Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Computer gesperrt GVU Trojaner (https://www.trojaner-board.de/129286-computer-gesperrt-gvu-trojaner.html)

craphere 10.01.2013 15:12
Computer gesperrt GVU Trojaner
 
Hier die dateien, hoffenlich bekomme ich schnelle hilfe :)

Schritt 1 ausgeführt

hier Schritt 2-3
Schritt 2 :
OTL Logfile:
Code:
OTL logfile created on: 10.01.2013 14:36:36 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\DATA\Downloads
64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
15,98 Gb Total Physical Memory | 14,59 Gb Available Physical Memory | 91,33% Memory free
31,96 Gb Paging File | 30,67 Gb Available in Paging File | 95,97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 443,11 Gb Free Space | 47,57% Space Free | Partition Type: NTFS
Drive D: | 6,17 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: LUKASTOWER | User Name: Lukas | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.01.10 14:36:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\DATA\Downloads\OTL.exe
PRC - [2012.12.12 16:36:15 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe
PRC - [2012.08.30 20:22:31 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\DATA\Progamme\firefox.exe
PRC - [2012.08.30 20:22:30 | 000,016,864 | ---- | M] (Mozilla Corporation) -- C:\DATA\Progamme\plugin-container.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.12.12 16:36:14 | 014,586,296 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll
MOD - [2012.08.30 20:22:30 | 002,242,528 | ---- | M] () -- C:\DATA\Progamme\mozjs.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012.09.28 14:43:40 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2012.09.28 02:38:16 | 000,239,616 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.01.09 03:39:34 | 000,541,760 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.11.19 20:17:25 | 000,076,888 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.11.09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.08.30 20:22:30 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011.03.22 09:37:16 | 000,497,480 | ---- | M] (Splashtop Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe -- (WCUService_STC_IE)
SRV - [2010.09.02 16:01:36 | 000,125,216 | ---- | M] (DeviceVM, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\DeviceVM\SmartView\SmartViewService.exe -- (SmartViewService)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - File not found [Kernel | Auto | Stopped] -- C:\Program Files\ATI\ATI.ACE\Fuel\amd64\AODDriver2.sys -- (AODDriver4.01)
DRV:64bit: - [2012.10.13 20:56:59 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012.09.28 03:21:20 | 010,697,216 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.09.28 02:12:52 | 000,460,288 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.05.14 07:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012.04.25 18:08:02 | 000,031,808 | ---- | M] (FNet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\FNETTBOH_305.SYS -- (FNETTBOH_305)
DRV:64bit: - [2012.04.24 22:28:28 | 000,015,936 | ---- | M] (FNet Co., Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\FNETURPX.SYS -- (FNETURPX)
DRV:64bit: - [2012.04.09 09:13:58 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys -- (AODDriver4.2)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.15 10:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.05.10 15:28:48 | 000,017,192 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\AsrAppCharger.sys -- (AsrAppCharger)
DRV:64bit: - [2011.04.21 19:17:04 | 000,471,144 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.04 15:00:14 | 000,390,632 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011.03.04 15:00:14 | 000,126,952 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.02.18 08:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009.11.18 00:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt)
DRV:64bit: - [2009.10.19 13:45:54 | 000,039,480 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 94 9F C9 A7 34 EF CD 01  [binary data]
IE - HKCU\..\URLSearchHook: {0F3DC9E0-C459-4a40-BCF8-747BD9322E10} - C:\Program Files (x86)\DeviceVM\SmartView\AddressBarSearch.dll (DeviceVM, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=ASRK
IE - HKCU\..\SearchScopes\{DCC4C677-CE06-41d8-811B-BA49DA2D36CF}: "URL" = hxxp://www.google.com/cse?cx=partner-pub-3794288947762788%3A6976579318&ie=UTF-8&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A6976579318&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.facebook.com/?ref=logo"
FF - prefs.js..extensions.enabledAddons: battlefieldplay4free@ea.com:1.0.80.2
FF - prefs.js..extensions.enabledAddons: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.3.1
FF - prefs.js..extensions.enabledAddons: ich@maltegoetz.de:1.4.3
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\DATA\Progamme\itunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.2: C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\DATA\Progamme\components [2012.08.30 20:22:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\DATA\Progamme\plugins
 
[2012.04.24 22:45:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lukas\AppData\Roaming\mozilla\Extensions
[2012.12.12 17:53:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lukas\AppData\Roaming\mozilla\Firefox\Profiles\1zop6hfg.default\extensions
[2012.09.20 21:50:28 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\Lukas\AppData\Roaming\mozilla\Firefox\Profiles\1zop6hfg.default\extensions\battlefieldplay4free@ea.com
[2012.12.12 17:52:20 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Lukas\AppData\Roaming\mozilla\Firefox\Profiles\1zop6hfg.default\extensions\ich@maltegoetz.de
[2012.12.08 21:39:45 | 000,269,905 | ---- | M] () (No name found) -- C:\Users\Lukas\AppData\Roaming\mozilla\firefox\profiles\1zop6hfg.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (SmartView VisualBookmark) - {0E5680D1-BF44-4929-94AF-FD30D784AD1D} - C:\Program Files (x86)\DeviceVM\SmartView\SmartView.dll (DeviceVM, Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [SmartViewAgent] C:\Program Files (x86)\DeviceVM\SmartView\SmartViewAgent.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [ToUcamVProperty] C:\PROGRA~2\PHILIP~1\VProperty.exe File not found
O4 - HKLM..\Run: [XFastUsb] C:\Program Files (x86)\XFastUsb\XFastUsb.exe (FNet Co., Ltd.)
O4 - HKCU..\Run: [ASRockXTU]  File not found
O4 - HKCU..\Run: [Steam] C:\DATA\Progamme\Steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [zASRockInstantBoot]  File not found
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6BB66921-147F-41AE-9B7A-825D2BD2F90D}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{69b90abb-136f-11e2-8110-bc5ff41ef57a}\Shell - "" = AutoRun
O33 - MountPoints2\{69b90abb-136f-11e2-8110-bc5ff41ef57a}\Shell\AutoRun\command - "" = E:\SETUP.EXE -autorun
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.10 14:19:01 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\Programs
[2013.01.09 03:25:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AC Tool
[2013.01.07 10:43:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013.01.07 10:42:58 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013.01.07 10:42:57 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013.01.07 10:42:57 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2012.12.24 11:00:32 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Roaming\ts3overlay_hook_win64
[2012.12.16 22:11:51 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Roaming\.minecraft
[2012.12.16 16:43:54 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Roaming\rigonauts
[2012.12.12 17:49:59 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.12.12 16:47:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012.12.12 16:47:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.12.12 16:47:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012.12.12 16:40:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2012.12.12 16:39:44 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2012.12.12 16:39:44 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2012.12.12 16:39:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
[2012.12.12 16:39:34 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\HP
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.10 14:36:05 | 000,000,168 | ---- | M] () -- C:\Users\Lukas\defogger_reenable
[2013.01.10 14:19:10 | 000,001,118 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.01.10 14:18:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.10 14:18:12 | 4278,960,126 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.10 14:16:08 | 000,002,889 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.js
[2013.01.10 08:58:35 | 000,016,352 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.10 08:58:35 | 000,016,352 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.10 08:46:48 | 000,001,412 | ---- | M] () -- C:\Users\Lukas\Desktop\Games.lnk
[2013.01.09 03:25:46 | 000,000,997 | ---- | M] () -- C:\Users\Lukas\Desktop\ACTool.exe - Verknüpfung.lnk
[2013.01.07 10:43:16 | 000,001,701 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.01.03 16:55:42 | 008,538,422 | ---- | M] () -- C:\Users\Lukas\Desktop\PEET VBT SPLASH! 2012 INSTRUMENTALS -Achtelfinale - Splifftastic (vs. Smoke T) 99BPM.mp3
[2012.12.26 10:19:20 | 000,065,024 | ---- | M] () -- C:\Users\Lukas\Desktop\Elite 1.9.39.exe
[2012.12.20 16:42:34 | 001,642,216 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.12.20 16:42:34 | 000,707,316 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.12.20 16:42:34 | 000,660,934 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.12.20 16:42:34 | 000,152,908 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.12.20 16:42:34 | 000,125,124 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.12.17 16:57:45 | 000,272,568 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.12.12 16:39:42 | 000,000,057 | ---- | M] () -- C:\ProgramData\Ament.ini
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.01.10 14:36:05 | 000,000,168 | ---- | C] () -- C:\Users\Lukas\defogger_reenable
[2013.01.10 14:19:10 | 000,001,118 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.01.10 14:16:08 | 000,002,889 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.js
[2013.01.09 03:25:46 | 000,000,997 | ---- | C] () -- C:\Users\Lukas\Desktop\ACTool.exe - Verknüpfung.lnk
[2013.01.07 10:43:16 | 000,001,701 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.01.03 18:23:31 | 008,538,422 | ---- | C] () -- C:\Users\Lukas\Desktop\PEET VBT SPLASH! 2012 INSTRUMENTALS -Achtelfinale - Splifftastic (vs. Smoke T) 99BPM.mp3
[2012.12.28 02:50:54 | 000,065,024 | ---- | C] () -- C:\Users\Lukas\Desktop\Elite 1.9.39.exe
[2012.12.16 16:40:03 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012.12.16 16:38:37 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012.12.14 15:42:46 | 000,001,412 | ---- | C] () -- C:\Users\Lukas\Desktop\Games.lnk
[2012.12.13 06:33:28 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2012.12.12 16:39:42 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012.12.10 23:03:10 | 000,010,113 | ---- | C] () -- C:\Users\Lukas\AppData\Local\recently-used.xbel
[2012.10.13 20:58:38 | 000,045,568 | ---- | C] () -- C:\Windows\UniFish3.exe
[2012.10.11 13:21:55 | 000,008,192 | ---- | C] () -- C:\Windows\d3dx.dat
[2012.09.07 05:16:49 | 000,000,093 | ---- | C] () -- C:\Users\Lukas\AppData\Local\fusioncache.dat
[2012.09.07 05:13:48 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2012.08.01 19:26:03 | 000,004,906 | ---- | C] () -- C:\ProgramData\gvpgdylr.gft
[2012.05.02 13:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.04.30 06:09:43 | 000,281,520 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.04.30 06:09:42 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.04.30 06:09:41 | 003,130,440 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_blr.exe
[2012.04.29 03:19:35 | 000,007,601 | ---- | C] () -- C:\Users\Lukas\AppData\Local\Resmon.ResmonCfg
[2012.04.25 17:31:21 | 001,668,578 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.04.24 22:34:08 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.04.24 22:17:36 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2012.04.06 02:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.04.06 02:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.12.16 22:12:52 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\.minecraft
[2012.08.24 16:59:47 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Awesomium
[2012.10.13 20:58:12 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\DAEMON Tools Lite
[2012.04.24 22:31:12 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\DeviceVm
[2012.04.26 18:15:25 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Hi-Rez Studios
[2012.08.17 16:46:59 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Kalypso Media
[2012.04.26 17:31:58 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\LolClient
[2012.05.25 12:34:35 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\LolClient2
[2012.07.10 17:02:20 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Need for Speed World
[2012.12.02 02:20:49 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Origin
[2012.12.16 16:43:54 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\rigonauts
[2012.07.31 20:09:19 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\RotMG.Production
[2013.01.03 19:08:00 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\TeamViewer
[2012.04.25 19:33:31 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\ts3overlay
[2012.12.24 11:39:52 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\ts3overlay_hook_win64
[2012.05.22 03:00:56 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\wargaming.net
[2012.09.04 21:21:41 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Waveform
[2012.10.13 00:11:08 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\xrecode2
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---


