBASE009.VDF  : 7.11.50.232    2048 Bytes  22.11.2012 15:44:44
VBASE010.VDF  : 7.11.50.233    2048 Bytes  22.11.2012 15:44:44
VBASE011.VDF  : 7.11.50.234    2048 Bytes  22.11.2012 15:44:44
VBASE012.VDF  : 7.11.50.235    2048 Bytes  22.11.2012 15:44:44
VBASE013.VDF  : 7.11.50.236    2048 Bytes  22.11.2012 15:44:44
VBASE014.VDF  : 7.11.51.27    133632 Bytes  23.11.2012 14:54:13
VBASE015.VDF  : 7.11.51.95    140288 Bytes  26.11.2012 14:54:13
VBASE016.VDF  : 7.11.51.221  164352 Bytes  29.11.2012 15:21:39
VBASE017.VDF  : 7.11.52.29    158208 Bytes  01.12.2012 13:09:14
VBASE018.VDF  : 7.11.52.91    116736 Bytes  03.12.2012 23:16:56
VBASE019.VDF  : 7.11.52.151  137728 Bytes  05.12.2012 16:42:57
VBASE020.VDF  : 7.11.52.225  157696 Bytes  06.12.2012 16:22:09
VBASE021.VDF  : 7.11.53.35    126976 Bytes  08.12.2012 12:08:20
VBASE022.VDF  : 7.11.53.55    225792 Bytes  09.12.2012 18:08:19
VBASE023.VDF  : 7.11.53.93    157184 Bytes  10.12.2012 16:42:48
VBASE024.VDF  : 7.11.53.169  153088 Bytes  12.12.2012 21:49:40
VBASE025.VDF  : 7.11.53.237  152064 Bytes  14.12.2012 07:16:07
VBASE026.VDF  : 7.11.54.23    149504 Bytes  17.12.2012 18:49:55
VBASE027.VDF  : 7.11.54.67    130048 Bytes  18.12.2012 14:48:20
VBASE028.VDF  : 7.11.54.153  292352 Bytes  21.12.2012 07:10:13
VBASE029.VDF  : 7.11.55.1    300032 Bytes  28.12.2012 21:03:20
VBASE030.VDF  : 7.11.55.2      2048 Bytes  28.12.2012 21:03:20
VBASE031.VDF  : 7.11.55.26    11776 Bytes  29.12.2012 15:50:29
Engineversion  : 8.2.10.224
AEVDF.DLL      : 8.1.2.10      102772 Bytes  19.09.2012 14:42:55
AESCRIPT.DLL  : 8.1.4.78      467323 Bytes  21.12.2012 15:05:12
AESCN.DLL      : 8.1.10.0      131445 Bytes  13.12.2012 21:49:43
AESBX.DLL      : 8.2.5.12      606578 Bytes  28.08.2012 16:58:06
AERDL.DLL      : 8.2.0.74      643445 Bytes  16.11.2012 19:15:42
AEPACK.DLL    : 8.3.1.2      819574 Bytes  21.12.2012 15:05:12
AEOFFICE.DLL  : 8.1.2.50      201084 Bytes  16.11.2012 19:15:40
AEHEUR.DLL    : 8.1.4.168    5628280 Bytes  21.12.2012 15:05:11
AEHELP.DLL    : 8.1.25.2      258423 Bytes  16.11.2012 19:15:33
AEGEN.DLL      : 8.1.6.12      434549 Bytes  13.12.2012 21:49:41
AEEXP.DLL      : 8.3.0.4      184692 Bytes  21.12.2012 15:05:13
AEEMU.DLL      : 8.1.3.2      393587 Bytes  19.09.2012 14:42:55
AECORE.DLL    : 8.1.30.0      201079 Bytes  13.12.2012 21:49:41
AEBB.DLL      : 8.1.1.4        53619 Bytes  16.11.2012 19:15:32
AVWINLL.DLL    : 13.4.0.163    25888 Bytes  19.09.2012 18:09:30
AVPREF.DLL    : 13.4.0.360    50464 Bytes  14.12.2012 17:37:11
AVREP.DLL      : 13.4.0.360    177952 Bytes  10.12.2012 16:42:49
AVARKT.DLL    : 13.6.0.402    260384 Bytes  14.12.2012 17:37:07
AVEVTLOG.DLL  : 13.6.0.400    167200 Bytes  14.12.2012 17:37:10
SQLITE3.DLL    : 3.7.0.1      397088 Bytes  19.09.2012 18:17:40
AVSMTP.DLL    : 13.4.0.163    62240 Bytes  19.09.2012 18:08:54
NETNT.DLL      : 13.4.0.360    15648 Bytes  14.12.2012 17:37:28
RCIMAGE.DLL    : 13.4.0.360  4780832 Bytes  14.12.2012 17:37:06
RCTEXT.DLL    : 13.4.0.360    68384 Bytes  14.12.2012 17:37:07

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\program files (x86)\avira\antivir desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:, F:, M:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert

Beginn des Suchlaufs: Samstag, 29. Dezember 2012  22:47

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
    [INFO]      Es wurde kein Virus gefunden!
Bootsektor 'D:\'
    [INFO]      Es wurde kein Virus gefunden!
Bootsektor 'F:\'
    [INFO]      Es wurde kein Virus gefunden!
Bootsektor 'M:\'
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf nach versteckten Objekten wird begonnen.
Versteckter Treiber
  [HINWEIS]  Eine Speicherveränderung wurde entdeckt, die möglicherweise zur versteckten Dateizugriffen missbraucht werden könnte.

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'svchost.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'SLsvc.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvxdsync.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbamscheduler.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbamservice.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'NMSAccessU.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'c2c_service.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbamgui.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'WUDFHost.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'conime.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'MSASCui.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'RAVCpl64.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmdc.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'sidebar.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'GoogleToolbarNotifier.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'ehtray.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'Kies.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'KiesPDLR.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'hpohmr08.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'hpotdd01.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'ehmsas.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'realsched.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dropbox.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'KiesTrayAgent.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvtray.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'AVWEBGRD.EXE' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'WPFFontCache_v0400.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnscfg.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'plugin-container.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashPlayerPlugin_11_5_502_135.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashPlayerPlugin_11_5_502_135.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'splwow64.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'SASCORE64.EXE' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'SUPERAntiSpyware.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchProtocolHost.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchFilterHost.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '0' Modul(e) wurden durchsucht


Ende des Suchlaufs: Samstag, 29. Dezember 2012  23:12
Benötigte Zeit: 25:13 Minute(n)

Der Suchlauf wurde abgebrochen!

      0 Verzeichnisse wurden überprüft
    30 Dateien wurden geprüft
      0 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      0 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      0 Dateien konnten nicht durchsucht werden
    30 Dateien ohne Befall
      0 Archive wurden durchsucht
      0 Warnungen
      1 Hinweise
 1062902 Objekte wurden beim Rootkitscan durchsucht
      1 Versteckte Objekte wurden gefunden
Ein erneuter Suchlauf mit Malwarebytes ergab leider null:

Code:
Malwarebytes Anti-Malware (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2012.12.30.05

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 8.0.6001.19393
Administrator :: ADMIN-01 [Administrator]

Schutz: Deaktiviert

30.12.2012 12:03:00
mbam-log-2012-12-30 (12-03-00).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 243430
Laufzeit: 5 Minute(n), 1 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Bitte/Danke
Amadeus

PS.: Bin kein großer Computerspezialist, bitte daher um keine schwierige Ausdrücke:-)

cosinus 30.12.2012 18:14
Hallo und :hallo:

Bitte keine PHP- oder andere Tags für die Logsfiles verwenden sondern nur CODE-Tags!
Zitat:
Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.



Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner?
Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!

Amadeus_2 30.12.2012 23:09
Vielen Dank cosinus für Deine Hilfe! Werde mich entsprechend meinem Können danach halten.

Zu Deiner Frage nach zusätzlichen Logs:
1. Ein Aviurascan vom 1.12.
Code:
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Samstag, 1. Dezember 2012  10:22


Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer  : Avira Free Antivirus
Seriennummer  : 0000149996-ADJIE-0000001
Plattform      : Windows (TM) Vista Ultimate
Windowsversion : (Service Pack 2)  [6.0.6002]
Boot Modus    : Normal gebootet
Benutzername  : SYSTEM
Computername  : ADMIN-01

Versionsinformationen:
BUILD.DAT      : 13.0.0.2832    48424 Bytes  20.11.2012 13:46:00
AVSCAN.EXE    : 13.4.0.294    639264 Bytes  27.11.2012 14:54:19
AVSCANRC.DLL  : 13.4.0.219    64800 Bytes  17.11.2012 06:33:02
LUKE.DLL      : 13.4.0.267    67360 Bytes  27.11.2012 14:54:36
AVSCPLR.DLL    : 13.4.0.271    93984 Bytes  27.11.2012 14:54:40
AVREG.DLL      : 13.4.0.267    245536 Bytes  27.11.2012 14:54:40
avlode.dll    : 13.4.0.294    426784 Bytes  27.11.2012 14:54:41
avlode.rdf    : 13.0.0.24      7196 Bytes  27.09.2012 10:30:38
VBASE000.VDF  : 7.10.0.0    19875328 Bytes  06.11.2009 14:50:29
VBASE001.VDF  : 7.11.0.0    13342208 Bytes  14.12.2010 14:50:31
VBASE002.VDF  : 7.11.19.170 14374912 Bytes  20.12.2011 14:50:34
VBASE003.VDF  : 7.11.21.238  4472832 Bytes  01.02.2012 14:50:36
VBASE004.VDF  : 7.11.26.44  4329472 Bytes  28.03.2012 14:50:37
VBASE005.VDF  : 7.11.34.116  4034048 Bytes  29.06.2012 14:42:40
VBASE006.VDF  : 7.11.41.250  4902400 Bytes  06.09.2012 14:42:40
VBASE007.VDF  : 7.11.50.230  3904512 Bytes  22.11.2012 15:44:44
VBASE008.VDF  : 7.11.50.231    2048 Bytes  22.11.2012 15:44:44
VBASE009.VDF  : 7.11.50.232    2048 Bytes  22.11.2012 15:44:44
VBASE010.VDF  : 7.11.50.233    2048 Bytes  22.11.2012 15:44:44
VBASE011.VDF  : 7.11.50.234    2048 Bytes  22.11.2012 15:44:44
VBASE012.VDF  : 7.11.50.235    2048 Bytes  22.11.2012 15:44:44
VBASE013.VDF  : 7.11.50.236    2048 Bytes  22.11.2012 15:44:44
VBASE014.VDF  : 7.11.51.27    133632 Bytes  23.11.2012 14:54:13
VBASE015.VDF  : 7.11.51.95    140288 Bytes  26.11.2012 14:54:13
VBASE016.VDF  : 7.11.51.221  164352 Bytes  29.11.2012 15:21:39
VBASE017.VDF  : 7.11.51.222    2048 Bytes  29.11.2012 15:21:39
VBASE018.VDF  : 7.11.51.223    2048 Bytes  29.11.2012 15:21:39
VBASE019.VDF  : 7.11.51.224    2048 Bytes  29.11.2012 15:21:39
VBASE020.VDF  : 7.11.51.225    2048 Bytes  29.11.2012 15:21:39
VBASE021.VDF  : 7.11.51.226    2048 Bytes  29.11.2012 15:21:39
VBASE022.VDF  : 7.11.51.227    2048 Bytes  29.11.2012 15:21:39
VBASE023.VDF  : 7.11.51.228    2048 Bytes  29.11.2012 15:21:39
VBASE024.VDF  : 7.11.51.229    2048 Bytes  29.11.2012 15:21:39
VBASE025.VDF  : 7.11.51.230    2048 Bytes  29.11.2012 15:21:39
VBASE026.VDF  : 7.11.51.231    2048 Bytes  29.11.2012 15:21:39
VBASE027.VDF  : 7.11.51.232    2048 Bytes  29.11.2012 15:21:39
VBASE028.VDF  : 7.11.51.233    2048 Bytes  29.11.2012 15:21:39
VBASE029.VDF  : 7.11.51.234    2048 Bytes  29.11.2012 15:21:39
VBASE030.VDF  : 7.11.51.235    2048 Bytes  29.11.2012 15:21:40
VBASE031.VDF  : 7.11.52.10    111104 Bytes  30.11.2012 18:39:58
Engineversion  : 8.2.10.214
AEVDF.DLL      : 8.1.2.10      102772 Bytes  19.09.2012 14:42:55
AESCRIPT.DLL  : 8.1.4.70      467323 Bytes  30.11.2012 12:40:45
AESCN.DLL      : 8.1.9.4      131445 Bytes  16.11.2012 19:15:42
AESBX.DLL      : 8.2.5.12      606578 Bytes  28.08.2012 16:58:06
AERDL.DLL      : 8.2.0.74      643445 Bytes  16.11.2012 19:15:42
AEPACK.DLL    : 8.3.0.40      815479 Bytes  16.11.2012 19:15:41
AEOFFICE.DLL  : 8.1.2.50      201084 Bytes  16.11.2012 19:15:40
AEHEUR.DLL    : 8.1.4.156    5579128 Bytes  30.11.2012 12:40:44
AEHELP.DLL    : 8.1.25.2      258423 Bytes  16.11.2012 19:15:33
AEGEN.DLL      : 8.1.6.10      438646 Bytes  16.11.2012 19:15:33
AEEXP.DLL      : 8.2.0.16      119157 Bytes  30.11.2012 12:40:46
AEEMU.DLL      : 8.1.3.2      393587 Bytes  19.09.2012 14:42:55
AECORE.DLL    : 8.1.29.2      201079 Bytes  16.11.2012 19:15:33
AEBB.DLL      : 8.1.1.4        53619 Bytes  16.11.2012 19:15:32
AVWINLL.DLL    : 13.4.0.163    25888 Bytes  19.09.2012 18:09:30
AVPREF.DLL    : 13.4.0.163    50464 Bytes  19.09.2012 18:07:51
AVREP.DLL      : 13.4.0.244    177952 Bytes  16.11.2012 19:15:43
AVARKT.DLL    : 13.4.0.292    260384 Bytes  27.11.2012 14:54:14
AVEVTLOG.DLL  : 13.4.0.267    167200 Bytes  27.11.2012 14:54:17
SQLITE3.DLL    : 3.7.0.1      397088 Bytes  19.09.2012 18:17:40
AVSMTP.DLL    : 13.4.0.163    62240 Bytes  19.09.2012 18:08:54
NETNT.DLL      : 13.4.0.163    15648 Bytes  19.09.2012 18:16:26
RCIMAGE.DLL    : 13.4.0.163  4780832 Bytes  19.09.2012 18:21:16
RCTEXT.DLL    : 13.4.0.163    68384 Bytes  19.09.2012 18:21:16

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\program files (x86)\avira\antivir desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:, F:, M:, N:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert

Beginn des Suchlaufs: Samstag, 1. Dezember 2012  10:22

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
    [INFO]      Es wurde kein Virus gefunden!
Bootsektor 'D:\'
    [INFO]      Es wurde kein Virus gefunden!
Bootsektor 'F:\'
    [INFO]      Es wurde kein Virus gefunden!
Bootsektor 'M:\'
    [INFO]      Es wurde kein Virus gefunden!
Bootsektor 'N:\'
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf nach versteckten Objekten wird begonnen.
Versteckter Treiber
  [HINWEIS]  Eine Speicherveränderung wurde entdeckt, die möglicherweise zur versteckten Dateizugriffen missbraucht werden könnte.

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'svchost.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '67' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '107' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '150' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'SLsvc.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '86' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvxdsync.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '95' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '88' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '58' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '71' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'NMSAccessU.exe' - '20' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'c2c_service.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '9' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '72' Modul(e) wurden durchsucht
Durchsuche Prozess 'WUDFHost.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'AVWEBGRD.EXE' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '21' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '98' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '80' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '171' Modul(e) wurden durchsucht
Durchsuche Prozess 'MSASCui.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'RAVCpl64.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmdc.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'sidebar.exe' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'GoogleToolbarNotifier.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'ehtray.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'Skype.exe' - '106' Modul(e) wurden durchsucht
Durchsuche Prozess 'Kies.exe' - '87' Modul(e) wurden durchsucht
Durchsuche Prozess 'ehmsas.exe' - '19' Modul(e) wurden durchsucht
Durchsuche Prozess 'KiesPDLR.exe' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'hpohmr08.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'hpotdd01.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dropbox.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvtray.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'realsched.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'KiesTrayAgent.exe' - '81' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'Updater.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '80' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnscfg.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'WPFFontCache_v0400.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '81' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '57' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '111' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '30' Modul(e) wurden durchsucht

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '3809' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\'
Beginne mit der Suche in 'D:\'
Beginne mit der Suche in 'F:\' <Foto>
Beginne mit der Suche in 'M:\' <Musik>
Beginne mit der Suche in 'N:\' <32_00_00>


Ende des Suchlaufs: Samstag, 1. Dezember 2012  14:40
Benötigte Zeit:  4:17:36 Stunde(n)

Der Suchlauf wurde vollständig durchgeführt.

  48822 Verzeichnisse wurden überprüft
 1003220 Dateien wurden geprüft
      0 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      0 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      0 Dateien konnten nicht durchsucht werden
 1003220 Dateien ohne Befall
  11068 Archive wurden durchsucht
      0 Warnungen
      1 Hinweise
 1056569 Objekte wurden beim Rootkitscan durchsucht
      1 Versteckte Objekte wurden gefunden
2. Ein Malewarebytes von gestern
Code:
Malwarebytes Anti-Malware (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2012.12.29.08

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 8.0.6001.19393
Administrator :: ADMIN-01 [Administrator]

Schutz: Aktiviert

29.12.2012 18:49:48
mbam-log-2012-12-29 (18-49-48).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|M:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 521967
Laufzeit: 2 Stunde(n), 20 Minute(n), 41 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
3. ein AdwCleaner von gestern 17:24 Uhr
Code:
# AdwCleaner v2.103 - Datei am 29/12/2012 um 17:24:47 erstellt
# Aktualisiert am 25/12/2012 von Xplode
# Betriebssystem : Windows (TM) Vista Ultimate Service Pack 2 (64 bits)
# Benutzer : Administrator - ADMIN-01
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Administrator\Downloads\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\8ajrspos.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
Datei Gelöscht : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\8ajrspos.default\searchplugins\Askcom.xml
Datei Gelöscht : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\8ajrspos.default\searchplugins\Conduit.xml
Datei Gelöscht : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\8ajrspos.default\searchplugins\SweetIm.xml
Datei Gelöscht : C:\Windows\SysWOW64\conduitEngine.tmp
Gelöscht mit Neustart : C:\Program Files (x86)\Ask.com
Gelöscht mit Neustart : C:\Program Files (x86)\Common Files\Plasmoo
Gelöscht mit Neustart : C:\ProgramData\Tarma Installer
Gelöscht mit Neustart : C:\Users\ADMINI~1\AppData\Local\Temp\AskSearch
Gelöscht mit Neustart : C:\Users\ADMINI~1\AppData\Local\Temp\boost_interprocess
Gelöscht mit Neustart : C:\Users\Administrator\AppData\Local\AskToolbar
Gelöscht mit Neustart : C:\Users\Administrator\AppData\Local\Conduit
Gelöscht mit Neustart : C:\Users\Administrator\AppData\LocalLow\AskToolbar
Gelöscht mit Neustart : C:\Users\Administrator\AppData\LocalLow\PriceGong
Gelöscht mit Neustart : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\8ajrspos.default\Conduit
Gelöscht mit Neustart : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\8ajrspos.default\ConduitEngine
Gelöscht mit Neustart : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\8ajrspos.default\CT2269050
Gelöscht mit Neustart : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\8ajrspos.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
Gelöscht mit Neustart : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\8ajrspos.default\extensions\engine@conduit.com
Gelöscht mit Neustart : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\8ajrspos.default\extensions\toolbar@ask.com
Gelöscht mit Neustart : C:\Users\Administrator\AppData\Roaming\pdfforge
Gelöscht mit Neustart : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\APN
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\Ask.com
Schlüssel Gelöscht : HKCU\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\SweetIM
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKLM\Software\APN
Schlüssel Gelöscht : HKLM\Software\AskToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe_697a06b96d8bcbe2d77b88e7d5448d0
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Schlüssel Gelöscht : HKLM\Software\SweetIM
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Tarma Installer
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.6001.19393

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v17.0.1 (de)

Datei : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\8ajrspos.default\prefs.js

C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\8ajrspos.default\user.js ... Gelöscht !

Gelöscht : user_pref("CT2269050..clientLogIsEnabled", false);
Gelöscht : user_pref("CT2269050..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Gelöscht : user_pref("CT2269050..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Gelöscht : user_pref("CT2269050.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Gelöscht : user_pref("CT2269050.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Gelöscht : user_pref("CT2269050.AppTrackingLastCheckTime", "Sat Mar 26 2011 19:13:50 GMT+0100");
Gelöscht : user_pref("CT2269050.BrowserCompStateIsOpen_129681780741097243", true);
Gelöscht : user_pref("CT2269050.BrowserCompStateIsOpen_129853623028165512", true);
Gelöscht : user_pref("CT2269050.BrowserCompStateIsOpen_129881141106886992", true);
Gelöscht : user_pref("CT2269050.BrowserCompStateIsOpen_129977890572899945", true);
Gelöscht : user_pref("CT2269050.CTID", "CT2269050");
Gelöscht : user_pref("CT2269050.CurrentServerDate", "29-12-2012");
Gelöscht : user_pref("CT2269050.DialogsAlignMode", "LTR");
Gelöscht : user_pref("CT2269050.DialogsGetterLastCheckTime", "Sat Dec 29 2012 17:09:42 GMT+0100");
Gelöscht : user_pref("CT2269050.DownloadReferralCookieData", "");
Gelöscht : user_pref("CT2269050.EMailNotifierPollDate", "Sat Mar 26 2011 19:13:39 GMT+0100");
Gelöscht : user_pref("CT2269050.FirstServerDate", "21-1-2011");
Gelöscht : user_pref("CT2269050.FirstTime", true);
Gelöscht : user_pref("CT2269050.FirstTimeFF3", true);
Gelöscht : user_pref("CT2269050.FirstTimeSettingsDone", true);
Gelöscht : user_pref("CT2269050.FixPageNotFoundErrors", true);
Gelöscht : user_pref("CT2269050.GroupingServerCheckInterval", 1440);
Gelöscht : user_pref("CT2269050.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Gelöscht : user_pref("CT2269050.HasUserGlobalKeys", true);
Gelöscht : user_pref("CT2269050.Initialize", true);
Gelöscht : user_pref("CT2269050.InitializeCommonPrefs", true);
Gelöscht : user_pref("CT2269050.InstallationAndCookieDataSentCount", 3);
Gelöscht : user_pref("CT2269050.InstallationType", "UnknownIntegration");
Gelöscht : user_pref("CT2269050.InstalledDate", "Fri Jan 21 2011 07:49:56 GMT+0100");
Gelöscht : user_pref("CT2269050.InvalidateCache", false);
Gelöscht : user_pref("CT2269050.IsGrouping", false);
Gelöscht : user_pref("CT2269050.IsMulticommunity", false);
Gelöscht : user_pref("CT2269050.IsOpenThankYouPage", false);
Gelöscht : user_pref("CT2269050.IsOpenUninstallPage", false);
Gelöscht : user_pref("CT2269050.LanguagePackLastCheckTime", "Sat Dec 29 2012 17:09:45 GMT+0100");
Gelöscht : user_pref("CT2269050.LanguagePackReloadIntervalMM", 1440);
Gelöscht : user_pref("CT2269050.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Gelöscht : user_pref("CT2269050.LastLogin_2.7.2.0", "Fri Jan 21 2011 07:49:57 GMT+0100");
Gelöscht : user_pref("CT2269050.LastLogin_3.12.0.7", "Wed Apr 25 2012 22:23:28 GMT+0200");
Gelöscht : user_pref("CT2269050.LastLogin_3.12.2.3", "Wed May 30 2012 15:11:47 GMT+0200");
Gelöscht : user_pref("CT2269050.LastLogin_3.13.0.6", "Wed Jun 27 2012 17:14:23 GMT+0200");
Gelöscht : user_pref("CT2269050.LastLogin_3.14.1.0", "Thu Aug 23 2012 17:46:54 GMT+0200");
Gelöscht : user_pref("CT2269050.LastLogin_3.15.1.0", "Sat Dec 29 2012 17:09:42 GMT+0100");
Gelöscht : user_pref("CT2269050.LastLogin_3.3.3.2", "Sat Mar 26 2011 19:13:40 GMT+0100");
Gelöscht : user_pref("CT2269050.LatestVersion", "3.16.0.3");
Gelöscht : user_pref("CT2269050.Locale", "en");
Gelöscht : user_pref("CT2269050.LoginCache", 4);
Gelöscht : user_pref("CT2269050.MCDetectTooltipHeight", "83");
Gelöscht : user_pref("CT2269050.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Gelöscht : user_pref("CT2269050.MCDetectTooltipWidth", "295");
Gelöscht : user_pref("CT2269050.MyStuffEnabledAtInstallation", true);
Gelöscht : user_pref("CT2269050.RadioIsPodcast", false);
Gelöscht : user_pref("CT2269050.RadioLastCheckTime", "Sat Mar 26 2011 19:13:39 GMT+0100");
Gelöscht : user_pref("CT2269050.RadioLastUpdateIPServer", "3");
Gelöscht : user_pref("CT2269050.RadioLastUpdateServer", "129132338014870000");
Gelöscht : user_pref("CT2269050.RadioMediaID", "12473383");
Gelöscht : user_pref("CT2269050.RadioMediaType", "Media Player");
Gelöscht : user_pref("CT2269050.RadioMenuSelectedID", "EBRadioMenu_CT226905012473383");
Gelöscht : user_pref("CT2269050.RadioStationName", "Hotmix%20108");
Gelöscht : user_pref("CT2269050.RadioStationURL", "hxxp://67.202.67.18:8082");
Gelöscht : user_pref("CT2269050.SavedHomepage", "hxxp://www.gmx.at/");
Gelöscht : user_pref("CT2269050.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Gelöscht : user_pref("CT2269050.SearchFromAddressBarIsInit", true);
Gelöscht : user_pref("CT2269050.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT226[...]
Gelöscht : user_pref("CT2269050.SearchInNewTabEnabled", true);
Gelöscht : user_pref("CT2269050.SearchInNewTabIntervalMM", 1440);
Gelöscht : user_pref("CT2269050.SearchInNewTabLastCheckTime", "Sat Dec 29 2012 17:09:41 GMT+0100");
Gelöscht : user_pref("CT2269050.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Gelöscht : user_pref("CT2269050.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Gelöscht : user_pref("CT2269050.ServiceMapLastCheckTime", "Sat Dec 29 2012 17:09:42 GMT+0100");
Gelöscht : user_pref("CT2269050.SettingsCheckIntervalMin", 120);
Gelöscht : user_pref("CT2269050.SettingsLastCheckTime", "Sat Dec 29 2012 17:09:41 GMT+0100");
Gelöscht : user_pref("CT2269050.SettingsLastUpdate", "1356544299");
Gelöscht : user_pref("CT2269050.ThirdPartyComponentsInterval", 504);
Gelöscht : user_pref("CT2269050.ThirdPartyComponentsLastCheck", "Sat Mar 26 2011 19:13:39 GMT+0100");
Gelöscht : user_pref("CT2269050.ThirdPartyComponentsLastUpdate", "1246790578");
Gelöscht : user_pref("CT2269050.ToolbarShrinkedFromSetup", false);
Gelöscht : user_pref("CT2269050.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2269050");
Gelöscht : user_pref("CT2269050.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Gelöscht : user_pref("CT2269050.UserID", "UN54607093203919692");
Gelöscht : user_pref("CT2269050.ValidationData_Toolbar", 1);
Gelöscht : user_pref("CT2269050.WeatherNetwork", "");
Gelöscht : user_pref("CT2269050.WeatherPollDate", "Sat Mar 26 2011 19:13:40 GMT+0100");
Gelöscht : user_pref("CT2269050.WeatherUnit", "C");
Gelöscht : user_pref("CT2269050.alertChannelId", "666138");
Gelöscht : user_pref("CT2269050.backendstorage.youtubelang", "4445");
Gelöscht : user_pref("CT2269050.clientLogIsEnabled", true);
Gelöscht : user_pref("CT2269050.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Gelöscht : user_pref("CT2269050.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Gelöscht : user_pref("CT2269050.globalFirstTimeInfoLastCheckTime", "Sat Mar 26 2011 19:13:39 GMT+0100");
Gelöscht : user_pref("CT2269050.homepageProtectorEnableByLogin", true);
Gelöscht : user_pref("CT2269050.initDone", true);
Gelöscht : user_pref("CT2269050.isAppTrackingManagerOn", true);
Gelöscht : user_pref("CT2269050.myStuffEnabled", true);
Gelöscht : user_pref("CT2269050.myStuffPublihserMinWidth", 400);
Gelöscht : user_pref("CT2269050.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Gelöscht : user_pref("CT2269050.myStuffServiceIntervalMM", 1440);
Gelöscht : user_pref("CT2269050.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Gelöscht : user_pref("CT2269050.oldAppsList", "128834881989343894,128834881989343895,129391330693125668,1195972[...]
Gelöscht : user_pref("CT2269050.revertSettingsEnabled", true);
Gelöscht : user_pref("CT2269050.searchProtectorDialogDelayInSec", 10);
Gelöscht : user_pref("CT2269050.searchProtectorEnableByLogin", true);
Gelöscht : user_pref("CT2269050.testingCtid", "");
Gelöscht : user_pref("CT2269050.toolbarAppMetaDataLastCheckTime", "Sat Dec 29 2012 17:09:42 GMT+0100");
Gelöscht : user_pref("CT2269050.toolbarContextMenuLastCheckTime", "Sat Mar 26 2011 19:13:39 GMT+0100");
Gelöscht : user_pref("CT2269050.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Gelöscht : user_pref("CT2269050.usagesFlag", 2);
Gelöscht : user_pref("CommunityToolbar.CantToolbarBeEngineOwner", "CT2269050");
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2269050/CT2269050[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/AT", "\"0\"")[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2269050", [...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2269050",[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2269050/CT2269050[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"72c[...]
Gelöscht : user_pref("CommunityToolbar.EngineHiddenByUser", true);
Gelöscht : user_pref("CommunityToolbar.EngineOwner", "ConduitEngine");
Gelöscht : user_pref("CommunityToolbar.EngineOwnerGuid", "engine@conduit.com");
Gelöscht : user_pref("CommunityToolbar.EngineOwnerToolbarId", "conduitengine");
Gelöscht : user_pref("CommunityToolbar.IsEngineShown", false);
Gelöscht : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Gelöscht : user_pref("CommunityToolbar.OriginalEngineOwner", "ConduitEngine");
Gelöscht : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "engine@conduit.com");
Gelöscht : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "conduitengine");
Gelöscht : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://plasmoo.com/index.htm?SearchMashi[...]
Gelöscht : user_pref("CommunityToolbar.ToolbarsList", "CT2269050,ConduitEngine");
Gelöscht : user_pref("CommunityToolbar.ToolbarsList2", "CT2269050");
Gelöscht : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Sat Mar 26 2011 05:39:17 GMT+01[...]
Gelöscht : user_pref("CommunityToolbar.alert.alertEnabled", false);
Gelöscht : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Gelöscht : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Sat Mar 26 2011 07:03:01 GMT+0100");
Gelöscht : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Gelöscht : user_pref("CommunityToolbar.alert.locale", "en");
Gelöscht : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Gelöscht : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sat Nov 12 2011 20:26:38 GMT+0100");
Gelöscht : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1313487611");
Gelöscht : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Gelöscht : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Gelöscht : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Gelöscht : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Gelöscht : user_pref("CommunityToolbar.alert.userId", "ecfdd3c3-9952-4160-bdc9-3d94027b4968");
Gelöscht : user_pref("CommunityToolbar.globalUserId", "cdfc3198-5cc4-41dd-8eae-9195e033b451");
Gelöscht : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Gelöscht : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Gelöscht : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2269050");
Gelöscht : user_pref("ConduitEngine.AppTrackingLastCheckTime", "Tue Nov 08 2011 18:49:55 GMT+0100");
Gelöscht : user_pref("ConduitEngine.CTID", "ConduitEngine");
Gelöscht : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Sat Mar 26 2011 05:39:18 GMT+0100");
Gelöscht : user_pref("ConduitEngine.FirstServerDate", "03/26/2011 07");
Gelöscht : user_pref("ConduitEngine.FirstTime", true);
Gelöscht : user_pref("ConduitEngine.FirstTimeFF3", true);
Gelöscht : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Gelöscht : user_pref("ConduitEngine.Initialize", true);
Gelöscht : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Gelöscht : user_pref("ConduitEngine.InstalledDate", "Sat Mar 26 2011 05:39:19 GMT+0100");
Gelöscht : user_pref("ConduitEngine.IsMulticommunity", false);
Gelöscht : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Gelöscht : user_pref("ConduitEngine.IsOpenUninstallPage", true);
Gelöscht : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Sat Mar 26 2011 05:39:18 GMT+0100");
Gelöscht : user_pref("ConduitEngine.LastLogin_3.3.3.2", "Sat Mar 26 2011 18:44:26 GMT+0100");
Gelöscht : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Gelöscht : user_pref("ConduitEngine.SettingsLastCheckTime", "Sat Mar 26 2011 18:44:26 GMT+0100");
Gelöscht : user_pref("ConduitEngine.UserID", "UN85648018056496677");
Gelöscht : user_pref("ConduitEngine.approveUntrustedApps", true);
Gelöscht : user_pref("ConduitEngine.componentAlertEnabled", false);
Gelöscht : user_pref("ConduitEngine.engineLocale", "de");
Gelöscht : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Sat Mar 26 2011 05:39:18 GMT+0100");
Gelöscht : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Sat Mar 26 2011 18:44:27 GMT+0100");
Gelöscht : user_pref("ConduitEngine.initDone", true);
Gelöscht : user_pref("ConduitEngine.isAppTrackingManagerOn", true);
Gelöscht : user_pref("ConduitEngine.isDetectionEnabled", false);
Gelöscht : user_pref("ConduitEngine.usageEnabled", false);
Gelöscht : user_pref("ConduitEngine.usagesFlag", 2);
Gelöscht : user_pref("browser.search.defaultengine", "Ask.com");
Gelöscht : user_pref("browser.search.defaultenginename", "Ask.com");
Gelöscht : user_pref("browser.search.order.1", "Ask.com");
Gelöscht : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://search.conduit.com/ResultsExt.aspx?cti[...]
Gelöscht : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q=");
Gelöscht : user_pref("plasmoo.search.engine.prevkeywordurl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT[...]
Gelöscht : user_pref("plasmoo.search.engine.prevsearchdefaultenginename", "SweetIM Search");
Gelöscht : user_pref("sweetim.toolbar.previous.browser.search.defaulturl", "hxxp://plasmoo.com/index.htm?Search[...]
Gelöscht : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "Google");
Gelöscht : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://www.gmx.at/");
Gelöscht : user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com/?crg=3.1010000&st=12&barid={559D[...]

*************************

AdwCleaner[R1].txt - [25296 octets] - [29/12/2012 17:18:43]
AdwCleaner[R2].txt - [25357 octets] - [29/12/2012 17:23:02]
AdwCleaner[S1].txt - [24776 octets] - [29/12/2012 17:24:47]

########## EOF - C:\AdwCleaner[S1].txt - [24837 octets] ##########
4) Und nochmals ein AdwCleaner von gestern 18:44 Uhr
Code:
# AdwCleaner v2.104 - Datei am 29/12/2012 um 18:44:16 erstellt
# Aktualisiert am 29/12/2012 von Xplode
# Betriebssystem : Windows (TM) Vista Ultimate Service Pack 2 (64 bits)
# Benutzer : Administrator - ADMIN-01
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Administrator\Downloads\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\8ajrspos.default\searchplugins\plasmoo.xml
Gelöscht mit Neustart : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\8ajrspos.default\extensions\engine@plasmoo.com

***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v8.0.6001.19393

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v17.0.1 (de)

Datei : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\8ajrspos.default\prefs.js

Gelöscht : user_pref("browser.search.defaultthis.engineName", "Plasmoo");
Gelöscht : user_pref("extensions.enabledAddons", "engine%40plasmoo.com:1.0.0.32,%7B9AA46F4F-4DC7-4c06-97AF-5035[...]
Gelöscht : user_pref("plasmoo.search.engine.prevsearchdefaultthisenginename", "Search");
Gelöscht : user_pref("plasmoo.search.engine.prevsearchdefaulturl", "");
Gelöscht : user_pref("plasmoo.search.engine.prevsearchselectedengine", "Google");
Gelöscht : user_pref("plasmoo.search.engine.prevstartuphomepage", "hxxp://www.gmx.at/");
Gelöscht : user_pref("plasmoo.search.engine.status", "INSTALLED");

*************************

AdwCleaner[R1].txt - [25296 octets] - [29/12/2012 17:18:43]
AdwCleaner[R2].txt - [25357 octets] - [29/12/2012 17:23:02]
AdwCleaner[R3].txt - [1890 octets] - [29/12/2012 18:42:47]
AdwCleaner[S1].txt - [24889 octets] - [29/12/2012 17:24:47]
AdwCleaner[S2].txt - [1829 octets] - [29/12/2012 18:44:16]

########## EOF - C:\AdwCleaner[S2].txt - [1889 octets] ##########

Das war alles was ich habe, tut mir leid. Mir ist eigentlich bewusst, dass ich den Computer höchstwahrscheinlich neu aufsetzen muss. Doch vorher möchte ich das "Unmögliche" versuchen - mit Deiner Hilfe!

Vielen Dank.

cosinus 30.12.2012 23:23
Haben AntiVir und Malwarebytes wirklich nie etwas gefunden?
Wenn doch, warum postest du nur Logs ohne Funde?

Amadeus_2 31.12.2012 13:30
Guten Morgen Cosinus!

Das ist ja das Eigenartige. Beide Programme haben nichts gefunden und trotzdem zeigt Avira ein verstecktes Objekt und meine Outlookdateien wurden gecrackt.

Ich hege auch den Verdacht, dass vielleicht von meinem Androidhandy mein Gmx gecrackt worden sein könnte, wobei ich es niemals unbeaufsichtigt gelassen habe.