extras.txt
OTL Logfile:
Code:
OTL Extras logfile created on: 10.01.2013 14:36:36 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\DATA\Downloads
64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
15,98 Gb Total Physical Memory | 14,59 Gb Available Physical Memory | 91,33% Memory free
31,96 Gb Paging File | 30,67 Gb Available in Paging File | 95,97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 443,11 Gb Free Space | 47,57% Space Free | Partition Type: NTFS
Drive D: | 6,17 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: LUKASTOWER | User Name: Lukas | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\DATA\Progamme\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04DE2040-34F0-40BE-A349-D2304DF8F93A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1EC3EC63-5C89-4522-AD64-33DA747225EE}" = rport=10243 | protocol=6 | dir=out | app=system |
"{4853EA97-BA25-41DD-BECA-71AF0E6C6119}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4BB5EE3E-F1A2-4D2D-8885-3A6627CD50A0}" = lport=56905 | protocol=17 | dir=in | name=pando media booster |
"{68339B0E-C363-46FF-9A76-3ACA3033DDCA}" = lport=2869 | protocol=6 | dir=in | app=system |
"{84FD3E62-84F9-4768-A392-76DC02843D8E}" = lport=56905 | protocol=6 | dir=in | name=pando media booster |
"{85D01122-E2D1-456A-9AE0-D871164FAE0B}" = lport=10243 | protocol=6 | dir=in | app=system |
"{91A24CB9-9C3F-4F6E-9331-7458F3122C5B}" = lport=56905 | protocol=6 | dir=in | name=pando media booster |
"{C96E5E2B-6DA5-42B9-BE4D-27732E98519A}" = lport=56905 | protocol=17 | dir=in | name=pando media booster |
"{D9723B78-A2D7-4FA3-AFB3-F202CC595CCB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F127044F-B0D5-4C17-A222-B9DF56439FBF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F3AAB98C-7AD3-4FFE-A9B8-6C8A03701480}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FCF8AEA3-F82E-4C02-8AC3-DD010F7803AD}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0190B8F2-ECF6-49F0-A62E-87878CEF3EA7}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\mirrors edge\support\ea help\electronic_arts_technical_support.htm |
"{0203D484-2278-4668-9108-40394BD7C1E3}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{02BFE566-5BA0-43C3-B257-EEB4EECE265B}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\porsche12\counter-strike\hl.exe |
"{038AB480-DA16-4110-B38D-F76788B9C69C}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{03D2A100-FA27-4C92-BD6F-B8B392EBF675}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\the binding of isaac\isaac.exe |
"{0417E220-12F9-4232-AC3B-621EE77E5994}" = dir=in | app=c:\data\progamme\itunes\itunes.exe |
"{054CB269-90BE-45B7-8060-8466987D5D4D}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{067879F2-A7CC-488A-8B6F-00D28B21D4EA}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\rigonauts\rigonauts.exe |
"{08D27C94-92CF-4330-8FB9-B82126EB0BEE}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\realm of the mad god\realm of the mad god.exe |
"{0ADB434F-19E4-40E1-838E-E012C673E109}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{0E6308B6-2B2A-4DC9-9C0C-7F5DFE26ECFC}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\waveform\waveform.exe |
"{0EF77934-BE18-40E4-AF70-B71DF45E4C8E}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\torchlight ii\torchlight2.exe |
"{0F035D16-99B3-4C8C-B635-097FD84FE069}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\launcheflc.exe |
"{10749F9E-6C86-47AE-98BE-F057F52055C1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1131B5A3-3D4D-425A-956D-994979141F7E}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steam.exe |
"{12557F05-063E-4650-91F0-FFDE27DB96B2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{137C95E6-0315-4DAA-889A-AFCACD9D9242}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{147F09DA-8F37-4994-8E5E-C40D865B8234}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |
"{180DC147-ED24-46BC-9593-364FA9A1F979}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{19DE4522-2F79-4066-9C9D-AA5206E564F2}" = protocol=6 | dir=in | app=c:\data\progamme\battleforge\bootstrapper.exe |
"{1B3124DA-3C20-456D-9883-A3AA3E46AA40}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1B643765-5A40-4B2D-BCCF-9D60F30CBF80}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\gothic 3\gothic3.exe |
"{1DDF788D-D6B6-41C9-A41F-2D109E584F39}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{20681CEA-7C2F-4983-9C6F-C24DC303FFDA}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\borderlands\binaries\borderlands.exe |
"{24116389-180C-4F2B-836A-ADBA00ABAE9A}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\launcheflc.exe |
"{28248E69-2246-4A45-890F-06D359FAFD05}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\supermnc\binaries\win32\supermncgameclient.exe |
"{2A45CFE2-3CC4-4CC7-9743-029064974F0A}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\dota 2 beta\dota.exe |
"{2AC7AC05-005F-4106-989A-6BB679A3771F}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\metro 2033\metro2033.exe |
"{2E155F36-DBD8-4E3F-A597-471F9C4ED2E9}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\bunch of heroes\game.exe |
"{30169DE0-C222-4E60-BA97-58851833FF3D}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\dungeons\dungeonsstarter.exe |
"{3299061F-F72A-4736-9491-6B833C673B71}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\limbo\limbo.exe |
"{3418DB52-C718-426D-A61F-D4A560231DD3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{38E2D0B5-84D8-464A-8A01-DB6C83CB9699}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\castlecrashers\castle.exe |
"{3C79D155-5252-4A06-9EC8-380925769A39}" = dir=in | app=c:\program files\hp\hp deskjet 2050 j510 series\bin\usbsetup.exe |
"{3DCE2C08-3C37-4CF8-86A1-C34C65485A58}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\metro 2033\metro2033.exe |
"{40E7A826-61A8-41F6-A3F8-422F000498CE}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\gothic\system\gothic.exe |
"{41A8163C-2015-4731-A78A-2C44CE1FA73D}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\the binding of isaac\isaac.exe |
"{45C51373-81BC-467F-9ABA-3F46429619E4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4C0A4C31-1FB6-406D-80AE-34E78B0DE7F0}" = protocol=17 | dir=in | app=c:\data\progamme\battleforge\battleforge.exe |
"{4D32492B-85F0-419F-98EF-3CED400EE134}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{4D414EC4-2917-48C7-B4B1-D29A35350AEC}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\just cause 2\justcause2.exe |
"{4EF4BC53-C732-4424-9880-6C6A414F159F}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\dungeons\dungeonsstarter.exe |
"{51979352-BB4F-4D05-8381-7E1F773C49D2}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\borderlands\binaries\borderlands.exe |
"{53A62015-A753-44FA-8DF9-BD14CDBE854C}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\nexuiz\bin32\nexuiz.exe |
"{54DB65B3-B6D5-4B08-9F7F-4D2784AA0261}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\torchlight ii\torchlight2.exe |
"{59644C8C-284A-4CE6-BE2C-F3403281095B}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\bunch of heroes\keyconfig.exe |
"{5B81157B-186C-4B20-ABB8-40B2A8BE4FAB}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\global agenda live\binaries\launcherbin\hirezlauncherui.exe |
"{5C425B7A-7ED4-4286-A5B1-2C90BC2C7088}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{5CED1244-9D9B-4647-A008-9175C1383296}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\gothic ii\system\gothic2.exe |
"{5E6FB4E9-D0F5-4B1A-9AC2-9D7EC5C0550E}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\bunch of heroes\game.exe |
"{60CCCB52-274E-4246-B7B3-01E4995F2EE5}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\nexuiz\bin32\editor.exe |
"{6357F36D-D6BE-41FF-BBE6-C833B3B749F7}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{65A09951-2877-40EE-AB34-13DB08EC8EA8}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\killingfloor\system\killingfloor.exe |
"{67149AB3-EC03-4BB4-8AFE-2887498BA979}" = protocol=6 | dir=out | app=system |
"{6EA5A4FB-1833-45E7-A5FF-E304BAD43C4A}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\mirrors edge\binaries\mirrorsedge.exe |
"{6F792640-08EB-4F5C-A195-C5B981F4D879}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{71446CB9-715F-47B1-84D7-0BA6FF18357C}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\hunted\binaries\win32\hunted.exe |
"{7334230A-9E98-40D6-944C-2B87A3140A0F}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steam.exe |
"{78151A80-57E3-4CED-8B08-F07F3082EFCA}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\terraria\terraria.exe |
"{7AEE5DD1-D1B8-460B-B48A-50F8A724EEEE}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\hunted\binaries\win32\hunted.exe |
"{7E1FD1AB-BE88-4487-872B-FF2238DCD253}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\dungeons - the dark lord\dungeonsthedarklord.exe |
"{8E669FBA-0840-466A-8F81-776E9C66A280}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\global agenda live\binaries\launcherbin\hirezlauncherui.exe |
"{9132ACDF-4439-4353-9E31-ECCCFB4D7BE1}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\brink\brink.exe |
"{9564CCBD-D838-41BB-8FDA-41190B6032E3}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\gothic ii\system\gothic2.exe |
"{96A05312-06E3-4CCC-85D9-3A7E30A2B9B8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9C8D6F85-0ABF-43AF-9E77-5000B9FC12E8}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe |
"{9D43AFAE-E749-4A88-A059-39D5FAB2A77D}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\arcania gothic 4\arcania.exe |
"{A0AD4644-E593-4F5C-A68A-B55E64061EFB}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A205872A-79F9-4122-89CF-8C3138D67903}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\dungeons - the dark lord\dungeons-server.exe |
"{A3C546A1-9207-431D-8605-BABC8DDA09E4}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\arcania fall of setarrif\arcania addon.exe |
"{A517AB83-E68C-4C0B-B4E4-2FADB9F31202}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{A8097684-8BB1-44A8-9264-D041F27E54C0}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\mirrors edge\binaries\mirrorsedge.exe |
"{A852320D-D3E9-46D0-B8CA-BD5F6AA1A406}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\arcania fall of setarrif\arcania addon.exe |
"{A9B67152-2068-43EF-844C-21FA52FEF823}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A9F205D2-2667-47A7-A337-C70EDA5D83B7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{AAE565B2-B43F-4ED2-BD75-60563BA73C62}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\brink\brink.exe |
"{AB7E949A-865C-45F1-BFA7-A0026E550E4C}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\waveform\waveform.exe |
"{AF4E6237-6174-49D4-AB84-00A1F00E9751}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\gothic 3\gothic3.exe |
"{AFFF83BA-18B9-423C-BDC8-45AAAA4B8B2D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B1D270FD-7C67-49F1-8786-559713DBA08B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B2639FBF-8E3C-470F-BFFF-26E7E68E25A3}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{B4F60EED-E4E8-4FC7-8AE9-5BA0079EBA63}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{B63C5DD4-4D47-42EA-940B-8A5B5E5A49D3}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\nexuiz\bin32\editor.exe |
"{B6DAA123-779C-4814-86A4-1CAF3D326293}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B86D52AF-1113-4E8C-8B57-475161515252}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{BB972050-0565-40DF-B99D-8302EC06660F}" = protocol=6 | dir=in | app=c:\data\progamme\battleforge\battleforge.exe |
"{BC64734E-FA47-4E67-9F1F-F5DEBB53A39A}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\supermnc\binaries\win32\supermncgameclient.exe |
"{BC75740F-B164-4F46-8A23-3AC881B7307C}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{BFA063AC-45DC-48FD-852D-446503AF3645}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\bunch of heroes\keyconfig.exe |
"{C013A593-30F0-436C-9518-B03047118751}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\terraria\terraria.exe |
"{C3462BFA-0E31-4D16-A97B-E39D1742F6AF}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\homefront\binaries\homefront.exe |
"{C4234DE6-1929-4E60-8D21-3ECBA76CD9D1}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\hydrophobia\hydropc.exe |
"{C523D03E-8B25-431A-A625-367DF02A29A7}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\dungeons - the dark lord\dungeonsthedarklord.exe |
"{C56CEA91-0C44-45CD-97AA-EAAD93FEAB49}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{C5E36664-0A48-419D-9A1F-7E4648459085}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C6432406-826D-4BDB-B4F0-8A9544AFB8AB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C9B0AE29-6707-4088-850B-99A8D87F5A84}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\porsche12\garrysmod\hl2.exe |
"{CA93C3D4-3D5D-4B07-B913-7700F8403613}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\castlecrashers\castle.exe |
"{CBDB54C0-192D-46AB-9C24-15A5A8924C74}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\supermnc\uberlauncher.exe |
"{CDDAC86D-365A-4085-AB49-EB0380A238E8}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\dota 2 beta\dota.exe |
"{D27EDAF2-F702-424A-883D-7565FE729812}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\porsche12\counter-strike\hl.exe |
"{D3663536-245E-4BD0-886B-44C7955122A0}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\dungeons - the dark lord\dungeons-server.exe |
"{D79F4617-D2E4-4F69-B322-2E6601FE5C20}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\mirrors edge\support\ea help\electronic_arts_technical_support.htm |
"{DBCAC44A-F05E-4861-A3F5-3BE1E3619D36}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\rigonauts\rigonauts.exe |
"{DE2D95BA-6690-4B60-8090-606288D49D14}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\homefront\binaries\homefront.exe |
"{E1A1BF54-9009-4296-AEBB-02A190D3555F}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\just cause 2\justcause2.exe |
"{E22CB3E4-CCAD-48BD-84CC-BCA94A994B73}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{E4ACAEF2-CA5D-4C61-B8F6-07D666E2A9AB}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\limbo\limbo.exe |
"{E54A591E-AD3C-4F04-8F6E-49829A43A02E}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe |
"{E6A5DFB0-703E-47BF-A640-633A3B277E31}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |
"{E765D956-AD38-4AA3-970A-1A7141E3E688}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\killingfloor\system\killingfloor.exe |
"{E87DF3A5-37B2-4913-9CDC-0A8D45ED24DE}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\realm of the mad god\realm of the mad god.exe |
"{E8DF7E13-06ED-4EBA-9F00-2FC504A61F10}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E9442BAF-FB3A-46DB-933E-E6ACF91C5B64}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\nexuiz\bin32\nexuiz.exe |
"{EADAA737-9A9F-4CEC-A66F-0F7573FB7E78}" = protocol=17 | dir=in | app=c:\data\progamme\battleforge\bootstrapper.exe |
"{EBBFE10F-47AB-4961-97DE-FBF094143189}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{EC7ECCD9-DAB8-4B58-9C49-786259809554}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{ECAD743F-F842-441E-A030-84F91364F9F3}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\crysis\bin32\crysis.exe |
"{EE3AC968-C025-4F85-BE63-029BC4B92EE1}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\crysis\bin32\crysis.exe |
"{EE6F1269-3EEA-4512-A15A-9A76A73FE16B}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{EFBB2FB6-50C2-4535-9764-ED3785BF5F37}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{F509185C-4520-427A-BCDC-E05084AEB8C3}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\supermnc\uberlauncher.exe |
"{F8FCF343-04A1-4587-80A4-B05ED07D9238}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\arcania gothic 4\arcania.exe |
"{FBFEDCE2-5162-4489-A1EF-5D3869884339}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\porsche12\garrysmod\hl2.exe |
"{FD0636D0-317A-4E11-BD50-4868A7DFCCD7}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\hydrophobia\hydropc.exe |
"{FF347AF1-B9BC-4AB1-B2E0-551D4F1CD649}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\gothic\system\gothic.exe |
"TCP Query User{089F8B7B-F6ED-484B-8369-DA1B28DE2FF3}C:\data\progamme\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=c:\data\progamme\guild wars 2\gw2.exe |
"TCP Query User{0A408394-58E4-46A2-8564-4FD1B8CA8713}C:\data\progamme\nfsw\data\nfsw.exe" = protocol=6 | dir=in | app=c:\data\progamme\nfsw\data\nfsw.exe |
"TCP Query User{2F5883D6-1A81-4DBE-AB75-AD648BF9DE6A}C:\users\lukas\desktop\mw2\iw4mp.exe" = protocol=6 | dir=in | app=c:\users\lukas\desktop\mw2\iw4mp.exe |
"TCP Query User{3D67F211-2568-4898-8D25-272284E2FB6A}C:\data\progamme\bfp4f\bfp4f.exe" = protocol=6 | dir=in | app=c:\data\progamme\bfp4f\bfp4f.exe |
"TCP Query User{40831D31-4DB7-4BAC-B7D8-9B0D58F99C7A}C:\data\progamme\steam\steamapps\porsche12\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\porsche12\counter-strike source\hl2.exe |
"TCP Query User{63C74B8C-FD23-482B-B509-D56A7AEFDEA2}C:\data\progamme\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe |
"TCP Query User{6400BBF9-0FE9-4774-9AFA-93A0374B3F47}C:\program files (x86)\gamespy\comrade\comrade.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gamespy\comrade\comrade.exe |
"TCP Query User{6E48422A-9680-4E80-9FB8-D6CE6987B421}C:\data\progamme\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2.exe" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2.exe |
"TCP Query User{706A6F1E-4B2B-4F1B-84EA-5EA36F241A73}C:\data\progamme\steam\steamapps\common\borderlands\binaries\borderlands.exe" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\borderlands\binaries\borderlands.exe |
"TCP Query User{74BE9F20-4675-4F01-AF90-140A10FD3A0B}C:\data\progamme\steam\steamapps\common\hunted\binaries\win32\p4dftre.dll" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\hunted\binaries\win32\p4dftre.dll |
"TCP Query User{89782CF8-015D-4147-9241-BB3ADE8B5994}C:\data\progamme\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\data\progamme\world_of_tanks\wotlauncher.exe |
"TCP Query User{8E5467FA-6F31-4CE6-98DC-B3DD2A8CBED7}C:\data\progamme\steam\steamapps\porsche12\garry's mod beta\hl2.exe" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\porsche12\garry's mod beta\hl2.exe |
"TCP Query User{AF218AB9-D336-45FC-B52F-9D9F86A6FD54}C:\data\progamme\steam\steamapps\common\global agenda live\binaries\globalagenda.exe" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\global agenda live\binaries\globalagenda.exe |
"TCP Query User{B6BB53DB-AD48-43E0-8135-C9FC5C45BF62}C:\data\progamme\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=c:\data\progamme\world_of_tanks\worldoftanks.exe |
"TCP Query User{BA959F43-76EC-475B-A32D-5345647848CF}C:\data\progamme\steam\steamapps\porsche12\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\porsche12\counter-strike source\hl2.exe |
"TCP Query User{D07BA925-C062-43FC-A835-2B8160A3D3A1}C:\users\lukas\desktop\terrariaserver.exe" = protocol=6 | dir=in | app=c:\users\lukas\desktop\terrariaserver.exe |
"TCP Query User{D685C2B6-C8EB-4748-BA47-EECD7372D4C0}C:\data\progamme\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe |
"TCP Query User{D8D4A8A1-0B1C-4C72-8884-313DA74C25C9}C:\data\downloads\gw2.exe" = protocol=6 | dir=in | app=c:\data\downloads\gw2.exe |
"TCP Query User{FEA8B25D-8682-47C4-AC62-A346D5E5475B}C:\data\progamme\steam\steamapps\common\terraria\terrariaserver.exe" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\terraria\terrariaserver.exe |
"UDP Query User{01E22073-96A3-4A3C-9A5B-25F73D425BAF}C:\data\progamme\nfsw\data\nfsw.exe" = protocol=17 | dir=in | app=c:\data\progamme\nfsw\data\nfsw.exe |
"UDP Query User{02E6F9EE-7D7A-44EB-A34D-CC4579A23116}C:\data\progamme\steam\steamapps\porsche12\garry's mod beta\hl2.exe" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\porsche12\garry's mod beta\hl2.exe |
"UDP Query User{0BA2A206-C4E5-413D-B690-4BC66CD376E0}C:\data\progamme\steam\steamapps\common\hunted\binaries\win32\p4dftre.dll" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\hunted\binaries\win32\p4dftre.dll |
"UDP Query User{0D7E25BD-54B4-4EFE-9891-CB96E7B23825}C:\data\progamme\steam\steamapps\porsche12\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\porsche12\counter-strike source\hl2.exe |
"UDP Query User{188DEA46-6328-4664-8E15-3D4DB841E66F}C:\data\progamme\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\data\progamme\world_of_tanks\wotlauncher.exe |
"UDP Query User{29DBB655-DDB1-4DD1-9C91-2D49B831D625}C:\data\progamme\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2.exe" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2.exe |