Ich habe jetzt nochmals einen vollständigen Avira-Suchlauf gemacht:
Code:

Avira Free Antivirus
Erstellungsdatum der Reportdatei: Montag, 31. Dezember 2012  09:17


Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer  : Avira Free Antivirus
Seriennummer  : 0000149996-ADJIE-0000001
Plattform      : Windows (TM) Vista Ultimate
Windowsversion : (Service Pack 2)  [6.0.6002]
Boot Modus    : Normal gebootet
Benutzername  : SYSTEM
Computername  : ADMIN-01

Versionsinformationen:
BUILD.DAT      : 13.0.0.2890    48567 Bytes  05.12.2012 17:11:00
AVSCAN.EXE    : 13.6.0.402    639264 Bytes  14.12.2012 17:37:12
AVSCANRC.DLL  : 13.4.0.360    64800 Bytes  14.12.2012 17:37:12
LUKE.DLL      : 13.6.0.400    67360 Bytes  14.12.2012 17:37:28
AVSCPLR.DLL    : 13.6.0.402    93984 Bytes  10.12.2012 16:42:49
AVREG.DLL      : 13.6.0.406    248096 Bytes  10.12.2012 16:42:49
avlode.dll    : 13.6.1.402    428832 Bytes  10.12.2012 16:42:50
avlode.rdf    : 13.0.0.26      7958 Bytes  10.12.2012 16:42:49
VBASE000.VDF  : 7.10.0.0    19875328 Bytes  06.11.2009 14:50:29
VBASE001.VDF  : 7.11.0.0    13342208 Bytes  14.12.2010 14:50:31
VBASE002.VDF  : 7.11.19.170 14374912 Bytes  20.12.2011 14:50:34
VBASE003.VDF  : 7.11.21.238  4472832 Bytes  01.02.2012 14:50:36
VBASE004.VDF  : 7.11.26.44  4329472 Bytes  28.03.2012 14:50:37
VBASE005.VDF  : 7.11.34.116  4034048 Bytes  29.06.2012 14:42:40
VBASE006.VDF  : 7.11.41.250  4902400 Bytes  06.09.2012 14:42:40
VBASE007.VDF  : 7.11.50.230  3904512 Bytes  22.11.2012 15:44:44
VBASE008.VDF  : 7.11.50.231    2048 Bytes  22.11.2012 15:44:44
VBASE009.VDF  : 7.11.50.232    2048 Bytes  22.11.2012 15:44:44
VBASE010.VDF  : 7.11.50.233    2048 Bytes  22.11.2012 15:44:44
VBASE011.VDF  : 7.11.50.234    2048 Bytes  22.11.2012 15:44:44
VBASE012.VDF  : 7.11.50.235    2048 Bytes  22.11.2012 15:44:44
VBASE013.VDF  : 7.11.50.236    2048 Bytes  22.11.2012 15:44:44
VBASE014.VDF  : 7.11.51.27    133632 Bytes  23.11.2012 14:54:13
VBASE015.VDF  : 7.11.51.95    140288 Bytes  26.11.2012 14:54:13
VBASE016.VDF  : 7.11.51.221  164352 Bytes  29.11.2012 15:21:39
VBASE017.VDF  : 7.11.52.29    158208 Bytes  01.12.2012 13:09:14
VBASE018.VDF  : 7.11.52.91    116736 Bytes  03.12.2012 23:16:56
VBASE019.VDF  : 7.11.52.151  137728 Bytes  05.12.2012 16:42:57
VBASE020.VDF  : 7.11.52.225  157696 Bytes  06.12.2012 16:22:09
VBASE021.VDF  : 7.11.53.35    126976 Bytes  08.12.2012 12:08:20
VBASE022.VDF  : 7.11.53.55    225792 Bytes  09.12.2012 18:08:19
VBASE023.VDF  : 7.11.53.93    157184 Bytes  10.12.2012 16:42:48
VBASE024.VDF  : 7.11.53.169  153088 Bytes  12.12.2012 21:49:40
VBASE025.VDF  : 7.11.53.237  152064 Bytes  14.12.2012 07:16:07
VBASE026.VDF  : 7.11.54.23    149504 Bytes  17.12.2012 18:49:55
VBASE027.VDF  : 7.11.54.67    130048 Bytes  18.12.2012 14:48:20
VBASE028.VDF  : 7.11.54.153  292352 Bytes  21.12.2012 07:10:13
VBASE029.VDF  : 7.11.55.1    300032 Bytes  28.12.2012 21:03:20
VBASE030.VDF  : 7.11.55.2      2048 Bytes  28.12.2012 21:03:20
VBASE031.VDF  : 7.11.55.48    96256 Bytes  30.12.2012 21:39:32
Engineversion  : 8.2.10.224
AEVDF.DLL      : 8.1.2.10      102772 Bytes  19.09.2012 14:42:55
AESCRIPT.DLL  : 8.1.4.78      467323 Bytes  21.12.2012 15:05:12
AESCN.DLL      : 8.1.10.0      131445 Bytes  13.12.2012 21:49:43
AESBX.DLL      : 8.2.5.12      606578 Bytes  28.08.2012 16:58:06
AERDL.DLL      : 8.2.0.74      643445 Bytes  16.11.2012 19:15:42
AEPACK.DLL    : 8.3.1.2      819574 Bytes  21.12.2012 15:05:12
AEOFFICE.DLL  : 8.1.2.50      201084 Bytes  16.11.2012 19:15:40
AEHEUR.DLL    : 8.1.4.168    5628280 Bytes  21.12.2012 15:05:11
AEHELP.DLL    : 8.1.25.2      258423 Bytes  16.11.2012 19:15:33
AEGEN.DLL      : 8.1.6.12      434549 Bytes  13.12.2012 21:49:41
AEEXP.DLL      : 8.3.0.4      184692 Bytes  21.12.2012 15:05:13
AEEMU.DLL      : 8.1.3.2      393587 Bytes  19.09.2012 14:42:55
AECORE.DLL    : 8.1.30.0      201079 Bytes  13.12.2012 21:49:41
AEBB.DLL      : 8.1.1.4        53619 Bytes  16.11.2012 19:15:32
AVWINLL.DLL    : 13.4.0.163    25888 Bytes  19.09.2012 18:09:30
AVPREF.DLL    : 13.4.0.360    50464 Bytes  14.12.2012 17:37:11
AVREP.DLL      : 13.4.0.360    177952 Bytes  10.12.2012 16:42:49
AVARKT.DLL    : 13.6.0.402    260384 Bytes  14.12.2012 17:37:07
AVEVTLOG.DLL  : 13.6.0.400    167200 Bytes  14.12.2012 17:37:10
SQLITE3.DLL    : 3.7.0.1      397088 Bytes  19.09.2012 18:17:40
AVSMTP.DLL    : 13.4.0.163    62240 Bytes  19.09.2012 18:08:54
NETNT.DLL      : 13.4.0.360    15648 Bytes  14.12.2012 17:37:28
RCIMAGE.DLL    : 13.4.0.360  4780832 Bytes  14.12.2012 17:37:06
RCTEXT.DLL    : 13.4.0.360    68384 Bytes  14.12.2012 17:37:07

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\program files (x86)\avira\antivir desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:, F:, M:, N:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert

Beginn des Suchlaufs: Montag, 31. Dezember 2012  09:17

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
    [INFO]      Es wurde kein Virus gefunden!
Masterbootsektor HD1
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
    [INFO]      Es wurde kein Virus gefunden!
Bootsektor 'D:\'
    [INFO]      Es wurde kein Virus gefunden!
Bootsektor 'F:\'
    [INFO]      Es wurde kein Virus gefunden!
Bootsektor 'M:\'
    [INFO]      Es wurde kein Virus gefunden!
Bootsektor 'N:\'
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf nach versteckten Objekten wird begonnen.
Versteckter Treiber
  [HINWEIS]  Eine Speicherveränderung wurde entdeckt, die möglicherweise zur versteckten Dateizugriffen missbraucht werden könnte.

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'svchost.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '66' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '102' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '146' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'SLsvc.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '86' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvxdsync.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '93' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '88' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '58' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '71' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbamscheduler.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbamservice.exe' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'NMSAccessU.exe' - '20' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'c2c_service.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '9' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '66' Modul(e) wurden durchsucht
Durchsuche Prozess 'WUDFHost.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'AVWEBGRD.EXE' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbamgui.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '141' Modul(e) wurden durchsucht
Durchsuche Prozess 'msiexec.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '80' Modul(e) wurden durchsucht
Durchsuche Prozess 'MSASCui.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'RAVCpl64.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvtray.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmdc.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'sidebar.exe' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'GoogleToolbarNotifier.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'ehtray.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'Kies.exe' - '87' Modul(e) wurden durchsucht
Durchsuche Prozess 'ehmsas.exe' - '19' Modul(e) wurden durchsucht
Durchsuche Prozess 'KiesPDLR.exe' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'mobsync.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'hpohmr08.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'hpotdd01.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'realsched.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'KiesTrayAgent.exe' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '80' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dropbox.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnscfg.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '96' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '21' Modul(e) wurden durchsucht
Durchsuche Prozess 'WPFFontCache_v0400.exe' - '17' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '81' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '57' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '111' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '30' Modul(e) wurden durchsucht

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '4203' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\'
Beginne mit der Suche in 'D:\'
Beginne mit der Suche in 'F:\' <Foto>
Beginne mit der Suche in 'M:\' <Musik>
Beginne mit der Suche in 'N:\' <32_00_00>


Ende des Suchlaufs: Montag, 31. Dezember 2012  12:32
Benötigte Zeit:  3:15:00 Stunde(n)

Der Suchlauf wurde vollständig durchgeführt.

  48833 Verzeichnisse wurden überprüft
 1005146 Dateien wurden geprüft
      0 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      0 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      0 Dateien konnten nicht durchsucht werden
 1005146 Dateien ohne Befall
  11779 Archive wurden durchsucht
      0 Warnungen
      1 Hinweise
 1063020 Objekte wurden beim Rootkitscan durchsucht
      1 Versteckte Objekte wurden gefunden
Wenn Du keine Chance für mich siehst, dann ersuche ich Dich um eine entsprechende Mitteilung. Die Entscheidung des Neuaufsetzens oder eines neuen Computers fällt dann leichter:-).

Vielen Dank

cosinus 31.12.2012 13:43
Du hast doch das Passwort von deinem GMX-Konto geändert, trat die automatische Mailversendung dann immer noch auf? Bzw. tritt sie jetzt noch auf?

Amadeus_2 31.12.2012 13:49
Nein, seither nicht mehr! Eigentlich stört mich nur mehr dieses eine versteckte Objekt.

cosinus 31.12.2012 13:53
Hast du zufällig die DaemonTools installiert?

Amadeus_2 31.12.2012 14:35
Ist das dieser link Downloads :: DAEMON-Tools.cc ? Hab ich noch nicht! Soll ich?

cosinus 31.12.2012 14:40
Nein?! Einfach die Frage beantworten hätte gereicht!

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.

Malwarebytes Anti-Rootkit http://img.trojaner-board.de/malware...otkit/logo.png

Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Entpacke das Archiv auf deinem Desktop.
  • Im neu erstellten Ordner starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Amadeus_2 31.12.2012 15:12
Malwarebytes Anti-Rootkit brachte: "No malware found".
Kein Logfile wurde erstellt.:confused:

Ahh, entschuldige doch ein Logfile (mein Fehler, hab nicht aktualisiert):
Code:
Malwarebytes Anti-Rootkit 1.01.0.1011
www.malwarebytes.org

Database version: v2012.12.31.04

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 8.0.6001.19393
Administrator :: ADMIN-01 [administrator]

31.12.2012 15:04:06
mbar-log-2012-12-31 (15-04-06).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 36618
Time elapsed: 14 minute(s), 10 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
Keine malware wurde gefunden!

Logfile:
Code:
Malwarebytes Anti-Rootkit 1.01.0.1011
www.malwarebytes.org

Database version: v2012.12.31.04

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 8.0.6001.19393
Administrator :: ADMIN-01 [administrator]

31.12.2012 15:04:06
mbar-log-2012-12-31 (15-04-06).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 36618
Time elapsed: 14 minute(s), 10 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

cosinus 31.12.2012 15:38
1. aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.


2. TDSS-Killer

Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtg4nzy0ywy5/settings_2012-09-04.png

Amadeus_2 31.12.2012 15:51
aswMBR.exe meldet mir folgende Fehlermeldung:
15:48:25.555 Initialize seccess
15:48:31.766 AVAST engine download error: 0

cosinus 31.12.2012 15:53
Zitat:
15:48:31.766 AVAST engine download error: 0
Konnte die Signaturen nicht runterladen - Internetverbindung prüfen!

Amadeus_2 31.12.2012 15:57
Sorry funktioniert schon:
Code:
swMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-12-31 15:53:33
-----------------------------
15:53:33.557    OS Version: Windows x64 6.0.6002 Service Pack 2
15:53:33.557    Number of processors: 4 586 0xF0B
15:53:33.558    ComputerName: ADMIN-01  UserName:
15:53:34.323    Initialize success
15:53:49.372    AVAST engine download error: 0
15:54:34.020    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
15:54:34.024    Disk 0 Vendor: SAMSUNG_HD502IJ 1AA01113 Size: 476940MB BusType: 3
15:54:34.037    Disk 0 MBR read successfully
15:54:34.041    Disk 0 MBR scan
15:54:34.044    Disk 0 Windows VISTA default MBR code
15:54:34.053    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS      100000 MB offset 2048
15:54:34.067    Disk 0 Partition 2 00    07    HPFS/NTFS NTFS      100000 MB offset 204802048
15:54:34.083    Disk 0 Partition 3 00    07    HPFS/NTFS NTFS      176937 MB offset 409602048
15:54:34.090    Disk 0 Partition - 00    0F Extended LBA            100001 MB offset 771969024
15:54:34.113    Disk 0 Partition 4 00    07    HPFS/NTFS NTFS      100000 MB offset 771971072
15:54:34.149    Disk 0 scanning C:\Windows\system32\drivers
15:54:39.449    Service scanning
15:54:47.955    Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
15:54:51.277    Modules scanning
15:54:51.293    Disk 0 trace - called modules:
15:54:51.312    ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys >>UNKNOWN [0xfffffa80048a32c0]<<spnh.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
15:54:51.319    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006365060]
15:54:51.328    3 CLASSPNP.SYS[fffffa6000d3ec33] -> nt!IofCallDriver -> [0xfffffa8004a779b0]
15:54:51.337    5 acpi.sys[fffffa6000b7ffde] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0xfffffa8004a7b940]
15:54:51.346    \Driver\atapi[0xfffffa8004a49490] -> IRP_MJ_CREATE -> 0xfffffa80048a32c0
15:54:51.354    Scan finished successfully
15:55:48.154    Disk 0 MBR has been saved successfully to "D:\Eigene Dateien\Christian\Computer\MBR.dat"
15:55:48.162    The log file has been saved successfully to "D:\Eigene Dateien\Christian\Computer\20121231_aswMBR.txt"

cosinus 31.12.2012 16:08
Was ist mit dem anderen Tool?

Amadeus_2 31.12.2012 16:18
Bzgl TDSS-Killer steh ich auf der Leitung.
Scan ergab Folgendes:

Unsigned file
Service: IDriverT
Suspicious objekt, medium risk

Lockes file
Service: sptd
Suspicious objekt, medium risk

SnippingTool kann ich Dir ja nicht hereinkopieren, oder?
Logfiles finde ich nicht:confused:

cosinus 31.12.2012 16:22
Bitte meine Anleitung komplett lesen; das Log vom TDSS ist direkt auf C!

Amadeus_2 31.12.2012 16:30
Ok! Mich brachte das Wort Windows-Systempartition durcheinander.

Code:
16:02:13.0246 5652  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
16:02:13.0410 5652  ============================================================
16:02:13.0410 5652  Current date / time: 2012/12/31 16:02:13.0410
16:02:13.0410 5652  SystemInfo:
16:02:13.0410 5652 
16:02:13.0410 5652  OS Version: 6.0.6002 ServicePack: 2.0
16:02:13.0410 5652  Product type: Workstation
16:02:13.0410 5652  ComputerName: ADMIN-01
16:02:13.0410 5652  UserName: Administrator
16:02:13.0410 5652  Windows directory: C:\Windows
16:02:13.0410 5652  System windows directory: C:\Windows
16:02:13.0410 5652  Running under WOW64
16:02:13.0410 5652  Processor architecture: Intel x64
16:02:13.0410 5652  Number of processors: 4
16:02:13.0410 5652  Page size: 0x1000
16:02:13.0410 5652  Boot type: Normal boot
16:02:13.0410 5652  ============================================================
16:02:14.0282 5652  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:02:14.0285 5652  Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
16:02:14.0302 5652  ============================================================
16:02:14.0302 5652  \Device\Harddisk0\DR0:
16:02:14.0302 5652  MBR partitions:
16:02:14.0302 5652  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xC350000
16:02:14.0302 5652  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xC350800, BlocksNum 0xC350000
16:02:14.0302 5652  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x186A0800, BlocksNum 0x15994800
16:02:14.0320 5652  \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x2E035800, BlocksNum 0xC350000
16:02:14.0320 5652  \Device\Harddisk1\DR1:
16:02:14.0321 5652  MBR partitions:
16:02:14.0321 5652  \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x3A384C02
16:02:14.0321 5652  ============================================================
16:02:14.0358 5652  C: <-> \Device\Harddisk0\DR0\Partition1
16:02:14.0390 5652  F: <-> \Device\Harddisk0\DR0\Partition3
16:02:14.0424 5652  M: <-> \Device\Harddisk0\DR0\Partition4
16:02:14.0469 5652  D: <-> \Device\Harddisk0\DR0\Partition2
16:02:14.0470 5652  N: <-> \Device\Harddisk1\DR1\Partition1
16:02:14.0470 5652  ============================================================
16:02:14.0470 5652  Initialize success
16:02:14.0470 5652  ============================================================
16:03:05.0096 4212  ============================================================
16:03:05.0096 4212  Scan started
16:03:05.0096 4212  Mode: Manual; SigCheck; TDLFS;
16:03:05.0096 4212  ============================================================
16:03:05.0469 4212  ================ Scan system memory ========================
16:03:05.0470 4212  System memory - ok
16:03:05.0470 4212  ================ Scan services =============================
16:03:05.0504 4212  !SASCORE - ok
16:03:05.0632 4212  [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI            C:\Windows\system32\drivers\acpi.sys
16:03:05.0733 4212  ACPI - ok
16:03:05.0778 4212  [ 2F0683FD2DF1D92E891CACA14B45A8C1 ] adfs            C:\Windows\system32\drivers\adfs.sys
16:03:05.0794 4212  adfs - ok
16:03:05.0885 4212  [ 57A3B9A69F14414ACE12AFD6BA701773 ] Adobe Version Cue CS4 C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
16:03:05.0900 4212  Adobe Version Cue CS4 - ok
16:03:06.0004 4212  [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
16:03:06.0021 4212  AdobeFlashPlayerUpdateSvc - ok
16:03:06.0051 4212  [ F14215E37CF124104575073F782111D2 ] adp94xx        C:\Windows\system32\drivers\adp94xx.sys
16:03:06.0089 4212  adp94xx - ok
16:03:06.0109 4212  [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci        C:\Windows\system32\drivers\adpahci.sys
16:03:06.0142 4212  adpahci - ok
16:03:06.0164 4212  [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
16:03:06.0180 4212  adpu160m - ok
16:03:06.0197 4212  [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320        C:\Windows\system32\drivers\adpu320.sys
16:03:06.0213 4212  adpu320 - ok
16:03:06.0250 4212  [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc    C:\Windows\System32\aelupsvc.dll
16:03:06.0283 4212  AeLookupSvc - ok
16:03:06.0325 4212  [ C4F6CE6087760AD70960C9EB130E7943 ] AFD            C:\Windows\system32\drivers\afd.sys
16:03:06.0424 4212  AFD - ok
16:03:06.0446 4212  AFS - ok
16:03:06.0470 4212  [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440          C:\Windows\system32\drivers\agp440.sys
16:03:06.0487 4212  agp440 - ok
16:03:06.0504 4212  [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx        C:\Windows\system32\drivers\djsvs.sys
16:03:06.0522 4212  aic78xx - ok
16:03:06.0538 4212  [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG            C:\Windows\System32\alg.exe
16:03:06.0669 4212  ALG - ok
16:03:06.0681 4212  [ 157D0898D4B73F075CE9FA26B482DF98 ] aliide          C:\Windows\system32\drivers\aliide.sys
16:03:06.0697 4212  aliide - ok
16:03:06.0706 4212  [ 970FA5059E61E30D25307B99903E991E ] amdide          C:\Windows\system32\drivers\amdide.sys
16:03:06.0721 4212  amdide - ok
16:03:06.0740 4212  [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8          C:\Windows\system32\drivers\amdk8.sys
16:03:06.0793 4212  AmdK8 - ok
16:03:06.0858 4212  [ 0FA2D8304ECA29CA0AB7E3EE50FD585A ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
16:03:06.0873 4212  AntiVirSchedulerService - ok
16:03:06.0908 4212  [ 5C69AAC8A59207DA9710FF2E42D6F80F ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
16:03:06.0922 4212  AntiVirService - ok
16:03:06.0948 4212  [ 255527AB98293EA390352A8C53B0042A ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
16:03:06.0996 4212  AntiVirWebService - ok
16:03:07.0024 4212  [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo        C:\Windows\System32\appinfo.dll
16:03:07.0050 4212  Appinfo - ok
16:03:07.0075 4212  [ 3DA98C07B18A676180FE7EED924D1673 ] AppMgmt        C:\Windows\System32\appmgmts.dll
16:03:07.0128 4212  AppMgmt - ok
16:03:07.0147 4212  [ BA8417D4765F3988FF921F30F630E303 ] arc            C:\Windows\system32\drivers\arc.sys
16:03:07.0166 4212  arc - ok
16:03:07.0184 4212  [ 9D41C435619733B34CC16A511E644B11 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
16:03:07.0203 4212  arcsas - ok
16:03:07.0254 4212  aspnet_state - ok
16:03:07.0270 4212  [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
16:03:07.0343 4212  AsyncMac - ok
16:03:07.0381 4212  [ E68D9B3A3905619732F7FE039466A623 ] atapi          C:\Windows\system32\drivers\atapi.sys
16:03:07.0399 4212  atapi - ok
16:03:07.0437 4212  [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:03:07.0499 4212  AudioEndpointBuilder - ok
16:03:07.0509 4212  [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
16:03:07.0557 4212  AudioSrv - ok
16:03:07.0582 4212  [ BFE9598EBC3934CF8D876A303849C896 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
16:03:07.0597 4212  avgntflt - ok
16:03:07.0620 4212  [ F74D86A9FB35FA5F24627B8DBBF3A9A4 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
16:03:07.0637 4212  avipbb - ok
16:03:07.0654 4212  [ CD0E732347BF09717E0BDDC0C66699AB ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
16:03:07.0668 4212  avkmgr - ok
16:03:07.0711 4212  [ FFB96C2589FFA60473EAD78B39FBDE29 ] BFE            C:\Windows\System32\bfe.dll
16:03:07.0770 4212  BFE - ok
16:03:07.0824 4212  [ 6D316F4859634071CC25C4FD4589AD2C ] BITS            C:\Windows\System32\qmgr.dll
16:03:07.0898 4212  BITS - ok
16:03:07.0924 4212  [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
16:03:07.0958 4212  blbdrive - ok
16:03:07.0986 4212  [ 2348447A80920B2493A9B582A23E81E1 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
16:03:08.0016 4212  bowser - ok
16:03:08.0029 4212  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
16:03:08.0062 4212  BrFiltLo - ok
16:03:08.0072 4212  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
16:03:08.0111 4212  BrFiltUp - ok
16:03:08.0150 4212  [ A1B39DE453433B115B4EA69EE0343816 ] Browser        C:\Windows\System32\browser.dll
16:03:08.0197 4212  Browser - ok
16:03:08.0210 4212  [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid        C:\Windows\system32\drivers\brserid.sys
16:03:08.0378 4212  Brserid - ok
16:03:08.0395 4212  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
16:03:08.0476 4212  BrSerWdm - ok
16:03:08.0489 4212  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
16:03:08.0562 4212  BrUsbMdm - ok
16:03:08.0581 4212  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
16:03:08.0651 4212  BrUsbSer - ok
16:03:08.0664 4212  [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
16:03:08.0724 4212  BTHMODEM - ok
16:03:08.0765 4212  [ 22E65FFD640F16968F855F5B3528D366 ] BthServ        C:\Windows\System32\bthserv.dll
16:03:08.0793 4212  BthServ - ok
16:03:08.0805 4212  [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
16:03:08.0849 4212  cdfs - ok
16:03:08.0876 4212  [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom          C:\Windows\system32\DRIVERS\cdrom.sys
16:03:08.0902 4212  cdrom - ok
16:03:08.0930 4212  [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc    C:\Windows\System32\certprop.dll
16:03:08.0967 4212  CertPropSvc - ok
16:03:08.0988 4212  [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass        C:\Windows\system32\drivers\circlass.sys
16:03:09.0049 4212  circlass - ok
16:03:09.0078 4212  [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS            C:\Windows\system32\CLFS.sys
16:03:09.0104 4212  CLFS - ok
16:03:09.0116 4212  [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:03:09.0129 4212  clr_optimization_v2.0.50727_32 - ok
16:03:09.0184 4212  [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:03:09.0198 4212  clr_optimization_v2.0.50727_64 - ok
16:03:09.0272 4212  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:03:09.0286 4212  clr_optimization_v4.0.30319_32 - ok
16:03:09.0327 4212  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:03:09.0341 4212  clr_optimization_v4.0.30319_64 - ok
16:03:09.0357 4212  [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
16:03:09.0370 4212  cmdide - ok
16:03:09.0385 4212  [ 7FB8AD01DB0EABE60C8A861531A8F431 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
16:03:09.0401 4212  Compbatt - ok
16:03:09.0405 4212  COMSysApp - ok
16:03:09.0410 4212  [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk        C:\Windows\system32\drivers\crcdisk.sys
16:03:09.0424 4212  crcdisk - ok
16:03:09.0471 4212  [ CA78B312C44E4D52E842C2C8BD48E452 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
16:03:09.0520 4212  CryptSvc - ok
16:03:09.0539 4212  [ F60F50C8ED3FCBE358430B95FE27D09C ] CSC            C:\Windows\system32\drivers\csc.sys
16:03:09.0592 4212  CSC - ok
16:03:09.0639 4212  [ 1B5F256D31836ED2BA60B3A6C800200C ] CscService      C:\Windows\System32\cscsvc.dll
16:03:09.0721 4212  CscService - ok
16:03:09.0761 4212  [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch      C:\Windows\system32\rpcss.dll
16:03:09.0856 4212  DcomLaunch - ok
16:03:09.0884 4212  [ 8B722BA35205C71E7951CDC4CDBADE19 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
16:03:09.0910 4212  DfsC - ok
16:03:10.0003 4212  [ C647F468F7DE343DF8C143655C5557D4 ] DFSR            C:\Windows\system32\DFSR.exe
16:03:10.0152 4212  DFSR - ok
16:03:10.0169 4212  dgderdrv - ok
16:03:10.0206 4212  [ B9430166FEB246F6070A62B3554932C9 ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
16:03:10.0222 4212  dg_ssudbus - ok
16:03:10.0258 4212  [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
16:03:10.0307 4212  Dhcp - ok
16:03:10.0336 4212  [ B0107E40ECDB5FA692EBF832F295D905 ] disk            C:\Windows\system32\drivers\disk.sys
16:03:10.0356 4212  disk - ok
16:03:10.0389 4212  [ 06230F1B721494A6DF8D47FD395BB1B0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
16:03:10.0432 4212  Dnscache - ok
16:03:10.0460 4212  [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc        C:\Windows\System32\dot3svc.dll
16:03:10.0518 4212  dot3svc - ok
16:03:10.0546 4212  [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS            C:\Windows\system32\dps.dll
16:03:10.0601 4212  DPS - ok
16:03:10.0638 4212  [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud        C:\Windows\system32\drivers\drmkaud.sys
16:03:10.0675 4212  drmkaud - ok
16:03:10.0726 4212  [ B8E554E502D5123BC111F99D6A2181B4 ] DXGKrnl        C:\Windows\System32\drivers\dxgkrnl.sys
16:03:10.0769 4212  DXGKrnl - ok
16:03:10.0799 4212  [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60          C:\Windows\system32\DRIVERS\E1G6032E.sys
16:03:10.0865 4212  E1G60 - ok
16:03:10.0890 4212  [ C2303883FD9BE49DC36A6400643002EA ] EapHost        C:\Windows\System32\eapsvc.dll
16:03:10.0923 4212  EapHost - ok
16:03:10.0937 4212  [ 5F94962BE5A62DB6E447FF6470C4F48A ] Ecache          C:\Windows\system32\drivers\ecache.sys
16:03:10.0957 4212  Ecache - ok
16:03:11.0000 4212  [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr        C:\Windows\ehome\ehRecvr.exe
16:03:11.0054 4212  ehRecvr - ok
16:03:11.0076 4212  [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched        C:\Windows\ehome\ehsched.exe
16:03:11.0114 4212  ehSched - ok
16:03:11.0132 4212  [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart        C:\Windows\ehome\ehstart.dll
16:03:11.0156 4212  ehstart - ok
16:03:11.0175 4212  [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor        C:\Windows\system32\drivers\elxstor.sys
16:03:11.0218 4212  elxstor - ok
16:03:11.0258 4212  [ A9B18B63A4FD6BAAB83326706D857FAB ] EMDMgmt        C:\Windows\system32\emdmgmt.dll
16:03:11.0324 4212  EMDMgmt - ok
16:03:11.0339 4212  [ BC3A58E938BB277E46BF4B3003B01ABD ] ErrDev          C:\Windows\system32\drivers\errdev.sys
16:03:11.0414 4212  ErrDev - ok
16:03:11.0457 4212  [ E12F22B73F153DECE721CD45EC05B4AF ] EventSystem    C:\Windows\system32\es.dll
16:03:11.0520 4212  EventSystem - ok
16:03:11.0547 4212  [ 486844F47B6636044A42454614ED4523 ] exfat          C:\Windows\system32\drivers\exfat.sys
16:03:11.0614 4212  exfat - ok
16:03:11.0646 4212  [ 1A4BEE34277784619DDAF0422C0C6E23 ] fastfat        C:\Windows\system32\drivers\fastfat.sys
16:03:11.0698 4212  fastfat - ok
16:03:11.0744 4212  [ 989A776A2FF32A148FCF15C44058B129 ] Fax            C:\Windows\system32\fxssvc.exe
16:03:11.0814 4212  Fax - ok
16:03:11.0843 4212  [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc            C:\Windows\system32\DRIVERS\fdc.sys
16:03:11.0901 4212  fdc - ok
16:03:11.0913 4212  [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost        C:\Windows\system32\fdPHost.dll
16:03:11.0965 4212  fdPHost - ok
16:03:11.0974 4212  [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub        C:\Windows\system32\fdrespub.dll
16:03:12.0050 4212  FDResPub - ok
16:03:12.0061 4212  [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
16:03:12.0078 4212  FileInfo - ok
16:03:12.0094 4212  [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace      C:\Windows\system32\drivers\filetrace.sys
16:03:12.0124 4212  Filetrace - ok
16:03:12.0167 4212  [ 1F63900E2EB00101B9ACA2B7A870704E ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
16:03:12.0194 4212  FLEXnet Licensing Service - ok
16:03:12.0245 4212  [ 1C3FB052A0BB72EDAED90785C34D6EED ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
16:03:12.0284 4212  FLEXnet Licensing Service 64 - ok
16:03:12.0298 4212  [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
16:03:12.0328 4212  flpydisk - ok
16:03:12.0359 4212  [ E3041BC26D6930D61F42AEDB79C91720 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
16:03:12.0375 4212  FltMgr - ok
16:03:12.0444 4212  [ BE1C5BD1CA7ED015BC6FA1AE67E592C8 ] FontCache      C:\Windows\system32\FntCache.dll
16:03:12.0504 4212  FontCache - ok
16:03:12.0551 4212  [ BC5B0BE5AF3510B0FD8C140EE42C6D3E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:03:12.0563 4212  FontCache3.0.0.0 - ok
16:03:12.0584 4212  [ 5779B86CD8B32519FBECB136394D946A ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
16:03:12.0622 4212  Fs_Rec - ok
16:03:12.0657 4212  [ 849E38DB7D829962D0233A0A252B60C3 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
16:03:12.0673 4212  fvevol - ok
16:03:12.0696 4212  [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
16:03:12.0711 4212  gagp30kx - ok
16:03:12.0731 4212  GMSIPCI - ok
16:03:12.0758 4212  [ A0E1B575BA8F504968CD40C0FAEB2384 ] gpsvc          C:\Windows\System32\gpsvc.dll
16:03:12.0831 4212  gpsvc - ok
16:03:12.0907 4212  [ 626A24ED1228580B9518C01930936DF9 ] gupdate1c98c769edd0804 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:03:12.0920 4212  gupdate1c98c769edd0804 - ok
16:03:12.0938 4212  [ 626A24ED1228580B9518C01930936DF9 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:03:12.0950 4212  gupdatem - ok
16:03:12.0983 4212  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc          C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
16:03:12.0997 4212  gusvc - ok
16:03:13.0040 4212  [ DF45F8142DC6DF9D18C39B3EFFBD0409 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:03:13.0121 4212  HdAudAddService - ok
16:03:13.0162 4212  [ F942C5820205F2FB453243EDFEC82A3D ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
16:03:13.0231 4212  HDAudBus - ok
16:03:13.0257 4212  [ B4881C84A180E75B8C25DC1D726C375F ] HidBth          C:\Windows\system32\drivers\hidbth.sys
16:03:13.0330 4212  HidBth - ok
16:03:13.0348 4212  [ 4E77A77E2C986E8F88F996BB3E1AD829 ] HidIr          C:\Windows\system32\drivers\hidir.sys
16:03:13.0432 4212  HidIr - ok
16:03:13.0464 4212  [ 59361D38A297755D46A540E450202B2A ] hidserv        C:\Windows\system32\hidserv.dll
16:03:13.0506 4212  hidserv - ok
16:03:13.0530 4212  [ 443BDD2D30BB4F00795C797E2CF99EDF ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
16:03:13.0579 4212  HidUsb - ok
16:03:13.0615 4212  [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc          C:\Windows\system32\kmsvc.dll
16:03:13.0672 4212  hkmsvc - ok
16:03:13.0687 4212  [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs        C:\Windows\system32\drivers\hpcisss.sys
16:03:13.0704 4212  HpCISSs - ok
16:03:13.0762 4212  [ 098F1E4E5C9CB5B0063A959063631610 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
16:03:13.0919 4212  HTTP - ok
16:03:13.0937 4212  [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp          C:\Windows\system32\drivers\i2omp.sys
16:03:13.0953 4212  i2omp - ok
16:03:13.0970 4212  [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
16:03:14.0003 4212  i8042prt - ok
16:03:14.0022 4212  [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV        C:\Windows\system32\drivers\iastorv.sys
16:03:14.0045 4212  iaStorV - ok
16:03:14.0115 4212  [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
16:03:14.0126 4212  IDriverT ( UnsignedFile.Multi.Generic ) - warning
16:03:14.0126 4212  IDriverT - detected UnsignedFile.Multi.Generic (1)
16:03:14.0177 4212  [ 749F5F8CEDCA70F2A512945325FC489D ] idsvc          C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:03:14.0243 4212  idsvc - ok
16:03:14.0276 4212  [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp          C:\Windows\system32\drivers\iirsp.sys
16:03:14.0292 4212  iirsp - ok
16:03:14.0342 4212  [ 0C9EA6E654E7B0471741E343A6C671AF ] IKEEXT          C:\Windows\System32\ikeext.dll
16:03:14.0394 4212  IKEEXT - ok
16:03:14.0451 4212  [ 2C62599E693372A9221C262B8040E3AC ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
16:03:14.0526 4212  IntcAzAudAddService - ok
16:03:14.0554 4212  [ DF797A12176F11B2D301C5B234BB200E ] intelide        C:\Windows\system32\drivers\intelide.sys
16:03:14.0572 4212  intelide - ok
16:03:14.0591 4212  [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
16:03:14.0644 4212  intelppm - ok
16:03:14.0668 4212  [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum      C:\Windows\system32\ipbusenum.dll
16:03:14.0726 4212  IPBusEnum - ok
16:03:14.0747 4212  [ D8AABC341311E4780D6FCE8C73C0AD81 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:03:14.0794 4212  IpFilterDriver - ok
16:03:14.0833 4212  [ BF0DBFA9792C5C14FA00F61C75116C1B ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
16:03:14.0865 4212  iphlpsvc - ok
16:03:14.0870 4212  IpInIp - ok
16:03:14.0894 4212  [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV        C:\Windows\system32\drivers\ipmidrv.sys
16:03:14.0950 4212  IPMIDRV - ok
16:03:14.0967 4212  [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT          C:\Windows\system32\DRIVERS\ipnat.sys
16:03:15.0013 4212  IPNAT - ok
16:03:15.0033 4212  [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM          C:\Windows\system32\drivers\irenum.sys
16:03:15.0076 4212  IRENUM - ok
16:03:15.0086 4212  [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp          C:\Windows\system32\drivers\isapnp.sys
16:03:15.0103 4212  isapnp - ok
16:03:15.0127 4212  [ E4FDF99599F27EC25D2CF6D754243520 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
16:03:15.0147 4212  iScsiPrt - ok
16:03:15.0165 4212  [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
16:03:15.0182 4212  iteatapi - ok
16:03:15.0198 4212  [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid        C:\Windows\system32\drivers\iteraid.sys
16:03:15.0214 4212  iteraid - ok
16:03:15.0226 4212  [ 423696F3BA6472DD17699209B933BC26 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
16:03:15.0242 4212  kbdclass - ok
16:03:15.0256 4212  [ BF8783A5066CFECF45095459E8010FA7 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
16:03:15.0312 4212  kbdhid - ok
16:03:15.0356 4212  [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] KeyIso          C:\Windows\system32\lsass.exe
16:03:15.0376 4212  KeyIso - ok
16:03:15.0422 4212  [ 88956AD9FA510848AD176777A6C6C1F5 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
16:03:15.0460 4212  KSecDD - ok
16:03:15.0467 4212  [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk        C:\Windows\system32\drivers\ksthunk.sys
16:03:15.0510 4212  ksthunk - ok
16:03:15.0542 4212  [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm          C:\Windows\system32\msdtckrm.dll
16:03:15.0602 4212  KtmRm - ok
16:03:15.0652 4212  [ 50C7A3CB427E9BB5ED0708A669956AB5 ] LanmanServer    C:\Windows\system32\srvsvc.dll
16:03:15.0679 4212  LanmanServer - ok
16:03:15.0709 4212  [ CAF86FC1388BE1E470F1A7B43E348ADB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:03:15.0726 4212  LanmanWorkstation - ok
16:03:15.0736 4212  [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
16:03:15.0784 4212  lltdio - ok
16:03:15.0816 4212  [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc        C:\Windows\System32\lltdsvc.dll
16:03:15.0875 4212  lltdsvc - ok
16:03:15.0894 4212  [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts        C:\Windows\System32\lmhsvc.dll
16:03:15.0929 4212  lmhosts - ok
16:03:15.0948 4212  [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
16:03:15.0963 4212  LSI_FC - ok
16:03:15.0978 4212  [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS        C:\Windows\system32\drivers\lsi_sas.sys
16:03:15.0993 4212  LSI_SAS - ok
16:03:16.0011 4212  [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
16:03:16.0026 4212  LSI_SCSI - ok
16:03:16.0055 4212  [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv          C:\Windows\system32\drivers\luafv.sys
16:03:16.0107 4212  luafv - ok
16:03:16.0142 4212  [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc        C:\Windows\system32\Mcx2Svc.dll
16:03:16.0158 4212  Mcx2Svc - ok
16:03:16.0178 4212  [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas        C:\Windows\system32\drivers\megasas.sys
16:03:16.0191 4212  megasas - ok
16:03:16.0212 4212  [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
16:03:16.0261 4212  MegaSR - ok
16:03:16.0288 4212  [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS          C:\Windows\system32\mmcss.dll
16:03:16.0355 4212  MMCSS - ok
16:03:16.0374 4212  [ 59848D5CC74606F0EE7557983BB73C2E ] Modem          C:\Windows\system32\drivers\modem.sys
16:03:16.0422 4212  Modem - ok
16:03:16.0451 4212  [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor        C:\Windows\system32\DRIVERS\monitor.sys
16:03:16.0491 4212  monitor - ok
16:03:16.0503 4212  [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
16:03:16.0520 4212  mouclass - ok
16:03:16.0527 4212  [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
16:03:16.0581 4212  mouhid - ok
16:03:16.0601 4212  [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
16:03:16.0617 4212  MountMgr - ok
16:03:16.0674 4212  [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
16:03:16.0689 4212  MozillaMaintenance - ok
16:03:16.0705 4212  [ F8276EB8698142884498A528DFEA8478 ] mpio            C:\Windows\system32\drivers\mpio.sys
16:03:16.0722 4212  mpio - ok
16:03:16.0740 4212  [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
16:03:16.0769 4212  mpsdrv - ok
16:03:16.0817 4212  [ 897E3BAF68BA406A61682AE39C83900C ] MpsSvc          C:\Windows\system32\mpssvc.dll
16:03:16.0855 4212  MpsSvc - ok
16:03:16.0871 4212  [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
16:03:16.0882 4212  Mraid35x - ok
16:03:16.0914 4212  [ 7C1DE4AA96DC0C071611F9E7DE02A68D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
16:03:16.0937 4212  MRxDAV - ok
16:03:16.0973 4212  [ 1485811B320FF8C7EDAD1CAEBB1C6C2B ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
16:03:16.0994 4212  mrxsmb - ok
16:03:17.0028 4212  [ 3B929A60C833FC615FD97FBA82BC7632 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:03:17.0044 4212  mrxsmb10 - ok
16:03:17.0050 4212  [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:03:17.0081 4212  mrxsmb20 - ok
16:03:17.0093 4212  [ 1AC860612B85D8E85EE257D372E39F4D ] msahci          C:\Windows\system32\drivers\msahci.sys
16:03:17.0106 4212  msahci - ok
16:03:17.0122 4212  [ 264BBB4AAF312A485F0E44B65A6B7202 ] msdsm          C:\Windows\system32\drivers\msdsm.sys
16:03:17.0137 4212  msdsm - ok
16:03:17.0156 4212  [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC          C:\Windows\System32\msdtc.exe
16:03:17.0204 4212  MSDTC - ok
16:03:17.0232 4212  [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs            C:\Windows\system32\drivers\Msfs.sys
16:03:17.0278 4212  Msfs - ok
16:03:17.0292 4212  [ 00EBC952961664780D43DCA157E79B27 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
16:03:17.0305 4212  msisadrv - ok
16:03:17.0327 4212  [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI        C:\Windows\system32\iscsiexe.dll
16:03:17.0368 4212  MSiSCSI - ok
16:03:17.0371 4212  msiserver - ok
16:03:17.0402 4212  [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV        C:\Windows\system32\drivers\MSKSSRV.sys
16:03:17.0449 4212  MSKSSRV - ok
16:03:17.0465 4212  [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
16:03:17.0508 4212  MSPCLOCK - ok
16:03:17.0522 4212  [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM          C:\Windows\system32\drivers\MSPQM.sys
16:03:17.0559 4212  MSPQM - ok
16:03:17.0588 4212  [ DC6CCF440CDEDE4293DB41C37A5060A5 ] MsRPC          C:\Windows\system32\drivers\MsRPC.sys
16:03:17.0610 4212  MsRPC - ok
16:03:17.0619 4212  [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
16:03:17.0632 4212  mssmbios - ok
16:03:17.0646 4212  [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE          C:\Windows\system32\drivers\MSTEE.sys
16:03:17.0689 4212  MSTEE - ok
16:03:17.0694 4212  [ 0CC49F78D8ACA0877D885F149084E543 ] Mup            C:\Windows\system32\Drivers\mup.sys
16:03:17.0708 4212  Mup - ok
16:03:17.0739 4212  [ A5B10C845E7538C60C0F5D87A57CB3F5 ] napagent        C:\Windows\system32\qagentRT.dll
16:03:17.0791 4212  napagent - ok
16:03:17.0822 4212  [ 2007B826C4ACD94AE32232B41F0842B9 ] NativeWifiP    C:\Windows\system32\DRIVERS\nwifi.sys
16:03:17.0845 4212  NativeWifiP - ok
16:03:17.0886 4212  [ 65950E07329FCEE8E6516B17C8D0ABB6 ] NDIS            C:\Windows\system32\drivers\ndis.sys
16:03:17.0921 4212  NDIS - ok
16:03:17.0943 4212  [ 64DF698A425478E321981431AC171334 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
16:03:17.0983 4212  NdisTapi - ok
16:03:17.0999 4212  [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio        C:\Windows\system32\DRIVERS\ndisuio.sys
16:03:18.0044 4212  Ndisuio - ok
16:03:18.0073 4212  [ F8158771905260982CE724076419EF19 ] NdisWan        C:\Windows\system32\DRIVERS\ndiswan.sys
16:03:18.0108 4212  NdisWan - ok
16:03:18.0135 4212  [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy        C:\Windows\system32\drivers\NDProxy.sys
16:03:18.0160 4212  NDProxy - ok
16:03:18.0173 4212  [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS        C:\Windows\system32\DRIVERS\netbios.sys
16:03:18.0219 4212  NetBIOS - ok
16:03:18.0254 4212  [ FC2C792EBDDC8E28DF939D6A92C83D61 ] netbt          C:\Windows\system32\DRIVERS\netbt.sys
16:03:18.0285 4212  netbt - ok
16:03:18.0290 4212  [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] Netlogon        C:\Windows\system32\lsass.exe
16:03:18.0305 4212  Netlogon - ok
16:03:18.0337 4212  [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman          C:\Windows\System32\netman.dll
16:03:18.0406 4212  Netman - ok
16:03:18.0422 4212  [ 7846D0136CC2B264926A73047BA7688A ] netprofm        C:\Windows\System32\netprofm.dll
16:03:18.0471 4212  netprofm - ok
16:03:18.0493 4212  [ 74751DDA198165947FD7454D83F49825 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:03:18.0508 4212  NetTcpPortSharing - ok
16:03:18.0523 4212  [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960        C:\Windows\system32\drivers\nfrd960.sys
16:03:18.0538 4212  nfrd960 - ok
16:03:18.0560 4212  [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc          C:\Windows\System32\nlasvc.dll
16:03:18.0620 4212  NlaSvc - ok
16:03:18.0670 4212  [ FD306FBCCE7ADB1077B709742E7148E9 ] NMSAccessU      C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
16:03:18.0679 4212  NMSAccessU - ok
16:03:18.0695 4212  [ B298874F8E0EA93F06EC40AA8D146478 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
16:03:18.0718 4212  Npfs - ok
16:03:18.0733 4212  [ ACB62BAA1C319B17752553DF3026EEEB ] nsi            C:\Windows\system32\nsisvc.dll
16:03:18.0775 4212  nsi - ok
16:03:18.0779 4212  [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
16:03:18.0823 4212  nsiproxy - ok
16:03:18.0876 4212  [ BAC869DFB98E499BA4D9BB1FB43270E1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
16:03:18.0961 4212  Ntfs - ok
16:03:18.0982 4212  [ DD5D684975352B85B52E3FD5347C20CB ] Null            C:\Windows\system32\drivers\Null.sys
16:03:19.0015 4212  Null - ok
16:03:19.0072 4212  [ 99ED33F7FE39026A477893D92AEA5EF0 ] NVENETFD        C:\Windows\system32\DRIVERS\nvmfdx64.sys
16:03:19.0129 4212  NVENETFD - ok
16:03:19.0415 4212  [ 5104BAC2DA2A5BDD86AC6B0708B00F06 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:03:19.0936 4212  nvlddmkm - ok
16:03:19.0971 4212  [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
16:03:19.0990 4212  nvraid - ok
16:03:20.0020 4212  [ F6C6D8298DD85507F680437EC2E6899C ] nvsmu          C:\Windows\system32\DRIVERS\nvsmu.sys
16:03:20.0033 4212  nvsmu - ok
16:03:20.0048 4212  [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor          C:\Windows\system32\drivers\nvstor.sys
16:03:20.0059 4212  nvstor - ok
16:03:20.0101 4212  [ DDFAFCE89A5C93D04712B86F94E9FCBA ] nvsvc          C:\Windows\system32\nvvsvc.exe
16:03:20.0133 4212  nvsvc - ok
16:03:20.0197 4212  [ 84E035225474E48CD3A6A3CE52332095 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
16:03:20.0272 4212  nvUpdatusService - ok
16:03:20.0285 4212  [ 19067CA93075EF4823E3938A686F532F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
16:03:20.0298 4212  nv_agp - ok
16:03:20.0302 4212  NwlnkFlt - ok
16:03:20.0307 4212  NwlnkFwd - ok
16:03:20.0370 4212  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:03:20.0392 4212  odserv - ok
16:03:20.0411 4212  [ 7B58953E2F263421FDBB09A192712A85 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
16:03:20.0478 4212  ohci1394 - ok
16:03:20.0515 4212  [ 5A432A042DAE460ABE7199B758E8606C ] ose            C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:03:20.0530 4212  ose - ok
16:03:20.0565 4212  [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2pimsvc        C:\Windows\system32\p2psvc.dll
16:03:20.0614 4212  p2pimsvc - ok
16:03:20.0639 4212  [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2psvc          C:\Windows\system32\p2psvc.dll
16:03:20.0678 4212  p2psvc - ok
16:03:20.0695 4212  [ AECD57F94C887F58919F307C35498EA0 ] Parport        C:\Windows\system32\drivers\parport.sys
16:03:20.0765 4212  Parport - ok
16:03:20.0796 4212  [ B43751085E2ABE389DA466BC62A4B987 ] partmgr        C:\Windows\system32\drivers\partmgr.sys
16:03:20.0812 4212  partmgr - ok
16:03:20.0838 4212  [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc          C:\Windows\System32\pcasvc.dll
16:03:20.0857 4212  PcaSvc - ok
16:03:20.0888 4212  [ 47AB1E0FC9D0E12BB53BA246E3A0906D ] pci            C:\Windows\system32\drivers\pci.sys
16:03:20.0909 4212  pci - ok
16:03:20.0921 4212  [ 2657F6C0B78C36D95034BE109336E382 ] pciide          C:\Windows\system32\drivers\pciide.sys
16:03:20.0936 4212  pciide - ok
16:03:20.0959 4212  [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
16:03:20.0977 4212  pcmcia - ok
16:03:21.0005 4212  [ 58865916F53592A61549B04941BFD80D ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
16:03:21.0129 4212  PEAUTH - ok
16:03:21.0198 4212  [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
16:03:21.0249 4212  PerfHost - ok
16:03:21.0292 4212  [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla            C:\Windows\system32\pla.dll
16:03:21.0399 4212  pla - ok
16:03:21.0429 4212  [ FE6B0F59215C9FD9F9D26539C58C8B82 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
16:03:21.0475 4212  PlugPlay - ok
16:03:21.0502 4212  [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPAutoReg    C:\Windows\system32\p2psvc.dll
16:03:21.0541 4212  PNRPAutoReg - ok
16:03:21.0559 4212  [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPsvc        C:\Windows\system32\p2psvc.dll
16:03:21.0602 4212  PNRPsvc - ok
16:03:21.0641 4212  [ 89A5560671C2D8B4A4B51F3E1AA069D8 ] PolicyAgent    C:\Windows\System32\ipsecsvc.dll
16:03:21.0709 4212  PolicyAgent - ok
16:03:21.0749 4212  [ 23386E9952025F5F21C368971E2E7301 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
16:03:21.0791 4212  PptpMiniport - ok
16:03:21.0807 4212  [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor      C:\Windows\system32\drivers\processr.sys
16:03:21.0868 4212  Processor - ok
16:03:21.0901 4212  [ E058CE4FC2449D8BFA14739C83B7FF2A ] ProfSvc        C:\Windows\system32\profsvc.dll
16:03:21.0953 4212  ProfSvc - ok
16:03:21.0966 4212  [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] ProtectedStorage C:\Windows\system32\lsass.exe
16:03:21.0984 4212  ProtectedStorage - ok
16:03:22.0021 4212  [ C5AB7F0809392D0DA027F4A2A81BFA31 ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
16:03:22.0054 4212  PSched - ok
16:03:22.0080 4212  [ 4712CC14E720ECCCC0AA16949D18AAF1 ] PxHlpa64        C:\Windows\system32\Drivers\PxHlpa64.sys
16:03:22.0094 4212  PxHlpa64 - ok
16:03:22.0140 4212  [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300          C:\Windows\system32\drivers\ql2300.sys
16:03:22.0201 4212  ql2300 - ok
16:03:22.0217 4212  [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
16:03:22.0235 4212  ql40xx - ok
16:03:22.0272 4212  [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE          C:\Windows\system32\qwave.dll
16:03:22.0309 4212  QWAVE - ok
16:03:22.0325 4212  [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
16:03:22.0343 4212  QWAVEdrv - ok
16:03:22.0393 4212  [ A55E7D0D873B2C97585B3B5926AC6ADE ] RapiMgr        C:\Windows\WindowsMobile\rapimgr.dll
16:03:22.0412 4212  RapiMgr - ok
16:03:22.0416 4212  [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
16:03:22.0464 4212  RasAcd - ok
16:03:22.0478 4212  [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto        C:\Windows\System32\rasauto.dll
16:03:22.0525 4212  RasAuto - ok
16:03:22.0556 4212  [ AC7BC4D42A7E558718DFDEC599BBFC2C ] Rasl2tp        C:\Windows\system32\DRIVERS\rasl2tp.sys
16:03:22.0607 4212  Rasl2tp - ok
16:03:22.0631 4212  [ 3AD83E4046C43BE510DE681588ACB8AF ] RasMan          C:\Windows\System32\rasmans.dll
16:03:22.0684 4212  RasMan - ok
16:03:22.0711 4212  [ 4517FBF8B42524AFE4EDE1DE102AAE3E ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
16:03:22.0744 4212  RasPppoe - ok
16:03:22.0781 4212  [ C6A593B51F34C33E5474539544072527 ] RasSstp        C:\Windows\system32\DRIVERS\rassstp.sys
16:03:22.0798 4212  RasSstp - ok
16:03:22.0835 4212  [ 322DB5C6B55E8D8EE8D6F358B2AAABB1 ] rdbss          C:\Windows\system32\DRIVERS\rdbss.sys
16:03:22.0883 4212  rdbss - ok
16:03:22.0905 4212  [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
16:03:22.0948 4212  RDPCDD - ok
16:03:22.0964 4212  [ AE23E79B13FEB62939E2CA1189E71735 ] rdpdr          C:\Windows\system32\DRIVERS\rdpdr.sys
16:03:23.0018 4212  rdpdr - ok
16:03:23.0022 4212  [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
16:03:23.0076 4212  RDPENCDD - ok
16:03:23.0108 4212  [ AE4BD9E1C33D351D8E607FC81F15160C ] RDPWD          C:\Windows\system32\drivers\RDPWD.sys
16:03:23.0137 4212  RDPWD - ok
16:03:23.0178 4212  [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess    C:\Windows\System32\mprdim.dll
16:03:23.0223 4212  RemoteAccess - ok
16:03:23.0259 4212  [ 44B9D8EC2F3EF3A0EFB00857AF70D861 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
16:03:23.0304 4212  RemoteRegistry - ok
16:03:23.0319 4212  [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator      C:\Windows\system32\locator.exe
16:03:23.0336 4212  RpcLocator - ok
16:03:23.0364 4212  [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] RpcSs          C:\Windows\system32\rpcss.dll
16:03:23.0418 4212  RpcSs - ok
16:03:23.0435 4212  [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
16:03:23.0480 4212  rspndr - ok
16:03:23.0486 4212  [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] SamSs          C:\Windows\system32\lsass.exe
16:03:23.0504 4212  SamSs - ok
16:03:23.0524 4212  [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
16:03:23.0539 4212  sbp2port - ok
16:03:23.0571 4212  [ FD1CDCF108D5EF3366F00D18B70FB89B ] SCardSvr        C:\Windows\System32\SCardSvr.dll
16:03:23.0621 4212  SCardSvr - ok
16:03:23.0662 4212  [ 0F838C811AD295D2A4489B9993096C63 ] Schedule        C:\Windows\system32\schedsvc.dll
16:03:23.0738 4212  Schedule - ok
16:03:23.0766 4212  [ 5A268127633C7EE2A7FB87F39D748D56 ] SCPolicySvc    C:\Windows\System32\certprop.dll
16:03:23.0798 4212  SCPolicySvc - ok
16:03:23.0828 4212  [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
16:03:23.0870 4212  SDRSVC - ok
16:03:23.0890 4212  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
16:03:23.0974 4212  secdrv - ok
16:03:23.0979 4212  [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon        C:\Windows\system32\seclogon.dll
16:03:24.0040 4212  seclogon - ok
16:03:24.0051 4212  [ 90973A64B96CD647FF81C79443618EED ] SENS            C:\Windows\System32\sens.dll
16:03:24.0109 4212  SENS - ok
16:03:24.0131 4212  [ 2449316316411D65BD2C761A6FFB2CE2 ] Serenum        C:\Windows\system32\DRIVERS\serenum.sys
16:03:24.0187 4212  Serenum - ok
16:03:24.0213 4212  [ 4B438170BE2FC8E0BD35EE87A960F84F ] Serial          C:\Windows\system32\DRIVERS\serial.sys
16:03:24.0287 4212  Serial - ok
16:03:24.0308 4212  [ A842F04833684BCEEA7336211BE478DF ] sermouse        C:\Windows\system32\drivers\sermouse.sys
16:03:24.0352 4212  sermouse - ok
16:03:24.0390 4212  [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv      C:\Windows\system32\sessenv.dll
16:03:24.0435 4212  SessionEnv - ok
16:03:24.0447 4212  [ 14D4B4465193A87C127933978E8C4106 ] sffdisk        C:\Windows\system32\drivers\sffdisk.sys
16:03:24.0505 4212  sffdisk - ok
16:03:24.0531 4212  [ 7073AEE3F82F3D598E3825962AA98AB2 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
16:03:24.0581 4212  sffp_mmc - ok
16:03:24.0593 4212  [ 35E59EBE4A01A0532ED67975161C7B82 ] sffp_sd        C:\Windows\system32\drivers\sffp_sd.sys
16:03:24.0650 4212  sffp_sd - ok
16:03:24.0662 4212  [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy        C:\Windows\system32\drivers\sfloppy.sys
16:03:24.0737 4212  sfloppy - ok
16:03:24.0767 4212  [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
16:03:24.0822 4212  SharedAccess - ok
16:03:24.0851 4212  [ 56793271ECDEDD350C5ADD305603E963 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:03:24.0889 4212  ShellHWDetection - ok
16:03:24.0900 4212  [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
16:03:24.0917 4212  SiSRaid2 - ok
16:03:24.0931 4212  [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
16:03:24.0949 4212  SiSRaid4 - ok
16:03:25.0076 4212  [ 388AE59FE75F1B959DFA0900923C61BB ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
16:03:25.0198 4212  Skype C2C Service - ok
16:03:25.0259 4212  [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate    C:\Program Files (x86)\Skype\Updater\Updater.exe
16:03:25.0275 4212  SkypeUpdate - ok
16:03:25.0346 4212  [ A9A27A8E257B45A604FDAD4F26FE7241 ] slsvc          C:\Windows\system32\SLsvc.exe
16:03:25.0464 4212  slsvc - ok
16:03:25.0502 4212  [ FD74B4B7C2088E390A30C85A896FC3AF ] SLUINotify      C:\Windows\system32\SLUINotify.dll
16:03:25.0550 4212  SLUINotify - ok
16:03:25.0573 4212  [ 290B6F6A0EC4FCDFC90F5CB6D7020473 ] Smb            C:\Windows\system32\DRIVERS\smb.sys
16:03:25.0616 4212  Smb - ok
16:03:25.0644 4212  [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
16:03:25.0669 4212  SNMPTRAP - ok
16:03:25.0692 4212  [ 386C3C63F00A7040C7EC5E384217E89D ] spldr          C:\Windows\system32\drivers\spldr.sys
16:03:25.0708 4212  spldr - ok
16:03:25.0745 4212  [ F66FF751E7EFC816D266977939EF5DC3 ] Spooler        C:\Windows\System32\spoolsv.exe
16:03:25.0767 4212  Spooler - ok
16:03:25.0808 4212  [ 9AB59CF736981ED1F83C6AB5FAA8BA5C ] sptd            C:\Windows\system32\Drivers\sptd.sys
16:03:25.0808 4212  Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 9AB59CF736981ED1F83C6AB5FAA8BA5C
16:03:25.0810 4212  sptd ( LockedFile.Multi.Generic ) - warning
16:03:25.0810 4212  sptd - detected LockedFile.Multi.Generic (1)
16:03:25.0840 4212  [ 880A57FCCB571EBD063D4DD50E93E46D ] srv            C:\Windows\system32\DRIVERS\srv.sys
16:03:25.0918 4212  srv - ok
16:03:25.0948 4212  [ A1AD14A6D7A37891FFFECA35EBBB0730 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
16:03:25.0981 4212  srv2 - ok
16:03:25.0996 4212  [ 4BED62F4FA4D8300973F1151F4C4D8A7 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
16:03:26.0025 4212  srvnet - ok
16:03:26.0050 4212  [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV        C:\Windows\System32\ssdpsrv.dll
16:03:26.0110 4212  SSDPSRV - ok
16:03:26.0126 4212  [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc        C:\Windows\system32\sstpsvc.dll
16:03:26.0148 4212  SstpSvc - ok
16:03:26.0180 4212  [ 74425FFA11C133D045E1C3BE2EAD481D ] ssudmdm        C:\Windows\system32\DRIVERS\ssudmdm.sys
16:03:26.0197 4212  ssudmdm - ok
16:03:26.0239 4212  [ 15825C1FBFB8779992CB65087F316AF5 ] stisvc          C:\Windows\System32\wiaservc.dll
16:03:26.0297 4212  stisvc - ok
16:03:26.0322 4212  [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
16:03:26.0337 4212  swenum - ok
16:03:26.0377 4212  [ 6DE37F4DE19D4EFD9C48C43ADDBC949A ] swprv          C:\Windows\System32\swprv.dll
16:03:26.0452 4212  swprv - ok
16:03:26.0469 4212  [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx        C:\Windows\system32\drivers\symc8xx.sys
16:03:26.0486 4212  Symc8xx - ok
16:03:26.0500 4212  [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
16:03:26.0517 4212  Sym_hi - ok
16:03:26.0530 4212  [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
16:03:26.0546 4212  Sym_u3 - ok
16:03:26.0586 4212  [ 92D7A8B0F87B036F17D25885937897A6 ] SysMain        C:\Windows\system32\sysmain.dll
16:03:26.0669 4212  SysMain - ok
16:03:26.0698 4212  [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:03:26.0726 4212  TabletInputService - ok
16:03:26.0762 4212  [ CC2562B4D55E0B6A4758C65407F63B79 ] TapiSrv        C:\Windows\System32\tapisrv.dll
16:03:26.0815 4212  TapiSrv - ok
16:03:26.0830 4212  [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS            C:\Windows\System32\tbssvc.dll
16:03:26.0887 4212  TBS - ok
16:03:26.0942 4212  [ 46D448E9117464E4D3BBF36D7E3FA48E ] Tcpip          C:\Windows\system32\drivers\tcpip.sys
16:03:27.0008 4212  Tcpip - ok
16:03:27.0028 4212  [ 46D448E9117464E4D3BBF36D7E3FA48E ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
16:03:27.0084 4212  Tcpip6 - ok
16:03:27.0108 4212  [ C7E72A4071EE0200E3C075DACFB2B334 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
16:03:27.0120 4212  tcpipreg - ok
16:03:27.0134 4212  [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
16:03:27.0175 4212  TDPIPE - ok
16:03:27.0190 4212  [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP          C:\Windows\system32\drivers\tdtcp.sys
16:03:27.0226 4212  TDTCP - ok
16:03:27.0262 4212  [ 458919C8C42E398DC4802178D5FFEE27 ] tdx            C:\Windows\system32\DRIVERS\tdx.sys
16:03:27.0296 4212  tdx - ok
16:03:27.0322 4212  [ 8C19678D22649EC002EF2282EAE92F98 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
16:03:27.0337 4212  TermDD - ok
16:03:27.0354 4212  [ 5CDD30BC217082DAC71A9878D9BFD566 ] TermService    C:\Windows\System32\termsrv.dll
16:03:27.0430 4212  TermService - ok
16:03:27.0455 4212  [ 56793271ECDEDD350C5ADD305603E963 ] Themes          C:\Windows\system32\shsvcs.dll
16:03:27.0472 4212  Themes - ok
16:03:27.0483 4212  [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER    C:\Windows\system32\mmcss.dll
16:03:27.0517 4212  THREADORDER - ok
16:03:27.0540 4212  [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks          C:\Windows\System32\trkwks.dll
16:03:27.0580 4212  TrkWks - ok
16:03:27.0623 4212  [ 66328B08EF5A9305D8EDE36B93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:03:27.0663 4212  TrustedInstaller - ok
16:03:27.0681 4212  [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
16:03:27.0735 4212  tssecsrv - ok
16:03:27.0761 4212  [ 89EC74A9E602D16A75A4170511029B3C ] tunmp          C:\Windows\system32\DRIVERS\tunmp.sys
16:03:27.0791 4212  tunmp - ok
16:03:27.0825 4212  [ 30A9B3F45AD081BFFC3BCAA9C812B609 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
16:03:27.0840 4212  tunnel - ok
16:03:27.0859 4212  [ FEC266EF401966311744BD0F359F7F56 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
16:03:27.0875 4212  uagp35 - ok
16:03:27.0895 4212  [ FAF2640A2A76ED03D449E443194C4C34 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
16:03:27.0943 4212  udfs - ok
16:03:27.0963 4212  [ 060507C4113391394478F6953A79EEDC ] UI0Detect      C:\Windows\system32\UI0Detect.exe
16:03:28.0019 4212  UI0Detect - ok
16:03:28.0049 4212  [ 4EC9447AC3AB462647F60E547208CA00 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
16:03:28.0065 4212  uliagpkx - ok
16:03:28.0083 4212  [ 697F0446134CDC8F99E69306184FBBB4 ] uliahci        C:\Windows\system32\drivers\uliahci.sys
16:03:28.0106 4212  uliahci - ok
16:03:28.0118 4212  [ 31707F09846056651EA2C37858F5DDB0 ] UlSata          C:\Windows\system32\drivers\ulsata.sys
16:03:28.0137 4212  UlSata - ok
16:03:28.0158 4212  [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2        C:\Windows\system32\drivers\ulsata2.sys
16:03:28.0177 4212  ulsata2 - ok
16:03:28.0182 4212  [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus          C:\Windows\system32\DRIVERS\umbus.sys
16:03:28.0228 4212  umbus - ok
16:03:28.0262 4212  [ DC5E34F189B827199B9CC8481C648269 ] UmRdpService    C:\Windows\System32\umrdp.dll
16:03:28.0295 4212  UmRdpService - ok
16:03:28.0319 4212  [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost        C:\Windows\System32\upnphost.dll
16:03:28.0380 4212  upnphost - ok
16:03:28.0438 4212  [ C6BA890DE6E41857FBE84175519CAE7D ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
16:03:28.0486 4212  usbaudio - ok
16:03:28.0530 4212  [ 07E3498FC60834219D2356293DA0FECC ] usbccgp        C:\Windows\system32\DRIVERS\usbccgp.sys
16:03:28.0576 4212  usbccgp - ok
16:03:28.0592 4212  [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
16:03:28.0661 4212  usbcir - ok
16:03:28.0690 4212  [ 827E44DE934A736EA31E91D353EB126F ] usbehci        C:\Windows\system32\DRIVERS\usbehci.sys
16:03:28.0722 4212  usbehci - ok
16:03:28.0756 4212  [ BB35CD80A2ECECFADC73569B3D70C7D1 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
16:03:28.0792 4212  usbhub - ok
16:03:28.0799 4212  [ E406B003A354776D317762694956B0FC ] usbohci        C:\Windows\system32\DRIVERS\usbohci.sys
16:03:28.0829 4212  usbohci - ok
16:03:28.0852 4212  [ 28B693B6D31E7B9332C1BDCEFEF228C1 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
16:03:28.0881 4212  usbprint - ok
16:03:28.0906 4212  [ EA0BF666868964FBE8CB10E50C97B9F1 ] usbscan        C:\Windows\system32\DRIVERS\usbscan.sys
16:03:28.0938 4212  usbscan - ok
16:03:28.0973 4212  [ B854C1558FCA0C269A38663E8B59B581 ] USBSTOR        C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:03:29.0007 4212  USBSTOR - ok
16:03:29.0039 4212  [ B2872CBF9F47316ABD0E0C74A1ABA507 ] usbuhci        C:\Windows\system32\DRIVERS\usbuhci.sys
16:03:29.0067 4212  usbuhci - ok
16:03:29.0098 4212  [ 1E36BB1A3C5AAF2AA9FA9A126DF8C16C ] usb_rndisx      C:\Windows\system32\DRIVERS\usb8023x.sys
16:03:29.0137 4212  usb_rndisx - ok
16:03:29.0173 4212  [ D76E231E4850BB3F88A3D9A78DF191E3 ] UxSms          C:\Windows\System32\uxsms.dll
16:03:29.0203 4212  UxSms - ok
16:03:29.0243 4212  [ 294945381DFA7CE58CECF0A9896AF327 ] vds            C:\Windows\System32\vds.exe
16:03:29.0308 4212  vds - ok
16:03:29.0326 4212  [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga            C:\Windows\system32\DRIVERS\vgapnp.sys
16:03:29.0356 4212  vga - ok
16:03:29.0377 4212  [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave        C:\Windows\System32\drivers\vga.sys
16:03:29.0428 4212  VgaSave - ok
16:03:29.0444 4212  [ 8294B6C3FDB6C33F24E150DE647ECDAA ] viaide          C:\Windows\system32\drivers\viaide.sys
16:03:29.0457 4212  viaide - ok
16:03:29.0464 4212  [ 2B7E885ED951519A12C450D24535DFCA ] volmgr          C:\Windows\system32\drivers\volmgr.sys
16:03:29.0479 4212  volmgr - ok
16:03:29.0673 4212  [ CEC5AC15277D75D9E5DEC2E1C6EAF877 ] volmgrx        C:\Windows\system32\drivers\volmgrx.sys
16:03:29.0738 4212  volmgrx - ok
16:03:29.0815 4212  [ 582F710097B46140F5A89A19A6573D4B ] volsnap        C:\Windows\system32\drivers\volsnap.sys
16:03:29.0855 4212  volsnap - ok
16:03:29.0882 4212  [ A68F455ED2673835209318DD61BFBB0E ] vsmraid        C:\Windows\system32\drivers\vsmraid.sys
16:03:29.0898 4212  vsmraid - ok
16:03:29.0941 4212  [ B75232DAD33BFD95BF6F0A3E6BFF51E1 ] VSS            C:\Windows\system32\vssvc.exe
16:03:30.0023 4212  VSS - ok
16:03:30.0057 4212  [ F14A7DE2EA41883E250892E1E5230A9A ] W32Time        C:\Windows\system32\w32time.dll
16:03:30.0115 4212  W32Time - ok
16:03:30.0145 4212  [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
16:03:30.0226 4212  WacomPen - ok
16:03:30.0252 4212  [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
16:03:30.0292 4212  Wanarp - ok
16:03:30.0298 4212  [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
16:03:30.0331 4212  Wanarpv6 - ok
16:03:30.0562 4212  [ 48EEE289DF9E4989128B2283F3EEACC6 ] wbengine        C:\Windows\system32\wbengine.exe
16:03:30.0620 4212  wbengine - ok
16:03:30.0645 4212  [ 8BDA6DB43AA54E8BB5E0794541DDC209 ] WcesComm        C:\Windows\WindowsMobile\wcescomm.dll
16:03:30.0673 4212  WcesComm - ok
16:03:30.0711 4212  [ B4E4C37D0AA6100090A53213EE2BF1C1 ] wcncsvc        C:\Windows\System32\wcncsvc.dll
16:03:30.0771 4212  wcncsvc - ok
16:03:30.0804 4212  [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:03:30.0859 4212  WcsPlugInService - ok
16:03:30.0883 4212  [ 0C17A0816F65B89E362E682AD5E7266E ] Wd              C:\Windows\system32\drivers\wd.sys
16:03:30.0895 4212  Wd - ok
16:03:31.0164 4212  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
16:03:31.0224 4212  Wdf01000 - ok
16:03:31.0244 4212  [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost  C:\Windows\system32\wdi.dll
16:03:31.0286 4212  WdiServiceHost - ok
16:03:31.0324 4212  [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost  C:\Windows\system32\wdi.dll
16:03:31.0370 4212  WdiSystemHost - ok
16:03:31.0504 4212  [ 3E6D05381CF35F75EBB055544A8ED9AC ] WebClient      C:\Windows\System32\webclnt.dll
16:03:31.0526 4212  WebClient - ok
16:03:31.0559 4212  [ 8D40BC587993F876658BF9FB0F7D3462 ] Wecsvc          C:\Windows\system32\wecsvc.dll
16:03:31.0583 4212  Wecsvc - ok
16:03:31.0598 4212  [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport  C:\Windows\System32\wercplsupport.dll
16:03:31.0648 4212  wercplsupport - ok
16:03:31.0670 4212  [ 66B9ECEBC46683F47EDC06333C075FEF ] WerSvc          C:\Windows\System32\WerSvc.dll
16:03:31.0705 4212  WerSvc - ok
16:03:31.0722 4212  WinDefend - ok
16:03:31.0726 4212  WinHttpAutoProxySvc - ok
16:03:31.0773 4212  [ D2E7296ED1BD26D8DB2799770C077A02 ] Winmgmt        C:\Windows\system32\wbem\WMIsvc.dll
16:03:31.0809 4212  Winmgmt - ok
16:03:31.0876 4212  [ 6CBB0C68F13B9C2EC1B16F5FA5E7C869 ] WinRM          C:\Windows\system32\WsmSvc.dll
16:03:31.0980 4212  WinRM - ok
16:03:32.0030 4212  [ EC339C8115E91BAED835957E9A677F16 ] Wlansvc        C:\Windows\System32\wlansvc.dll
16:03:32.0078 4212  Wlansvc - ok
16:03:32.0102 4212  [ E18AEBAAA5A773FE11AA2C70F65320F5 ] WmiAcpi        C:\Windows\system32\drivers\wmiacpi.sys
16:03:32.0141 4212  WmiAcpi - ok
16:03:32.0178 4212  [ 21FA389E65A852698B6A1341F36EE02D ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
16:03:32.0214 4212  wmiApSrv - ok
16:03:32.0227 4212  WMPNetworkSvc - ok
16:03:32.0258 4212  [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
16:03:32.0293 4212  WPCSvc - ok
16:03:32.0329 4212  [ 490A18B4E4D53DC10879DEAA8E8B70D9 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
16:03:32.0376 4212  WPDBusEnum - ok
16:03:32.0408 4212  [ 5E2401B3FC1089C90E081291357371A9 ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
16:03:32.0450 4212  WpdUsb - ok
16:03:32.0555 4212  [ 991E2C2CF3BC204C2BB2EE1476149E4E ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
16:03:32.0619 4212  WPFFontCache_v0400 - ok
16:03:32.0654 4212  [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl        C:\Windows\system32\drivers\ws2ifsl.sys
16:03:32.0703 4212  ws2ifsl - ok
16:03:32.0729 4212  [ 9EA3E6D0EF7A5C2B9181961052A4B01A ] wscsvc          C:\Windows\System32\wscsvc.dll
16:03:32.0766 4212  wscsvc - ok
16:03:32.0770 4212  WSearch - ok
16:03:32.0844 4212  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
16:03:32.0956 4212  wuauserv - ok
16:03:33.0014 4212  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
16:03:33.0040 4212  WudfPf - ok
16:03:33.0069 4212  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
16:03:33.0104 4212  WUDFRd - ok
16:03:33.0117 4212  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc        C:\Windows\System32\WUDFSvc.dll
16:03:33.0137 4212  wudfsvc - ok
16:03:33.0151 4212  ================ Scan global ===============================
16:03:33.0173 4212  [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll
16:03:33.0218 4212  [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
16:03:33.0230 4212  [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
16:03:33.0269 4212  [ 934E0B7D77FF78C18D9F8891221B6DE3 ] C:\Windows\system32\services.exe
16:03:33.0274 4212  [Global] - ok
16:03:33.0274 4212  ================ Scan MBR ==================================
16:03:33.0290 4212  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
16:03:33.0569 4212  \Device\Harddisk0\DR0 - ok
16:03:33.0574 4212  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
16:03:38.0558 4212  \Device\Harddisk1\DR1 - ok
16:03:38.0558 4212  ================ Scan VBR ==================================