"UDP Query User{3C12D5CB-E89C-47C2-A140-FAD9DA97E53F}C:\data\progamme\steam\steamapps\common\terraria\terrariaserver.exe" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\terraria\terrariaserver.exe |
"UDP Query User{591D5530-2393-450E-836B-3F3384242485}C:\users\lukas\desktop\terrariaserver.exe" = protocol=17 | dir=in | app=c:\users\lukas\desktop\terrariaserver.exe |
"UDP Query User{5ECBE185-8628-434B-BEB3-A8E26ED8C778}C:\data\downloads\gw2.exe" = protocol=17 | dir=in | app=c:\data\downloads\gw2.exe |
"UDP Query User{68F1F29B-8317-4FAE-99C2-89EEA5B56602}C:\data\progamme\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=c:\data\progamme\guild wars 2\gw2.exe |
"UDP Query User{6FFC0810-98DD-4A47-BCCF-06ABF3947BCC}C:\data\progamme\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe |
"UDP Query User{83DDCCBF-51D2-4362-AA4E-FBDCF0D33C64}C:\users\lukas\desktop\mw2\iw4mp.exe" = protocol=17 | dir=in | app=c:\users\lukas\desktop\mw2\iw4mp.exe |
"UDP Query User{93B69857-7F1C-4EFF-8424-5707512427D8}C:\data\progamme\steam\steamapps\porsche12\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\porsche12\counter-strike source\hl2.exe |
"UDP Query User{950998F5-55B3-4F34-8872-31AA7A6CEE50}C:\data\progamme\steam\steamapps\common\borderlands\binaries\borderlands.exe" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\borderlands\binaries\borderlands.exe |
"UDP Query User{A641D2E8-473B-400D-AD66-A5231BF119F2}C:\data\progamme\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe |
"UDP Query User{A6EA7BA9-FD03-40B9-BA62-0728FE4BD863}C:\data\progamme\bfp4f\bfp4f.exe" = protocol=17 | dir=in | app=c:\data\progamme\bfp4f\bfp4f.exe |
"UDP Query User{AF18B27F-765C-44F1-90A9-D780991977C4}C:\data\progamme\steam\steamapps\common\global agenda live\binaries\globalagenda.exe" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\global agenda live\binaries\globalagenda.exe |
"UDP Query User{CCF00E5C-89D4-437D-8CA5-E90EDAFB6B1C}C:\program files (x86)\gamespy\comrade\comrade.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gamespy\comrade\comrade.exe |
"UDP Query User{E3455D83-A002-4C2D-9370-C35F0079B7ED}C:\data\progamme\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=c:\data\progamme\world_of_tanks\worldoftanks.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{18A5D014-E9AD-DEFE-FAFE-A409612F51B4}" = AMD Media Foundation Decoders
"{3AB49270-1A18-D672-48AA-74F211D18B67}" = AMD Fuel
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{50BD00DC-127E-BF00-FDD5-E1A93AB3507C}" = ccc-utility64
"{5F92DAD2-FD95-DD12-50DF-A6F66C7E67C8}" = AMD Drag and Drop Transcoding
"{6CC95B76-D380-46B2-9022-9353938E48BA}" = Logitech GamePanel Software 3.03.133
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{BB009B20-0BA0-ABDF-1947-4D56639214C7}" = AMD Accelerated Video Transcoding
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DF37555F-0259-43DA-B60C-47106FA14AA3}" = HP Deskjet 2050 J510 series - Grundlegende Software für das Gerät
"{E85D1C80-28C4-76B8-5A5A-2C8D8B38D5D9}" = AMD Catalyst Install Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"1A5F9CA096C1264148686D01FA64ECB1852A1E78" = Windows-Treiberpaket - Philips CL (phaudlwr) MEDIA  (05/20/2009 1.0.5.12)
"6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
"762FBE60B6E852506898A9D54562361A617C7E54" = Windows-Treiberpaket - Philips (spc999) Image  (12/14/2009 1.00.0.0000)
"ASRock App Charger_is1" = ASRock App Charger v1.0.5
"D14E3E22BA930CC9B10285B356F09450E31F774E" = Windows-Treiberpaket - Philips (VM20d7) Image  (08/02/2010 300.2000.4001.07)
"E019BCB59D66D62DD242667429C00BE4DE496F93" = Windows-Treiberpaket - Philips USB  (12/14/2009 1.00.0.0000)
"GIMP-2_is1" = GIMP 2.8.2
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 4.11 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{03AEAB60-A7B3-A8DB-468B-EB30FB4B40B0}" = CCC Help German
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{162ABED6-E60C-6CFF-100E-43C16ABBC5BE}" = CCC Help Chinese Standard
"{1CB724FF-D18C-8FFB-E7C9-0A09CF8EC066}" = CCC Help Japanese
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20C14CC3-5E3B-D39A-5B37-B15E59785063}" = CCC Help Chinese Traditional
"{2632A2C0-ECF4-7F79-7136-9FEA4C253A4C}" = CCC Help Turkish
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{30F712DA-64FE-5DBE-AE76-3F8EA3F8223C}" = CCC Help French
"{3524297F-158C-F964-F1AD-B0BC4314DE44}" = HydraVision
"{3C39B3CC-4EC8-C756-AF4B-72366504FCA5}" = CCC Help Hungarian
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CC9D761-A9B6-D8EA-D2A9-B74B5A90B108}" = CCC Help Norwegian
"{54B227A6-BDBE-69FA-D450-B99609063044}" = CCC Help Greek
"{5BDA2F58-1F21-4D10-9910-92B01EBCC958}" = AMD USB Filter Driver
"{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}" = GameSpy Comrade
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6A9EF6CF-7630-4E33-AE22-7D70F3AF4000}" = AION Free-To-Play PTS
"{6A9EF6CF-7630-4E33-AE22-7D70F3AF4B05}" = AION Free-To-Play
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
"{7C587778-C433-980E-F3C1-203890DC4FBE}" = CCC Help Polish
"{7DC3EABF-66A2-6D79-B485-6328525CA387}" = CCC Help Swedish
"{7E4B7FD9-4ECE-4298-A910-3160B7918059}" = CryEngine(R)2 Sandbox(TM)2
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{843603C6-75B7-BAB5-80DE-E76FB28DEEF2}" = CCC Help Finnish
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8BBC66FD-0195-29B4-5A58-E0B0554E8F42}" = AMD VISION Engine Control Center
"{8D9EEAC7-42D5-3951-612A-EAA7B684C592}" = CCC Help Italian
"{9791DAED-B734-2835-988B-157BDA087496}" = CCC Help Dutch
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{98B740C3-FAA4-C523-7478-4DBCAB7B27D1}" = Catalyst Control Center Graphics Previews Common
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F0CAC6D-9B0D-A95F-CF61-6E88952D6181}" = CCC Help Thai
"{A625DB70-98D5-16FD-C49D-4B8B1B2304A4}" = CCC Help Spanish
"{A90214C3-3A0C-2F05-6083-E1A4BAD9E30D}" = CCC Help Danish
"{AA123216-6DE0-E57C-DC57-4FECEACB482F}" = CCC Help Russian
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.2
"{AFE83615-88BE-47F6-B3E4-A3FEF8B7B57F}_is1" = xrecode II 1.0.0.195
"{C448EA30-BB7F-4D42-83BC-385EBA140AF2}" = SmartView for IE
"{C580908C-B3BA-4C19-BD60-16F02F272201}" = BattleForge™
"{C585E652-0CBC-4276-9FE7-047078677904}" = Blacklight Retribution
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{D0837A59-83E6-3392-1BD9-86D3445676DB}" = CCC Help Korean
"{D70AB273-113B-D7DE-5C8D-82CABA7CB0AF}" = Catalyst Control Center Localization All
"{DC32F34C-9DF6-4468-B53A-BAEBE4CD9F22}" = Philips SPZ3000 Webcam
"{DC8772D4-C75F-5235-63E2-BBC73F909B7A}" = CCC Help Czech
"{DED7FD3C-DDD2-43BB-B0F5-B07F9D0430D3}" = CCC Help Portuguese
"{E157F2EB-E06F-B57F-9105-68F348DB2EAD}" = CCC Help English
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{E933F71E-E82C-4E65-81FF-C6FC07E5DB4E}" = Philips ToUcam Fun Camera
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{EDAC90A7-D34A-47D2-A644-BE5356C5F409}" = Philips ToUcam Pro Camera
"{EF036F44-A287-BC23-3F6E-AAE6FDEF47EF}" = Catalyst Control Center InstallProxy
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"AC Tool" = AC Tool
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"ASRock eXtreme Tuner_is1" = ASRock eXtreme Tuner v0.1.91
"ASRock InstantBoot_is1" = ASRock InstantBoot v1.28
"Battlelog Web Plugins" = Battlelog Web Plugins
"BOSS" = BOSS
"Cheat Engine 6.2_is1" = Cheat Engine 6.2
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DAEMON Tools Lite" = DAEMON Tools Lite
"ESN Sonar-0.70.4" = ESN Sonar
"Hitman: Contracts" = Hitman: Contracts
"InstallShield_{6A9EF6CF-7630-4E33-AE22-7D70F3AF4000}" = AION Free-To-Play PTS
"InstallShield_{6A9EF6CF-7630-4E33-AE22-7D70F3AF4B05}" = AION Free-To-Play
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mozilla Firefox 15.0 (x86 en-US)" = Mozilla Firefox 15.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NCLauncher_GameForge" = NC Launcher (GameForge)
"OpenAL" = OpenAL
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"RollerCoaster Tycoon Setup" = Roll
"Steam App 10" = Counter-Strike
"Steam App 104700" = Super Monday Night Combat
"Steam App 105600" = Terraria
"Steam App 108800" = Crysis 2 Maximum Edition
"Steam App 111400" = Bunch Of Heroes
"Steam App 113200" = The Binding of Isaac
"Steam App 12210" = Grand Theft Auto IV
"Steam App 1250" = Killing Floor
"Steam App 17020" = Global Agenda
"Steam App 17300" = Crysis
"Steam App 17330" = Crysis Warhead
"Steam App 17410" = Mirror's Edge
"Steam App 200210" = Realm of the Mad God
"Steam App 200550" = DUNGEONS - The Dark Lord (Steam Special Edition)
"Steam App 200710" = Torchlight II
"Steam App 204180" = Waveform
"Steam App 204360" = Castle Crashers
"Steam App 214100" = Rigonauts
"Steam App 22350" = BRINK
"Steam App 22380" = Fallout: New Vegas
"Steam App 22450" = Hunted: The Demon's Forge
"Steam App 240" = Counter-Strike: Source
"Steam App 35420" = Killing Floor Mod: Defence Alliance 2
"Steam App 39500" = Gothic 3
"Steam App 39510" = Gothic II: Gold Edition
"Steam App 39690" = ArcaniA – Gothic 4
"Steam App 4000" = Garry's Mod
"Steam App 4010" = Garry's Mod 13 Beta
"Steam App 43110" = Metro 2033
"Steam App 48000" = LIMBO
"Steam App 55100" = Homefront
"Steam App 570" = Dota 2
"Steam App 57650" = DUNGEONS - Steam Special Edition
"Steam App 65540" = Gothic
"Steam App 65610" = Arcania: Fall of Setarrif
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Steam App 730" = Counter-Strike: Global Offensive Beta
"Steam App 8190" = Just Cause 2
"Steam App 8980" = Borderlands
"Steam App 92000" = Hydrophobia: Prophecy
"Steam App 96800" = Nexuiz
"XFastUsb" = XFastUsb
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{87686C21-8A15-4b4d-A3F1-11141D9BE094}" = Battlefield Play4Free (Lukas)
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 24.12.2012 12:05:18 | Computer Name = LukasTower | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: SoftwareUpdate.exe, Version: 2.1.3.127,
 Zeitstempel: 0x4de6dd5a  Name des fehlerhaften Moduls: ts3overlay_hook_win32.dll,
 Version: 3.7.8.0, Zeitstempel: 0x5075d352  Ausnahmecode: 0xc0000005  Fehleroffset:
0x000289d6  ID des fehlerhaften Prozesses: 0x788  Startzeit der fehlerhaften Anwendung:
 0x01cde1f076f90852  Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Apple
 Software Update\SoftwareUpdate.exe  Pfad des fehlerhaften Moduls: C:\DATA\Progamme\TS3\plugins\ts3overlay\ts3overlay_hook_win32.dll
Berichtskennung:
 b5b06003-4de3-11e2-b748-bc5ff41ef57a
 