16:03:38.0561 4212  [ 9F4C8BD84E33868E4E3DACDEBAC0DA7D ] \Device\Harddisk0\DR0\Partition1
16:03:38.0566 4212  \Device\Harddisk0\DR0\Partition1 - ok
16:03:38.0578 4212  [ 391BF69C88B287F2CF4A49236CF5537F ] \Device\Harddisk0\DR0\Partition2
16:03:38.0580 4212  \Device\Harddisk0\DR0\Partition2 - ok
16:03:38.0593 4212  [ 577A59BCC0E1F98AE3964971AF4ED034 ] \Device\Harddisk0\DR0\Partition3
16:03:38.0595 4212  \Device\Harddisk0\DR0\Partition3 - ok
16:03:38.0616 4212  [ 5EE0BF717509FBA58D5306C417B883D0 ] \Device\Harddisk0\DR0\Partition4
16:03:38.0617 4212  \Device\Harddisk0\DR0\Partition4 - ok
16:03:38.0621 4212  [ B0E14F518376155B5AE8AF443B12A7FB ] \Device\Harddisk1\DR1\Partition1
16:03:38.0622 4212  \Device\Harddisk1\DR1\Partition1 - ok
16:03:38.0622 4212  ============================================================
16:03:38.0622 4212  Scan finished
16:03:38.0622 4212  ============================================================
16:03:38.0634 4612  Detected object count: 2
16:03:38.0634 4612  Actual detected object count: 2
16:07:31.0431 4612  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
16:07:31.0431 4612  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:07:31.0434 4612  sptd ( LockedFile.Multi.Generic ) - skipped by user
16:07:31.0434 4612  sptd ( LockedFile.Multi.Generic ) - User select action: Skip
16:08:03.0826 5816  ============================================================
16:08:03.0826 5816  Scan started
16:08:03.0826 5816  Mode: Manual; SigCheck; TDLFS;
16:08:03.0826 5816  ============================================================
16:08:04.0098 5816  ================ Scan system memory ========================
16:08:04.0098 5816  System memory - ok
16:08:04.0098 5816  ================ Scan services =============================
16:08:04.0127 5816  !SASCORE - ok
16:08:04.0272 5816  [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI            C:\Windows\system32\drivers\acpi.sys
16:08:04.0321 5816  ACPI - ok
16:08:04.0351 5816  [ 2F0683FD2DF1D92E891CACA14B45A8C1 ] adfs            C:\Windows\system32\drivers\adfs.sys
16:08:04.0374 5816  adfs - ok
16:08:04.0476 5816  [ 57A3B9A69F14414ACE12AFD6BA701773 ] Adobe Version Cue CS4 C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
16:08:04.0502 5816  Adobe Version Cue CS4 - ok
16:08:04.0594 5816  [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
16:08:04.0624 5816  AdobeFlashPlayerUpdateSvc - ok
16:08:04.0657 5816  [ F14215E37CF124104575073F782111D2 ] adp94xx        C:\Windows\system32\drivers\adp94xx.sys
16:08:04.0701 5816  adp94xx - ok
16:08:04.0724 5816  [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci        C:\Windows\system32\drivers\adpahci.sys
16:08:04.0762 5816  adpahci - ok
16:08:04.0778 5816  [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
16:08:04.0804 5816  adpu160m - ok
16:08:04.0818 5816  [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320        C:\Windows\system32\drivers\adpu320.sys
16:08:04.0848 5816  adpu320 - ok
16:08:04.0880 5816  [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc    C:\Windows\System32\aelupsvc.dll
16:08:04.0919 5816  AeLookupSvc - ok
16:08:04.0955 5816  [ C4F6CE6087760AD70960C9EB130E7943 ] AFD            C:\Windows\system32\drivers\afd.sys
16:08:04.0994 5816  AFD - ok
16:08:05.0000 5816  AFS - ok
16:08:05.0018 5816  [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440          C:\Windows\system32\drivers\agp440.sys
16:08:05.0044 5816  agp440 - ok
16:08:05.0061 5816  [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx        C:\Windows\system32\drivers\djsvs.sys
16:08:05.0085 5816  aic78xx - ok
16:08:05.0103 5816  [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG            C:\Windows\System32\alg.exe
16:08:05.0143 5816  ALG - ok
16:08:05.0163 5816  [ 157D0898D4B73F075CE9FA26B482DF98 ] aliide          C:\Windows\system32\drivers\aliide.sys
16:08:05.0179 5816  aliide - ok
16:08:05.0187 5816  [ 970FA5059E61E30D25307B99903E991E ] amdide          C:\Windows\system32\drivers\amdide.sys
16:08:05.0202 5816  amdide - ok
16:08:05.0214 5816  [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8          C:\Windows\system32\drivers\amdk8.sys
16:08:05.0249 5816  AmdK8 - ok
16:08:05.0298 5816  [ 0FA2D8304ECA29CA0AB7E3EE50FD585A ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
16:08:05.0314 5816  AntiVirSchedulerService - ok
16:08:05.0340 5816  [ 5C69AAC8A59207DA9710FF2E42D6F80F ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
16:08:05.0357 5816  AntiVirService - ok
16:08:05.0387 5816  [ 255527AB98293EA390352A8C53B0042A ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
16:08:05.0426 5816  AntiVirWebService - ok
16:08:05.0447 5816  [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo        C:\Windows\System32\appinfo.dll
16:08:05.0464 5816  Appinfo - ok
16:08:05.0482 5816  [ 3DA98C07B18A676180FE7EED924D1673 ] AppMgmt        C:\Windows\System32\appmgmts.dll
16:08:05.0504 5816  AppMgmt - ok
16:08:05.0521 5816  [ BA8417D4765F3988FF921F30F630E303 ] arc            C:\Windows\system32\drivers\arc.sys
16:08:05.0541 5816  arc - ok
16:08:05.0558 5816  [ 9D41C435619733B34CC16A511E644B11 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
16:08:05.0578 5816  arcsas - ok
16:08:05.0620 5816  aspnet_state - ok
16:08:05.0635 5816  [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
16:08:05.0672 5816  AsyncMac - ok
16:08:05.0705 5816  [ E68D9B3A3905619732F7FE039466A623 ] atapi          C:\Windows\system32\drivers\atapi.sys
16:08:05.0724 5816  atapi - ok
16:08:05.0761 5816  [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:08:05.0814 5816  AudioEndpointBuilder - ok
16:08:05.0824 5816  [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
16:08:05.0862 5816  AudioSrv - ok
16:08:05.0881 5816  [ BFE9598EBC3934CF8D876A303849C896 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
16:08:05.0899 5816  avgntflt - ok
16:08:05.0919 5816  [ F74D86A9FB35FA5F24627B8DBBF3A9A4 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
16:08:05.0937 5816  avipbb - ok
16:08:05.0961 5816  [ CD0E732347BF09717E0BDDC0C66699AB ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
16:08:05.0976 5816  avkmgr - ok
16:08:06.0018 5816  [ FFB96C2589FFA60473EAD78B39FBDE29 ] BFE            C:\Windows\System32\bfe.dll
16:08:06.0065 5816  BFE - ok
16:08:06.0114 5816  [ 6D316F4859634071CC25C4FD4589AD2C ] BITS            C:\Windows\System32\qmgr.dll
16:08:06.0173 5816  BITS - ok
16:08:06.0190 5816  [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
16:08:06.0233 5816  blbdrive - ok
16:08:06.0261 5816  [ 2348447A80920B2493A9B582A23E81E1 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
16:08:06.0281 5816  bowser - ok
16:08:06.0295 5816  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
16:08:06.0326 5816  BrFiltLo - ok
16:08:06.0338 5816  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
16:08:06.0368 5816  BrFiltUp - ok
16:08:06.0391 5816  [ A1B39DE453433B115B4EA69EE0343816 ] Browser        C:\Windows\System32\browser.dll
16:08:06.0435 5816  Browser - ok
16:08:06.0452 5816  [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid        C:\Windows\system32\drivers\brserid.sys
16:08:06.0515 5816  Brserid - ok
16:08:06.0528 5816  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
16:08:06.0589 5816  BrSerWdm - ok
16:08:06.0605 5816  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
16:08:06.0654 5816  BrUsbMdm - ok
16:08:06.0665 5816  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
16:08:06.0716 5816  BrUsbSer - ok
16:08:06.0731 5816  [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
16:08:06.0782 5816  BTHMODEM - ok
16:08:06.0815 5816  [ 22E65FFD640F16968F855F5B3528D366 ] BthServ        C:\Windows\System32\bthserv.dll
16:08:06.0836 5816  BthServ - ok
16:08:06.0848 5816  [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
16:08:06.0883 5816  cdfs - ok
16:08:06.0910 5816  [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom          C:\Windows\system32\DRIVERS\cdrom.sys
16:08:06.0937 5816  cdrom - ok
16:08:06.0947 5816  [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc    C:\Windows\System32\certprop.dll
16:08:06.0975 5816  CertPropSvc - ok
16:08:06.0996 5816  [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass        C:\Windows\system32\drivers\circlass.sys
16:08:07.0031 5816  circlass - ok
16:08:07.0054 5816  [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS            C:\Windows\system32\CLFS.sys
16:08:07.0082 5816  CLFS - ok
16:08:07.0100 5816  [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:08:07.0117 5816  clr_optimization_v2.0.50727_32 - ok
16:08:07.0168 5816  [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:08:07.0183 5816  clr_optimization_v2.0.50727_64 - ok
16:08:07.0239 5816  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:08:07.0258 5816  clr_optimization_v4.0.30319_32 - ok
16:08:07.0304 5816  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:08:07.0322 5816  clr_optimization_v4.0.30319_64 - ok
16:08:07.0341 5816  [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
16:08:07.0357 5816  cmdide - ok
16:08:07.0369 5816  [ 7FB8AD01DB0EABE60C8A861531A8F431 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
16:08:07.0386 5816  Compbatt - ok
16:08:07.0390 5816  COMSysApp - ok
16:08:07.0397 5816  [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk        C:\Windows\system32\drivers\crcdisk.sys
16:08:07.0416 5816  crcdisk - ok
16:08:07.0447 5816  [ CA78B312C44E4D52E842C2C8BD48E452 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
16:08:07.0471 5816  CryptSvc - ok
16:08:07.0490 5816  [ F60F50C8ED3FCBE358430B95FE27D09C ] CSC            C:\Windows\system32\drivers\csc.sys
16:08:07.0536 5816  CSC - ok
16:08:07.0573 5816  [ 1B5F256D31836ED2BA60B3A6C800200C ] CscService      C:\Windows\System32\cscsvc.dll
16:08:07.0613 5816  CscService - ok
16:08:07.0671 5816  [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch      C:\Windows\system32\rpcss.dll
16:08:07.0729 5816  DcomLaunch - ok
16:08:07.0761 5816  [ 8B722BA35205C71E7951CDC4CDBADE19 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
16:08:07.0781 5816  DfsC - ok
16:08:07.0876 5816  [ C647F468F7DE343DF8C143655C5557D4 ] DFSR            C:\Windows\system32\DFSR.exe
16:08:07.0994 5816  DFSR - ok
16:08:08.0000 5816  dgderdrv - ok
16:08:08.0033 5816  [ B9430166FEB246F6070A62B3554932C9 ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
16:08:08.0054 5816  dg_ssudbus - ok
16:08:08.0085 5816  [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
16:08:08.0132 5816  Dhcp - ok
16:08:08.0163 5816  [ B0107E40ECDB5FA692EBF832F295D905 ] disk            C:\Windows\system32\drivers\disk.sys
16:08:08.0187 5816  disk - ok
16:08:08.0216 5816  [ 06230F1B721494A6DF8D47FD395BB1B0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
16:08:08.0242 5816  Dnscache - ok
16:08:08.0278 5816  [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc        C:\Windows\System32\dot3svc.dll
16:08:08.0320 5816  dot3svc - ok
16:08:08.0348 5816  [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS            C:\Windows\system32\dps.dll
16:08:08.0401 5816  DPS - ok
16:08:08.0447 5816  [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud        C:\Windows\system32\drivers\drmkaud.sys
16:08:08.0472 5816  drmkaud - ok
16:08:08.0603 5816  [ B8E554E502D5123BC111F99D6A2181B4 ] DXGKrnl        C:\Windows\System32\drivers\dxgkrnl.sys
16:08:08.0667 5816  DXGKrnl - ok
16:08:08.0692 5816  [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60          C:\Windows\system32\DRIVERS\E1G6032E.sys
16:08:08.0734 5816  E1G60 - ok
16:08:08.0766 5816  [ C2303883FD9BE49DC36A6400643002EA ] EapHost        C:\Windows\System32\eapsvc.dll
16:08:08.0797 5816  EapHost - ok
16:08:08.0838 5816  [ 5F94962BE5A62DB6E447FF6470C4F48A ] Ecache          C:\Windows\system32\drivers\ecache.sys
16:08:08.0864 5816  Ecache - ok
16:08:08.0901 5816  [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr        C:\Windows\ehome\ehRecvr.exe
16:08:08.0945 5816  ehRecvr - ok
16:08:08.0962 5816  [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched        C:\Windows\ehome\ehsched.exe
16:08:08.0979 5816  ehSched - ok
16:08:09.0000 5816  [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart        C:\Windows\ehome\ehstart.dll
16:08:09.0016 5816  ehstart - ok
16:08:09.0085 5816  [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor        C:\Windows\system32\drivers\elxstor.sys
16:08:09.0115 5816  elxstor - ok
16:08:09.0167 5816  [ A9B18B63A4FD6BAAB83326706D857FAB ] EMDMgmt        C:\Windows\system32\emdmgmt.dll
16:08:09.0216 5816  EMDMgmt - ok
16:08:09.0232 5816  [ BC3A58E938BB277E46BF4B3003B01ABD ] ErrDev          C:\Windows\system32\drivers\errdev.sys
16:08:09.0266 5816  ErrDev - ok
16:08:09.0308 5816  [ E12F22B73F153DECE721CD45EC05B4AF ] EventSystem    C:\Windows\system32\es.dll
16:08:09.0366 5816  EventSystem - ok
16:08:09.0614 5816  [ 486844F47B6636044A42454614ED4523 ] exfat          C:\Windows\system32\drivers\exfat.sys
16:08:09.0634 5816  exfat - ok
16:08:09.0679 5816  [ 1A4BEE34277784619DDAF0422C0C6E23 ] fastfat        C:\Windows\system32\drivers\fastfat.sys
16:08:09.0712 5816  fastfat - ok
16:08:09.0744 5816  [ 989A776A2FF32A148FCF15C44058B129 ] Fax            C:\Windows\system32\fxssvc.exe
16:08:09.0794 5816  Fax - ok
16:08:09.0818 5816  [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc            C:\Windows\system32\DRIVERS\fdc.sys
16:08:09.0856 5816  fdc - ok
16:08:09.0873 5816  [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost        C:\Windows\system32\fdPHost.dll
16:08:09.0910 5816  fdPHost - ok
16:08:09.0917 5816  [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub        C:\Windows\system32\fdrespub.dll
16:08:09.0982 5816  FDResPub - ok
16:08:09.0995 5816  [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
16:08:10.0021 5816  FileInfo - ok
16:08:10.0037 5816  [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace      C:\Windows\system32\drivers\filetrace.sys
16:08:10.0079 5816  Filetrace - ok
16:08:10.0209 5816  [ 1F63900E2EB00101B9ACA2B7A870704E ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
16:08:10.0245 5816  FLEXnet Licensing Service - ok
16:08:10.0297 5816  [ 1C3FB052A0BB72EDAED90785C34D6EED ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
16:08:10.0344 5816  FLEXnet Licensing Service 64 - ok
16:08:10.0365 5816  [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
16:08:10.0399 5816  flpydisk - ok
16:08:10.0434 5816  [ E3041BC26D6930D61F42AEDB79C91720 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
16:08:10.0459 5816  FltMgr - ok
16:08:10.0512 5816  [ BE1C5BD1CA7ED015BC6FA1AE67E592C8 ] FontCache      C:\Windows\system32\FntCache.dll
16:08:10.0579 5816  FontCache - ok
16:08:10.0627 5816  [ BC5B0BE5AF3510B0FD8C140EE42C6D3E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:08:10.0637 5816  FontCache3.0.0.0 - ok
16:08:10.0660 5816  [ 5779B86CD8B32519FBECB136394D946A ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
16:08:10.0672 5816  Fs_Rec - ok
16:08:10.0716 5816  [ 849E38DB7D829962D0233A0A252B60C3 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
16:08:10.0731 5816  fvevol - ok
16:08:10.0754 5816  [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
16:08:10.0767 5816  gagp30kx - ok
16:08:10.0772 5816  GMSIPCI - ok
16:08:10.0808 5816  [ A0E1B575BA8F504968CD40C0FAEB2384 ] gpsvc          C:\Windows\System32\gpsvc.dll
16:08:10.0854 5816  gpsvc - ok
16:08:10.0917 5816  [ 626A24ED1228580B9518C01930936DF9 ] gupdate1c98c769edd0804 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:08:10.0927 5816  gupdate1c98c769edd0804 - ok
16:08:10.0932 5816  [ 626A24ED1228580B9518C01930936DF9 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:08:10.0943 5816  gupdatem - ok
16:08:10.0975 5816  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc          C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
16:08:10.0987 5816  gusvc - ok
16:08:11.0015 5816  [ DF45F8142DC6DF9D18C39B3EFFBD0409 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:08:11.0070 5816  HdAudAddService - ok
16:08:11.0103 5816  [ F942C5820205F2FB453243EDFEC82A3D ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
16:08:11.0151 5816  HDAudBus - ok
16:08:11.0167 5816  [ B4881C84A180E75B8C25DC1D726C375F ] HidBth          C:\Windows\system32\drivers\hidbth.sys
16:08:11.0219 5816  HidBth - ok
16:08:11.0240 5816  [ 4E77A77E2C986E8F88F996BB3E1AD829 ] HidIr          C:\Windows\system32\drivers\hidir.sys
16:08:11.0293 5816  HidIr - ok
16:08:11.0315 5816  [ 59361D38A297755D46A540E450202B2A ] hidserv        C:\Windows\system32\hidserv.dll
16:08:11.0340 5816  hidserv - ok
16:08:11.0355 5816  [ 443BDD2D30BB4F00795C797E2CF99EDF ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
16:08:11.0381 5816  HidUsb - ok
16:08:11.0409 5816  [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc          C:\Windows\system32\kmsvc.dll
16:08:11.0449 5816  hkmsvc - ok
16:08:11.0463 5816  [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs        C:\Windows\system32\drivers\hpcisss.sys
16:08:11.0479 5816  HpCISSs - ok
16:08:11.0521 5816  [ 098F1E4E5C9CB5B0063A959063631610 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
16:08:11.0556 5816  HTTP - ok
16:08:11.0572 5816  [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp          C:\Windows\system32\drivers\i2omp.sys
16:08:11.0586 5816  i2omp - ok
16:08:11.0605 5816  [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
16:08:11.0635 5816  i8042prt - ok
16:08:11.0658 5816  [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV        C:\Windows\system32\drivers\iastorv.sys
16:08:11.0677 5816  iaStorV - ok
16:08:11.0726 5816  [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
16:08:11.0731 5816  IDriverT ( UnsignedFile.Multi.Generic ) - warning
16:08:11.0731 5816  IDriverT - detected UnsignedFile.Multi.Generic (1)
16:08:11.0780 5816  [ 749F5F8CEDCA70F2A512945325FC489D ] idsvc          C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:08:11.0831 5816  idsvc - ok
16:08:11.0846 5816  [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp          C:\Windows\system32\drivers\iirsp.sys
16:08:11.0862 5816  iirsp - ok
16:08:11.0894 5816  [ 0C9EA6E654E7B0471741E343A6C671AF ] IKEEXT          C:\Windows\System32\ikeext.dll
16:08:11.0955 5816  IKEEXT - ok
16:08:12.0012 5816  [ 2C62599E693372A9221C262B8040E3AC ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
16:08:12.0064 5816  IntcAzAudAddService - ok
16:08:12.0082 5816  [ DF797A12176F11B2D301C5B234BB200E ] intelide        C:\Windows\system32\drivers\intelide.sys
16:08:12.0098 5816  intelide - ok
16:08:12.0119 5816  [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
16:08:12.0162 5816  intelppm - ok
16:08:12.0187 5816  [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum      C:\Windows\system32\ipbusenum.dll
16:08:12.0232 5816  IPBusEnum - ok
16:08:12.0258 5816  [ D8AABC341311E4780D6FCE8C73C0AD81 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:08:12.0285 5816  IpFilterDriver - ok
16:08:12.0327 5816  [ BF0DBFA9792C5C14FA00F61C75116C1B ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
16:08:12.0342 5816  iphlpsvc - ok
16:08:12.0347 5816  IpInIp - ok
16:08:12.0364 5816  [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV        C:\Windows\system32\drivers\ipmidrv.sys
16:08:12.0395 5816  IPMIDRV - ok
16:08:12.0412 5816  [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT          C:\Windows\system32\DRIVERS\ipnat.sys
16:08:12.0443 5816  IPNAT - ok
16:08:12.0694 5816  [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM          C:\Windows\system32\drivers\irenum.sys
16:08:12.0732 5816  IRENUM - ok
16:08:12.0747 5816  [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp          C:\Windows\system32\drivers\isapnp.sys
16:08:12.0760 5816  isapnp - ok
16:08:12.0788 5816  [ E4FDF99599F27EC25D2CF6D754243520 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
16:08:12.0804 5816  iScsiPrt - ok
16:08:12.0817 5816  [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
16:08:12.0831 5816  iteatapi - ok
16:08:12.0842 5816  [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid        C:\Windows\system32\drivers\iteraid.sys
16:08:12.0856 5816  iteraid - ok
16:08:12.0870 5816  [ 423696F3BA6472DD17699209B933BC26 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
16:08:12.0883 5816  kbdclass - ok
16:08:12.0900 5816  [ BF8783A5066CFECF45095459E8010FA7 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
16:08:12.0935 5816  kbdhid - ok
16:08:12.0976 5816  [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] KeyIso          C:\Windows\system32\lsass.exe
16:08:12.0993 5816  KeyIso - ok
16:08:13.0041 5816  [ 88956AD9FA510848AD176777A6C6C1F5 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
16:08:13.0089 5816  KSecDD - ok
16:08:13.0095 5816  [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk        C:\Windows\system32\drivers\ksthunk.sys
16:08:13.0135 5816  ksthunk - ok
16:08:13.0170 5816  [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm          C:\Windows\system32\msdtckrm.dll
16:08:13.0222 5816  KtmRm - ok
16:08:13.0255 5816  [ 50C7A3CB427E9BB5ED0708A669956AB5 ] LanmanServer    C:\Windows\system32\srvsvc.dll
16:08:13.0276 5816  LanmanServer - ok
16:08:13.0312 5816  [ CAF86FC1388BE1E470F1A7B43E348ADB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:08:13.0334 5816  LanmanWorkstation - ok
16:08:13.0347 5816  [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
16:08:13.0391 5816  lltdio - ok
16:08:13.0428 5816  [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc        C:\Windows\System32\lltdsvc.dll
16:08:13.0477 5816  lltdsvc - ok
16:08:13.0489 5816  [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts        C:\Windows\System32\lmhsvc.dll
16:08:13.0533 5816  lmhosts - ok
16:08:13.0559 5816  [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
16:08:13.0572 5816  LSI_FC - ok
16:08:13.0589 5816  [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS        C:\Windows\system32\drivers\lsi_sas.sys
16:08:13.0605 5816  LSI_SAS - ok
16:08:13.0630 5816  [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
16:08:13.0643 5816  LSI_SCSI - ok
16:08:13.0658 5816  [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv          C:\Windows\system32\drivers\luafv.sys
16:08:13.0691 5816  luafv - ok
16:08:13.0720 5816  [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc        C:\Windows\system32\Mcx2Svc.dll
16:08:13.0735 5816  Mcx2Svc - ok
16:08:13.0754 5816  [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas        C:\Windows\system32\drivers\megasas.sys
16:08:13.0766 5816  megasas - ok
16:08:13.0788 5816  [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
16:08:13.0815 5816  MegaSR - ok
16:08:13.0840 5816  [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS          C:\Windows\system32\mmcss.dll
16:08:13.0873 5816  MMCSS - ok
16:08:13.0885 5816  [ 59848D5CC74606F0EE7557983BB73C2E ] Modem          C:\Windows\system32\drivers\modem.sys
16:08:13.0919 5816  Modem - ok
16:08:13.0946 5816  [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor        C:\Windows\system32\DRIVERS\monitor.sys
16:08:13.0979 5816  monitor - ok
16:08:14.0006 5816  [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
16:08:14.0019 5816  mouclass - ok
16:08:14.0031 5816  [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
16:08:14.0064 5816  mouhid - ok
16:08:14.0079 5816  [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
16:08:14.0094 5816  MountMgr - ok
16:08:14.0153 5816  [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
16:08:14.0165 5816  MozillaMaintenance - ok
16:08:14.0184 5816  [ F8276EB8698142884498A528DFEA8478 ] mpio            C:\Windows\system32\drivers\mpio.sys
16:08:14.0200 5816  mpio - ok
16:08:14.0218 5816  [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
16:08:14.0245 5816  mpsdrv - ok
16:08:14.0287 5816  [ 897E3BAF68BA406A61682AE39C83900C ] MpsSvc          C:\Windows\system32\mpssvc.dll
16:08:14.0332 5816  MpsSvc - ok
16:08:14.0358 5816  [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
16:08:14.0371 5816  Mraid35x - ok
16:08:14.0401 5816  [ 7C1DE4AA96DC0C071611F9E7DE02A68D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
16:08:14.0419 5816  MRxDAV - ok
16:08:14.0458 5816  [ 1485811B320FF8C7EDAD1CAEBB1C6C2B ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
16:08:14.0475 5816  mrxsmb - ok
16:08:14.0506 5816  [ 3B929A60C833FC615FD97FBA82BC7632 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:08:14.0524 5816  mrxsmb10 - ok
16:08:14.0532 5816  [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:08:14.0549 5816  mrxsmb20 - ok
16:08:14.0571 5816  [ 1AC860612B85D8E85EE257D372E39F4D ] msahci          C:\Windows\system32\drivers\msahci.sys
16:08:14.0588 5816  msahci - ok
16:08:14.0609 5816  [ 264BBB4AAF312A485F0E44B65A6B7202 ] msdsm          C:\Windows\system32\drivers\msdsm.sys
16:08:14.0626 5816  msdsm - ok
16:08:14.0643 5816  [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC          C:\Windows\System32\msdtc.exe
16:08:14.0688 5816  MSDTC - ok
16:08:14.0710 5816  [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs            C:\Windows\system32\drivers\Msfs.sys
16:08:14.0754 5816  Msfs - ok
16:08:14.0770 5816  [ 00EBC952961664780D43DCA157E79B27 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
16:08:14.0786 5816  msisadrv - ok
16:08:14.0814 5816  [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI        C:\Windows\system32\iscsiexe.dll
16:08:14.0859 5816  MSiSCSI - ok
16:08:14.0866 5816  msiserver - ok
16:08:14.0888 5816  [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV        C:\Windows\system32\drivers\MSKSSRV.sys
16:08:14.0918 5816  MSKSSRV - ok
16:08:14.0935 5816  [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
16:08:14.0965 5816  MSPCLOCK - ok
16:08:14.0984 5816  [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM          C:\Windows\system32\drivers\MSPQM.sys
16:08:15.0015 5816  MSPQM - ok
16:08:15.0050 5816  [ DC6CCF440CDEDE4293DB41C37A5060A5 ] MsRPC          C:\Windows\system32\drivers\MsRPC.sys
16:08:15.0067 5816  MsRPC - ok
16:08:15.0080 5816  [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
16:08:15.0093 5816  mssmbios - ok
16:08:15.0108 5816  [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE          C:\Windows\system32\drivers\MSTEE.sys
16:08:15.0138 5816  MSTEE - ok
16:08:15.0144 5816  [ 0CC49F78D8ACA0877D885F149084E543 ] Mup            C:\Windows\system32\Drivers\mup.sys
16:08:15.0158 5816  Mup - ok
16:08:15.0176 5816  [ A5B10C845E7538C60C0F5D87A57CB3F5 ] napagent        C:\Windows\system32\qagentRT.dll
16:08:15.0212 5816  napagent - ok
16:08:15.0241 5816  [ 2007B826C4ACD94AE32232B41F0842B9 ] NativeWifiP    C:\Windows\system32\DRIVERS\nwifi.sys
16:08:15.0257 5816  NativeWifiP - ok
16:08:15.0297 5816  [ 65950E07329FCEE8E6516B17C8D0ABB6 ] NDIS            C:\Windows\system32\drivers\ndis.sys
16:08:15.0330 5816  NDIS - ok
16:08:15.0347 5816  [ 64DF698A425478E321981431AC171334 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
16:08:15.0372 5816  NdisTapi - ok
16:08:15.0394 5816  [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio        C:\Windows\system32\DRIVERS\ndisuio.sys
16:08:15.0428 5816  Ndisuio - ok
16:08:15.0460 5816  [ F8158771905260982CE724076419EF19 ] NdisWan        C:\Windows\system32\DRIVERS\ndiswan.sys
16:08:15.0486 5816  NdisWan - ok
16:08:15.0505 5816  [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy        C:\Windows\system32\drivers\NDProxy.sys
16:08:15.0532 5816  NDProxy - ok
16:08:15.0543 5816  [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS        C:\Windows\system32\DRIVERS\netbios.sys
16:08:15.0577 5816  NetBIOS - ok
16:08:15.0591 5816  [ FC2C792EBDDC8E28DF939D6A92C83D61 ] netbt          C:\Windows\system32\DRIVERS\netbt.sys
16:08:15.0620 5816  netbt - ok
16:08:15.0625 5816  [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] Netlogon        C:\Windows\system32\lsass.exe
16:08:15.0641 5816  Netlogon - ok
16:08:15.0673 5816  [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman          C:\Windows\System32\netman.dll
16:08:15.0729 5816  Netman - ok
16:08:15.0749 5816  [ 7846D0136CC2B264926A73047BA7688A ] netprofm        C:\Windows\System32\netprofm.dll
16:08:15.0782 5816  netprofm - ok
16:08:15.0813 5816  [ 74751DDA198165947FD7454D83F49825 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:08:15.0824 5816  NetTcpPortSharing - ok
16:08:15.0843 5816  [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960        C:\Windows\system32\drivers\nfrd960.sys
16:08:15.0855 5816  nfrd960 - ok
16:08:15.0872 5816  [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc          C:\Windows\System32\nlasvc.dll
16:08:15.0905 5816  NlaSvc - ok
16:08:15.0948 5816  [ FD306FBCCE7ADB1077B709742E7148E9 ] NMSAccessU      C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
16:08:15.0958 5816  NMSAccessU - ok
16:08:15.0974 5816  [ B298874F8E0EA93F06EC40AA8D146478 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
16:08:15.0997 5816  Npfs - ok
16:08:16.0029 5816  [ ACB62BAA1C319B17752553DF3026EEEB ] nsi            C:\Windows\system32\nsisvc.dll
16:08:16.0063 5816  nsi - ok
16:08:16.0069 5816  [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
16:08:16.0105 5816  nsiproxy - ok
16:08:16.0172 5816  [ BAC869DFB98E499BA4D9BB1FB43270E1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
16:08:16.0228 5816  Ntfs - ok
16:08:16.0244 5816  [ DD5D684975352B85B52E3FD5347C20CB ] Null            C:\Windows\system32\drivers\Null.sys
16:08:16.0278 5816  Null - ok
16:08:16.0335 5816  [ 99ED33F7FE39026A477893D92AEA5EF0 ] NVENETFD        C:\Windows\system32\DRIVERS\nvmfdx64.sys
16:08:16.0386 5816  NVENETFD - ok
16:08:16.0647 5816  [ 5104BAC2DA2A5BDD86AC6B0708B00F06 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:08:17.0149 5816  nvlddmkm - ok
16:08:17.0185 5816  [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
16:08:17.0198 5816  nvraid - ok
16:08:17.0225 5816  [ F6C6D8298DD85507F680437EC2E6899C ] nvsmu          C:\Windows\system32\DRIVERS\nvsmu.sys
16:08:17.0234 5816  nvsmu - ok
16:08:17.0252 5816  [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor          C:\Windows\system32\drivers\nvstor.sys
16:08:17.0265 5816  nvstor - ok
16:08:17.0306 5816  [ DDFAFCE89A5C93D04712B86F94E9FCBA ] nvsvc          C:\Windows\system32\nvvsvc.exe
16:08:17.0345 5816  nvsvc - ok
16:08:17.0402 5816  [ 84E035225474E48CD3A6A3CE52332095 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
16:08:17.0454 5816  nvUpdatusService - ok
16:08:17.0474 5816  [ 19067CA93075EF4823E3938A686F532F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
16:08:17.0488 5816  nv_agp - ok
16:08:17.0494 5816  NwlnkFlt - ok
16:08:17.0499 5816  NwlnkFwd - ok
16:08:17.0566 5816  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:08:17.0589 5816  odserv - ok
16:08:17.0607 5816  [ 7B58953E2F263421FDBB09A192712A85 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
16:08:17.0658 5816  ohci1394 - ok
16:08:17.0688 5816  [ 5A432A042DAE460ABE7199B758E8606C ] ose            C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:08:17.0702 5816  ose - ok
16:08:17.0743 5816  [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2pimsvc        C:\Windows\system32\p2psvc.dll
16:08:17.0793 5816  p2pimsvc - ok
16:08:17.0810 5816  [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2psvc          C:\Windows\system32\p2psvc.dll
16:08:17.0847 5816  p2psvc - ok
16:08:17.0866 5816  [ AECD57F94C887F58919F307C35498EA0 ] Parport        C:\Windows\system32\drivers\parport.sys
16:08:17.0915 5816  Parport - ok
16:08:17.0951 5816  [ B43751085E2ABE389DA466BC62A4B987 ] partmgr        C:\Windows\system32\drivers\partmgr.sys
16:08:17.0965 5816  partmgr - ok
16:08:17.0985 5816  [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc          C:\Windows\System32\pcasvc.dll
16:08:18.0001 5816  PcaSvc - ok
16:08:18.0035 5816  [ 47AB1E0FC9D0E12BB53BA246E3A0906D ] pci            C:\Windows\system32\drivers\pci.sys
16:08:18.0051 5816  pci - ok
16:08:18.0059 5816  [ 2657F6C0B78C36D95034BE109336E382 ] pciide          C:\Windows\system32\drivers\pciide.sys
16:08:18.0072 5816  pciide - ok
16:08:18.0096 5816  [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
16:08:18.0111 5816  pcmcia - ok
16:08:18.0143 5816  [ 58865916F53592A61549B04941BFD80D ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
16:08:18.0217 5816  PEAUTH - ok
16:08:18.0286 5816  [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
16:08:18.0321 5816  PerfHost - ok
16:08:18.0362 5816  [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla            C:\Windows\system32\pla.dll
16:08:18.0423 5816  pla - ok
16:08:18.0460 5816  [ FE6B0F59215C9FD9F9D26539C58C8B82 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
16:08:18.0491 5816  PlugPlay - ok
16:08:18.0516 5816  [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPAutoReg    C:\Windows\system32\p2psvc.dll
16:08:18.0542 5816  PNRPAutoReg - ok
16:08:18.0556 5816  [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPsvc        C:\Windows\system32\p2psvc.dll
16:08:18.0588 5816  PNRPsvc - ok
16:08:18.0630 5816  [ 89A5560671C2D8B4A4B51F3E1AA069D8 ] PolicyAgent    C:\Windows\System32\ipsecsvc.dll
16:08:18.0677 5816  PolicyAgent - ok
16:08:18.0713 5816  [ 23386E9952025F5F21C368971E2E7301 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
16:08:18.0742 5816  PptpMiniport - ok
16:08:18.0763 5816  [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor      C:\Windows\system32\drivers\processr.sys
16:08:18.0802 5816  Processor - ok
16:08:18.0841 5816  [ E058CE4FC2449D8BFA14739C83B7FF2A ] ProfSvc        C:\Windows\system32\profsvc.dll
16:08:18.0876 5816  ProfSvc - ok
16:08:18.0889 5816  [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] ProtectedStorage C:\Windows\system32\lsass.exe
16:08:18.0907 5816  ProtectedStorage - ok
16:08:18.0944 5816  [ C5AB7F0809392D0DA027F4A2A81BFA31 ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
16:08:18.0978 5816  PSched - ok
16:08:19.0002 5816  [ 4712CC14E720ECCCC0AA16949D18AAF1 ] PxHlpa64        C:\Windows\system32\Drivers\PxHlpa64.sys
16:08:19.0018 5816  PxHlpa64 - ok
16:08:19.0071 5816  [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300          C:\Windows\system32\drivers\ql2300.sys
16:08:19.0133 5816  ql2300 - ok
16:08:19.0148 5816  [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
16:08:19.0167 5816  ql40xx - ok
16:08:19.0195 5816  [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE          C:\Windows\system32\qwave.dll
16:08:19.0222 5816  QWAVE - ok
16:08:19.0231 5816  [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
16:08:19.0250 5816  QWAVEdrv - ok
16:08:19.0290 5816  [ A55E7D0D873B2C97585B3B5926AC6ADE ] RapiMgr        C:\Windows\WindowsMobile\rapimgr.dll
16:08:19.0305 5816  RapiMgr - ok
16:08:19.0311 5816  [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
16:08:19.0343 5816  RasAcd - ok
16:08:19.0359 5816  [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto        C:\Windows\System32\rasauto.dll
16:08:19.0392 5816  RasAuto - ok
16:08:19.0421 5816  [ AC7BC4D42A7E558718DFDEC599BBFC2C ] Rasl2tp        C:\Windows\system32\DRIVERS\rasl2tp.sys
16:08:19.0446 5816  Rasl2tp - ok
16:08:19.0462 5816  [ 3AD83E4046C43BE510DE681588ACB8AF ] RasMan          C:\Windows\System32\rasmans.dll
16:08:19.0491 5816  RasMan - ok
16:08:19.0526 5816  [ 4517FBF8B42524AFE4EDE1DE102AAE3E ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
16:08:19.0549 5816  RasPppoe - ok
16:08:19.0587 5816  [ C6A593B51F34C33E5474539544072527 ] RasSstp        C:\Windows\system32\DRIVERS\rassstp.sys
16:08:19.0601 5816  RasSstp - ok
16:08:19.0642 5816  [ 322DB5C6B55E8D8EE8D6F358B2AAABB1 ] rdbss          C:\Windows\system32\DRIVERS\rdbss.sys
16:08:19.0670 5816  rdbss - ok
16:08:19.0679 5816  [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
16:08:19.0714 5816  RDPCDD - ok
16:08:19.0729 5816  [ AE23E79B13FEB62939E2CA1189E71735 ] rdpdr          C:\Windows\system32\DRIVERS\rdpdr.sys
16:08:19.0760 5816  rdpdr - ok
16:08:19.0766 5816  [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
16:08:19.0801 5816  RDPENCDD - ok
16:08:19.0840 5816  [ AE4BD9E1C33D351D8E607FC81F15160C ] RDPWD          C:\Windows\system32\drivers\RDPWD.sys
16:08:19.0863 5816  RDPWD - ok
16:08:19.0894 5816  [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess    C:\Windows\System32\mprdim.dll
16:08:19.0930 5816  RemoteAccess - ok
16:08:19.0966 5816  [ 44B9D8EC2F3EF3A0EFB00857AF70D861 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
16:08:19.0999 5816  RemoteRegistry - ok
16:08:20.0009 5816  [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator      C:\Windows\system32\locator.exe
16:08:20.0025 5816  RpcLocator - ok
16:08:20.0044 5816  [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] RpcSs          C:\Windows\system32\rpcss.dll
16:08:20.0092 5816  RpcSs - ok
16:08:20.0108 5816  [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
16:08:20.0150 5816  rspndr - ok
16:08:20.0155 5816  [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] SamSs          C:\Windows\system32\lsass.exe
16:08:20.0171 5816  SamSs - ok
16:08:20.0188 5816  [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
16:08:20.0205 5816  sbp2port - ok
16:08:20.0236 5816  [ FD1CDCF108D5EF3366F00D18B70FB89B ] SCardSvr        C:\Windows\System32\SCardSvr.dll
16:08:20.0262 5816  SCardSvr - ok
16:08:20.0302 5816  [ 0F838C811AD295D2A4489B9993096C63 ] Schedule        C:\Windows\system32\schedsvc.dll
16:08:20.0362 5816  Schedule - ok
16:08:20.0390 5816  [ 5A268127633C7EE2A7FB87F39D748D56 ] SCPolicySvc    C:\Windows\System32\certprop.dll
16:08:20.0413 5816  SCPolicySvc - ok
16:08:20.0436 5816  [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
16:08:20.0466 5816  SDRSVC - ok
16:08:20.0481 5816  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
16:08:20.0526 5816  secdrv - ok
16:08:20.0531 5816  [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon        C:\Windows\system32\seclogon.dll
16:08:20.0562 5816  seclogon - ok
16:08:20.0576 5816  [ 90973A64B96CD647FF81C79443618EED ] SENS            C:\Windows\System32\sens.dll
16:08:20.0607 5816  SENS - ok
16:08:20.0640 5816  [ 2449316316411D65BD2C761A6FFB2CE2 ] Serenum        C:\Windows\system32\DRIVERS\serenum.sys
16:08:20.0670 5816  Serenum - ok
16:08:20.0680 5816  [ 4B438170BE2FC8E0BD35EE87A960F84F ] Serial          C:\Windows\system32\DRIVERS\serial.sys
16:08:20.0714 5816  Serial - ok
16:08:20.0733 5816  [ A842F04833684BCEEA7336211BE478DF ] sermouse        C:\Windows\system32\drivers\sermouse.sys
16:08:20.0764 5816  sermouse - ok
16:08:20.0790 5816  [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv      C:\Windows\system32\sessenv.dll
16:08:20.0823 5816  SessionEnv - ok
16:08:20.0839 5816  [ 14D4B4465193A87C127933978E8C4106 ] sffdisk        C:\Windows\system32\drivers\sffdisk.sys
16:08:20.0870 5816  sffdisk - ok
16:08:20.0889 5816  [ 7073AEE3F82F3D598E3825962AA98AB2 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
16:08:20.0920 5816  sffp_mmc - ok
16:08:20.0934 5816  [ 35E59EBE4A01A0532ED67975161C7B82 ] sffp_sd        C:\Windows\system32\drivers\sffp_sd.sys
16:08:20.0966 5816  sffp_sd - ok
16:08:20.0979 5816  [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy        C:\Windows\system32\drivers\sfloppy.sys
16:08:21.0030 5816  sfloppy - ok
16:08:21.0059 5816  [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
16:08:21.0101 5816  SharedAccess - ok
16:08:21.0135 5816  [ 56793271ECDEDD350C5ADD305603E963 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:08:21.0153 5816  ShellHWDetection - ok
16:08:21.0167 5816  [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
16:08:21.0182 5816  SiSRaid2 - ok
16:08:21.0198 5816  [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
16:08:21.0214 5816  SiSRaid4 - ok
16:08:21.0324 5816  [ 388AE59FE75F1B959DFA0900923C61BB ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
16:08:21.0437 5816  Skype C2C Service - ok
16:08:21.0485 5816  [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate    C:\Program Files (x86)\Skype\Updater\Updater.exe
16:08:21.0500 5816  SkypeUpdate - ok
16:08:21.0571 5816  [ A9A27A8E257B45A604FDAD4F26FE7241 ] slsvc          C:\Windows\system32\SLsvc.exe
16:08:21.0684 5816  slsvc - ok
16:08:21.0721 5816  [ FD74B4B7C2088E390A30C85A896FC3AF ] SLUINotify      C:\Windows\system32\SLUINotify.dll
16:08:21.0755 5816  SLUINotify - ok
16:08:21.0782 5816  [ 290B6F6A0EC4FCDFC90F5CB6D7020473 ] Smb            C:\Windows\system32\DRIVERS\smb.sys
16:08:21.0816 5816  Smb - ok
16:08:21.0845 5816  [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
16:08:21.0863 5816  SNMPTRAP - ok
16:08:21.0892 5816  [ 386C3C63F00A7040C7EC5E384217E89D ] spldr          C:\Windows\system32\drivers\spldr.sys
16:08:21.0910 5816  spldr - ok
16:08:21.0946 5816  [ F66FF751E7EFC816D266977939EF5DC3 ] Spooler        C:\Windows\System32\spoolsv.exe
16:08:21.0985 5816  Spooler - ok
16:08:22.0026 5816  [ 9AB59CF736981ED1F83C6AB5FAA8BA5C ] sptd            C:\Windows\system32\Drivers\sptd.sys
16:08:22.0026 5816  Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 9AB59CF736981ED1F83C6AB5FAA8BA5C
16:08:22.0028 5816  sptd ( LockedFile.Multi.Generic ) - warning
16:08:22.0028 5816  sptd - detected LockedFile.Multi.Generic (1)
16:08:22.0065 5816  [ 880A57FCCB571EBD063D4DD50E93E46D ] srv            C:\Windows\system32\DRIVERS\srv.sys
16:08:22.0107 5816  srv - ok
16:08:22.0139 5816  [ A1AD14A6D7A37891FFFECA35EBBB0730 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
16:08:22.0161 5816  srv2 - ok
16:08:22.0181 5816  [ 4BED62F4FA4D8300973F1151F4C4D8A7 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
16:08:22.0194 5816  srvnet - ok
16:08:22.0210 5816  [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV        C:\Windows\System32\ssdpsrv.dll
16:08:22.0242 5816  SSDPSRV - ok
16:08:22.0253 5816  [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc        C:\Windows\system32\sstpsvc.dll
16:08:22.0267 5816  SstpSvc - ok
16:08:22.0290 5816  [ 74425FFA11C133D045E1C3BE2EAD481D ] ssudmdm        C:\Windows\system32\DRIVERS\ssudmdm.sys
16:08:22.0302 5816  ssudmdm - ok
16:08:22.0340 5816  [ 15825C1FBFB8779992CB65087F316AF5 ] stisvc          C:\Windows\System32\wiaservc.dll
16:08:22.0371 5816  stisvc - ok
16:08:22.0398 5816  [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
16:08:22.0409 5816  swenum - ok
16:08:22.0446 5816  [ 6DE37F4DE19D4EFD9C48C43ADDBC949A ] swprv          C:\Windows\System32\swprv.dll
16:08:22.0487 5816  swprv - ok
16:08:22.0504 5816  [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx        C:\Windows\system32\drivers\symc8xx.sys
16:08:22.0517 5816  Symc8xx - ok
16:08:22.0535 5816  [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
16:08:22.0548 5816  Sym_hi - ok
16:08:22.0557 5816  [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
16:08:22.0570 5816  Sym_u3 - ok
16:08:22.0612 5816  [ 92D7A8B0F87B036F17D25885937897A6 ] SysMain        C:\Windows\system32\sysmain.dll
16:08:22.0658 5816  SysMain - ok
16:08:22.0684 5816  [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:08:22.0703 5816  TabletInputService - ok
16:08:22.0739 5816  [ CC2562B4D55E0B6A4758C65407F63B79 ] TapiSrv        C:\Windows\System32\tapisrv.dll
16:08:22.0768 5816  TapiSrv - ok
16:08:22.0782 5816  [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS            C:\Windows\System32\tbssvc.dll
16:08:22.0818 5816  TBS - ok
16:08:22.0876 5816  [ 46D448E9117464E4D3BBF36D7E3FA48E ] Tcpip          C:\Windows\system32\drivers\tcpip.sys
16:08:22.0930 5816  Tcpip - ok
16:08:22.0954 5816  [ 46D448E9117464E4D3BBF36D7E3FA48E ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
16:08:23.0007 5816  Tcpip6 - ok
16:08:23.0035 5816  [ C7E72A4071EE0200E3C075DACFB2B334 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
16:08:23.0049 5816  tcpipreg - ok
16:08:23.0061 5816  [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
16:08:23.0097 5816  TDPIPE - ok
16:08:23.0109 5816  [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP          C:\Windows\system32\drivers\tdtcp.sys
16:08:23.0143 5816  TDTCP - ok
16:08:23.0173 5816  [ 458919C8C42E398DC4802178D5FFEE27 ] tdx            C:\Windows\system32\DRIVERS\tdx.sys
16:08:23.0199 5816  tdx - ok
16:08:23.0233 5816  [ 8C19678D22649EC002EF2282EAE92F98 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
16:08:23.0248 5816  TermDD - ok
16:08:23.0289 5816  [ 5CDD30BC217082DAC71A9878D9BFD566 ] TermService    C:\Windows\System32\termsrv.dll
16:08:23.0334 5816  TermService - ok
16:08:23.0357 5816  [ 56793271ECDEDD350C5ADD305603E963 ] Themes          C:\Windows\system32\shsvcs.dll
16:08:23.0375 5816  Themes - ok
16:08:23.0386 5816  [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER    C:\Windows\system32\mmcss.dll
16:08:23.0425 5816  THREADORDER - ok
16:08:23.0451 5816  [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks          C:\Windows\System32\trkwks.dll
16:08:23.0491 5816  TrkWks - ok
16:08:23.0534 5816  [ 66328B08EF5A9305D8EDE36B93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:08:23.0557 5816  TrustedInstaller - ok
16:08:23.0575 5816  [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
16:08:23.0608 5816  tssecsrv - ok
16:08:23.0622 5816  [ 89EC74A9E602D16A75A4170511029B3C ] tunmp          C:\Windows\system32\DRIVERS\tunmp.sys
16:08:23.0635 5816  tunmp - ok
16:08:23.0670 5816  [ 30A9B3F45AD081BFFC3BCAA9C812B609 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
16:08:23.0681 5816  tunnel - ok
16:08:23.0703 5816  [ FEC266EF401966311744BD0F359F7F56 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
16:08:23.0716 5816  uagp35 - ok
16:08:23.0731 5816  [ FAF2640A2A76ED03D449E443194C4C34 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
16:08:23.0758 5816  udfs - ok
16:08:23.0782 5816  [ 060507C4113391394478F6953A79EEDC ] UI0Detect      C:\Windows\system32\UI0Detect.exe
16:08:23.0815 5816  UI0Detect - ok
16:08:23.0843 5816  [ 4EC9447AC3AB462647F60E547208CA00 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
16:08:23.0856 5816  uliagpkx - ok
16:08:23.0877 5816  [ 697F0446134CDC8F99E69306184FBBB4 ] uliahci        C:\Windows\system32\drivers\uliahci.sys
16:08:23.0894 5816  uliahci - ok
16:08:23.0913 5816  [ 31707F09846056651EA2C37858F5DDB0 ] UlSata          C:\Windows\system32\drivers\ulsata.sys
16:08:23.0927 5816  UlSata - ok
16:08:23.0945 5816  [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2        C:\Windows\system32\drivers\ulsata2.sys
16:08:23.0960 5816  ulsata2 - ok
16:08:23.0965 5816  [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus          C:\Windows\system32\DRIVERS\umbus.sys
16:08:24.0001 5816  umbus - ok
16:08:24.0032 5816  [ DC5E34F189B827199B9CC8481C648269 ] UmRdpService    C:\Windows\System32\umrdp.dll
16:08:24.0049 5816  UmRdpService - ok
16:08:24.0065 5816  [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost        C:\Windows\System32\upnphost.dll
16:08:24.0116 5816  upnphost - ok
16:08:24.0149 5816  [ C6BA890DE6E41857FBE84175519CAE7D ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
16:08:24.0175 5816  usbaudio - ok
16:08:24.0201 5816  [ 07E3498FC60834219D2356293DA0FECC ] usbccgp        C:\Windows\system32\DRIVERS\usbccgp.sys
16:08:24.0227 5816  usbccgp - ok
16:08:24.0246 5816  [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
16:08:24.0299 5816  usbcir - ok
16:08:24.0327 5816  [ 827E44DE934A736EA31E91D353EB126F ] usbehci        C:\Windows\system32\DRIVERS\usbehci.sys
16:08:24.0355 5816  usbehci - ok
16:08:24.0378 5816  [ BB35CD80A2ECECFADC73569B3D70C7D1 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
16:08:24.0407 5816  usbhub - ok
16:08:24.0420 5816  [ E406B003A354776D317762694956B0FC ] usbohci        C:\Windows\system32\DRIVERS\usbohci.sys
16:08:24.0445 5816  usbohci - ok
16:08:24.0472 5816  [ 28B693B6D31E7B9332C1BDCEFEF228C1 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
16:08:24.0507 5816  usbprint - ok
16:08:24.0526 5816  [ EA0BF666868964FBE8CB10E50C97B9F1 ] usbscan        C:\Windows\system32\DRIVERS\usbscan.sys
16:08:24.0552 5816  usbscan - ok
16:08:24.0586 5816  [ B854C1558FCA0C269A38663E8B59B581 ] USBSTOR        C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:08:24.0612 5816  USBSTOR - ok
16:08:24.0626 5816  [ B2872CBF9F47316ABD0E0C74A1ABA507 ] usbuhci        C:\Windows\system32\DRIVERS\usbuhci.sys
16:08:24.0652 5816  usbuhci - ok
16:08:24.0676 5816  [ 1E36BB1A3C5AAF2AA9FA9A126DF8C16C ] usb_rndisx      C:\Windows\system32\DRIVERS\usb8023x.sys
16:08:24.0703 5816  usb_rndisx - ok
16:08:24.0718 5816  [ D76E231E4850BB3F88A3D9A78DF191E3 ] UxSms          C:\Windows\System32\uxsms.dll
16:08:24.0746 5816  UxSms - ok
16:08:24.0789 5816  [ 294945381DFA7CE58CECF0A9896AF327 ] vds            C:\Windows\System32\vds.exe
16:08:24.0834 5816  vds - ok
16:08:24.0855 5816  [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga            C:\Windows\system32\DRIVERS\vgapnp.sys
16:08:24.0893 5816  vga - ok
16:08:24.0906 5816  [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave        C:\Windows\System32\drivers\vga.sys
16:08:24.0936 5816  VgaSave - ok
16:08:24.0957 5816  [ 8294B6C3FDB6C33F24E150DE647ECDAA ] viaide          C:\Windows\system32\drivers\viaide.sys
16:08:24.0967 5816  viaide - ok
16:08:24.0989 5816  [ 2B7E885ED951519A12C450D24535DFCA ] volmgr          C:\Windows\system32\drivers\volmgr.sys
16:08:25.0004 5816  volmgr - ok
16:08:25.0037 5816  [ CEC5AC15277D75D9E5DEC2E1C6EAF877 ] volmgrx        C:\Windows\system32\drivers\volmgrx.sys
16:08:25.0060 5816  volmgrx - ok
16:08:25.0090 5816  [ 582F710097B46140F5A89A19A6573D4B ] volsnap        C:\Windows\system32\drivers\volsnap.sys
16:08:25.0107 5816  volsnap - ok
16:08:25.0129 5816  [ A68F455ED2673835209318DD61BFBB0E ] vsmraid        C:\Windows\system32\drivers\vsmraid.sys
16:08:25.0142 5816  vsmraid - ok
16:08:25.0187 5816  [ B75232DAD33BFD95BF6F0A3E6BFF51E1 ] VSS            C:\Windows\system32\vssvc.exe
16:08:25.0250 5816  VSS - ok
16:08:25.0278 5816  [ F14A7DE2EA41883E250892E1E5230A9A ] W32Time        C:\Windows\system32\w32time.dll
16:08:25.0313 5816  W32Time - ok
16:08:25.0334 5816  [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
16:08:25.0385 5816  WacomPen - ok
16:08:25.0417 5816  [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
16:08:25.0443 5816  Wanarp - ok
16:08:25.0448 5816  [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
16:08:25.0474 5816  Wanarpv6 - ok
16:08:25.0528 5816  [ 48EEE289DF9E4989128B2283F3EEACC6 ] wbengine        C:\Windows\system32\wbengine.exe
16:08:25.0571 5816  wbengine - ok
16:08:25.0603 5816  [ 8BDA6DB43AA54E8BB5E0794541DDC209 ] WcesComm        C:\Windows\WindowsMobile\wcescomm.dll
16:08:25.0631 5816  WcesComm - ok
16:08:25.0661 5816  [ B4E4C37D0AA6100090A53213EE2BF1C1 ] wcncsvc        C:\Windows\System32\wcncsvc.dll
16:08:25.0697 5816  wcncsvc - ok
16:08:25.0719 5816  [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:08:25.0750 5816  WcsPlugInService - ok
16:08:25.0757 5816  [ 0C17A0816F65B89E362E682AD5E7266E ] Wd              C:\Windows\system32\drivers\wd.sys
16:08:25.0772 5816  Wd - ok
16:08:25.0822 5816  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
16:08:25.0865 5816  Wdf01000 - ok
16:08:25.0886 5816  [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost  C:\Windows\system32\wdi.dll
16:08:25.0931 5816  WdiServiceHost - ok
16:08:25.0935 5816  [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost  C:\Windows\system32\wdi.dll
16:08:25.0983 5816  WdiSystemHost - ok
16:08:25.0997 5816  [ 3E6D05381CF35F75EBB055544A8ED9AC ] WebClient      C:\Windows\System32\webclnt.dll
16:08:26.0016 5816  WebClient - ok
16:08:26.0052 5816  [ 8D40BC587993F876658BF9FB0F7D3462 ] Wecsvc          C:\Windows\system32\wecsvc.dll
16:08:26.0070 5816  Wecsvc - ok
16:08:26.0082 5816  [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport  C:\Windows\System32\wercplsupport.dll
16:08:26.0109 5816  wercplsupport - ok
16:08:26.0121 5816  [ 66B9ECEBC46683F47EDC06333C075FEF ] WerSvc          C:\Windows\System32\WerSvc.dll
16:08:26.0147 5816  WerSvc - ok
16:08:26.0164 5816  WinDefend - ok
16:08:26.0169 5816  WinHttpAutoProxySvc - ok
16:08:26.0225 5816  [ D2E7296ED1BD26D8DB2799770C077A02 ] Winmgmt        C:\Windows\system32\wbem\WMIsvc.dll
16:08:26.0250 5816  Winmgmt - ok
16:08:26.0312 5816  [ 6CBB0C68F13B9C2EC1B16F5FA5E7C869 ] WinRM          C:\Windows\system32\WsmSvc.dll
16:08:26.0376 5816  WinRM - ok
16:08:26.0414 5816  [ EC339C8115E91BAED835957E9A677F16 ] Wlansvc        C:\Windows\System32\wlansvc.dll
16:08:26.0451 5816  Wlansvc - ok
16:08:26.0479 5816  [ E18AEBAAA5A773FE11AA2C70F65320F5 ] WmiAcpi        C:\Windows\system32\drivers\wmiacpi.sys
16:08:26.0503 5816  WmiAcpi - ok
16:08:26.0530 5816  [ 21FA389E65A852698B6A1341F36EE02D ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
16:08:26.0557 5816  wmiApSrv - ok
16:08:26.0570 5816  WMPNetworkSvc - ok
16:08:26.0601 5816  [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
16:08:26.0618 5816  WPCSvc - ok
16:08:26.0656 5816  [ 490A18B4E4D53DC10879DEAA8E8B70D9 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
16:08:26.0671 5816  WPDBusEnum - ok
16:08:26.0701 5816  [ 5E2401B3FC1089C90E081291357371A9 ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
16:08:26.0716 5816  WpdUsb - ok
16:08:26.0808 5816  [ 991E2C2CF3BC204C2BB2EE1476149E4E ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
16:08:26.0852 5816  WPFFontCache_v0400 - ok
16:08:26.0874 5816  [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl        C:\Windows\system32\drivers\ws2ifsl.sys
16:08:26.0912 5816  ws2ifsl - ok
16:08:26.0940 5816  [ 9EA3E6D0EF7A5C2B9181961052A4B01A ] wscsvc          C:\Windows\System32\wscsvc.dll
16:08:26.0960 5816  wscsvc - ok
16:08:26.0965 5816  WSearch - ok
16:08:27.0043 5816  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
16:08:27.0141 5816  wuauserv - ok
16:08:27.0175 5816  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
16:08:27.0193 5816  WudfPf - ok
16:08:27.0206 5816  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
16:08:27.0225 5816  WUDFRd - ok
16:08:27.0237 5816  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc        C:\Windows\System32\WUDFSvc.dll
16:08:27.0256 5816  wudfsvc - ok
16:08:27.0264 5816  ================ Scan global ===============================
16:08:27.0285 5816  [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll
16:08:27.0304 5816  [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
16:08:27.0320 5816  [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
16:08:27.0356 5816  [ 934E0B7D77FF78C18D9F8891221B6DE3 ] C:\Windows\system32\services.exe
16:08:27.0360 5816  [Global] - ok
16:08:27.0361 5816  ================ Scan MBR ==================================
16:08:27.0368 5816  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
16:08:27.0581 5816  \Device\Harddisk0\DR0 - ok
16:08:27.0585 5816  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
16:08:32.0853 5816  \Device\Harddisk1\DR1 - ok
16:08:32.0853 5816  ================ Scan VBR ==================================
16:08:32.0856 5816  [ 9F4C8BD84E33868E4E3DACDEBAC0DA7D ] \Device\Harddisk0\DR0\Partition1
16:08:32.0858 5816  \Device\Harddisk0\DR0\Partition1 - ok
16:08:32.0871 5816  [ 391BF69C88B287F2CF4A49236CF5537F ] \Device\Harddisk0\DR0\Partition2
16:08:32.0873 5816  \Device\Harddisk0\DR0\Partition2 - ok
16:08:32.0887 5816  [ 577A59BCC0E1F98AE3964971AF4ED034 ] \Device\Harddisk0\DR0\Partition3
16:08:32.0889 5816  \Device\Harddisk0\DR0\Partition3 - ok
16:08:32.0909 5816  [ 5EE0BF717509FBA58D5306C417B883D0 ] \Device\Harddisk0\DR0\Partition4
16:08:32.0910 5816  \Device\Harddisk0\DR0\Partition4 - ok
16:08:32.0916 5816  [ B0E14F518376155B5AE8AF443B12A7FB ] \Device\Harddisk1\DR1\Partition1
16:08:32.0918 5816  \Device\Harddisk1\DR1\Partition1 - ok
16:08:32.0918 5816  ============================================================
16:08:32.0918 5816  Scan finished
16:08:32.0918 5816  ============================================================
16:08:32.0931 0772  Detected object count: 2
16:08:32.0931 0772  Actual detected object count: 2

Ich muss jetzt aber noch was anfügen (außerhalb der Computertechnik):
Was Du hier leistest ist absoluter Wahnsinn. Ich bin schwerst begeistert und wenn ich mir erlauben darf: Ich gönn Dir und Deinem Team einen schönen Jahreswechsel und wünsch Euch alles Gute für dieses Projekt.

Liebe Grüße aus dem österreichischen Salzkammergut!

cosinus 31.12.2012 16:33
Ist alles unauffällig
Und das Problem seit der Passwortänderung hast du ja nicht mehr?!

Amadeus_2 31.12.2012 16:37
Du meinst, diese versteckte Datei soll ich vergessen???

cosinus 31.12.2012 16:37
Ja!

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)

Amadeus_2 31.12.2012 16:42
Bitte schön!

Code:
# AdwCleaner v2.104 - Datei am 31/12/2012 um 16:41:15 erstellt
# Aktualisiert am 29/12/2012 von Xplode
# Betriebssystem : Windows (TM) Vista Ultimate Service Pack 2 (64 bits)
# Benutzer : Administrator - ADMIN-01
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Administrator\Desktop\adwcleaner(1).exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.6001.19393

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v17.0.1 (de)

Datei : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\8ajrspos.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [25296 octets] - [29/12/2012 17:18:43]
AdwCleaner[R2].txt - [25357 octets] - [29/12/2012 17:23:02]
AdwCleaner[R3].txt - [1890 octets] - [29/12/2012 18:42:47]
AdwCleaner[R4].txt - [1185 octets] - [29/12/2012 18:47:57]
AdwCleaner[R5].txt - [1129 octets] - [31/12/2012 16:41:15]
AdwCleaner[S1].txt - [24889 octets] - [29/12/2012 17:24:47]
AdwCleaner[S2].txt - [1958 octets] - [29/12/2012 18:44:16]

########## EOF - C:\AdwCleaner[R5].txt - [1310 octets] ##########

cosinus 31.12.2012 16:42
adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x=fortlaufende Nummer)

Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.

Amadeus_2 31.12.2012 16:52
Ok, wie ich sehe, dauert dieser Scan länger. Ich werde das auf morgen verschieben müssen. Jetzt erstmal einen guten Rutsch ins Neue Jahr.

Guten Morgen Cosinus! Gutes Neues Jahr!

Habe beide Aufgaben erledigt:
1) Das Logfile des AdwLeaner siehe gestriges vorletztes Posting
2) Logfile OTL:
Code:
OTL logfile created on: 01.01.2013 09:52:54 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Administrator\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19393)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,94 Gb Total Physical Memory | 1,88 Gb Available Physical Memory | 47,84% Memory free
8,04 Gb Paging File | 5,83 Gb Available in Paging File | 72,54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,66 Gb Total Space | 19,65 Gb Free Space | 20,12% Space Free | Partition Type: NTFS
Drive D: | 97,66 Gb Total Space | 94,83 Gb Free Space | 97,10% Space Free | Partition Type: NTFS
Drive F: | 172,79 Gb Total Space | 26,66 Gb Free Space | 15,43% Space Free | Partition Type: NTFS
Drive M: | 97,66 Gb Total Space | 83,12 Gb Free Space | 85,12% Space Free | Partition Type: NTFS
Drive N: | 465,65 Gb Total Space | 112,64 Gb Free Space | 24,19% Space Free | Partition Type: FAT32
 
Computer Name: ADMIN-01 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Administrator\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
PRC - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
PRC - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\adaaf894878905f022f824b84fcd59a8\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\38e2909de0b5e7887b46dd28725ba718\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\0e5254a1a3d59b3a037029e5af1bd32b\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\aebb94e0eea9c39ec18a7915a711f621\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\7c8bffb6e42a248341d7821a8464ef0b\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74fade4c3e490c62af3d60742fb078a\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\dfe6e22159d3f5bf61b5bfe1da6f2758\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\46215c6276fca8ba6b8a765dfa384c73\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\ecbb113bbad9034fa8385c15f73fb4cf\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\14d2241be401f66cc1898dc5dc383b80\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\e10bbd79027aa4c1ca8950b78fd640d4\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\a8dfd1388afc0a50f39f9e1dc7ecd45c\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\c63fe1e324904c893d2a5d02f0783658\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\379599837ade465016dd5d96798b2766\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\dbc34d53e1fbedabecd201fe4f264961\mscorlib.ni.dll ()
MOD - C:\Users\Administrator\AppData\Local\Temp\fbe2808e-2380-4f14-a1fa-3fa9c3a364e8\CliSecureRT.dll ()
MOD - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE File not found
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service 64) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (NMSAccessU) -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe ()
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\DRIVERS\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\DRIVERS\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\DRIVERS\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\DRIVERS\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\DRIVERS\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\Drivers\sptd.sys ()
DRV:64bit: - (adfs) -- C:\Windows\SysNative\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (dgderdrv) -- C:\Windows\SysWOW64\drivers\dgderdrv.sys (Devguru Co., Ltd)
DRV - (AFS) -- C:\Windows\SysWow64\drivers\AFS.SYS (Oak Technology Inc.)
DRV - (adfs) -- C:\Windows\SysWow64\drivers\adfs.sys (Adobe Systems, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-472644794-2526785944-1122528246-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.gmx.at/
IE - HKU\S-1-5-21-472644794-2526785944-1122528246-500\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found
IE - HKU\S-1-5-21-472644794-2526785944-1122528246-500\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-472644794-2526785944-1122528246-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-472644794-2526785944-1122528246-500\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GPEA_de
IE - HKU\S-1-5-21-472644794-2526785944-1122528246-500\..\SearchScopes\Plasmoo: "URL" = hxxp://plasmoo.com/index.htm?SearchMashine=true&q={searchTerms}
IE - HKU\S-1-5-21-472644794-2526785944-1122528246-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.gmx.at/"
FF - prefs.js..extensions.enabledAddons: %7B9AA46F4F-4DC7-4c06-97AF-5035170634FE%7D:5.0.3
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.12
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0035-ABCDEFFEDCBA%7D:6.0.35
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0037-ABCDEFFEDCBA%7D:6.0.37
FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.9
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 44
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:4.01
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: engine@plasmoo.com:1.0.0.32
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8153
FF - prefs.js..extensions.enabledItems: {22C7F6C6-8D67-4534-92B5-529A0EC09405}:6.8.0.1073
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.05.24 20:32:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.05.24 20:32:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.10 17:49:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.10 17:49:36 | 000,000,000 | ---D | M]
 
[2009.02.10 21:44:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Extensions
[2012.12.29 18:46:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\8ajrspos.default\extensions
[2010.04.28 04:53:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\8ajrspos.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.11.22 16:59:08 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\8ajrspos.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009.09.12 10:03:28 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\8ajrspos.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2012.12.07 15:26:44 | 000,109,804 | ---- | M] () (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\firefox\profiles\8ajrspos.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi
[2012.12.12 15:43:24 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\firefox\profiles\8ajrspos.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2012.12.10 17:49:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.12.10 17:49:35 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.12.10 17:49:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}
[2012.12.10 17:49:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012.12.10 17:49:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2012.12.10 17:49:39 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.05.24 20:31:36 | 000,129,144 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll
[2011.11.05 04:38:54 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.02 16:29:48 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.11.05 04:38:54 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.11.05 04:38:54 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.11.05 04:38:54 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.11.05 04:38:54 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.02.10 21:34:52 | 000,001,239 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7529.1424\swg64.dll (Google Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O3:64bit: - HKU\S-1-5-21-472644794-2526785944-1122528246-500\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-472644794-2526785944-1122528246-500..\Run: [AdobeBridge]  File not found
O4 - HKU\S-1-5-21-472644794-2526785944-1122528246-500..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup File not found
O4 - HKU\S-1-5-21-472644794-2526785944-1122528246-500..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKU\S-1-5-21-472644794-2526785944-1122528246-500..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O4 - HKU\S-1-5-21-472644794-2526785944-1122528246-500..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Administrator\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\S-1-5-21-472644794-2526785944-1122528246-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-472644794-2526785944-1122528246-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Administrator\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Administrator\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8ECEAD05-223A-4076-9A40-137437408446}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{6729c238-cd5f-11df-8b8a-0021855a4ba2}\Shell - "" = AutoRun
O33 - MountPoints2\{6729c238-cd5f-11df-8b8a-0021855a4ba2}\Shell\AutoRun\command - "" = O:\LaunchU3.exe -a
O33 - MountPoints2\{79e056a4-9e62-11e0-951e-0021855a4ba2}\Shell - "" = AutoRun
O33 - MountPoints2\{79e056a4-9e62-11e0-951e-0021855a4ba2}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.12.31 16:45:31 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2012.12.31 15:59:32 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Administrator\Desktop\tdsskiller.exe
[2012.12.31 15:41:02 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Administrator\Desktop\aswMBR.exe
[2012.12.30 11:00:15 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Drivers HeadQuarters
[2012.12.30 09:43:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.12.29 17:42:21 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Malwarebytes
[2012.12.29 17:42:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.12.29 17:31:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dropbox
[2012.12.21 17:29:19 | 000,368,128 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012.12.21 17:29:19 | 000,293,376 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012.12.21 17:29:19 | 000,048,128 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012.12.21 17:29:19 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012.12.12 16:21:52 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys
[2012.12.12 16:21:52 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll
[2012.12.12 16:21:48 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winusb.dll
[2012.12.12 16:21:46 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll
[2012.12.12 16:21:46 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe
[2012.12.12 16:21:46 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll
[2012.12.12 16:21:46 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll
[2012.12.12 15:51:57 | 001,210,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012.12.12 15:51:49 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.12.12 15:51:48 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.12.12 15:51:48 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2012.12.12 15:51:47 | 001,538,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.12.12 15:51:47 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.12.12 15:51:47 | 000,479,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012.12.12 15:51:47 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012.12.12 15:51:47 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012.12.12 15:51:47 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.12.12 15:51:47 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2012.12.12 15:51:47 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012.12.12 15:51:47 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2012.12.12 15:51:47 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.12.12 15:51:47 | 000,162,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.12.12 15:51:47 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.12.12 15:51:47 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2012.12.12 15:51:47 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2012.12.12 15:51:47 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.12.12 15:51:47 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.12.12 15:51:47 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2012.12.12 15:51:47 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2012.12.12 15:51:47 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2012.12.12 15:51:47 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2012.12.12 15:51:47 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.12.12 15:51:47 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012.12.12 15:51:47 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2012.12.12 15:51:47 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012.12.12 15:51:47 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012.12.12 15:51:47 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012.12.12 15:51:33 | 000,477,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll
[2012.12.12 15:51:33 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll
[2012.12.12 15:51:33 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnathlp.dll
[2012.12.12 15:51:33 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnsvr.exe
[2012.12.12 15:51:33 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnsvr.exe
[2012.12.10 17:49:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.12.05 19:49:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.12.05 19:49:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.01 09:52:02 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.01.01 09:48:01 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.01.01 09:47:55 | 000,000,408 | ---- | M] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_Administrator.job
[2013.01.01 09:45:57 | 000,003,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.01 09:45:57 | 000,003,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.01 09:45:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.31 16:53:54 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.12.31 16:45:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2012.12.31 16:40:25 | 000,551,997 | ---- | M] () -- C:\Users\Administrator\Desktop\adwcleaner(1).exe
[2012.12.31 16:09:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.12.31 15:59:37 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Administrator\Desktop\tdsskiller.exe
[2012.12.31 15:41:59 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Administrator\Desktop\aswMBR.exe
[2012.12.31 15:14:41 | 013,652,346 | ---- | M] () -- C:\Users\Administrator\Desktop\mbar-1.01.0.1011.zip
[2012.12.31 14:01:00 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012.12.30 09:28:48 | 001,513,904 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.12.30 09:28:48 | 000,654,132 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.12.30 09:28:48 | 000,619,120 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.12.30 09:28:48 | 000,136,012 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.12.30 09:28:48 | 000,112,732 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.12.29 17:32:10 | 000,000,959 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.12.29 17:31:34 | 000,000,943 | ---- | M] () -- C:\Users\Administrator\Desktop\Dropbox.lnk
[2012.12.27 08:08:01 | 000,000,398 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateXML_Administrator.job
[2012.12.24 16:08:06 | 000,002,655 | ---- | M] () -- C:\Users\Administrator\Desktop\Microsoft Office Word 2007.lnk
[2012.12.24 15:47:42 | 000,000,466 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012.12.22 11:18:12 | 000,000,402 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateFiles_Administrator.job
[2012.12.21 17:33:47 | 002,988,304 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.12.16 14:31:20 | 000,048,128 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012.12.16 14:12:54 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012.12.16 12:08:21 | 000,368,128 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012.12.16 11:50:29 | 000,293,376 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012.12.14 18:37:36 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.12.14 18:37:36 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.12.11 19:09:39 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.12.11 19:09:39 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.12.05 19:49:04 | 000,001,892 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
 
========== Files Created - No Company Name ==========
 
[2012.12.31 16:40:19 | 000,551,997 | ---- | C] () -- C:\Users\Administrator\Desktop\adwcleaner(1).exe
[2012.12.31 14:45:14 | 013,652,346 | ---- | C] () -- C:\Users\Administrator\Desktop\mbar-1.01.0.1011.zip
[2012.12.22 08:05:23 | 000,000,408 | ---- | C] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_Administrator.job
[2012.12.22 08:04:40 | 000,000,402 | ---- | C] () -- C:\Windows\tasks\ReclaimerUpdateFiles_Administrator.job
[2012.12.22 08:04:37 | 000,000,398 | ---- | C] () -- C:\Windows\tasks\ReclaimerUpdateXML_Administrator.job
[2012.12.12 16:21:59 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012.12.12 16:21:59 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012.12.05 19:49:04 | 000,001,892 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.11.30 18:54:13 | 000,000,466 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012.07.30 13:16:20 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012.07.30 13:16:18 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012.07.30 13:16:18 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012.07.30 13:16:18 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012.07.30 13:16:18 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012.06.10 07:15:37 | 000,000,218 | ---- | C] () -- C:\Users\Administrator\.recently-used.xbel
[2011.12.04 10:56:28 | 000,004,930 | ---- | C] () -- C:\ProgramData\qjaxlkio.dss
[2010.12.13 20:56:32 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Dynamic Library
[2010.12.13 20:56:32 | 000,000,268 | RH-- | C] () -- C:\Users\Administrator\AppData\Roaming\Documentation
[2010.12.13 20:56:32 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLck.DAT
[2010.12.13 20:56:26 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Echo
[2010.12.13 20:56:26 | 000,000,268 | RH-- | C] () -- C:\Users\Administrator\AppData\Roaming\Documents
[2010.12.13 20:53:33 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLbx.DAT
[2010.12.08 10:45:01 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Audio
[2010.12.08 10:45:01 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Applications
[2010.12.08 10:45:01 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Application Support
[2010.12.08 10:45:01 | 000,000,268 | RH-- | C] () -- C:\Users\Administrator\AppData\Roaming\Applause and Laugher
[2010.12.08 10:45:01 | 000,000,268 | RH-- | C] () -- C:\Users\Administrator\AppData\Roaming\Animals
[2010.12.08 10:45:01 | 000,000,268 | RH-- | C] () -- C:\Users\Administrator\AppData\Roaming\Analog Sync
[2010.12.08 10:45:01 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2010.12.08 10:45:01 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2010.12.08 10:45:00 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2009.10.08 20:19:15 | 000,000,101 | ---- | C] () -- C:\Users\Administrator\AppData\Local\fusioncache.dat
[2009.05.29 07:35:04 | 000,000,000 | -H-- | C] () -- C:\Users\Administrator\hpothb07.tif
[2009.05.29 07:35:04 | 000,000,000 | -H-- | C] () -- C:\Users\Administrator\hpothb07.dat
[2009.03.08 15:56:44 | 000,025,773 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\UserTile.png
[2009.02.12 18:16:05 | 000,071,168 | ---- | C] () -- C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.02.11 19:34:12 | 001,873,691 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\mdbu.bin
[2009.02.11 02:16:57 | 000,000,732 | ---- | C] () -- C:\Users\Administrator\AppData\Local\d3d9caps64.dat
[2007.06.19 15:25:08 | 000,000,022 | ---- | C] () -- C:\ProgramData\60a7806a-0eea-424c-a464-20f4730cd631
 
========== ZeroAccess Check ==========
 
[2010.09.01 18:57:50 | 000,003,068 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-472644794-2526785944-1122528246-500\$RIU0OQE._msige52\program files\Google\Google Earth\client\res\paddle\l.png
[2010.09.01 18:57:50 | 000,003,210 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-472644794-2526785944-1122528246-500\$RIU0OQE._msige52\program files\Google\Google Earth\client\res\paddle\n.png
[2010.09.01 18:57:51 | 000,003,206 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-472644794-2526785944-1122528246-500\$RIU0OQE._msige52\program files\Google\Google Earth\client\res\paddle\u.png
[2010.09.01 18:57:50 | 000,003,068 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-472644794-2526785944-1122528246-500\$RIU0OQE._msige52\program files\Google\Google Earth\plugin\res\paddle\l.png
[2010.09.01 18:57:50 | 000,003,210 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-472644794-2526785944-1122528246-500\$RIU0OQE._msige52\program files\Google\Google Earth\plugin\res\paddle\n.png
[2010.09.01 18:57:51 | 000,003,206 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-472644794-2526785944-1122528246-500\$RIU0OQE._msige52\program files\Google\Google Earth\plugin\res\paddle\u.png
[2006.11.02 16:29:43 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.08 18:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.04.11 08:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008.01.21 03:50:01 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.09.16 10:36:30 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Amazon
[2011.05.17 20:31:07 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\AnvSoft
[2009.02.10 21:40:26 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Canneverbe_Limited
[2009.02.10 20:08:54 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DAEMON Tools
[2009.02.10 20:12:06 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DAEMON Tools Lite
[2009.02.10 20:08:54 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DAEMON Tools Pro
[2010.12.20 20:10:01 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DirektFotoSystem3
[2013.01.01 09:49:17 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Dropbox
[2011.10.09 09:41:41 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DVDVideoSoft
[2011.01.20 22:19:10 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DVDVideoSoftIEHelpers
[2009.10.08 20:19:19 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Funkelsteine 3 Sprachbuch
[2010.03.16 21:45:12 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\GHISLER
[2011.06.26 06:12:22 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\go
[2011.10.21 15:19:41 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\gtk-2.0
[2009.05.07 15:37:55 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\HDRsoft
[2010.01.11 19:16:44 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Juniper Networks
[2009.09.15 20:06:56 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Lesikus
[2011.12.04 11:49:23 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\MOVAVI
[2010.12.13 20:56:33 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Nikon
[2009.03.08 15:56:44 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\PeerNetworking
[2009.03.28 07:58:37 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\RTPlayer
[2011.12.26 19:19:18 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\SaalDesignSoftware
[2012.09.29 19:54:23 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Samsung
[2011.10.21 16:20:00 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Scan2PDF
[2012.11.30 01:05:11 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TestApp
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:A5B56640
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >
Guten Morgen Cosinus! Gutes Neues Jahr!