Error - 24.12.2012 21:19:19 | Computer Name = LukasTower | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Gw2.exe, Version: 1.0.0.1, Zeitstempel:
 0x50d8f591  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x3768fd24  ID des fehlerhaften Prozesses:
 0x1208  Startzeit der fehlerhaften Anwendung: 0x01cde23dd6a1b0bb  Pfad der fehlerhaften
 Anwendung: C:\DATA\Progamme\Guild Wars 2\Gw2.exe  Pfad des fehlerhaften Moduls: unknown
Berichtskennung:
 1acb8167-4e31-11e2-b748-bc5ff41ef57a
 
Error - 24.12.2012 21:19:35 | Computer Name = LukasTower | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Gw2.exe, Version: 1.0.0.1, Zeitstempel:
 0x50d8f591  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x377cfd24  ID des fehlerhaften Prozesses:
 0x17c0  Startzeit der fehlerhaften Anwendung: 0x01cde23de1af32df  Pfad der fehlerhaften
 Anwendung: C:\DATA\Progamme\Guild Wars 2\Gw2.exe  Pfad des fehlerhaften Moduls: unknown
Berichtskennung:
 241bfb49-4e31-11e2-b748-bc5ff41ef57a
 
Error - 26.12.2012 12:40:46 | Computer Name = LukasTower | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 26.12.2012 15:09:44 | Computer Name = LukasTower | Source = Application Hang | ID = 1002
Description = Programm Steam.exe, Version 1.0.1595.686 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: dd4    Startzeit:
01cde39bade6ac89    Endzeit: 12    Anwendungspfad: C:\DATA\Progamme\Steam\Steam.exe    Berichts-ID:
 cd2754e4-4f8f-11e2-9fe5-bc5ff41ef57a 
 
Error - 27.12.2012 22:50:00 | Computer Name = LukasTower | Source = Application Hang | ID = 1002
Description = Programm LolClient.exe, Version 2.0.2.12610 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in
 der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen.    Prozess-ID: b80    Startzeit: 01cde4a08e468afb    Endzeit: 4    Anwendungspfad: C:\DATA\Progamme\Leage
 Of legends\RADS\projects\lol_air_client\releases\0.0.0.229\deploy\LolClient.exe

Berichts-ID:
 435d7716-5099-11e2-abe7-bc5ff41ef57a 
 
Error - 28.12.2012 12:24:58 | Computer Name = LukasTower | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 31.12.2012 22:23:48 | Computer Name = LukasTower | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 02.01.2013 16:24:06 | Computer Name = LukasTower | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 04.01.2013 11:29:14 | Computer Name = LukasTower | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: League of Legends.exe, Version: 1.0.0.152,
 Zeitstempel: 0x50d067ea  Name des fehlerhaften Moduls: League of Legends.exe, Version:
 1.0.0.152, Zeitstempel: 0x50d067ea  Ausnahmecode: 0xc0000005  Fehleroffset: 0x004a553a
ID
 des fehlerhaften Prozesses: 0xa5c  Startzeit der fehlerhaften Anwendung: 0x01cdea90267e7440
Pfad
 der fehlerhaften Anwendung: C:\DATA\Progamme\Leage Of legends\RADS\solutions\lol_game_client_sln\releases\0.0.0.204\deploy\League
 of Legends.exe  Pfad des fehlerhaften Moduls: C:\DATA\Progamme\Leage Of legends\RADS\solutions\lol_game_client_sln\releases\0.0.0.204\deploy\League
 of Legends.exe  Berichtskennung: 7e5b3cd3-5683-11e2-92d8-bc5ff41ef57a
 
[ System Events ]
Error - 23.12.2012 15:52:23 | Computer Name = LukasTower | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.01" wurde aufgrund folgenden Fehlers nicht
gestartet:  %%3
 
Error - 24.12.2012 05:53:46 | Computer Name = LukasTower | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.01" wurde aufgrund folgenden Fehlers nicht
gestartet:  %%3
 
Error - 25.12.2012 07:02:11 | Computer Name = LukasTower | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.01" wurde aufgrund folgenden Fehlers nicht
gestartet:  %%3
 
Error - 26.12.2012 06:41:55 | Computer Name = LukasTower | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.01" wurde aufgrund folgenden Fehlers nicht
gestartet:  %%3
 
Error - 27.12.2012 09:27:35 | Computer Name = LukasTower | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.01" wurde aufgrund folgenden Fehlers nicht
gestartet:  %%3
 
Error - 28.12.2012 10:20:09 | Computer Name = LukasTower | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.01" wurde aufgrund folgenden Fehlers nicht
gestartet:  %%3
 
Error - 28.12.2012 19:12:37 | Computer Name = LukasTower | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.01" wurde aufgrund folgenden Fehlers nicht
gestartet:  %%3
 
Error - 29.12.2012 07:30:20 | Computer Name = LukasTower | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.01" wurde aufgrund folgenden Fehlers nicht
gestartet:  %%3
 
Error - 30.12.2012 07:42:56 | Computer Name = LukasTower | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.01" wurde aufgrund folgenden Fehlers nicht
gestartet:  %%3
 
Error - 31.12.2012 09:07:22 | Computer Name = LukasTower | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.01" wurde aufgrund folgenden Fehlers nicht
gestartet:  %%3
 
 
< End of report >
--- --- ---


Log vom GMER

GMER 2.0.18444 - hxxp://www.gmer.net
Rootkit scan 2013-01-10 15:05:34
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD10EARS-00Y5B1 rev.80.00A80 931,51GB
Running: gmer-2.0.18444.exe; Driver: C:\Users\Lukas\AppData\Local\Temp\fxroquow.sys


---- Threads - GMER 2.0 ----

Thread C:\Windows\System32\svchost.exe [1408:2020] 000007fef609239c
Thread C:\Windows\System32\svchost.exe [1408:1696] 000007fef8339688
Thread C:\DATA\Progamme\firefox.exe [1084:1344] 0000000070ab0519
Thread C:\DATA\Progamme\firefox.exe [1084:716] 0000000077932e25
Thread C:\DATA\Progamme\firefox.exe [1084:1112] 0000000070aaf186
Thread C:\DATA\Progamme\firefox.exe [1084:1564] 0000000071c8c724
Thread C:\DATA\Progamme\firefox.exe [1084:880] 0000000071c8c724
Thread C:\DATA\Progamme\firefox.exe [1084:1176] 00000000739062ee
Thread C:\DATA\Progamme\firefox.exe [1084:1640] 0000000071c8c724
Thread C:\DATA\Progamme\firefox.exe [1084:1420] 0000000071c8c724
Thread C:\DATA\Progamme\firefox.exe [1084:1424] 0000000071c8c724
Thread C:\DATA\Progamme\firefox.exe [1084:1872] 0000000071c8c724
Thread C:\DATA\Progamme\firefox.exe [1084:1868] 0000000071c8c724
Thread C:\DATA\Progamme\firefox.exe [1084:1256] 0000000071c8c724
Thread C:\DATA\Progamme\firefox.exe [1084:1492] 0000000071c8c724
Thread C:\DATA\Progamme\firefox.exe [1084:1500] 0000000071c8c724
Thread C:\DATA\Progamme\firefox.exe [1084:1836] 0000000071c8c724
Thread C:\DATA\Progamme\firefox.exe [1084:2032] 0000000071c8c724
Thread C:\DATA\Progamme\firefox.exe [1084:1576] 0000000071c8c724
Thread C:\DATA\Progamme\firefox.exe [1084:1824] 0000000071c8c724
Thread C:\DATA\Progamme\firefox.exe [1084:1652] 0000000071c8c724
Thread C:\DATA\Progamme\firefox.exe [1084:756] 0000000077933e45
Thread C:\DATA\Progamme\firefox.exe [1084:824] 0000000071c8c724
Thread C:\DATA\Progamme\firefox.exe [1084:1364] 0000000071c8c724
Thread C:\DATA\Progamme\firefox.exe [1084:1340] 0000000071c8c724
Thread C:\DATA\Progamme\firefox.exe [1084:1996] 0000000073fd32fb
Thread C:\DATA\Progamme\firefox.exe [1084:1348] 0000000071c8c724
Thread C:\DATA\Progamme\firefox.exe [1084:2632] 0000000071c8c724
Thread C:\DATA\Progamme\firefox.exe [1084:2060] 0000000071c8c724
Thread C:\DATA\Progamme\firefox.exe [1084:1264] 0000000077933e45
Thread C:\DATA\Progamme\firefox.exe [1084:2204] 0000000071c8c724
Thread C:\DATA\Progamme\firefox.exe [1084:2388] 0000000076c0d864
Thread C:\DATA\Progamme\firefox.exe [1084:2416] 0000000077933e45
Thread C:\DATA\Progamme\firefox.exe [1084:2472] 0000000071bf27c1
Thread C:\DATA\Progamme\plugin-container.exe [528:1560] 0000000070aaf186
Thread C:\DATA\Progamme\plugin-container.exe [528:1080] 000000006f36ea20
Thread C:\DATA\Progamme\plugin-container.exe [528:1148] 000000006f36ea20
Thread C:\DATA\Progamme\plugin-container.exe [528:1552] 0000000077932e25
Thread C:\DATA\Progamme\plugin-container.exe [528:124] 0000000077933e45
Thread C:\DATA\Progamme\plugin-container.exe [528:428] 000000006f36ea20
Thread C:\DATA\Progamme\plugin-container.exe [528:584] 000000006f36ea20
---- Processes - GMER 2.0 ----

Library ? (*** suspicious ***) @ C:\Windows\System32\svchost.exe [1408] 000007feff3b0000

---- EOF - GMER 2.0 ----



^ HATTE firefox zu , process war noch da! hoffe das macht keine probleme

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.01.10.04

Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
Lukas :: LUKASTOWER [Administrator]

10.01.2013 14:19:57
mbam-log-2013-01-10 (14-19-57).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 205913
Laufzeit: 3 Minute(n), 14 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 6
C:\Users\Lukas\Desktop\asdasdasd.exe (Trojan.Agent.PS) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lukas\wgsdgsdgdsgsd.exe (Trojan.Fakesig) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\dsgsdgdsgdsgw.bat (Exploit.Drop.GSA) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\dsgsdgdsgdsgw.pad (Exploit.Drop.GSA) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\dsgsdgdsgdsgw.reg (Exploit.Drop.GSA) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lukas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk (Trojan.Ransom.SUGen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

^Malware bytes

markusg 10.01.2013 15:17
hi
schnell ist nicht, wir haben auch noch jede Menge andere Nutzer, du bekommst, wie jeder andere, Hilfe, wenn du drann bist.
außerdem währe es günstig, wenn du alle Logs posten würdest.
ich sehe, dass Malwarebytes instaliert ist, öffne es, Logs, poste Berichte mit Funden.

craphere 11.01.2013 15:51
MWB log ist drinne wie gewünscht, Meintest du noch andere logs? dachte das waren alle , die in der anleitung standen

markusg 11.01.2013 15:54
du hast das log erst nach meinem Post reineditirt, deswegen hab ichs nicht gesehen.
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten

craphere 11.01.2013 16:37
Hier der Log vom TDSS

Code:
16:34:59.0363 2652  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
16:35:01.0376 2652  ============================================================
16:35:01.0376 2652  Current date / time: 2013/01/11 16:35:01.0376
16:35:01.0376 2652  SystemInfo:
16:35:01.0376 2652 
16:35:01.0376 2652  OS Version: 6.1.7601 ServicePack: 1.0
16:35:01.0376 2652  Product type: Workstation
16:35:01.0376 2652  ComputerName: LUKASTOWER
16:35:01.0376 2652  UserName: Lukas
16:35:01.0376 2652  Windows directory: C:\Windows
16:35:01.0376 2652  System windows directory: C:\Windows
16:35:01.0376 2652  Running under WOW64
16:35:01.0376 2652  Processor architecture: Intel x64
16:35:01.0376 2652  Number of processors: 4
16:35:01.0376 2652  Page size: 0x1000
16:35:01.0376 2652  Boot type: Normal boot
16:35:01.0376 2652  ============================================================
16:35:02.0608 2652  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:35:02.0624 2652  ============================================================
16:35:02.0624 2652  \Device\Harddisk0\DR0:
16:35:02.0655 2652  MBR partitions:
16:35:02.0655 2652  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
16:35:02.0655 2652  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
16:35:02.0655 2652  ============================================================
16:35:02.0671 2652  C: <-> \Device\Harddisk0\DR0\Partition2
16:35:02.0671 2652  ============================================================
16:35:02.0671 2652  Initialize success
16:35:02.0671 2652  ============================================================
16:35:31.0026 4620  ============================================================
16:35:31.0026 4620  Scan started
16:35:31.0026 4620  Mode: Manual; SigCheck; TDLFS;
16:35:31.0026 4620  ============================================================
16:35:32.0399 4620  ================ Scan system memory ========================
16:35:32.0399 4620  System memory - ok
16:35:32.0399 4620  ================ Scan services =============================
16:35:32.0555 4620  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
16:35:32.0586 4620  1394ohci - ok
16:35:32.0649 4620  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
16:35:32.0664 4620  ACPI - ok
16:35:32.0695 4620  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi        C:\Windows\system32\drivers\acpipmi.sys
16:35:32.0695 4620  AcpiPmi - ok
16:35:32.0758 4620  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx        C:\Windows\system32\DRIVERS\adp94xx.sys
16:35:32.0773 4620  adp94xx - ok
16:35:32.0789 4620  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci        C:\Windows\system32\DRIVERS\adpahci.sys
16:35:32.0805 4620  adpahci - ok
16:35:32.0805 4620  [ E109549C90F62FB570B9540C4B148E54 ] adpu320        C:\Windows\system32\DRIVERS\adpu320.sys
16:35:32.0820 4620  adpu320 - ok
16:35:32.0851 4620  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc    C:\Windows\System32\aelupsvc.dll
16:35:32.0867 4620  AeLookupSvc - ok
16:35:32.0929 4620  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD            C:\Windows\system32\drivers\afd.sys
16:35:32.0945 4620  AFD - ok
16:35:32.0976 4620  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
16:35:32.0992 4620  agp440 - ok
16:35:33.0007 4620  [ 3290D6946B5E30E70414990574883DDB ] ALG            C:\Windows\System32\alg.exe
16:35:33.0023 4620  ALG - ok
16:35:33.0023 4620  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
16:35:33.0039 4620  aliide - ok
16:35:33.0085 4620  [ 4C1E3649C89C7D542CD18ECC5210099D ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
16:35:33.0101 4620  AMD External Events Utility - ok
16:35:33.0179 4620  AMD FUEL Service - ok
16:35:33.0195 4620  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
16:35:33.0210 4620  amdide - ok
16:35:33.0241 4620  [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64        C:\Windows\system32\DRIVERS\amdiox64.sys
16:35:33.0257 4620  amdiox64 - ok
16:35:33.0273 4620  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8          C:\Windows\system32\DRIVERS\amdk8.sys
16:35:33.0288 4620  AmdK8 - ok
16:35:33.0475 4620  [ A3C0A15B39F979E8F3EABA901D72ECD7 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
16:35:33.0569 4620  amdkmdag - ok
16:35:33.0616 4620  [ 20F3CD38B107C1BD747C0EA37D450165 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
16:35:33.0631 4620  amdkmdap - ok
16:35:33.0631 4620  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
16:35:33.0631 4620  AmdPPM - ok
16:35:33.0678 4620  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata        C:\Windows\system32\drivers\amdsata.sys
16:35:33.0678 4620  amdsata - ok
16:35:33.0694 4620  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
16:35:33.0709 4620  amdsbs - ok
16:35:33.0725 4620  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata        C:\Windows\system32\drivers\amdxata.sys
16:35:33.0725 4620  amdxata - ok
16:35:33.0756 4620  AODDriver4.01 - ok
16:35:33.0803 4620  [ 5A528A540B1AEE8B1C77ED65094E8CDF ] AODDriver4.2    C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
16:35:33.0803 4620  AODDriver4.2 - ok
16:35:33.0834 4620  [ 89A69C3F2F319B43379399547526D952 ] AppID          C:\Windows\system32\drivers\appid.sys
16:35:33.0865 4620  AppID - ok
16:35:33.0865 4620  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
16:35:33.0897 4620  AppIDSvc - ok
16:35:33.0943 4620  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo        C:\Windows\System32\appinfo.dll
16:35:33.0975 4620  Appinfo - ok
16:35:34.0053 4620  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:35:34.0068 4620  Apple Mobile Device - ok
16:35:34.0115 4620  [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt        C:\Windows\System32\appmgmts.dll
16:35:34.0115 4620  AppMgmt - ok
16:35:34.0131 4620  [ C484F8CEB1717C540242531DB7845C4E ] arc            C:\Windows\system32\DRIVERS\arc.sys
16:35:34.0131 4620  arc - ok
16:35:34.0131 4620  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
16:35:34.0146 4620  arcsas - ok
16:35:34.0193 4620  [ 6FE3237C1177E66437E7AD0E8AC1A6E5 ] asmthub3        C:\Windows\system32\DRIVERS\asmthub3.sys
16:35:34.0193 4620  asmthub3 - ok
16:35:34.0271 4620  [ C4043E39A2ABBC56581CA25DF161E9F7 ] asmtxhci        C:\Windows\system32\DRIVERS\asmtxhci.sys
16:35:34.0287 4620  asmtxhci - ok
16:35:34.0333 4620  aspnet_state - ok
16:35:34.0349 4620  [ E1AFEE1584C74050DE0DD16DE2A54BF3 ] AsrAppCharger  C:\Windows\system32\DRIVERS\AsrAppCharger.sys
16:35:34.0349 4620  AsrAppCharger - ok
16:35:34.0365 4620  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
16:35:34.0380 4620  AsyncMac - ok
16:35:34.0396 4620  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi          C:\Windows\system32\drivers\atapi.sys
16:35:34.0396 4620  atapi - ok
16:35:34.0427 4620  [ B0790FF0E25B7A2674296052F2162C1A ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
16:35:34.0427 4620  AtiHDAudioService - ok
16:35:34.0489 4620  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:35:34.0521 4620  AudioEndpointBuilder - ok
16:35:34.0536 4620  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
16:35:34.0567 4620  AudioSrv - ok
16:35:34.0645 4620  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
16:35:34.0661 4620  AxInstSV - ok
16:35:34.0677 4620  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv        C:\Windows\system32\DRIVERS\bxvbda.sys
16:35:34.0677 4620  b06bdrv - ok
16:35:34.0692 4620  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
16:35:34.0708 4620  b57nd60a - ok
16:35:34.0755 4620  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
16:35:34.0755 4620  BDESVC - ok
16:35:34.0770 4620  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
16:35:34.0801 4620  Beep - ok
16:35:34.0864 4620  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE            C:\Windows\System32\bfe.dll
16:35:34.0879 4620  BFE - ok
16:35:34.0926 4620  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
16:35:34.0957 4620  BITS - ok
16:35:34.0957 4620  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
16:35:34.0973 4620  blbdrive - ok
16:35:34.0989 4620  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
16:35:35.0004 4620  Bonjour Service - ok
16:35:35.0035 4620  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
16:35:35.0035 4620  bowser - ok
16:35:35.0051 4620  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:35:35.0051 4620  BrFiltLo - ok
16:35:35.0051 4620  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:35:35.0067 4620  BrFiltUp - ok
16:35:35.0098 4620  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser        C:\Windows\System32\browser.dll
16:35:35.0098 4620  Browser - ok
16:35:35.0098 4620  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid        C:\Windows\System32\Drivers\Brserid.sys
16:35:35.0113 4620  Brserid - ok
16:35:35.0113 4620  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
16:35:35.0129 4620  BrSerWdm - ok
16:35:35.0129 4620  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
16:35:35.0145 4620  BrUsbMdm - ok
16:35:35.0145 4620  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
16:35:35.0145 4620  BrUsbSer - ok
16:35:35.0145 4620  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
16:35:35.0160 4620  BTHMODEM - ok
16:35:35.0176 4620  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv        C:\Windows\system32\bthserv.dll
16:35:35.0191 4620  bthserv - ok
16:35:35.0207 4620  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
16:35:35.0223 4620  cdfs - ok
16:35:35.0269 4620  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom          C:\Windows\system32\DRIVERS\cdrom.sys
16:35:35.0285 4620  cdrom - ok
16:35:35.0316 4620  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc    C:\Windows\System32\certprop.dll
16:35:35.0332 4620  CertPropSvc - ok
16:35:35.0347 4620  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
16:35:35.0347 4620  circlass - ok
16:35:35.0379 4620  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
16:35:35.0394 4620  CLFS - ok
16:35:35.0410 4620  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:35:35.0410 4620  clr_optimization_v2.0.50727_32 - ok
16:35:35.0457 4620  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:35:35.0457 4620  clr_optimization_v2.0.50727_64 - ok
16:35:35.0519 4620  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:35:35.0535 4620  clr_optimization_v4.0.30319_32 - ok
16:35:35.0566 4620  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:35:35.0581 4620  clr_optimization_v4.0.30319_64 - ok
16:35:35.0581 4620  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
16:35:35.0581 4620  CmBatt - ok
16:35:35.0597 4620  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
16:35:35.0597 4620  cmdide - ok
16:35:35.0628 4620  [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG            C:\Windows\system32\Drivers\cng.sys
16:35:35.0659 4620  CNG - ok
16:35:35.0659 4620  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
16:35:35.0675 4620  Compbatt - ok
16:35:35.0722 4620  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
16:35:35.0737 4620  CompositeBus - ok
16:35:35.0737 4620  COMSysApp - ok
16:35:35.0753 4620  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk        C:\Windows\system32\DRIVERS\crcdisk.sys
16:35:35.0753 4620  crcdisk - ok
16:35:35.0784 4620  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
16:35:35.0784 4620  CryptSvc - ok
16:35:35.0815 4620  [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC            C:\Windows\system32\drivers\csc.sys
16:35:35.0815 4620  CSC - ok
16:35:35.0862 4620  [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService      C:\Windows\System32\cscsvc.dll
16:35:35.0878 4620  CscService - ok
16:35:35.0909 4620  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
16:35:35.0940 4620  DcomLaunch - ok
16:35:35.0971 4620  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc      C:\Windows\System32\defragsvc.dll
16:35:35.0987 4620  defragsvc - ok
16:35:36.0034 4620  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
16:35:36.0065 4620  DfsC - ok
16:35:36.0096 4620  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
16:35:36.0112 4620  Dhcp - ok
16:35:36.0112 4620  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
16:35:36.0127 4620  discache - ok
16:35:36.0143 4620  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
16:35:36.0159 4620  Disk - ok
16:35:36.0190 4620  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
16:35:36.0190 4620  Dnscache - ok
16:35:36.0237 4620  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc        C:\Windows\System32\dot3svc.dll
16:35:36.0268 4620  dot3svc - ok
16:35:36.0299 4620  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS            C:\Windows\system32\dps.dll
16:35:36.0330 4620  DPS - ok
16:35:36.0361 4620  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud        C:\Windows\system32\drivers\drmkaud.sys
16:35:36.0377 4620  drmkaud - ok
16:35:36.0439 4620  [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01    C:\Windows\system32\DRIVERS\dtsoftbus01.sys
16:35:36.0439 4620  dtsoftbus01 - ok
16:35:36.0486 4620  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl        C:\Windows\System32\drivers\dxgkrnl.sys
16:35:36.0502 4620  DXGKrnl - ok
16:35:36.0533 4620  [ EDC6E9C057C9D7F83EEA22B4CEF5DCAD ] E1G60          C:\Windows\system32\DRIVERS\E1G6032E.sys
16:35:36.0533 4620  E1G60 - ok
16:35:36.0564 4620  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost        C:\Windows\System32\eapsvc.dll
16:35:36.0580 4620  EapHost - ok
16:35:36.0642 4620  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv          C:\Windows\system32\DRIVERS\evbda.sys
16:35:36.0673 4620  ebdrv - ok
16:35:36.0689 4620  [ C118A82CD78818C29AB228366EBF81C3 ] EFS            C:\Windows\System32\lsass.exe
16:35:36.0705 4620  EFS - ok
16:35:36.0736 4620  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr        C:\Windows\ehome\ehRecvr.exe
16:35:36.0751 4620  ehRecvr - ok
16:35:36.0783 4620  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched        C:\Windows\ehome\ehsched.exe
16:35:36.0798 4620  ehSched - ok