Habe beide Aufgaben erledigt:
1) Das Logfile des AdwLeaner siehe gestriges vorletztes Posting
2) Logfile OTL:
Code:
OTL logfile created on: 01.01.2013 09:52:54 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Administrator\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19393)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,94 Gb Total Physical Memory | 1,88 Gb Available Physical Memory | 47,84% Memory free
8,04 Gb Paging File | 5,83 Gb Available in Paging File | 72,54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,66 Gb Total Space | 19,65 Gb Free Space | 20,12% Space Free | Partition Type: NTFS
Drive D: | 97,66 Gb Total Space | 94,83 Gb Free Space | 97,10% Space Free | Partition Type: NTFS
Drive F: | 172,79 Gb Total Space | 26,66 Gb Free Space | 15,43% Space Free | Partition Type: NTFS
Drive M: | 97,66 Gb Total Space | 83,12 Gb Free Space | 85,12% Space Free | Partition Type: NTFS
Drive N: | 465,65 Gb Total Space | 112,64 Gb Free Space | 24,19% Space Free | Partition Type: FAT32
 
Computer Name: ADMIN-01 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Administrator\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
PRC - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
PRC - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\adaaf894878905f022f824b84fcd59a8\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\38e2909de0b5e7887b46dd28725ba718\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\0e5254a1a3d59b3a037029e5af1bd32b\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\aebb94e0eea9c39ec18a7915a711f621\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\7c8bffb6e42a248341d7821a8464ef0b\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74fade4c3e490c62af3d60742fb078a\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\dfe6e22159d3f5bf61b5bfe1da6f2758\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\46215c6276fca8ba6b8a765dfa384c73\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\ecbb113bbad9034fa8385c15f73fb4cf\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\14d2241be401f66cc1898dc5dc383b80\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\e10bbd79027aa4c1ca8950b78fd640d4\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\a8dfd1388afc0a50f39f9e1dc7ecd45c\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\c63fe1e324904c893d2a5d02f0783658\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\379599837ade465016dd5d96798b2766\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\dbc34d53e1fbedabecd201fe4f264961\mscorlib.ni.dll ()
MOD - C:\Users\Administrator\AppData\Local\Temp\fbe2808e-2380-4f14-a1fa-3fa9c3a364e8\CliSecureRT.dll ()
MOD - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE File not found
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service 64) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (NMSAccessU) -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe ()
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\DRIVERS\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\DRIVERS\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\DRIVERS\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\DRIVERS\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\DRIVERS\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\Drivers\sptd.sys ()
DRV:64bit: - (adfs) -- C:\Windows\SysNative\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (dgderdrv) -- C:\Windows\SysWOW64\drivers\dgderdrv.sys (Devguru Co., Ltd)
DRV - (AFS) -- C:\Windows\SysWow64\drivers\AFS.SYS (Oak Technology Inc.)
DRV - (adfs) -- C:\Windows\SysWow64\drivers\adfs.sys (Adobe Systems, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-472644794-2526785944-1122528246-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.gmx.at/
IE - HKU\S-1-5-21-472644794-2526785944-1122528246-500\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found
IE - HKU\S-1-5-21-472644794-2526785944-1122528246-500\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-472644794-2526785944-1122528246-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-472644794-2526785944-1122528246-500\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GPEA_de
IE - HKU\S-1-5-21-472644794-2526785944-1122528246-500\..\SearchScopes\Plasmoo: "URL" = hxxp://plasmoo.com/index.htm?SearchMashine=true&q={searchTerms}
IE - HKU\S-1-5-21-472644794-2526785944-1122528246-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.gmx.at/"
FF - prefs.js..extensions.enabledAddons: %7B9AA46F4F-4DC7-4c06-97AF-5035170634FE%7D:5.0.3
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.12
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0035-ABCDEFFEDCBA%7D:6.0.35
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0037-ABCDEFFEDCBA%7D:6.0.37
FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.9
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 44
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:4.01
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: engine@plasmoo.com:1.0.0.32
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8153
FF - prefs.js..extensions.enabledItems: {22C7F6C6-8D67-4534-92B5-529A0EC09405}:6.8.0.1073
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.05.24 20:32:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.05.24 20:32:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.10 17:49:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.10 17:49:36 | 000,000,000 | ---D | M]
 
[2009.02.10 21:44:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Extensions
[2012.12.29 18:46:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\8ajrspos.default\extensions
[2010.04.28 04:53:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\8ajrspos.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.11.22 16:59:08 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\8ajrspos.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009.09.12 10:03:28 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\8ajrspos.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2012.12.07 15:26:44 | 000,109,804 | ---- | M] () (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\firefox\profiles\8ajrspos.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi
[2012.12.12 15:43:24 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\firefox\profiles\8ajrspos.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2012.12.10 17:49:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.12.10 17:49:35 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.12.10 17:49:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}
[2012.12.10 17:49:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012.12.10 17:49:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2012.12.10 17:49:39 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.05.24 20:31:36 | 000,129,144 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll
[2011.11.05 04:38:54 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.02 16:29:48 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.11.05 04:38:54 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.11.05 04:38:54 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.11.05 04:38:54 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.11.05 04:38:54 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.02.10 21:34:52 | 000,001,239 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7529.1424\swg64.dll (Google Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O3:64bit: - HKU\S-1-5-21-472644794-2526785944-1122528246-500\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-472644794-2526785944-1122528246-500..\Run: [AdobeBridge]  File not found
O4 - HKU\S-1-5-21-472644794-2526785944-1122528246-500..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup File not found
O4 - HKU\S-1-5-21-472644794-2526785944-1122528246-500..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKU\S-1-5-21-472644794-2526785944-1122528246-500..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O4 - HKU\S-1-5-21-472644794-2526785944-1122528246-500..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Administrator\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\S-1-5-21-472644794-2526785944-1122528246-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-472644794-2526785944-1122528246-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Administrator\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Administrator\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8ECEAD05-223A-4076-9A40-137437408446}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{6729c238-cd5f-11df-8b8a-0021855a4ba2}\Shell - "" = AutoRun
O33 - MountPoints2\{6729c238-cd5f-11df-8b8a-0021855a4ba2}\Shell\AutoRun\command - "" = O:\LaunchU3.exe -a
O33 - MountPoints2\{79e056a4-9e62-11e0-951e-0021855a4ba2}\Shell - "" = AutoRun
O33 - MountPoints2\{79e056a4-9e62-11e0-951e-0021855a4ba2}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.12.31 16:45:31 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2012.12.31 15:59:32 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Administrator\Desktop\tdsskiller.exe
[2012.12.31 15:41:02 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Administrator\Desktop\aswMBR.exe
[2012.12.30 11:00:15 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Drivers HeadQuarters
[2012.12.30 09:43:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.12.29 17:42:21 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Malwarebytes
[2012.12.29 17:42:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.12.29 17:31:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dropbox
[2012.12.21 17:29:19 | 000,368,128 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012.12.21 17:29:19 | 000,293,376 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012.12.21 17:29:19 | 000,048,128 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012.12.21 17:29:19 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012.12.12 16:21:52 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys
[2012.12.12 16:21:52 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll
[2012.12.12 16:21:48 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winusb.dll
[2012.12.12 16:21:46 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll
[2012.12.12 16:21:46 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe
[2012.12.12 16:21:46 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll
[2012.12.12 16:21:46 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll
[2012.12.12 15:51:57 | 001,210,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012.12.12 15:51:49 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.12.12 15:51:48 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.12.12 15:51:48 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2012.12.12 15:51:47 | 001,538,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.12.12 15:51:47 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.12.12 15:51:47 | 000,479,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012.12.12 15:51:47 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012.12.12 15:51:47 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012.12.12 15:51:47 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.12.12 15:51:47 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2012.12.12 15:51:47 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012.12.12 15:51:47 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2012.12.12 15:51:47 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.12.12 15:51:47 | 000,162,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.12.12 15:51:47 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.12.12 15:51:47 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2012.12.12 15:51:47 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2012.12.12 15:51:47 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.12.12 15:51:47 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.12.12 15:51:47 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2012.12.12 15:51:47 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2012.12.12 15:51:47 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2012.12.12 15:51:47 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2012.12.12 15:51:47 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.12.12 15:51:47 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012.12.12 15:51:47 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2012.12.12 15:51:47 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012.12.12 15:51:47 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012.12.12 15:51:47 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012.12.12 15:51:33 | 000,477,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll
[2012.12.12 15:51:33 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll
[2012.12.12 15:51:33 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnathlp.dll
[2012.12.12 15:51:33 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnsvr.exe
[2012.12.12 15:51:33 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnsvr.exe
[2012.12.10 17:49:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.12.05 19:49:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.12.05 19:49:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.01 09:52:02 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.01.01 09:48:01 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.01.01 09:47:55 | 000,000,408 | ---- | M] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_Administrator.job
[2013.01.01 09:45:57 | 000,003,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.01 09:45:57 | 000,003,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.01 09:45:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.31 16:53:54 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.12.31 16:45:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2012.12.31 16:40:25 | 000,551,997 | ---- | M] () -- C:\Users\Administrator\Desktop\adwcleaner(1).exe
[2012.12.31 16:09:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.12.31 15:59:37 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Administrator\Desktop\tdsskiller.exe
[2012.12.31 15:41:59 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Administrator\Desktop\aswMBR.exe
[2012.12.31 15:14:41 | 013,652,346 | ---- | M] () -- C:\Users\Administrator\Desktop\mbar-1.01.0.1011.zip
[2012.12.31 14:01:00 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012.12.30 09:28:48 | 001,513,904 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.12.30 09:28:48 | 000,654,132 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.12.30 09:28:48 | 000,619,120 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.12.30 09:28:48 | 000,136,012 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.12.30 09:28:48 | 000,112,732 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.12.29 17:32:10 | 000,000,959 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.12.29 17:31:34 | 000,000,943 | ---- | M] () -- C:\Users\Administrator\Desktop\Dropbox.lnk
[2012.12.27 08:08:01 | 000,000,398 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateXML_Administrator.job
[2012.12.24 16:08:06 | 000,002,655 | ---- | M] () -- C:\Users\Administrator\Desktop\Microsoft Office Word 2007.lnk
[2012.12.24 15:47:42 | 000,000,466 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012.12.22 11:18:12 | 000,000,402 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateFiles_Administrator.job
[2012.12.21 17:33:47 | 002,988,304 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.12.16 14:31:20 | 000,048,128 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012.12.16 14:12:54 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012.12.16 12:08:21 | 000,368,128 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012.12.16 11:50:29 | 000,293,376 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012.12.14 18:37:36 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.12.14 18:37:36 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.12.11 19:09:39 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.12.11 19:09:39 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.12.05 19:49:04 | 000,001,892 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
 
========== Files Created - No Company Name ==========
 
[2012.12.31 16:40:19 | 000,551,997 | ---- | C] () -- C:\Users\Administrator\Desktop\adwcleaner(1).exe
[2012.12.31 14:45:14 | 013,652,346 | ---- | C] () -- C:\Users\Administrator\Desktop\mbar-1.01.0.1011.zip
[2012.12.22 08:05:23 | 000,000,408 | ---- | C] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_Administrator.job
[2012.12.22 08:04:40 | 000,000,402 | ---- | C] () -- C:\Windows\tasks\ReclaimerUpdateFiles_Administrator.job
[2012.12.22 08:04:37 | 000,000,398 | ---- | C] () -- C:\Windows\tasks\ReclaimerUpdateXML_Administrator.job
[2012.12.12 16:21:59 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012.12.12 16:21:59 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012.12.05 19:49:04 | 000,001,892 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.11.30 18:54:13 | 000,000,466 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012.07.30 13:16:20 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012.07.30 13:16:18 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012.07.30 13:16:18 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012.07.30 13:16:18 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012.07.30 13:16:18 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012.06.10 07:15:37 | 000,000,218 | ---- | C] () -- C:\Users\Administrator\.recently-used.xbel
[2011.12.04 10:56:28 | 000,004,930 | ---- | C] () -- C:\ProgramData\qjaxlkio.dss
[2010.12.13 20:56:32 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Dynamic Library
[2010.12.13 20:56:32 | 000,000,268 | RH-- | C] () -- C:\Users\Administrator\AppData\Roaming\Documentation
[2010.12.13 20:56:32 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLck.DAT
[2010.12.13 20:56:26 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Echo
[2010.12.13 20:56:26 | 000,000,268 | RH-- | C] () -- C:\Users\Administrator\AppData\Roaming\Documents
[2010.12.13 20:53:33 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLbx.DAT
[2010.12.08 10:45:01 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Audio
[2010.12.08 10:45:01 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Applications
[2010.12.08 10:45:01 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Application Support
[2010.12.08 10:45:01 | 000,000,268 | RH-- | C] () -- C:\Users\Administrator\AppData\Roaming\Applause and Laugher
[2010.12.08 10:45:01 | 000,000,268 | RH-- | C] () -- C:\Users\Administrator\AppData\Roaming\Animals
[2010.12.08 10:45:01 | 000,000,268 | RH-- | C] () -- C:\Users\Administrator\AppData\Roaming\Analog Sync
[2010.12.08 10:45:01 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2010.12.08 10:45:01 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2010.12.08 10:45:00 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2009.10.08 20:19:15 | 000,000,101 | ---- | C] () -- C:\Users\Administrator\AppData\Local\fusioncache.dat
[2009.05.29 07:35:04 | 000,000,000 | -H-- | C] () -- C:\Users\Administrator\hpothb07.tif
[2009.05.29 07:35:04 | 000,000,000 | -H-- | C] () -- C:\Users\Administrator\hpothb07.dat
[2009.03.08 15:56:44 | 000,025,773 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\UserTile.png
[2009.02.12 18:16:05 | 000,071,168 | ---- | C] () -- C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.02.11 19:34:12 | 001,873,691 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\mdbu.bin
[2009.02.11 02:16:57 | 000,000,732 | ---- | C] () -- C:\Users\Administrator\AppData\Local\d3d9caps64.dat
[2007.06.19 15:25:08 | 000,000,022 | ---- | C] () -- C:\ProgramData\60a7806a-0eea-424c-a464-20f4730cd631
 
========== ZeroAccess Check ==========
 
[2010.09.01 18:57:50 | 000,003,068 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-472644794-2526785944-1122528246-500\$RIU0OQE._msige52\program files\Google\Google Earth\client\res\paddle\l.png
[2010.09.01 18:57:50 | 000,003,210 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-472644794-2526785944-1122528246-500\$RIU0OQE._msige52\program files\Google\Google Earth\client\res\paddle\n.png
[2010.09.01 18:57:51 | 000,003,206 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-472644794-2526785944-1122528246-500\$RIU0OQE._msige52\program files\Google\Google Earth\client\res\paddle\u.png
[2010.09.01 18:57:50 | 000,003,068 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-472644794-2526785944-1122528246-500\$RIU0OQE._msige52\program files\Google\Google Earth\plugin\res\paddle\l.png
[2010.09.01 18:57:50 | 000,003,210 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-472644794-2526785944-1122528246-500\$RIU0OQE._msige52\program files\Google\Google Earth\plugin\res\paddle\n.png
[2010.09.01 18:57:51 | 000,003,206 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-472644794-2526785944-1122528246-500\$RIU0OQE._msige52\program files\Google\Google Earth\plugin\res\paddle\u.png
[2006.11.02 16:29:43 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.08 18:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.04.11 08:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008.01.21 03:50:01 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.09.16 10:36:30 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Amazon
[2011.05.17 20:31:07 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\AnvSoft
[2009.02.10 21:40:26 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Canneverbe_Limited
[2009.02.10 20:08:54 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DAEMON Tools
[2009.02.10 20:12:06 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DAEMON Tools Lite
[2009.02.10 20:08:54 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DAEMON Tools Pro
[2010.12.20 20:10:01 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DirektFotoSystem3
[2013.01.01 09:49:17 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Dropbox
[2011.10.09 09:41:41 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DVDVideoSoft
[2011.01.20 22:19:10 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DVDVideoSoftIEHelpers
[2009.10.08 20:19:19 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Funkelsteine 3 Sprachbuch
[2010.03.16 21:45:12 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\GHISLER
[2011.06.26 06:12:22 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\go
[2011.10.21 15:19:41 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\gtk-2.0
[2009.05.07 15:37:55 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\HDRsoft
[2010.01.11 19:16:44 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Juniper Networks
[2009.09.15 20:06:56 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Lesikus
[2011.12.04 11:49:23 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\MOVAVI
[2010.12.13 20:56:33 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Nikon
[2009.03.08 15:56:44 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\PeerNetworking
[2009.03.28 07:58:37 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\RTPlayer
[2011.12.26 19:19:18 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\SaalDesignSoftware
[2012.09.29 19:54:23 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Samsung
[2011.10.21 16:20:00 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Scan2PDF
[2012.11.30 01:05:11 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TestApp
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:A5B56640
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >
Der nächste Logfile kommt im folgenden Posting!

Amadeus_2 01.01.2013 11:34
Logfile Extra OTL
Code:
OTL Extras logfile created on: 01.01.2013 09:52:54 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Administrator\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19393)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,94 Gb Total Physical Memory | 1,88 Gb Available Physical Memory | 47,84% Memory free
8,04 Gb Paging File | 5,83 Gb Available in Paging File | 72,54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,66 Gb Total Space | 19,65 Gb Free Space | 20,12% Space Free | Partition Type: NTFS
Drive D: | 97,66 Gb Total Space | 94,83 Gb Free Space | 97,10% Space Free | Partition Type: NTFS
Drive F: | 172,79 Gb Total Space | 26,66 Gb Free Space | 15,43% Space Free | Partition Type: NTFS
Drive M: | 97,66 Gb Total Space | 83,12 Gb Free Space | 85,12% Space Free | Partition Type: NTFS
Drive N: | 465,65 Gb Total Space | 112,64 Gb Free Space | 24,19% Space Free | Partition Type: FAT32
 
Computer Name: ADMIN-01 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-472644794-2526785944-1122528246-500\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = C2 FE 8D 6A DC 5B C8 01  [binary data]
"VistaSp2" = 1D BE AA B6 5D 35 CA 01  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallDisableNotify" = 0
"FirewallOverride" = 1
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{047CF9DC-3B68-41B1-8303-E3F2D80DD3E2}" = lport=445 | protocol=6 | dir=in | app=system |
"{0BCF086C-5E90-47DC-AF47-F78EE9C9648A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{147A32AF-40DB-4F91-8035-DEC0C54A0AB5}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1DE95A71-5A15-4DD1-BE01-6138FEDCCDDF}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{29ED15A8-86BC-41F5-A2B7-4EA51218758E}" = rport=139 | protocol=6 | dir=out | app=system |
"{2E33F964-DB54-49C1-80FD-27522123D5A7}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{52279824-D801-4CD7-8102-C551EB758FDE}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{5F115C06-9421-4465-BB68-41735F640B0B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{676D1EBF-67C2-4793-ABAF-1D9D4FF7F2E1}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{67E0CB9D-AF46-42DB-8C5D-C3A3D3C45B82}" = lport=139 | protocol=6 | dir=in | app=system |
"{6B251CA8-EE3E-42D2-B846-13E99A77F072}" = rport=137 | protocol=17 | dir=out | app=system |
"{732F35F2-4CF4-451B-A712-741053D764D5}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{7F787088-0689-4DAA-A123-BB99AD88E619}" = lport=138 | protocol=17 | dir=in | app=system |
"{860C2024-9F39-4C42-866F-FC1D346EE85D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{87476240-61C7-4518-991F-BF09645F121F}" = lport=10243 | protocol=6 | dir=in | app=system |
"{96BADA1F-84FC-4A4A-8398-C93AB9B1BBB8}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A1F62C77-2324-4D58-9DE9-86FBE77133AB}" = rport=138 | protocol=17 | dir=out | app=system | 
"{A99971A6-16E7-458E-8DEB-9BCD7F554B48}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B7E235EE-1EEE-4B4B-AE03-8436680C8D7C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C4C2F53B-5E5C-465E-9593-51F9BB3C2319}" = lport=137 | protocol=17 | dir=in | app=system |
"{C5711AA2-B201-432E-A093-F53B429410FD}" = rport=10243 | protocol=6 | dir=out | app=system |
"{CB84F9E1-83AB-43ED-887C-49053ECCB6FB}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{D0FC9484-8658-48AF-813B-50D5EC9492C7}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{DE0C0008-E8AB-4548-BA44-99B6597C83C6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E06E0519-94DC-4D88-8991-D108670BABDE}" = rport=445 | protocol=6 | dir=out | app=system |
"{EC71821E-F5B1-4477-92C2-64C74A10226E}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{000B7CF9-4768-4C41-AF20-543E531BC2BB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{00708562-AE86-4231-A157-AF4474792B67}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{00865348-A2E0-4BAA-9729-4C83926C27C4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{010577C7-6762-4D5C-8621-3EDE1939C622}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{01F35EFA-967B-44F1-B6FD-A7AE08520E27}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{025F6FBF-C9A6-4AC4-8765-4D768CBA479C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0292256C-B479-4CBD-8365-09D9E15F7AC4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0297C037-25E4-493D-84BF-5FEC9BBE5346}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{02DAA055-675D-47EF-AF3F-C8A187CEFC84}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0337E60A-6D12-4D19-8D8F-35B0F8DBF595}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{034D895A-1528-4FD1-8C77-B52065C1F934}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{046428FB-98E5-4A59-8D73-D4214A98E7EF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{046676CE-3562-485C-9F54-34CE45DB638D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0471A4D9-AF9A-4A87-97E0-9445AD3B71DF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{04A5BFFC-A66E-431B-9B8C-11D9D7D9CF82}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{04AAEF74-0B00-4682-96DE-3FE9EE17C8F6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{04C19D3E-D5C7-4847-978E-9588AAF169DA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{05055B0D-6527-4CFC-A4D6-CD5C73B8CFD9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{05694B08-F9D9-4676-9617-B6009C66F74F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{057BBF9A-E2C4-4964-B1A0-D46D5B75FE51}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0596815A-8833-42BD-97B8-18C3DAA8D942}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{06BA5708-5EA4-4DC5-89CC-1461D05F06AA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0719C59A-C10B-48F3-B4AC-F853254DCFBD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{07278833-C85B-4A35-8B1E-2F023B30C0E8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{07361ECB-AD9B-4E07-984D-7B07A978016D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{07488B6B-CEA9-4226-9163-1849E9CCCD2E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{074C8B99-79CD-41E9-860A-F4254341800A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{07AFE25B-BB6E-4E17-9A52-6826D580F178}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{07D85DA0-A5F2-4757-BA11-505DDF6F8AB6}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{087A6D12-36F6-4B59-A15B-90B4A8D313A2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{087A7BC1-94DA-4CC7-A385-AA12BD1975D6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{08BC06BF-10E9-4370-ACE3-8D05F427BAA1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{08D8DA1F-B8AE-4FF5-96A6-96ED6CF83282}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{091C271B-FAF5-4276-9DA2-BB8C8C18B0A8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{094772DB-6E6C-48C0-A143-F18DA4001F27}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{097D3702-D270-49CD-8F62-A8262B5000C2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{09DC9308-486D-4283-9336-D080C7D547AE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{09F29E7A-8136-4B25-837B-21D5020D5693}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0A0B3D11-5BD9-4A07-919C-4E23D75264E2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0AB8CE1A-7A2F-4B76-9DF9-3064F6DEA042}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0AF04717-0E36-4D24-9050-30C0C8AA5C7E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0B04741E-F7C7-4710-8146-1F09626BB113}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0B2D3198-7A9F-4114-9BE1-F385C4B08B1F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0B8C41E7-2110-403D-97AF-59E79884D03C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0B9D297B-8FFF-4BDC-AC74-A5332EDD6898}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0BB50AA9-00DF-4942-82E8-469EA1DBBD11}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0BD39B23-CDBA-47BF-A6C9-23E2F57694E9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0C28DA41-63F2-44CE-8D1C-7CE915C6DC35}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0C53588A-4251-4029-A4B2-99CD040B7772}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0CE70E05-FF43-4B64-9701-37A1A828CB90}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0D347DB6-2A6E-4B9B-BC7C-E7CC6D8F2164}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0D4564F5-EE68-4934-8F93-92117C7D7C32}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0D7471DF-43DB-4853-B302-E1FEC7661FC3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0DE8F103-1BC1-4903-8EAA-556410E26E88}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0E2DA87F-3886-413A-9B6D-0E0158A72087}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0E4F2422-A8AF-4385-8AE3-E8BA598BDF32}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0E7DF100-46B9-404C-82C8-45B2885D2063}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0FCF1D5F-EC22-4821-B5E9-D49F9E791FFB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{10126E37-796C-47B8-9BBC-CD658A49ED4C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{10299DE9-6683-4649-873F-708B91A1D966}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{108433AE-7D44-4A47-97E9-9803F6019C12}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1240E16D-E6CD-4885-A100-A21290373C32}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{124C2BD6-C82C-4F91-8548-AC24DF1ECC2A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{125DE050-1AB3-42D4-A987-26EC33B324BD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{12C79DC4-67C7-4319-ACA8-49BB3802BBE5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{12D48E37-881A-4B7B-8829-29F941D44E07}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{12F21A11-7AD3-41E6-9467-924553A4E6D7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{13903518-E93C-491D-AF32-A8284E2046D7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{139AD21E-7771-4CC2-A279-1DBD49575B26}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{13FA3C15-8992-43CA-A353-F8DA620DC585}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1445BDA0-B7CD-4835-890E-F9F950DFD118}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{14804795-E59A-4ADF-B4EC-8532DABD1763}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{14EAE1E4-7CC0-4EE4-8597-CC395A620EB4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{14EC721C-8F30-4BB0-98DC-2A14CFA91CD3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{151700C1-38FF-4C65-9C23-5E238CF2072E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{15488F07-BEB1-4D46-BE1D-EAF1ED688F2D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{155160E0-654C-41A5-9841-2BA6699AB1C3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{15810ACD-F75D-4E67-A905-176F07D10C77}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{15C4A2BE-E784-478A-974D-6A2B36FBDAED}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{161FB4BB-5546-44C8-A0D4-6A338A222D5D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{167704F3-3BA1-488E-80C9-FD62531A1D2B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1693FF39-3DD7-4705-BD17-DC57731ABDFD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{16E4515A-6E9E-4EF4-A9AC-B6799648C3C1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{171302BE-9958-4801-B561-32F188390BCD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1727DB9D-C6D9-4DCF-9767-110532926A54}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{17D93FA4-2BA4-419A-A881-D28A525238C9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{17F81D08-0A28-4F31-B724-B5EF43C93390}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{17F886B2-564B-493E-A36B-35E43A82514C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1879A123-3C9B-4A3D-84FA-A57D72842BEF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{188959EA-5867-4F5B-9017-BECCD589BD81}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{189E1875-286A-4C9E-8E6D-12E91A3713A5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{19911511-E1BF-496A-B8B4-D694A90A0FB3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{19A98D07-F9AF-4610-823E-5059997BDC02}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1A022941-32CD-48D6-82BC-090405BCD14C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1A069DA9-9690-4D49-8918-78F0594D45EA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1A2ECD53-2CF0-45EA-8563-1A1588672E6E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1A3890AA-5D35-4675-98CF-CC45D19E9582}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1AA69A62-E13C-4153-BC2E-0D0E7CDAEF31}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1B4A768D-9A7E-42D2-AFF7-67C6D2B142B9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1B7FF37A-96D5-4AA7-B7AD-3FFFF6B6F10C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1BF738CF-BE61-4AF8-A298-566C70DFA553}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1C10C894-BF4A-4CD5-8A82-B8FAD8F552BF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1CB2FBFA-56CA-43EE-B66A-79D454F6004D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1CFBE03D-B1F8-4D27-A418-40D2555FDE6D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1D0B05B8-CF35-47DF-AFC1-4C8558093E69}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1DD20BCF-2E28-433B-BAE6-5F538EBDC511}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1E593CB6-3C3C-466A-9C66-3193C59526DD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1E5F1201-AD8B-4608-917D-C8C4F32F3683}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1EB449F4-C2D1-4122-A1E5-72DDB5EEB560}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1EC2D30B-F444-4735-B340-DA2369AA1245}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1ECE56CE-F45B-4D1C-B724-DB17236F9D74}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1ED3FB21-6BE3-499E-B975-9950A95E10C4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1F1C8F9A-A45E-4ADB-BADB-C3EBDFCC4A69}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1F99DC60-333D-406E-ADD3-B75AA3D309A2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1FF759DA-968D-4E09-B6C8-554400B1C0EA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2005E537-798E-493D-B907-DD1DE83DE046}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2049DC1A-9453-4AA3-9915-10919888DAA0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{20A205C5-EAC3-4C0B-850B-A62334FB0484}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{20A54F3D-C259-4074-A2EE-6720946C14E7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{215982AB-064E-45FA-B77B-76B44DAD2887}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{220AFF2F-5A6E-4B28-9EDD-7E7CBAD90AAC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{225D3F96-43CA-4A8B-9FA9-440C2D523E17}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{22749B55-9643-4731-99B4-1055C1A78FA0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{22B8E8B9-B8B5-4849-9C8E-613623CED897}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{22C27D89-1DF5-4A11-93C3-3F8EAF1CFAF2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{22F5142E-4F40-486A-B3F2-381F97F0CB20}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{230B6461-0DC8-421B-A98B-5216650CDA38}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{230F5D25-3E3A-4669-BE74-E69F5D236C05}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{231878C8-7A64-4A00-AFE8-156F757E33A1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{233177DC-644F-442E-A2A8-80ED61328279}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{233BF235-D230-46C1-9C65-7DAEFCCEF548}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{23DB2832-8316-46A5-9582-3593E9A238E8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{24017684-C755-4A68-AD64-B8203EF7C625}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2435A1C6-5BEA-4EEA-BDC9-C98E32780F3D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{24697283-F8FA-428A-B39D-739C70DADE6D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{24EB7868-CB3F-40CE-9B8C-C6791F35642F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{25655CF4-FE86-456C-86FC-03BA0A23566E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2579867B-F78C-4B88-9025-B3293B85F8A9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{25AC10B8-FCA4-428D-A240-B91349F11FBE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{25B5F14F-C478-4488-A73D-7A9027C293ED}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{25B640E8-4981-4B5C-8C1E-3D992BED1BB7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{261C5241-E14F-479B-BA4C-DEE0BB63441D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{264F27BB-EEC0-4688-8316-BC1017E2BE49}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2652FE78-4B3B-4814-AD9C-B7EFF1EF6FA8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{269AFDC3-7AA3-4BA0-929F-3D07F20B9D68}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{26E98DA5-701B-4AE2-A5B3-FE7785150B38}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{27173778-1B0B-4C01-A002-27DE7FAD719C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{27C5BAA3-4211-40CB-A017-6A67068D83E3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{280CE942-CD70-4FA4-BF2A-C6ED9D45FEFC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2835E023-566B-492B-8275-1127F5769AF2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{285508FF-945C-441F-90BE-7862E82E5AF2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{287684AE-2B35-4F47-9E05-0F46A5BA00FB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{28939A40-D4EF-4E03-A800-6A5B4F9F1B78}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{28BC2752-8D92-44C7-B877-4DD49DA0BE9C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{28C1D92A-082F-43FB-83EA-A2BE7E3760E8}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{293350A8-9485-4E27-AC27-CB82BE17B4CE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{29855D14-281A-4F9C-93F1-5319A2B1D883}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{299EF238-625F-46D9-946F-8A303C7CF0B5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{29C1C0B4-7474-47BE-A095-5279B3826CC2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2A536369-3DEC-4511-9C3C-C98A0DCB2FFD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2A747E83-9268-44A5-B767-9BD2857ED073}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2A780FD7-2526-45EB-9CB7-E117A55D52BD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2ADC9151-8D20-46F4-BB20-69C99358B6F7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2B406591-8BE9-4B65-AC69-FA1A6ED90644}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2B58191C-03B0-45C6-9F78-9B9489DB5198}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2C10BEC9-FF53-4FDC-88B4-F00D20146917}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2CBC94FD-4978-409E-8EBB-E6097002CF8B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2D91291E-E2A4-42BC-8055-C233A4016EF0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2DC1D4B8-9B6D-4A34-B4FC-73B745825916}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2E214D4E-EB2F-46ED-BC44-8C17A879D379}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2E47E48F-1226-40E9-8754-F18538AC68AA}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{2E84D8E0-30CB-4412-BC1C-A98C029D47E7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2ED8AAA1-27A8-4D1C-9556-36F72C363690}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2EF88DD2-764E-453C-80E1-F9FDBCCEC307}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2F16CBDA-5D20-4F90-B63B-ADD7ACD781BB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2F3A2F23-AD53-439D-8468-A891B246A7B0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2F62589D-DC0E-4EFE-98F3-EC4D48363E8C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2FBC9D5F-21C1-41EE-96A4-56BDF409FCB3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2FD40CB2-4099-42FD-912E-7009CA500836}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2FED5864-65CA-4F4C-B76E-5D66FD99D153}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3024DCF8-D853-4606-A2D9-82C210AC0FE0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{30265F68-39E6-47A7-AC11-1DFF0DB363C1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{304329D9-6087-4EFD-8D4E-1A87FBF88F3E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3071FB99-C8DE-4822-911E-DB4A8D08CFA3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{30D22B2C-3EA1-46AF-98FE-0EFD18026110}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{316E1704-6450-41FB-90EE-DE161A2546AC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{31A64CF9-FDE2-4B46-A22D-4D7D672BE779}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{31C88570-BCBF-4B76-992C-86145B44C5F9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{31FF013C-020C-4395-B3C2-36A721095A40}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3234BAF2-EFD9-45C6-8930-73303B6B1849}" = protocol=17 | dir=in | app=c:\users\administrator\appdata\roaming\dropbox\bin\dropbox.exe |
"{3301A1A8-C91A-4786-9AC5-A351793B717D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{330664E5-2CE8-4772-8A53-2242B9F4CBCD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{33124484-E058-4573-B565-FFB0C72EF0F5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{33382CEC-756E-42A5-8568-78013043F135}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{33DFD211-F055-4F6D-A011-470D83189D58}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{34B4984B-D39E-4EED-8889-62FB8B9DD56A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{351316E3-30D4-4888-8852-2D3330BB4658}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{35192DED-EB21-4165-96F9-5B74F3933191}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{358A5B5C-54B3-4A69-8318-BFE4AA7A524B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3612530D-00F4-4014-8722-4447DD21DEFF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{364B7F07-99BA-4C34-8B25-EFF334C33D12}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{36B837B3-3F4C-4A14-A9A0-535835B18ADF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{36BF4DDB-7B7D-44F2-B1BD-E1279491C160}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{36F404E0-AAC6-453A-B980-D39EBD056243}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{37000080-418F-4031-80A6-4FC351980685}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{370467CF-61FB-4CF1-8C32-D58535617A9F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{37116190-A80E-4F52-99CF-FBF06E651531}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{37803DC7-2BFE-4094-A4F0-508020AA4BF0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3854748C-0E03-4892-B27A-BD478DBF3C37}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{387817F6-B5CC-4D64-9EB2-8F76E6215BDF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{38AA3541-B78D-44E6-885D-D78925ED857F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{391219FE-65C1-4A0E-9E77-969AE3AEE885}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{39173C76-AB71-4634-BC2A-F2A2E9930D23}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3950FA6D-CCD4-4DAE-9526-A363FB42A16C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3A382D70-CA8E-48FE-8334-B8C72C79FF86}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3B09D7A3-AB1B-488B-8526-7C422BB06640}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3BDC27FA-8B92-4B84-A8AF-C34B949EA1B2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3DC0F7E5-7DB7-42A8-8392-6157CDABD2ED}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3DFD0FE7-D698-4063-B1FF-7BD197F93F56}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3F82C62D-E1EE-4006-B799-50532232513E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3F8E11C3-7B0B-48BF-8688-3EB0DE2A5F02}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3FC97249-2FD5-4D06-978A-A83217AA13E0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3FCBB831-02DB-4337-B1CB-2941F313E0BF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3FD785E7-5E17-4F17-8964-40922114E8F3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{404D4B6F-282E-4991-A205-93EE55A37442}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{406AD70D-6129-42C5-9E15-92108DC0ABCA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{406C70A8-36B4-4796-B386-6BDF4C5FE73E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{4088A0DF-565E-4BF2-B709-A7638A0C6740}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{40B0E730-D864-44FB-BEB1-4B5C2ACC84A7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{41859363-346C-420F-B131-AD3468CA3A17}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{41BAA14E-6A02-4440-9D0B-8C4B977A76D6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{41BEA6B0-4107-4DBF-93FA-41AF9E3329B8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{423100A5-1A7F-4950-9417-358A427C440F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{4243AF53-0332-468D-A7F4-92AEF515B998}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{4250D5F4-0C30-4AE8-90FC-425F25B7B107}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{425177E0-A06B-4DF7-A2D1-C4EEAD9B30C9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{4283BCDB-F2F5-4BC4-90FE-0EA0B98BAE43}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{4295967D-2C9B-4D35-9474-31CD0336C1E1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{4298859A-1B58-4DAB-8920-4F083C964D4F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{438DA925-E9FE-4462-841C-3264EC536073}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{43B305D6-3C1E-4862-B492-07144337C325}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{4407D0EA-84D6-4920-BE1D-43F29E79CCDD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{442A8D8A-3205-4DCB-A473-4DE36EE87076}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{442EAD7B-4EF3-433E-9CEF-0796521EDC57}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{445B57C3-26D3-445C-9164-219F5E569F0D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{44C33EFF-4B15-4056-988E-9F6891097F21}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{44D0D427-F557-43DC-AEB9-1AB91F239837}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{44FBD832-7611-4364-A07E-EDF9E4488DC6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{45101B0E-08BD-4B28-9B19-A492AC586143}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{457E4288-2008-4965-B154-1725FA4FF633}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{45AA004D-CE54-4D6B-A14D-323ECDA40B64}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{45D916E3-D811-47F9-BD45-B8E3E2B52A4F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{4632B00E-A03C-4ACE-B606-E72F6BDD936D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{46429F61-BE46-419A-A657-58DA9E0C6838}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{470C47A9-585D-4748-9B45-CB8DF8CC2781}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{481E87C3-A80B-4C89-BCF9-73245F2789A3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{486CD63A-0C18-4023-A8F2-4D6E65167497}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{48BAE4C9-B2EC-45DE-8DC2-EE618641771F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{48F368D2-0813-4C08-A57A-C85A5630C162}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{49172ECF-67C3-49D7-8ED5-61F24D785672}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{4984FB6F-EA3B-4F09-BA71-30AF117411EE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{49912B62-D10E-460E-A936-E687AC5E15C4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{49A620BF-72AD-401D-A465-DDA134051FD8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{49E87B4F-0124-4C2A-B4DD-EBE30EE6A980}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{49F14B46-3A14-4646-892B-13B8A937E64F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{4A42329F-3EF8-4B09-B008-C70613AB03B7}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{4A74C930-5FBB-49E8-BB26-20FE312A0E45}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{4AB1C01B-A553-428C-9A80-61C6536AA74B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{4B35E1D6-1083-41DB-8030-AFE603199E25}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{4B8BB0E1-FC64-4865-A91F-36BB7D467391}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{4B9D2A57-411E-43A4-9E5E-FBF1515F872C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{4BBD568F-88F3-423F-9F03-3251A51D305E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{4C179B2D-A6E7-4E5A-ABA5-21839AF37C76}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{4C99B73E-50C8-4EA8-BD07-6DD44F7B3DA5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{4CAD8DB9-4D21-452F-AB96-00DD3C6C3791}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{4D2E67C0-DE13-4F00-8EFC-9A6F11BFBC44}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{4D394AFF-CE0B-4E35-88AF-AD87AAD457BA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{4D4F8CFD-80DD-4A2E-B7FD-DEAC8689E525}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{4E08C1B7-42FF-44F7-9ED6-24867485B4F8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{4E436D05-2C24-450D-A36F-2191B0A0C6D2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{4E4DF5F9-B4B3-46AE-914C-2942B8155061}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{4E9B935D-520C-4FAF-91EB-7F33F2C341B0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{4EC79BF6-6DE3-4894-9803-43B0AAE18C85}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{4F27345F-2C7E-4791-A511-229D6448CE42}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{4F2ED17D-C703-4018-8D3F-3CE7B3D02C2A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{4F85941F-031D-46C4-9D5E-E00FA0FE0C40}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{5017E9ED-369B-4B89-B867-1C1B5973F10F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{50331B2A-27C8-44D1-AD31-5BDCCF876249}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{509F84F4-CC79-4E81-902E-AAFB838C2E72}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{50AF643D-DCFF-4424-9BE8-3373DC5BFEC9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{50BF465D-4C2A-40AA-A806-1F6410521B38}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{5157F3D5-E5D4-4D2C-939F-D7D8F8AAB1D0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{5163419C-CB6C-4439-A203-B4410659674A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{5199949A-9B3D-4336-87B3-D42A5BD4C673}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{51E346B9-DF36-4D92-9F7A-8AC2E5A54B74}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{51EF2C24-607B-46FF-A2D4-7D44A3B9A06E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{520F3460-518E-4BB5-B035-54ABA9AC6A26}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{522353F1-ED81-407B-8522-1613761A1E56}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{52304260-8093-4A14-B4C3-868740A67702}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{52D3E566-8AA9-4777-8541-11B47C24D764}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{52DD6FE1-5764-49E3-BEC0-F0F2CEDF72C2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{53B00259-B8AC-4585-B634-998787004761}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{53BC7343-2010-42DD-8471-A4B3DF840B39}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{53C4F612-9519-475F-B666-37BCE6A8070B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{5434C0D7-CB0B-4A6D-B166-892E37DB3475}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{54574556-670C-4C79-9927-83335B7065C1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{54671FC2-E930-491F-836F-3752F16B726C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{54C3C6A6-481A-4129-ACA6-536AA96D59BE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{552181F7-77F6-4036-AD46-70D77A79E57A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{55A99D71-5A33-4CE7-A0AE-156CE461A95D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{55CAAAEE-255A-4F65-8472-D9C7A6B6FD3B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{578AA959-5E35-41BE-888E-D639DACF4AA8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{57ABBA20-8F4B-43F8-8637-86A5659C6A5F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{57ACD0C1-C1F6-4D73-9B63-295E367DDFCE}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{57B5DB68-0C0B-48B9-AE65-2B8EA8AA700B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{57D21826-D212-47A7-8A68-1BDA91B7DD6F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{57E7B222-FBE1-4802-924D-F70A0C5A4672}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{57F3FE27-6F92-4C55-A8A6-CA445466D54B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{57FB97C7-2D67-4508-AC83-B58E5232C2E7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{57FCAF0A-CF43-4C98-8B29-B0203A9C6CF4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{584E4A74-8B65-4A2E-985F-6BF159106C67}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{588471B2-06F5-486E-8B04-DB7CB8C6E68C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{58B685AD-C809-4613-A595-EE0D5BC5426F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{58C44253-9399-46EE-8777-D32D9DACB855}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{58F6EF4E-9088-44B0-8729-B25C70D0E852}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{595D2C87-3A97-4CE9-979C-19D81D18E8A6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{59E5231F-CA9F-4216-8B2E-89C24DF90BD7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{59F0C579-7C02-4714-9B38-C89C9BF6891A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{5A1512CD-F1DE-41BA-822E-C46CDEF0BF8C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{5A1E8599-FC68-4837-87AB-D9BBE6656020}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{5A5AC4A1-9175-4EC3-BD2A-585F3EEE5FCD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{5AA664E4-6258-4E6E-B22B-492787E05143}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{5B69C996-B405-4516-8F14-EF12252837D1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{5C793922-CF6A-44CC-BAB9-92B2550DCE01}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{5CA16F2F-3DA5-4D30-83A5-DECABD053761}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{5CAD61F5-2314-4E87-B696-A5CA3439008B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{5CF1C2F0-75DD-4537-A8AC-CC16DADB6653}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{5D4A9E3B-DBD6-4B68-8C31-0BC5B6B9E6B2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{5E029F9B-8FA5-4216-9EB8-F07B0022FCFC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{5E6D61A1-9E2E-4663-8686-651321E66A76}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{5E910F82-BDE3-4B58-A315-8D5E05C72F2E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{5EDB3FAC-F605-437E-AC35-F41D07E61817}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{5EDF2894-4242-4A45-A7D3-6E4CF5C363D2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{5F300D39-6550-4EB0-9A9E-8E1AD754D7A9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{5FB0646C-94E9-468A-969B-889FA588B57E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{5FC108DA-6961-41F2-BF33-B9BFB8305301}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{60463FC9-B717-47A8-9B38-A8BFAA69A0F1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{60C74CDE-C05D-458A-8754-2B7BC7E370C7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{617DEB9F-B021-43A2-99F4-5F38BE38FC5D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6222EC70-1355-417C-9859-C03E625670B8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{623D9426-9776-4ABD-A915-25505ED19C55}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6259EDB4-E206-4CF8-BDAA-B2B2B5AEB550}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6319F155-0DD8-4B0B-8A85-D42162E6AED7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{639C8E93-363F-4700-B9BE-33DCB4F25DF4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{63BA0B0C-BC1F-4F9C-A7E2-514D244AF166}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{63FF1324-6C7C-49FC-A786-1A9E65F50B44}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{64157D73-F58E-4C84-BB0B-89C65F36D5FA}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{647C5A80-0FE7-42D0-8436-9CA9A0C33B84}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{64CA65E4-E5BD-4C32-B1C2-D0ED01F99AAD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{650577FD-CE72-496C-9EBD-CCBB5F32A343}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{65925311-C8D5-4A31-AF6B-C32709FCE3C0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{65CEB28A-A7A6-41BA-928B-64CA93DD6273}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6633F531-BF25-4BF7-9F5F-C2B150C200A2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6636289D-EAEE-4E47-B3F8-69030A694A1B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6639CF75-64F6-4226-AB29-F8868CF919DA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{669159EF-306D-4B64-B5BB-2A4C0227A60D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{66A9FCE0-3F33-4ED0-A166-D1CD5B6A68F5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{66DCC036-BA3F-41F7-B5FC-427928DDD026}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6706220E-B50F-4B85-A1D4-966FACBF2CF8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{671A13AA-1186-48A1-943B-807ED523AB51}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{671A7D60-706D-485E-BAEE-424681BB62FE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6731B356-AA7E-4DA6-A2AB-453127F1B6BE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{67F5D8C6-9843-4C62-8C3E-0259492767BC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{684762B5-A4E9-4F2A-A7A7-2F46BA82F953}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{68ABA749-DF68-4944-AED6-CECBBBE30B47}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{68B29494-B613-4524-96E8-73C71980EEFB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{68CDD539-E20C-48AF-A762-9C00F3977E7A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{69004BD2-D0DC-44B2-9584-A0E8D50C293A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{69086B4A-3FC3-4F2B-861F-913A584279C8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{693DADBD-B442-42CB-A214-3BEF4C3A5BC9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{698ED9B4-7B7C-4961-9F58-82B863F0EAA5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6A38737E-EFAD-4857-95DC-67D6E8A43179}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6A6540A6-FB5D-4A68-B1DC-C3417EFBAE81}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6B72EBBD-0C22-4CC1-B017-28A90D7AD7DD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6B801B09-BD04-48B3-9F04-73295BA3F6C5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6BEA217E-7BEB-4499-8491-5998FB6BC65C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{6C0D4DC6-224B-4E25-A4D3-C0B23F0E08CF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6CB37383-E6A2-4BF8-9249-7EC57E7EA7C5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6CDCF39A-5526-428A-AEC6-DBC8BDE895A8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6CEEFD6C-F0EE-4A1E-84ED-6DA573940FEC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6D04D0DE-2F88-4353-B64B-D20507BBAF11}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6D2D1605-D320-4FDB-B54C-71F19D5DAC09}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6D35F58E-334A-44DF-B731-1D08E295ED4D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6D40D9EB-8F13-4627-AAC8-0312F9FFEE4B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6D4D29CA-9C16-45DB-96F8-01213688F9FE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6DF91B8F-12D1-474A-BE83-D673C8BB3396}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6E271321-840D-4ABE-92D6-177D0BA0A548}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{6EA4C0BB-C1B5-4603-8E74-4BE1C746821F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6EB1BE09-EA3F-459D-BF2F-5B63ED6AD262}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6EC95ED3-87CF-41D4-B1FB-62C38CDCA66E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6F3E1E96-5AE4-4DBF-AE4A-9C47D687765B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6F9A2103-F7DA-447D-BD75-6EC184C51D46}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{70278DB9-F1A3-49B9-BBE2-F9FAF5EDEB64}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{70483332-B5AE-44F6-9BAC-09E16040EFB6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{70C006F3-D27D-417F-A70F-476D18E79F76}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{71175D2C-0582-4D5E-93BA-1084C8880CFB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{712A4CE3-99C0-47A5-9FB8-04514756C520}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{71E015CC-123E-473C-A534-2E8B60A04F63}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{727929C4-59EF-44D5-A215-E05CA3959C48}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{72B13E9B-FD17-49A1-81F0-06219015E602}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{7302191E-4B89-4C68-B962-B76D6F7B8C37}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{7470A0F8-C07C-4C42-B699-271C23BF0217}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{74E66CB6-F681-40B8-8558-61F667B01231}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{74EF89FD-EEF5-435F-A304-F1056C51BBD9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{7516C000-BF1D-4B98-A8B0-F2CE87FDB4F1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{7593C7AA-30F7-4A46-AFD2-EA173E9EC5FA}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe |
"{759D28EE-5916-4322-A0DE-AA9402F2EE67}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{75A95508-BD59-44D0-9EA3-D6426AB57586}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{75EBC443-FDB0-4A8F-8868-B2413D3E4952}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{760AB73B-A378-4DCC-86DB-19BBADFF04E4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{767B3505-32BE-4DC2-8ACB-C5681525BD40}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{76EF040B-E4E6-47BC-95C9-98DFA12ABC5A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{778C6F3D-1376-4227-BA26-E872AD42069D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{77AD6BD7-825C-4D3C-A613-B19C0EFA542A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{77B8B2C8-C21F-4629-9602-CCFE97A45AF6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{785F9555-A730-4AEB-B59C-7FBD81D24217}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{788044A5-5FBA-42B1-95A0-BE2537649343}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{788D5E58-2DA6-405A-B0A9-C940D6B04100}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{789BFDF4-6A71-4371-AD01-E9340FA61ADC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{78E30BE1-B721-4CFF-9B72-16FE3398B56B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{79B96D99-4479-44A6-8E89-C0D5F634DF3D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{79E98C59-A317-4869-8128-A204CAB0CBF3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{7A57A5E2-75CC-4B76-9FDD-FA723DC6D57C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{7AC26881-C75A-4A63-B7D1-95EB5A2CDE67}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{7AEE757D-ED7E-4744-913A-220AAB8AAF95}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{7AF6586E-CA55-4E87-B4F2-14D266C23454}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{7B0892B8-CB1D-4A0C-90DF-C47C556488C6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{7B71799E-AE0B-4F15-B2DE-B0D30E877285}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{7B8F21D5-9BD5-49BD-B778-7C15A70910B5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{7BDB454E-0F04-4607-A1E1-AD83DD528919}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7C4CD8A7-9B09-4B7A-B0ED-CF55DD913BDF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{7DAC12CA-FAFC-4CB0-AF62-8C1B62ECBE3D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{7DDE9121-3C90-4E22-8BF9-25D153C90F4D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{7E411137-5FEF-4107-A4F0-18FAED8CED7A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{7E4CE281-6D1D-4284-B0E8-C3D894D58CC2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{7E817BF4-D00D-4C73-815C-07289F676C74}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{800227EF-4EFD-4FED-93E1-0B0CF6CE1A4C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8026DAB4-AC16-4010-A938-1C56C2887CBF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{804CD82E-A4BE-43ED-9CEB-91860B433F0C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{80A201E5-8F2E-45EA-BDB6-FA89A5E67317}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8122F2BD-17AF-47C7-A781-B8B19CF868D8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{81F309BE-CE98-4193-A5BB-52527D2F8015}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{827DB1FE-8B5B-471F-B13C-521528F7423A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{827DC375-2C0D-4D9E-BD38-C3C2F6793850}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8280C6A8-77BB-4F92-BEBB-DBE3B5F15260}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8323F4BF-7755-4A7E-A6F9-88C9B778BA58}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8347292A-1AB0-492F-9F22-C310E1B527E3}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{83640FF3-4AA9-4601-BCF4-A670E3C95EE9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{837EEFF1-1802-4D63-96A0-D9A70235EC7F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{839FB75E-7E1E-40E4-B14A-7DCDEE1B70F1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{83C6CA40-A930-4506-900D-B9060D797EA9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{83DC968B-3E8D-4357-8133-E68248938B5B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{83F90BC5-4D91-445E-8F4A-B0A7DF39ABC3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{84A4A226-028D-4A6B-AEAC-0BE929985D47}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{84C64128-1A5F-46AB-B6AB-7834456CB239}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{85264F43-8E61-45C2-B00D-6CBECB5EF200}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{85CB3D02-6C9D-4A7E-8E81-459D2EAB4F2A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{86157559-A822-4E88-920C-04AFD001D272}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8789A574-A290-4ABD-A975-5E67BC2735D9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{87919439-E703-44D3-A3E9-10D41F54E59B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{879F81F0-D3BA-4391-B7A7-08A44A7C47AE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{87C8D705-706D-4AEA-B082-F5DFB7AD70B2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{87F667FE-D7AA-418D-929F-F79A50B665C1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8847235E-0AA9-4FEC-AFB4-DCAAB50D0CFE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{88841559-9D47-4C7A-870F-596176D11842}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{88A687F7-D1F2-4EE0-8876-0344468D11BE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{88C31B3E-46D7-42B0-A710-2206352C26A2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{88C8BEBD-8B0D-4C50-B5E0-09182A9276EC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{897C79DB-55DB-4ABA-8EE8-9A663BC33876}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{898B9E1C-ED31-4051-8ABE-690C68E3FB22}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8A1E1644-DC27-4E57-9753-E4801C5B5328}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8A21B23D-2FE6-48CE-87D3-988890100F0E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8A7475D5-2B70-4A32-A846-BD28227F13A6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8A7716E4-1927-462A-B77A-83E5D62A9CFF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8A98C3FD-6797-40DE-BAF2-8611B17ECEEE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8B9078F4-8DC5-4525-B435-9DEC4F44619E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8C090659-4C70-44CA-B937-8B2897763E2B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8C4AB5BF-696B-4945-A451-477532CE6E00}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8CAAD9F0-C2D4-4886-8B79-5058699D0723}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8DA5560C-49DA-49C7-9780-6C08D752914B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8DAC71A6-E8B6-4C62-A66F-3EDBF09BE660}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8DD2CBA5-CEB0-462E-88DE-4A5A8D961B93}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8DD45242-0CDD-403C-88AC-FC2ECDF31C92}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8DE2E25E-C117-4DE7-A0E1-C793B301ACAD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8DE76950-88B5-42A8-A250-58BCD85D7525}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8E09BE41-EA5C-4ED6-AD9F-4800858D0CBF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8E4D7C3E-A4EF-49E5-9F47-0990F2A45EE7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8ECC26E4-9B5A-4C63-86E7-E6C0740BC8D1}" = protocol=6 | dir=out | app=system |
"{8ED8E35C-3E1B-4414-8108-4E57C0CC0599}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{8F46B4AD-71BF-43C7-84FF-75A841CE4E28}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8F7C4846-9C3E-435A-A7A3-FAD7A0CCF72C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8FF305CD-D59A-4B58-9DE3-E0BB4CC443F8}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{90167670-1F98-4E6D-9518-CFC63CEB7488}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9031FEC9-A747-4787-83C9-F4C08007090D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{90760CCA-A107-4A43-A1CA-2299B8348F29}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9101C7B6-2DE6-4290-B4E2-35FAB2CFE374}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{91338DA8-F827-43DD-A7AD-AD3B4BE1C926}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{918DFD61-E81D-4A8B-B8FA-CE823B45C107}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{91956F3A-BCD7-496F-A993-3B3FEEDA274A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{919D8640-2274-4F8F-9818-32EA2A140086}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{929ABBAE-C3D3-4F0B-A72D-8D16A9B5B576}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{92C461B1-DB9A-4A0A-AE9C-894BE9F160FF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{93077164-04F1-4620-9819-CC3F5C0E2121}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9387C630-8391-4BEB-AE4C-1BAD74E92B33}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{93D1E689-D37C-45C6-8141-6236B83A5979}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{945391C8-AAF2-424D-A7C4-8699F96E16DD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{946D5093-924A-44E3-B1CB-1CE3396EF4EC}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{94A6F2C7-909A-4789-AA74-6DBA71BAA06B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{95143ED8-312F-4BC0-A473-4E3955AAA82F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{95243A3D-0284-4E00-B7A6-8E4B39FE7127}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{952FAEDD-3F58-4FA7-AC22-761AD5532083}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{954AF824-C1CA-42E2-B00A-6A2736889AB5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9581EB7F-365F-4A1A-A0DF-7AD01231E7F3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{95B4E249-804C-4AA6-9BB1-B45362F95702}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{96DE247B-E903-426C-AC00-54438ABDE810}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{970949E7-D6DE-4D57-B3F2-0B027DC9F8D0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{970CCB16-01A5-4FBF-9652-13E67CA32767}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{972871E7-6004-4837-93C9-56CDB6D0ACDE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{97732FA8-B41B-4A6C-95C4-A71185F91BB5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{97C85743-7EED-407C-B503-F0F5C684AC71}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9874C618-DEF4-40E2-89C2-A22B4A2ED869}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{994E897F-AAA7-46FF-8568-9F8E0AE53947}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{995F268D-CBB2-4EA3-A85A-F494A319A045}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9A4301A8-2179-4E75-B3AF-EF5AB4B06E28}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9A56B2AB-C594-464C-9230-CA4BA6EF00EB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9A82A614-6575-4808-8F12-C8DFCF35CBA4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9A9E38CC-C4C2-4D5D-9A08-69F3F0D0DB8B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9AC24F14-F625-44C1-BF26-EBB3E4EBF77E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9AD858D5-AE13-4342-8224-EA0537872630}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9B35D643-427B-4B6D-A796-697DB35437A2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9B49DB0F-7E88-433D-AF6B-275D2CBAA9BB}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{9B4EBC54-E187-4B7C-AB98-60AE7D02AECE}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9B834AD8-8C2F-470E-AF47-91BEBC2A9E72}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9BE4AA38-65E3-4C80-827B-03BA221D5DD7}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9C0B2AF0-BF4B-48C6-899A-1552109C130F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9C5C5F3C-0C57-4AB4-AA50-91454289DA97}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9C7BE70C-7DFA-4AC6-AF0A-722C45E4A781}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9C835C30-0D00-4B17-B48E-E16877014667}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9C87E0F1-F066-479C-B602-58B0661E396D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9C89E6EE-DD25-4F0F-BB6F-E3C78F85CE09}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9CA53E6C-58EC-4D1F-B518-C669E9A119B7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9CDD1218-0A2B-4449-B710-D6D359A2338B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9D1D40BE-C691-4B44-8ADD-4790786FAFEE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9D4A3AA8-459C-4698-B082-7C8EB2A12278}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9D67183F-B6BA-4A21-A265-D8086D3E8F9B}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{9DD49FF9-CB6B-4541-8312-0BDF84A0897F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9DE39B3A-A454-4159-B792-8A339416292F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9F4A70E9-F393-474F-AEB7-79EEEFFCBB9F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9F54A8CA-DEE6-4C8A-8DD9-2C3211BDC3BE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9FF636BF-8C07-461C-9CF2-6725DEBE3B4F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A0AFEC97-4E70-4E6A-8106-493E9A833556}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A15B446A-ED07-453D-A7D8-F15569B51055}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A162E5E0-949B-424D-99DB-E29B0B5DD3B0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A16B0D97-5C39-41A5-A677-7295E943781E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A1C2F119-5060-4FC9-B517-9F0C0522FC8F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A1CEAEC3-C9AF-4E38-B3DD-F47895F0FBFD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A1DBDA64-36A6-4EEA-8A65-6F050801D95A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A2015B19-35DE-4EA3-9386-7C7AF18BFCFE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A22D96E8-9C82-4BE8-8F4F-018D67D39E03}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A33067E2-580F-4B27-8F23-5C7112BC5B04}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A33CC557-AD1D-4A0D-9189-30B0BC83F037}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A39BE2EC-02A1-4921-9BBA-51660541EB29}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A52421B4-9041-47CA-AABF-D03F5D05E6AD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A54256F4-E0EA-4344-B4ED-04E947436151}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A599F9FC-81FB-4A08-B485-6A5A243501AA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A5D2448A-9FBD-48B9-A3A2-98286ABEA39E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A5D914EA-B039-4BBA-90DE-18BF504E3FBC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A6DBFF9F-714C-44B8-84DF-9902437A5EFD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A6DEAA32-177B-4FF5-AB4B-0333E9EF1871}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A782D86B-2CE2-4038-9EF6-7A07CD120646}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A7C2208F-7FF4-4D37-A8A2-971AB43ED17B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A7F116E1-927C-41C3-8411-C2003A698E80}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A8ED77B6-ABBC-4F95-821A-A90DB98AFF45}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{A91F650E-682D-420E-877C-9EA4110387A0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A9340696-00E9-4919-9635-87DEBF0253A4}" = dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{A94AEBF4-0D25-4A3D-9D3D-B458430D578A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A9C4CF9F-72C4-4A07-B97F-07E36126A48F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A9F027C3-4115-4AC7-9EE3-5D3490583CCF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AA8892AA-B1E2-4CEA-8F64-912D04FF519A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{AAA13DCA-1DE0-45B2-BA59-D99F201DE95A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{AAAFBA68-7924-43BB-AF30-6AD48D66257B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{AABEDF91-89AD-4863-ADEC-AE5740616AC6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{AAE3FA08-9E7F-492A-9088-3DEF9EDD6205}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{AB2D13C2-F9F1-4F66-96A3-E8B256F5530D}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{ABAACACC-8039-45D5-93B7-D261F55CCEE7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{AC1479C4-0324-49C1-9D4E-2AFDCA7B9B31}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{AC4470BE-52C7-4A62-AE97-00F6B61D8808}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{AC48252B-5094-416A-B35D-C83B03AD1C63}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{AC70A58A-ADB7-4503-80DD-4C109221AE7A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{ACB55F91-A634-41AB-9208-212CC85E8449}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{AD209153-14C1-45CE-BEB0-FE54F929EBF8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{AD730B54-AEA6-47A4-927E-2DAD8F818C33}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{AD761151-9C7D-4D22-88D6-51CDA688F3B1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{ADB5ABF0-5B2B-4703-B4B3-C525DBE236FE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{ADE3C1B1-D11E-4517-B097-830CBA8ED9AD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{AE3074D9-F01A-4BDB-B7C6-62E4AB643271}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{AE34DC5A-8EE1-4786-9B89-D5AF5EE4D78A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{AE5E5B2E-51E8-4694-8856-1E5DA50B9055}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{AE87F6E6-91D9-4B56-9486-D3A0109785D2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{AE8F0758-FF47-482F-9415-70B9512B64B6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{AF262990-B0F4-45F5-969A-C215DA53DE8A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{AF53558B-677F-4263-9CBC-4011437DB410}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{AF64C8BE-9AE1-440C-92B3-DBBDA0525E14}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B015474B-4218-464D-8F3B-DA23CE0C9D7B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B07DF53C-3F91-4478-BBB5-992E8977AFCA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B0BC22B9-DD3A-4027-A19F-424095E162FA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B14854BB-825A-4E96-8543-F0B38D17D278}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B14D0287-7540-4A96-A5ED-AFBC1D7DC1AB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B1772D92-EC6E-4AD8-BA9B-3844FF27B060}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B22D5C6D-2DA9-4798-BA40-43D5E922963E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B26DB0B5-5B84-4E6B-8AC3-23BCA5E7D7B1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B2DF09F3-5D83-4D70-899C-80E720FF8ADF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B3260AD0-938B-4E45-8C3D-022463AFA98C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B34AA4B6-0A54-4971-9E89-3B83C891AFB8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B3513CA0-0BAB-42A7-8543-65CADDBDF5ED}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B44A5419-1BB4-4C68-80EB-50EC702759FC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B46ADFCB-EDA4-4529-A446-4BCB5A022FFC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B49E67FC-A8C5-4816-A207-F70608D132B7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B4A9F6CF-8B8C-499D-BE3D-F13A14FF4249}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B5193D79-3488-4749-ACAA-C4355654CE4F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B5C94BF4-1369-446A-A1BC-944B677A4FD5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B5D09EA8-18DD-4084-9365-0C4416B98E5A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B6007437-E615-4568-B17C-E4311A9D56F4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B62AD462-3868-4817-9D55-C744604BFB71}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B6B2A8E2-9FD2-4CB8-9B0A-86DB94577D1A}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{B6CE530D-B691-4C66-895F-4E7B27EC99A2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B6FDA2AB-991B-41E6-8E18-5648CD8F9DB0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B729B0EF-F36F-487C-A900-9915749635E2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B7E4A72B-93B3-476D-9B0C-52570B70C8AB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B8066660-F298-4AD5-B333-320B26400E8D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B815D728-87E3-49C1-BB41-B2F9410CB9EE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B8AE72CE-77FE-483D-B4F2-E92D53E08608}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B90DAB9B-6F47-4EA7-A58F-9BD2893AF138}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{BA0C2CCE-BEAB-4F2E-8BCF-C6DC948424B7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{BA35F958-2AB8-49C3-BF4A-67BD17914029}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{BA8A294F-7A19-4615-9563-F21C066BC422}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{BB2F9891-D0F1-45D6-83D3-9762A9221371}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{BBA7766E-72B8-4A7B-89AC-8A1382B0B6CB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{BBC6E7D1-AFF9-4EF7-8D48-427F167DBA11}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{BBEDFBF5-A2EA-4482-8913-648C173E619B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{BC6F7A34-421A-4D1B-A209-74DA027C1E07}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{BCD750C6-3735-4404-8541-B933E42DB27D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{BD19367E-4A18-4C82-836F-D1BF0E7C9884}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{BDAE4C05-16D0-4F8B-A5E3-54F9A2260F38}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{BDB4ED98-48C0-4946-BE8E-DBA301EA970D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{BDE516E6-3D59-460D-8C11-42317CA6813E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{BE13D170-7410-443A-8D7A-D89930BC42CD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{BE500307-CE2A-45A5-8313-4080FA843048}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{BE549919-9F87-4E82-9631-68088472F3FB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{BE90E9B6-F2D8-4866-AB09-16B77524C0D6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{BEB9DA2B-4035-48F6-B78F-F569A22828A2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{BF268C01-68B2-4A1A-BF52-6199ACC16FE3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{BF28283B-7052-49AC-86B6-81B96220DDC1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{BFCF2F34-EA58-44FF-9E0A-903DCEE72111}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C029B5E9-EA6F-4BFD-9935-F1EB0AEB939B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C0420674-37DC-4621-9AAB-7FF0394353B8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C04EC0BA-BFDA-4FBC-9169-016AD41FBBF2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C056F37B-99B3-4763-A070-7039507D5F1A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C06343FF-921F-45F5-B99F-F231C6F03CAF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C07FAC2D-0DD2-42CA-8ECA-E9C53B4F6224}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C17603D3-75C9-41D5-AD99-E1FE73A00DC1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{C1869F4E-5DBC-4FEC-BAA5-BFCC52B6C2C3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C19EF161-F75E-45A5-A48A-5EDE7B8E191F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C1FF47C5-35AF-4603-BD5D-9231CD23C97F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C21E5284-2EBA-4A77-A1BC-AC3FE8A15D15}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C22796CB-57D8-43BC-9ED5-3DBEF52723BC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C239CB36-CC33-49A1-A079-3A7C04B9FF6B}" = protocol=6 | dir=in | app=c:\users\administrator\appdata\roaming\dropbox\bin\dropbox.exe |
"{C2CEEB89-AF53-48B4-9609-866C75B2591B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C32C45F1-30F7-4320-B609-52A5149C9606}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C398D681-088F-4FBF-BCB4-F7B224DD4765}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe |
"{C3BEC36D-D965-45ED-BB68-E520C7EE9549}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C3CC6103-9221-49D6-97CB-DCAF3BEBDB01}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C3FAA576-2186-4C08-9FD5-E2024C4A3FDB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C4D675D0-E353-40E9-886A-8A94D3BC86C4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C50137AD-99CD-4382-8B79-F988A4860D0F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C50C5034-D10D-4BCD-A677-660320BE52C8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C535EA87-297D-43E5-9C7F-973810FFD262}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C58B965D-BA4E-4AD2-AC22-2404A387A96A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C5D95E6A-A386-4FAB-B6FB-4B4F2A858EEF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C6453BF1-B3E9-4BC6-8219-39F42E8C7A55}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C6A08A08-DD0F-4476-A76E-FC2DEF637889}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C7140E50-0911-4584-884A-3C5409E3A872}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C71C25BF-D8E0-4FE2-94A4-EE8738402287}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C7494BD2-15F7-43A5-A156-33081B748049}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C7AB2C87-C002-4542-A170-2D6E8BD9378B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C7F61EB9-2996-4873-BBBA-7FE99A8B54FA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C80050F7-CDD8-4174-A270-818D5EE617A1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C81E597B-5E95-49F0-89CD-2BCB48F96FF3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C850536A-D825-46F0-B281-D00286463338}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C8A0F5AD-8E94-4062-988F-1C07074FCFEA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C8A221FB-8AC0-4A8E-B94C-1D524E5B42CF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C8DD7288-D7ED-4AA0-B189-EC29F4A498A6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C915A074-1BE0-4E3A-AFDB-D896D40D425B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C9162C25-586E-4E78-BCEA-01A8201B9FF3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C9A95A6C-F15D-4D0D-A26D-59B666C6667B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{CA14977A-DEA4-4ABA-8586-1563720A9579}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{CA1BD2F8-6149-45DB-B9B1-F58E17600DB0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{CA1E249A-1F16-458F-8545-427CC1D3AB21}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{CA3DAD4A-47ED-4A59-A38E-4CC11BC0941C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{CAC48B08-8D3C-4E9A-AC5B-1C6984C2BB5F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{CAC7AA22-151E-400D-B43D-BCE705EA3782}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{CC1E53C4-0DAF-4E56-A8F0-698EDB1CDCC0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{CC308DFF-3BD8-47BB-9C92-8ADAC1CC043E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{CCD150DF-0A39-470D-8BB9-1EF586628A06}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{CD04939C-4A69-42F3-9F0E-5A856495BC36}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{CD476B07-2A7A-4E47-87CF-4669087EDBE4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{CDA8D0CF-77E4-45F3-A194-EF380D31B97E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{CE338174-5CC7-4D4A-994C-CFB93EA265F9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{CE9477A6-98D8-4A23-B8B3-AB7782B1D7D7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{CF0A3929-3C06-40B0-8BF1-7AF7CE96BBCD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{CF6C77E0-771A-41DA-BEF5-EE3669372354}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D016CA67-EE14-41C8-A46B-535826054445}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D05A6F1E-A73F-47C1-AE7B-FA26A8D9F29B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D0764521-FF4D-4534-AC39-7659090E9907}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D0870C95-9F53-4FFC-8F39-6E1AC82B80BF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D095AB71-324D-47CE-98A8-48787D969F10}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D1023CEE-9A79-4030-B780-6471D8873270}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D10BCB63-0C1C-4D9D-8D6D-53A9D1E29127}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D14A17E6-6D35-4EF0-8E8D-FE7037B0400E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D17432DA-2195-47C4-81AA-A9B85BB2A0A8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D1BD3A11-CCBB-4587-B8F7-969AA85B4B1E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D1F4938C-5BBB-45ED-AE54-C659A4677CC9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D24001E9-0917-4C4E-8AAA-972E7708C690}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D26B35C1-CE9C-4089-AD3F-220074941DC1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D28A5C5C-3FF0-4D4D-97DA-EB0B654D57EE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D3283D50-F9C1-42A7-8A50-884FE4801E28}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D417D390-34A2-4F21-AC2F-91AE022E4154}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D41B4401-97C9-4038-BA66-6AA6540FC80F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D44A4134-C7BC-4D66-A85D-21CFD05A72F4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D4AA77A1-9887-4FD3-99AA-23F1F05BBC3F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D4EA8BB3-4AB2-4FE1-A0ED-E64DD0087FBF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D51EE125-2BC8-4BF2-A9D3-5268054D358D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D5589C26-86E7-40FE-8328-97D4088895F2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D5C5C22C-EA43-4380-B71D-81DD97D385B5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D5FBAF3E-C784-4A19-BF58-087C3E707C35}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D6B3336C-A219-449E-85B7-0DC51446A935}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D772AB6C-1362-4944-89AC-658A2AA0E145}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D7C2BF17-7367-4D5B-A783-A6FBA24890EE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D7EEC78B-8C16-4C1E-8996-C566F9A52B34}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D806B150-E6C9-4435-88B5-B7ADDF24701D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D807515B-9C02-41D2-A09E-78F11568147E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D82A2F42-5EDE-4EBB-8C20-FFAE29A02130}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D9586519-F458-4062-962E-878928CF82A5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D9ACF61F-1458-40AC-9879-10DE6C869834}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D9DDB73E-03D5-4972-9CCD-71CD88437A0A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{DA4A146F-F76D-4DD6-B8C1-08A66EAB9FF6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{DAAC4C3D-8FE6-4F08-A0BC-E58C1CA17592}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{DC221EC8-EA0F-4794-9625-0B46DC18E868}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{DC707790-FA25-4EEC-BE8F-97F8D66EEA6F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{DCCE86EA-859A-4BFB-AE0B-1B00B98DCAD0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{DCE699D0-9E21-4B9C-A7D2-24A6BFF4CF26}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{DDC5286F-8BD0-4623-8895-A345EB2BB354}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{DDF8F110-96D0-4596-A412-D716A78570D7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{DE6F4560-3F40-46D4-AD61-4F0DAB77519C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{DEA21047-0F6E-49EC-930C-8A02D06DB730}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{DF1DA88E-80E7-40CA-9A2F-64114A01308B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E00D3E0D-C73E-4A32-B6EC-5C5B76CBE6F6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E02B17C7-FD18-47D6-985C-37882CEC2952}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E031E297-165D-49F5-B92F-D8937E1B2D38}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E04C8055-9640-478D-8BD3-9A349F427C3E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E075DD75-78C1-4206-AE00-D0AAE73F25D2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E0ADF3B6-A0F4-42B7-AE59-3F61668FBC92}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E0EC733C-9050-4B6F-9905-B72396CA7A57}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E10971B2-B926-44C8-9063-CA606E14B924}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E146869E-4987-40A4-B99F-43A8C961F1F2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E1698B8A-3EB9-40AD-A4AB-3A882254D240}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E187A4AD-BA21-4AC6-AA8D-2FA8A96D3BFF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E1F4B0E1-B97F-4309-86DB-81B121600D5D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E24CADFE-2799-471B-A825-2018EE1FFF18}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E2557892-D5D8-42C0-85A7-5176A9A59EF7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E25D8742-B822-4220-A0F6-10A6ED324875}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E309D4FD-E136-4491-BFF3-BBE138BBB284}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E34C9494-746A-4A26-9800-E3FBB3BCF7BB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E3F5874A-CF80-4EA8-8D3A-FCE1F6F6D070}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E40177E8-536B-471E-BACE-0750B8E43FA7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E4126EC8-CDD6-469A-838F-23A1723A517D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E431F526-89D6-480D-B1B9-4ADBAC4246E3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E45DD231-61BB-4372-BBB8-07D30F3F2D40}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E45F0058-CA0B-4A03-90C5-CDDD07060F48}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E4F39BB5-5153-485B-83B6-4C83DF50B619}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E51DE8A0-6B31-42BF-AF34-8CF419AE8C07}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E55B0468-7DCE-43E3-A936-C30BD32A87A3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E578D608-53AF-43E0-8BCF-23F479F2706F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E58A7FA5-17E2-4D39-8DE4-78E69CFAE51A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E5E711EF-3C99-4767-9F09-4B1DEB6086D1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E627F1AE-D47F-49F6-9DD5-6EB7FF7BBF9D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E63EAFB9-BA83-42AD-87A7-A062993D63E3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E687E1F5-E05A-4B4C-8B3D-C2AEE7AA9AC7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E7726944-46D8-4BBB-BAB5-0E511AC12C1B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E7C90495-0328-4260-8283-10E45EE7ABB6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E7D30CDD-F3F6-4475-8157-128AF7CC9CF8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E81B2159-E834-4417-93F4-A1AB9A6B5B28}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E863AFE5-A41C-44F8-87B2-9012CD714744}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E886B568-EED9-429E-A921-F814B5FD9BA2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E8BDE00F-E8B4-4AE5-8706-B4EB35602273}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E8E1053B-A69A-49E9-BC14-38C86714B774}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E8E96DFC-A52A-447C-A31B-76C80B6D80FF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E90B44D3-001B-466E-8A21-0B77D941B6B8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E91DA6EE-409F-4382-B555-FCD80E6E4B3B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E9919471-B7C1-47C2-B4DF-4880F2CFCB8E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{EA2B46F2-7120-4E46-83FF-ECD3E38E1341}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{EA6EB121-A185-4F90-84F0-68C3C3EEFE75}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{EA979F52-BBED-47F0-AE72-3503DD31BEE7}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{EABCA331-7B7A-4840-B5FB-40C141BB9C97}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{EAD1CB08-6033-4DCD-B371-53607178DF90}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{EAFDC0FB-937C-49F0-82A7-D726065B5953}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{EB1A8112-EBDF-402E-A60C-4BC0911A9606}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{EB320488-0167-4983-AFF5-74C1EC66BEDF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{EB5FEE93-D054-413A-9BBD-CEB89F41D62B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{EBFA9517-696D-4128-AB60-40DBB7336A70}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{EC29F6EB-2017-49B7-8D32-8298FEB6A035}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{ECA443CE-3570-45B9-967E-EEFC031DA2E8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{ECA6B76B-562A-42DF-AE79-F7DFDB7EFA05}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{ECB0D152-197D-4D9A-BE1A-BD3C9303AA06}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{ECB465CB-7ECD-4A2B-97DB-E7277D633534}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{ED0DEF50-EC82-4142-892F-3834F52C7D43}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{ED629151-0F65-4619-8088-98648236CDB4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{ED63F056-39AE-4345-9858-0BFC51BAC914}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{ED7B9271-0DDA-462D-8DD2-EA2C34E3E4AF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{ED8694E4-758F-489A-BCC9-EB703B255A26}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{EDE1EF15-DF5F-4854-A8D4-FDCA92D8761E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{EE4D285F-E527-4D9F-BD65-D9066AC213BB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{EE523478-0A62-43D7-96B1-3812B3E62399}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{EE5764E1-C3E3-4B69-BF5F-7F766F22F658}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{EEF63A16-6B8C-4A74-B596-AAAB58B31FB0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{EF477D42-60C1-48A8-B786-16C75863D604}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{EFE51D27-B7F9-4E0D-8E8F-BECE8EE10672}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{EFF56B1E-635E-4DBB-BDD1-78D086781745}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F00FC828-0E3D-4629-9A11-68A108F3C9EB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F069A513-704F-4EF8-BFF9-EB80F434928B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F0C88B26-C7E7-4531-A683-E6B930D6B11B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F0C8B79E-CC7A-4EFD-A000-2D64C2EF48A7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F0CFC365-110A-48BF-A11B-6204717E655A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F1C42FC7-BBBF-488B-988F-33A59D240131}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F1C85E76-7C10-4DBB-B452-D12D2A27CC18}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F1D278BE-295F-4F44-AFF9-F748C4785714}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F1E9BDA0-FDB4-40A6-BDD0-3B471DA0F8B9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F26A9D40-ABCC-4A99-8E3F-3A14F9567E5F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F299E25D-A6B7-44A3-AB6C-F7A5F6D33B98}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F2A0CF91-A62A-4885-8AE5-02CF89ABE9CE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F2AAF15E-C1BC-4A86-B878-3B32A4C1FC53}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F3373EF4-BDDB-4070-A936-DCF78F9AC333}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F3B19680-2FAE-4CFF-BF7F-DBA64A581C57}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F4C90126-DA62-4A9B-9E91-EB21D6213B3E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F5383F71-1AC1-4A6D-9F6D-356985B31B20}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F574FA1A-9748-4F6A-9CC2-627BAE4D75AB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F65FC157-7202-4C7C-B14B-2B33E58F48D6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F69F1A79-8186-47E3-AF70-566F604DED38}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F6E4BD45-2F6E-43D2-9AC7-B823CCEC856F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F797712E-F3EC-48C7-98CA-E61CE2376CB5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F8308957-749D-4FE5-B37A-574826F49BE8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F88CC338-6262-4188-A06F-61D48A992982}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F9076A89-22BC-4876-B607-7C58773D6FF6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F97366CE-00D4-445A-9629-2498BC2E044E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F989EEF0-1637-498A-9BFC-AA2747E97BEE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F99DE2CD-C734-4E49-AC3A-916F2674ECB3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F9A28AF8-1BAC-43EE-9428-DDA3053D95B9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{FA0970B6-F700-4D0C-BBBA-A3712AA72E20}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{FA157029-AEED-4F17-90DF-C29DC5A59EB1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{FA518993-2AC3-4376-8375-05BBF10C26B0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{FA76646A-604D-4D47-8F03-51E3811C9B7F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{FA76D7D9-9ADE-4BC9-B3E8-0EEA531CE289}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{FA87F080-67EB-4203-9015-8DB4BEE07C04}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{FAF04F15-787B-4421-94FC-FADB35B8C492}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{FB05959D-4D23-4EBC-BBB4-65A143675794}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{FB63052B-C631-433D-B7DB-69C0B6E1813A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{FB85A8D2-BE9E-4DA3-9788-12A9F10F609C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{FB8D55EC-6794-4FC0-9A55-AF3BC7D02DFC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{FC2675AA-1F7E-4E8A-8837-4AF01F889C27}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{FD13F9BD-240A-4775-BDF9-797F50724DA7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{FD35C0B3-62A9-4076-AD03-AF7F8EFFA3DB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{FD5065A3-A4A5-48DC-AEF4-05F2CAE68B4A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{FDAC6B6A-90E0-42C4-AFD5-D948EF35DB9F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{FDCE8715-D6C8-44BE-A0DC-B870EEC88420}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{FE3FD1AC-3276-4E48-BA1E-F74396350CF9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{FEBFBC7F-95F1-496A-B3A4-06FE61EE0BFC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FED7EC0D-996B-4FF2-AC04-7737842551C3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{FEED2023-EE98-41D0-A441-8C4622C4AE3F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{FF09423E-450C-4F89-AFC3-15C6DBA5A1D0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{FF206E4A-5769-4862-BCAD-A2E9009E3149}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{FF8CEC84-5436-4DE8-BA98-A0B6EB80A6B1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{FF9D37D7-D66F-4FCB-A1BC-36F757071F7D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{FFD61DC4-8B94-43A5-9CDA-1D3FEB3723C6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"TCP Query User{6AFF5470-CC63-44B9-A468-099893E9A860}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{A9C0F496-DC8F-46C0-8C46-4C8260B91DF7}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"UDP Query User{0E07FD82-F959-471F-B7C5-967710320757}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{A2540509-C4B6-4D1F-9BBF-DB4DA1958EEE}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{92DBCA36-9B41-4DD1-941A-AED149DD37F0}" = Windows Mobile-Gerätecenter: Treiberupdate
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C1AC1FED-9E75-42A5-B3EA-CCEC92E75D61}" = Raw Therapee V4.0.9.1 x64
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
"PhotomatixPro4.0x64_is1" = Photomatix Pro version 4.0.2
"UltSounds2" = Ultimate Extras sounds from Microsoft® Tinker™
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{1E6C7AF9-9A0E-409C-9D48-B0693C5B279E}" = Lesikus für Therapeuten - Demo
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216034FF}" = Java(TM) 6 Update 37
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Foto- und Bildbearbeitung 2.0 All-in-One Treiber
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROPLUS_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_PROPLUS_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_PROPLUS_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROPLUS_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{949460AD-3C77-44FD-8D78-BF605EF28114}" = EMEA02
"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Foto- und Bildbearbeitung 2.0 - All-in-One
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{B014EE44-9197-4513-9613-71E6EB1B514E}" = Nikon Message Center 2
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Speicher-Disc
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD04C31E-96EB-4418-B9C6-1A9B30CE438C}" = Lesikus Wortschatz Demo
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{C900EF06-2E76-49C7-8DB0-41F629B21DC5}" = hp psc 1200 series
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{D1E7142C-6BC3-49EB-A71A-E5D7ADAC7599}" = Nikon File Uploader 2
"{DDD62492-32A7-412B-8AF1-2CF032AD42E3}" = ViewNX 2
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.15
"Any Video Converter_is1" = Any Video Converter 3.2.3
"Avira AntiVir Desktop" = Avira Free Antivirus
"Capture NX 2" = Capture NX 2
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.8
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.11.923
"Google Updater" = Google Updater
"HappyFoto-Designer_is1" = HappyFoto-Designer 4.4
"HP PSC 1200 Series" = HP Foto und Bildbearbeitung 2.0 - hp psc 1200 series
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"Juniper_Setup_Client Activex Control" = Juniper Networks Setup Client Activex Control
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PROPLUS" = Microsoft Office Professional Plus 2007
"RealPlayer 15.0" = RealPlayer
"Recuva" = Recuva (remove only)
"Scan2PDF_is1" = Scan2PDF 1.6
"Totalcmd" = Total Commander (Remove or Repair)
"Uninstall_is1" = Uninstall 1.0.0.1
"WashAndGo_is1" = WashAndGo
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinRAR archiver" = WinRAR
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-472644794-2526785944-1122528246-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Juniper_Setup_Client" = Juniper Networks Setup Client
"System Progressive Protection" = System Progressive Protection
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 30.12.2012 04:02:06 | Computer Name = ***** | Source = WinMgmt | ID = 10
Description =
Error - 30.12.2012 04:41:14 | Computer Name = ***** | Source = RasClient | ID = 20227
Description =
Error - 30.12.2012 04:43:54 | Computer Name = ***** | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Users\Administrator\Downloads\esetsmartinstaller_enu.exe".
 Fehler in Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion.
Die
 widersprüchlichen Komponenten sind:  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.
Error - 30.12.2012 05:46:12 | Computer Name = ***** | Source = WinMgmt | ID = 10
Description =
Error - 30.12.2012 06:12:54 | Computer Name = ***** | Source = Application Hang | ID = 1002
Description = Programm mmc.exe, Version 6.0.6002.18005 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: ef4  Anfangszeit: 01cde67576027632  Zeitpunkt der Beendigung:
 7
Error - 30.12.2012 17:34:08 | Computer Name = ***** | Source = WinMgmt | ID = 10
Description =
Error - 31.12.2012 03:37:12 | Computer Name = ***** | Source = WinMgmt | ID = 10
Description = 
Error - 31.12.2012 03:39:01 | Computer Name = ***** | Source = MsiInstaller | ID = 11609
Description =
Error - 31.12.2012 11:53:31 | Computer Name = ***** | Source = Application Hang | ID = 1002
Description = Programm OTL.exe, Version 3.2.69.0 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: 15bc  Anfangszeit: 01cde76e001decd0  Zeitpunkt der Beendigung:
 4
Error - 01.01.2013 04:46:14 | Computer Name = ***** | Source = WinMgmt | ID = 10
Description =
[ Media Center Events ]
Error - 14.03.2009 01:29:46 | Computer Name = ***** | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.SqmFlushSession failed;
 Win32 GetLastError returned 0D  Prozess: DefaultDomain Objektname: Media Center Guide
Error - 14.03.2009 01:34:46 | Computer Name = ***** | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.SqmFlushSession failed;
 Win32 GetLastError returned 0D  Prozess: DefaultDomain Objektname: Media Center Guide
[ OSession Events ]
Error - 25.05.2010 15:15:14 | Computer Name = ***** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 356
 seconds with 60 seconds of active time.  This session ended with a crash.
Error - 29.09.2012 14:17:25 | Computer Name = ***** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 81
 seconds with 60 seconds of active time.  This session ended with a crash.
[ System Events ]
Error - 31.12.2012 07:10:57 | Computer Name = ***** | Source = disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk1\DR1.
Error - 31.12.2012 07:11:23 | Computer Name = ***** | Source = disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk1\DR1.
Error - 31.12.2012 07:11:45 | Computer Name = ***** | Source = disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk1\DR1.
Error - 31.12.2012 07:11:48 | Computer Name = ***** | Source = disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk1\DR1.
Error - 31.12.2012 07:12:10 | Computer Name = ***** | Source = disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk1\DR1.
Error - 01.01.2013 04:45:54 | Computer Name = ***** | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.4 für die Netzwerkkarte mit der Netzwerkadresse
 0021855A4BA2 wurde durch den DHCP-Server 0.0.0.0 abgelehnt (der DHCP-Server hat
 eine DHCPNACK-Meldung gesendet).
Error - 01.01.2013 04:46:14 | Computer Name = ***** | Source = Service Control Manager | ID = 7000
Description =
Error - 01.01.2013 04:46:25 | Computer Name = ***** | Source = Service Control Manager | ID = 7026
Description =
Error - 01.01.2013 04:48:40 | Computer Name = ***** | Source = Service Control Manager | ID = 7041
Description =
Error - 01.01.2013 04:48:40 | Computer Name = ***** | Source = Service Control Manager | ID = 7000
Description =
< End of report >

Amadeus_2 01.01.2013 11:38
3) Extra OTL Logfile ist zu lange, bekomme Fehlermeldung:-(:
Der Text, den Sie eingegeben haben, besteht aus 121231 Zeichen und ist damit zu lang. Bitte kürzen Sie den Text auf die maximale Länge von 120000 Zeichen.

Kann ich auch als Archiv nicht anhängen > da Datei zu groß????

Hoppala, jetzt wurde der ExtraOTL Logfile doch übernommen?!?!

Noch eine Frage hätte ich: Soll oder kann ich die von Dir empfohlenen und installierten Programm wieder deinstallieren?
1) Mbar
2) aswMBR
3) Tdsskiller
4) adwcleaner
5) OTL

Vielen Dank für Deine Hilfe! Ich hoffe das verbleibende versteckte Objekt sendet keine Mails mehr aus. Andernfalls darf ich mich wieder bei Dir melden.

Eine kleine finanzielle Zuwendung werde ich Dir überweisen.

cosinus 02.01.2013 10:53
Das Lösch-Log vom adwCleaner fehlt

Amadeus_2 02.01.2013 11:40
Ist das nicht der Logfile den ich am 31.12. um 16:42 gepostet habe?

cosinus 02.01.2013 15:19
Nein das ist nur das Suchlog. Bitte die Anleitungen richtig lesen und umsetzen

Amadeus_2 03.01.2013 11:14
OK, da hab ich wirklich etwas überlesen (suchen und löschen - die beiden Postings sahen so gleich aus) - verzeihung!

Nachfolgend nun der Löschlogs:
Code:
# AdwCleaner v2.104 - Datei am 03/01/2013 um 11:04:17 erstellt
# Aktualisiert am 29/12/2012 von Xplode
# Betriebssystem : Windows (TM) Vista Ultimate Service Pack 2 (64 bits)
# Benutzer : Administrator - ADMIN-01
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Administrator\Desktop\adwcleaner(1).exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.6001.19393

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v17.0.1 (de)

Datei : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\8ajrspos.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [25296 octets] - [29/12/2012 17:18:43]
AdwCleaner[R2].txt - [25357 octets] - [29/12/2012 17:23:02]
AdwCleaner[R3].txt - [1890 octets] - [29/12/2012 18:42:47]
AdwCleaner[R4].txt - [1185 octets] - [29/12/2012 18:47:57]
AdwCleaner[R5].txt - [1379 octets] - [31/12/2012 16:41:15]
AdwCleaner[R6].txt - [1439 octets] - [31/12/2012 16:44:40]
AdwCleaner[R7].txt - [1499 octets] - [03/01/2013 11:03:29]
AdwCleaner[S1].txt - [24889 octets] - [29/12/2012 17:24:47]
AdwCleaner[S2].txt - [1958 octets] - [29/12/2012 18:44:16]
AdwCleaner[S4].txt - [1432 octets] - [03/01/2013 11:04:17]

########## EOF - C:\AdwCleaner[S4].txt - [1492 octets] ##########
:abklatsch:

cosinus 03.01.2013 12:35
Eine neue Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in CODE-Tags in den Thread.

Amadeus_2 04.01.2013 12:23
Bitte sehr - OTL Logfile:

Code:
OTL logfile created on: 04.01.2013 12:09:30 - Run 3
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Administrator\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19393)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,94 Gb Total Physical Memory | 2,15 Gb Available Physical Memory | 54,74% Memory free
8,07 Gb Paging File | 6,15 Gb Available in Paging File | 76,14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,66 Gb Total Space | 17,43 Gb Free Space | 17,85% Space Free | Partition Type: NTFS
Drive D: | 97,66 Gb Total Space | 94,82 Gb Free Space | 97,10% Space Free | Partition Type: NTFS
Drive F: | 172,79 Gb Total Space | 25,26 Gb Free Space | 14,62% Space Free | Partition Type: NTFS
Drive M: | 97,66 Gb Total Space | 83,12 Gb Free Space | 85,12% Space Free | Partition Type: NTFS
Drive N: | 465,65 Gb Total Space | 112,10 Gb Free Space | 24,07% Space Free | Partition Type: FAT32
 
Computer Name: ADMIN-01 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Administrator\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
PRC - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
PRC - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\adaaf894878905f022f824b84fcd59a8\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\38e2909de0b5e7887b46dd28725ba718\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\0e5254a1a3d59b3a037029e5af1bd32b\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\aebb94e0eea9c39ec18a7915a711f621\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\7c8bffb6e42a248341d7821a8464ef0b\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74fade4c3e490c62af3d60742fb078a\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\dfe6e22159d3f5bf61b5bfe1da6f2758\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\46215c6276fca8ba6b8a765dfa384c73\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\ecbb113bbad9034fa8385c15f73fb4cf\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\14d2241be401f66cc1898dc5dc383b80\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\e10bbd79027aa4c1ca8950b78fd640d4\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\a8dfd1388afc0a50f39f9e1dc7ecd45c\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\c63fe1e324904c893d2a5d02f0783658\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\379599837ade465016dd5d96798b2766\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\dbc34d53e1fbedabecd201fe4f264961\mscorlib.ni.dll ()
MOD - C:\Users\Administrator\AppData\Local\Temp\fbe2808e-2380-4f14-a1fa-3fa9c3a364e8\CliSecureRT.dll ()
MOD - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE File not found
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service 64) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (NMSAccessU) -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe ()
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\DRIVERS\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\DRIVERS\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\DRIVERS\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\DRIVERS\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\DRIVERS\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\Drivers\sptd.sys ()
DRV:64bit: - (adfs) -- C:\Windows\SysNative\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (dgderdrv) -- C:\Windows\SysWOW64\drivers\dgderdrv.sys (Devguru Co., Ltd)
DRV - (AFS) -- C:\Windows\SysWow64\drivers\AFS.SYS (Oak Technology Inc.)
DRV - (adfs) -- C:\Windows\SysWow64\drivers\adfs.sys (Adobe Systems, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-472644794-2526785944-1122528246-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.gmx.at/
IE - HKU\S-1-5-21-472644794-2526785944-1122528246-500\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found
IE - HKU\S-1-5-21-472644794-2526785944-1122528246-500\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-472644794-2526785944-1122528246-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-472644794-2526785944-1122528246-500\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GPEA_de
IE - HKU\S-1-5-21-472644794-2526785944-1122528246-500\..\SearchScopes\Plasmoo: "URL" = hxxp://plasmoo.com/index.htm?SearchMashine=true&q={searchTerms}
IE - HKU\S-1-5-21-472644794-2526785944-1122528246-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.gmx.at/"
FF - prefs.js..extensions.enabledAddons: %7B9AA46F4F-4DC7-4c06-97AF-5035170634FE%7D:5.0.3
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.12
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0035-ABCDEFFEDCBA%7D:6.0.35
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0037-ABCDEFFEDCBA%7D:6.0.37
FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.9
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 44
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:4.01
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: engine@plasmoo.com:1.0.0.32
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8153
FF - prefs.js..extensions.enabledItems: {22C7F6C6-8D67-4534-92B5-529A0EC09405}:6.8.0.1073
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.05.24 20:32:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.05.24 20:32:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.10 17:49:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.10 17:49:36 | 000,000,000 | ---D | M]
 
[2009.02.10 21:44:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Extensions
[2012.12.29 18:46:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\8ajrspos.default\extensions
[2010.04.28 04:53:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\8ajrspos.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.11.22 16:59:08 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\8ajrspos.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009.09.12 10:03:28 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\8ajrspos.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2012.12.07 15:26:44 | 000,109,804 | ---- | M] () (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\firefox\profiles\8ajrspos.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi
[2012.12.12 15:43:24 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\firefox\profiles\8ajrspos.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2012.12.10 17:49:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.12.10 17:49:35 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.12.10 17:49:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}
[2012.12.10 17:49:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012.12.10 17:49:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2012.12.10 17:49:39 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.05.24 20:31:36 | 000,129,144 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll
[2011.11.05 04:38:54 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.02 16:29:48 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.11.05 04:38:54 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.11.05 04:38:54 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.11.05 04:38:54 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.11.05 04:38:54 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.02.10 21:34:52 | 000,001,239 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7529.1424\swg64.dll (Google Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-45
O3:64bit: - HKU\S-1-5-21-472644794-2526785944-1122528246-500\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-472644794-2526785944-1122528246-500..\Run: [AdobeBridge]  File not found
O4 - HKU\S-1-5-21-472644794-2526785944-1122528246-500..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup File not found
O4 - HKU\S-1-5-21-472644794-2526785944-1122528246-500..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKU\S-1-5-21-472644794-2526785944-1122528246-500..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O4 - HKU\S-1-5-21-472644794-2526785944-1122528246-500..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Administrator\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\S-1-5-21-472644794-2526785944-1122528246-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-472644794-2526785944-1122528246-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Administrator\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Administrator\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8ECEAD05-223A-4076-9A40-137437408446}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{6729c238-cd5f-11df-8b8a-0021855a4ba2}\Shell - "" = AutoRun
O33 - MountPoints2\{6729c238-cd5f-11df-8b8a-0021855a4ba2}\Shell\AutoRun\command - "" = O:\LaunchU3.exe -a
O33 - MountPoints2\{79e056a4-9e62-11e0-951e-0021855a4ba2}\Shell - "" = AutoRun
O33 - MountPoints2\{79e056a4-9e62-11e0-951e-0021855a4ba2}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.12.31 16:45:31 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2012.12.31 15:59:32 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Administrator\Desktop\tdsskiller.exe
[2012.12.31 15:41:02 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Administrator\Desktop\aswMBR.exe
[2012.12.30 11:00:15 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Drivers HeadQuarters
[2012.12.30 09:43:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.12.29 17:42:21 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Malwarebytes
[2012.12.29 17:42:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.12.29 17:31:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dropbox
[2012.12.21 17:29:19 | 000,368,128 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012.12.21 17:29:19 | 000,293,376 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012.12.21 17:29:19 | 000,048,128 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012.12.21 17:29:19 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012.12.12 16:21:52 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys
[2012.12.12 16:21:52 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll
[2012.12.12 16:21:48 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winusb.dll
[2012.12.12 16:21:46 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll
[2012.12.12 16:21:46 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe
[2012.12.12 16:21:46 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll
[2012.12.12 16:21:46 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll
[2012.12.12 15:51:57 | 001,210,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012.12.12 15:51:49 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.12.12 15:51:48 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.12.12 15:51:48 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2012.12.12 15:51:47 | 001,538,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.12.12 15:51:47 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.12.12 15:51:47 | 000,479,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012.12.12 15:51:47 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012.12.12 15:51:47 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012.12.12 15:51:47 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.12.12 15:51:47 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2012.12.12 15:51:47 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012.12.12 15:51:47 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2012.12.12 15:51:47 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.12.12 15:51:47 | 000,162,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.12.12 15:51:47 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.12.12 15:51:47 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2012.12.12 15:51:47 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2012.12.12 15:51:47 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.12.12 15:51:47 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.12.12 15:51:47 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2012.12.12 15:51:47 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2012.12.12 15:51:47 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2012.12.12 15:51:47 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2012.12.12 15:51:47 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.12.12 15:51:47 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012.12.12 15:51:47 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2012.12.12 15:51:47 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012.12.12 15:51:47 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012.12.12 15:51:47 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012.12.12 15:51:33 | 000,477,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll
[2012.12.12 15:51:33 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll
[2012.12.12 15:51:33 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnathlp.dll
[2012.12.12 15:51:33 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnsvr.exe
[2012.12.12 15:51:33 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnsvr.exe
[2012.12.10 17:49:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.12.05 19:49:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.12.05 19:49:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.04 12:09:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.01.04 11:52:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.01.04 11:39:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.01.04 11:39:00 | 000,000,408 | ---- | M] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_Administrator.job
[2013.01.04 11:37:57 | 000,003,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.04 11:37:57 | 000,003,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.04 11:37:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.04 10:12:29 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013.01.03 15:58:42 | 001,513,904 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.01.03 15:58:42 | 000,654,132 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.01.03 15:58:42 | 000,619,120 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.01.03 15:58:42 | 000,136,012 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.01.03 15:58:42 | 000,112,732 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.01.01 11:14:06 | 000,002,655 | ---- | M] () -- C:\Users\Administrator\Desktop\Microsoft Office Word 2007.lnk
[2012.12.31 16:45:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2012.12.31 16:40:25 | 000,551,997 | ---- | M] () -- C:\Users\Administrator\Desktop\adwcleaner(1).exe
[2012.12.31 15:59:37 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Administrator\Desktop\tdsskiller.exe
[2012.12.31 15:41:59 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Administrator\Desktop\aswMBR.exe
[2012.12.31 15:14:41 | 013,652,346 | ---- | M] () -- C:\Users\Administrator\Desktop\mbar-1.01.0.1011.zip
[2012.12.31 14:01:00 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012.12.29 17:32:10 | 000,000,959 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.12.29 17:31:34 | 000,000,943 | ---- | M] () -- C:\Users\Administrator\Desktop\Dropbox.lnk
[2012.12.27 08:08:01 | 000,000,398 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateXML_Administrator.job
[2012.12.24 15:47:42 | 000,000,466 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012.12.22 11:18:12 | 000,000,402 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateFiles_Administrator.job
[2012.12.21 17:33:47 | 002,988,304 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.12.16 14:31:20 | 000,048,128 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012.12.16 14:12:54 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012.12.16 12:08:21 | 000,368,128 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012.12.16 11:50:29 | 000,293,376 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012.12.14 18:37:36 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.12.14 18:37:36 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.12.11 19:09:39 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.12.11 19:09:39 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.12.05 19:49:04 | 000,001,892 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
 
========== Files Created - No Company Name ==========
 
[2012.12.31 16:40:19 | 000,551,997 | ---- | C] () -- C:\Users\Administrator\Desktop\adwcleaner(1).exe
[2012.12.31 14:45:14 | 013,652,346 | ---- | C] () -- C:\Users\Administrator\Desktop\mbar-1.01.0.1011.zip
[2012.12.22 08:05:23 | 000,000,408 | ---- | C] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_Administrator.job
[2012.12.22 08:04:40 | 000,000,402 | ---- | C] () -- C:\Windows\tasks\ReclaimerUpdateFiles_Administrator.job
[2012.12.22 08:04:37 | 000,000,398 | ---- | C] () -- C:\Windows\tasks\ReclaimerUpdateXML_Administrator.job
[2012.12.12 16:21:59 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012.12.12 16:21:59 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012.12.05 19:49:04 | 000,001,892 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.11.30 18:54:13 | 000,000,466 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012.07.30 13:16:20 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012.07.30 13:16:18 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012.07.30 13:16:18 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012.07.30 13:16:18 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012.07.30 13:16:18 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012.06.10 07:15:37 | 000,000,218 | ---- | C] () -- C:\Users\Administrator\.recently-used.xbel
[2011.12.04 10:56:28 | 000,004,930 | ---- | C] () -- C:\ProgramData\qjaxlkio.dss
[2010.12.13 20:56:32 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Dynamic Library
[2010.12.13 20:56:32 | 000,000,268 | RH-- | C] () -- C:\Users\Administrator\AppData\Roaming\Documentation
[2010.12.13 20:56:32 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLck.DAT
[2010.12.13 20:56:26 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Echo
[2010.12.13 20:56:26 | 000,000,268 | RH-- | C] () -- C:\Users\Administrator\AppData\Roaming\Documents
[2010.12.13 20:53:33 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLbx.DAT
[2010.12.08 10:45:01 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Audio
[2010.12.08 10:45:01 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Applications
[2010.12.08 10:45:01 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Application Support
[2010.12.08 10:45:01 | 000,000,268 | RH-- | C] () -- C:\Users\Administrator\AppData\Roaming\Applause and Laugher
[2010.12.08 10:45:01 | 000,000,268 | RH-- | C] () -- C:\Users\Administrator\AppData\Roaming\Animals
[2010.12.08 10:45:01 | 000,000,268 | RH-- | C] () -- C:\Users\Administrator\AppData\Roaming\Analog Sync
[2010.12.08 10:45:01 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2010.12.08 10:45:01 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2010.12.08 10:45:00 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2009.10.08 20:19:15 | 000,000,101 | ---- | C] () -- C:\Users\Administrator\AppData\Local\fusioncache.dat
[2009.05.29 07:35:04 | 000,000,000 | -H-- | C] () -- C:\Users\Administrator\hpothb07.tif
[2009.05.29 07:35:04 | 000,000,000 | -H-- | C] () -- C:\Users\Administrator\hpothb07.dat
[2009.03.08 15:56:44 | 000,025,773 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\UserTile.png
[2009.02.12 18:16:05 | 000,071,168 | ---- | C] () -- C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.02.11 19:34:12 | 001,873,691 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\mdbu.bin
[2009.02.11 02:16:57 | 000,000,732 | ---- | C] () -- C:\Users\Administrator\AppData\Local\d3d9caps64.dat
[2007.06.19 15:25:08 | 000,000,022 | ---- | C] () -- C:\ProgramData\60a7806a-0eea-424c-a464-20f4730cd631
 
========== ZeroAccess Check ==========
 
[2010.09.01 18:57:50 | 000,003,068 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-472644794-2526785944-1122528246-500\$RIU0OQE._msige52\program files\Google\Google Earth\client\res\paddle\l.png
[2010.09.01 18:57:50 | 000,003,210 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-472644794-2526785944-1122528246-500\$RIU0OQE._msige52\program files\Google\Google Earth\client\res\paddle\n.png
[2010.09.01 18:57:51 | 000,003,206 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-472644794-2526785944-1122528246-500\$RIU0OQE._msige52\program files\Google\Google Earth\client\res\paddle\u.png
[2010.09.01 18:57:50 | 000,003,068 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-472644794-2526785944-1122528246-500\$RIU0OQE._msige52\program files\Google\Google Earth\plugin\res\paddle\l.png
[2010.09.01 18:57:50 | 000,003,210 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-472644794-2526785944-1122528246-500\$RIU0OQE._msige52\program files\Google\Google Earth\plugin\res\paddle\n.png
[2010.09.01 18:57:51 | 000,003,206 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-472644794-2526785944-1122528246-500\$RIU0OQE._msige52\program files\Google\Google Earth\plugin\res\paddle\u.png
[2006.11.02 16:29:43 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.08 18:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.04.11 08:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008.01.21 03:50:01 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.09.16 10:36:30 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Amazon
[2011.05.17 20:31:07 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\AnvSoft
[2009.02.10 21:40:26 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Canneverbe_Limited
[2009.02.10 20:08:54 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DAEMON Tools
[2009.02.10 20:12:06 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DAEMON Tools Lite
[2009.02.10 20:08:54 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DAEMON Tools Pro
[2010.12.20 20:10:01 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DirektFotoSystem3
[2013.01.04 11:40:15 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Dropbox
[2011.10.09 09:41:41 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DVDVideoSoft
[2011.01.20 22:19:10 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DVDVideoSoftIEHelpers
[2009.10.08 20:19:19 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Funkelsteine 3 Sprachbuch
[2010.03.16 21:45:12 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\GHISLER
[2011.06.26 06:12:22 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\go
[2011.10.21 15:19:41 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\gtk-2.0
[2009.05.07 15:37:55 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\HDRsoft
[2010.01.11 19:16:44 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Juniper Networks
[2009.09.15 20:06:56 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Lesikus
[2011.12.04 11:49:23 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\MOVAVI
[2010.12.13 20:56:33 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Nikon
[2009.03.08 15:56:44 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\PeerNetworking
[2009.03.28 07:58:37 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\RTPlayer
[2011.12.26 19:19:18 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\SaalDesignSoftware
[2012.09.29 19:54:23 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Samsung
[2011.10.21 16:20:00 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Scan2PDF
[2012.11.30 01:05:11 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TestApp
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:A5B56640
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >
Leider den Extra Logfile wurde nicht geöffnet. Wo könnte der liegen?

cosinus 04.01.2013 12:43
Code:
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
Seh ich ja jetzt erst! :stirn:

Sry aber das zwingt mich dich zu :twak:

:pfui:

Siehe auch => http://www.trojaner-board.de/95393-c...-software.html

Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support ohne jegliche Diskussion beenden.

Cracks/Keygens sind zu 99,9% gefährliche Schädlinge, mit denen man nicht spaßen sollte. Ausserdem sind diese illegal und wir unterstützen die Verwendung von geklauter Software nicht. Somit beschränkt sich der Support auf Anleitung zur kompletten Neuinstallation!!

Dass illegale Cracks und Keygens im Wesentlichen dazu dienen, Malware zu verbreiten ist kein Geheimnis und muss jedem klar sein!


In Zukunft Finger weg von: Softonic, Registry-Bereinigern und illegalem Zeugs Cracks/Keygens/Serials

Amadeus_2 04.01.2013 12:56
Hmm?!
Bin gerne bereit mich schelten zu lassen, wenn ich mir irgendeiner Schuld bewusst wäre. Ich habe zu keiner Zeit ein Programm illegal erworben oder installiert. Ich habe diesen Computer jetzt seit ca 4 Jahren, verwende ihn zu keinen Spielen oder sonst irgendwelchen "besonderen" Dingen. Ich brauche ihn nur zu meinem Hobby, dem Fotoverwalten und Fotobearbeiten, hauptsächlich mit Gimp.
Eins kann sein, dass ich den Computer damals nicht neu erworben habe, sondern von einem Arbeitskollegen, da war er ca 3 Monate alt.
Bin aber gerne bereit solche Programm zu löschen!!!!!!!!!!!!

cosinus 04.01.2013 13:23
Und du hast diesen Rechner einfach so übernommen ohne ihn neu zu installieren? :confused:
Sieht man ja immer wieder was für ein Müll damit angestellt wird und der nächste Besitzer/User sitzt ahnungslos an einer durch Raubkopien vermurksten Kiste. :balla: :(


Alle Zeitangaben in WEZ +1. Es ist jetzt 22:43 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131