16:35:36.0829 4620  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor        C:\Windows\system32\DRIVERS\elxstor.sys
16:35:36.0845 4620  elxstor - ok
16:35:36.0876 4620  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
16:35:36.0876 4620  ErrDev - ok
16:35:36.0923 4620  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem    C:\Windows\system32\es.dll
16:35:36.0954 4620  EventSystem - ok
16:35:36.0954 4620  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat          C:\Windows\system32\drivers\exfat.sys
16:35:36.0985 4620  exfat - ok
16:35:37.0001 4620  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat        C:\Windows\system32\drivers\fastfat.sys
16:35:37.0032 4620  fastfat - ok
16:35:37.0095 4620  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax            C:\Windows\system32\fxssvc.exe
16:35:37.0110 4620  Fax - ok
16:35:37.0110 4620  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc            C:\Windows\system32\DRIVERS\fdc.sys
16:35:37.0110 4620  fdc - ok
16:35:37.0141 4620  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost        C:\Windows\system32\fdPHost.dll
16:35:37.0157 4620  fdPHost - ok
16:35:37.0173 4620  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
16:35:37.0204 4620  FDResPub - ok
16:35:37.0204 4620  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
16:35:37.0204 4620  FileInfo - ok
16:35:37.0219 4620  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace      C:\Windows\system32\drivers\filetrace.sys
16:35:37.0251 4620  Filetrace - ok
16:35:37.0251 4620  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
16:35:37.0251 4620  flpydisk - ok
16:35:37.0297 4620  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
16:35:37.0313 4620  FltMgr - ok
16:35:37.0329 4620  [ FE95AE537B41A7E2F4CFE353064DC4AF ] FNETTBOH_305    C:\Windows\system32\drivers\FNETTBOH_305.SYS
16:35:37.0344 4620  FNETTBOH_305 - ok
16:35:37.0391 4620  [ 7C3C4B4C951EC1BDFD4F769D05E2CC68 ] FNETURPX        C:\Windows\system32\drivers\FNETURPX.SYS
16:35:37.0391 4620  FNETURPX - ok
16:35:37.0438 4620  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache      C:\Windows\system32\FntCache.dll
16:35:37.0453 4620  FontCache - ok
16:35:37.0485 4620  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:35:37.0500 4620  FontCache3.0.0.0 - ok
16:35:37.0500 4620  [ D43703496149971890703B4B1B723EAC ] FsDepends      C:\Windows\system32\drivers\FsDepends.sys
16:35:37.0500 4620  FsDepends - ok
16:35:37.0531 4620  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
16:35:37.0531 4620  Fs_Rec - ok
16:35:37.0578 4620  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
16:35:37.0594 4620  fvevol - ok
16:35:37.0625 4620  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
16:35:37.0641 4620  gagp30kx - ok
16:35:37.0672 4620  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM    C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:35:37.0672 4620  GEARAspiWDM - ok
16:35:37.0719 4620  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc          C:\Windows\System32\gpsvc.dll
16:35:37.0750 4620  gpsvc - ok
16:35:37.0765 4620  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
16:35:37.0781 4620  hcw85cir - ok
16:35:37.0843 4620  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:35:37.0843 4620  HdAudAddService - ok
16:35:37.0890 4620  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
16:35:37.0890 4620  HDAudBus - ok
16:35:37.0906 4620  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt        C:\Windows\system32\DRIVERS\HidBatt.sys
16:35:37.0906 4620  HidBatt - ok
16:35:37.0906 4620  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
16:35:37.0921 4620  HidBth - ok
16:35:37.0921 4620  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr          C:\Windows\system32\DRIVERS\hidir.sys
16:35:37.0937 4620  HidIr - ok
16:35:37.0953 4620  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv        C:\Windows\system32\hidserv.dll
16:35:37.0968 4620  hidserv - ok
16:35:38.0031 4620  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
16:35:38.0031 4620  HidUsb - ok
16:35:38.0077 4620  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
16:35:38.0093 4620  hkmsvc - ok
16:35:38.0140 4620  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:35:38.0155 4620  HomeGroupListener - ok
16:35:38.0187 4620  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:35:38.0202 4620  HomeGroupProvider - ok
16:35:38.0249 4620  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
16:35:38.0249 4620  HpSAMD - ok
16:35:38.0296 4620  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
16:35:38.0327 4620  HTTP - ok
16:35:38.0358 4620  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
16:35:38.0374 4620  hwpolicy - ok
16:35:38.0405 4620  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
16:35:38.0405 4620  i8042prt - ok
16:35:38.0436 4620  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV        C:\Windows\system32\drivers\iaStorV.sys
16:35:38.0452 4620  iaStorV - ok
16:35:38.0499 4620  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc          C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:35:38.0514 4620  idsvc - ok
16:35:38.0530 4620  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp          C:\Windows\system32\DRIVERS\iirsp.sys
16:35:38.0545 4620  iirsp - ok
16:35:38.0561 4620  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
16:35:38.0592 4620  IKEEXT - ok
16:35:38.0670 4620  [ C7124DA48E557D8F88D0D7F1254557F4 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
16:35:38.0717 4620  IntcAzAudAddService - ok
16:35:38.0733 4620  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
16:35:38.0733 4620  intelide - ok
16:35:38.0764 4620  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
16:35:38.0764 4620  intelppm - ok
16:35:38.0779 4620  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum      C:\Windows\system32\ipbusenum.dll
16:35:38.0795 4620  IPBusEnum - ok
16:35:38.0826 4620  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:35:38.0857 4620  IpFilterDriver - ok
16:35:38.0889 4620  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
16:35:38.0889 4620  iphlpsvc - ok
16:35:38.0904 4620  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV        C:\Windows\system32\drivers\IPMIDrv.sys
16:35:38.0920 4620  IPMIDRV - ok
16:35:38.0920 4620  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT          C:\Windows\system32\drivers\ipnat.sys
16:35:38.0935 4620  IPNAT - ok
16:35:39.0013 4620  [ 0F261EC4F514926177C70C1832374231 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
16:35:39.0013 4620  iPod Service - ok
16:35:39.0045 4620  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
16:35:39.0045 4620  IRENUM - ok
16:35:39.0091 4620  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
16:35:39.0091 4620  isapnp - ok
16:35:39.0123 4620  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
16:35:39.0123 4620  iScsiPrt - ok
16:35:39.0154 4620  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
16:35:39.0154 4620  kbdclass - ok
16:35:39.0169 4620  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
16:35:39.0185 4620  kbdhid - ok
16:35:39.0201 4620  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
16:35:39.0201 4620  KeyIso - ok
16:35:39.0232 4620  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
16:35:39.0232 4620  KSecDD - ok
16:35:39.0263 4620  [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg        C:\Windows\system32\Drivers\ksecpkg.sys
16:35:39.0279 4620  KSecPkg - ok
16:35:39.0279 4620  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk        C:\Windows\system32\drivers\ksthunk.sys
16:35:39.0310 4620  ksthunk - ok
16:35:39.0325 4620  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm          C:\Windows\system32\msdtckrm.dll
16:35:39.0357 4620  KtmRm - ok
16:35:39.0419 4620  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
16:35:39.0435 4620  LanmanServer - ok
16:35:39.0497 4620  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:35:39.0528 4620  LanmanWorkstation - ok
16:35:39.0559 4620  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
16:35:39.0591 4620  lltdio - ok
16:35:39.0606 4620  [ C1185803384AB3FEED115F79F109427F ] lltdsvc        C:\Windows\System32\lltdsvc.dll
16:35:39.0637 4620  lltdsvc - ok
16:35:39.0637 4620  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts        C:\Windows\System32\lmhsvc.dll
16:35:39.0669 4620  lmhosts - ok
16:35:39.0684 4620  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
16:35:39.0684 4620  LSI_FC - ok
16:35:39.0700 4620  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS        C:\Windows\system32\DRIVERS\lsi_sas.sys
16:35:39.0700 4620  LSI_SAS - ok
16:35:39.0715 4620  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:35:39.0731 4620  LSI_SAS2 - ok
16:35:39.0731 4620  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:35:39.0747 4620  LSI_SCSI - ok
16:35:39.0762 4620  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv          C:\Windows\system32\drivers\luafv.sys
16:35:39.0793 4620  luafv - ok
16:35:39.0825 4620  [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector  C:\Windows\system32\drivers\mbam.sys
16:35:39.0840 4620  MBAMProtector - ok
16:35:39.0887 4620  [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
16:35:39.0903 4620  MBAMScheduler - ok
16:35:39.0949 4620  [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
16:35:39.0965 4620  MBAMService - ok
16:35:39.0981 4620  [ 8FF2D95CBA49B405C5DE27039FF0BF35 ] MBfilt          C:\Windows\system32\drivers\MBfilt64.sys
16:35:39.0996 4620  MBfilt - ok
16:35:40.0027 4620  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc        C:\Windows\system32\Mcx2Svc.dll
16:35:40.0043 4620  Mcx2Svc - ok
16:35:40.0043 4620  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas        C:\Windows\system32\DRIVERS\megasas.sys
16:35:40.0059 4620  megasas - ok
16:35:40.0074 4620  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
16:35:40.0074 4620  MegaSR - ok
16:35:40.0105 4620  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS          C:\Windows\system32\mmcss.dll
16:35:40.0137 4620  MMCSS - ok
16:35:40.0152 4620  [ 800BA92F7010378B09F9ED9270F07137 ] Modem          C:\Windows\system32\drivers\modem.sys
16:35:40.0168 4620  Modem - ok
16:35:40.0183 4620  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor        C:\Windows\system32\DRIVERS\monitor.sys
16:35:40.0183 4620  monitor - ok
16:35:40.0199 4620  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\drivers\mouclass.sys
16:35:40.0199 4620  mouclass - ok
16:35:40.0215 4620  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
16:35:40.0230 4620  mouhid - ok
16:35:40.0246 4620  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
16:35:40.0261 4620  mountmgr - ok
16:35:40.0339 4620  [ E8D79312373F254DC13F3965BDB3D521 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
16:35:40.0339 4620  MozillaMaintenance - ok
16:35:40.0371 4620  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
16:35:40.0371 4620  mpio - ok
16:35:40.0371 4620  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
16:35:40.0402 4620  mpsdrv - ok
16:35:40.0449 4620  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
16:35:40.0480 4620  MpsSvc - ok
16:35:40.0527 4620  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
16:35:40.0527 4620  MRxDAV - ok
16:35:40.0558 4620  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
16:35:40.0573 4620  mrxsmb - ok
16:35:40.0573 4620  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:35:40.0589 4620  mrxsmb10 - ok
16:35:40.0605 4620  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:35:40.0620 4620  mrxsmb20 - ok
16:35:40.0636 4620  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
16:35:40.0636 4620  msahci - ok
16:35:40.0651 4620  [ DB801A638D011B9633829EB6F663C900 ] msdsm          C:\Windows\system32\drivers\msdsm.sys
16:35:40.0667 4620  msdsm - ok
16:35:40.0683 4620  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC          C:\Windows\System32\msdtc.exe
16:35:40.0683 4620  MSDTC - ok
16:35:40.0698 4620  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
16:35:40.0714 4620  Msfs - ok
16:35:40.0729 4620  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf      C:\Windows\System32\drivers\mshidkmdf.sys
16:35:40.0761 4620  mshidkmdf - ok
16:35:40.0792 4620  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
16:35:40.0792 4620  msisadrv - ok
16:35:40.0839 4620  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI        C:\Windows\system32\iscsiexe.dll
16:35:40.0870 4620  MSiSCSI - ok
16:35:40.0870 4620  msiserver - ok
16:35:40.0885 4620  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV        C:\Windows\system32\drivers\MSKSSRV.sys
16:35:40.0917 4620  MSKSSRV - ok
16:35:40.0917 4620  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
16:35:40.0948 4620  MSPCLOCK - ok
16:35:40.0963 4620  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM          C:\Windows\system32\drivers\MSPQM.sys
16:35:40.0979 4620  MSPQM - ok
16:35:41.0026 4620  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC          C:\Windows\system32\drivers\MsRPC.sys
16:35:41.0026 4620  MsRPC - ok
16:35:41.0041 4620  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
16:35:41.0041 4620  mssmbios - ok
16:35:41.0057 4620  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE          C:\Windows\system32\drivers\MSTEE.sys
16:35:41.0073 4620  MSTEE - ok
16:35:41.0073 4620  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
16:35:41.0088 4620  MTConfig - ok
16:35:41.0104 4620  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup            C:\Windows\system32\Drivers\mup.sys
16:35:41.0104 4620  Mup - ok
16:35:41.0151 4620  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
16:35:41.0166 4620  napagent - ok
16:35:41.0213 4620  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP    C:\Windows\system32\DRIVERS\nwifi.sys
16:35:41.0229 4620  NativeWifiP - ok
16:35:41.0275 4620  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
16:35:41.0291 4620  NDIS - ok
16:35:41.0307 4620  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap        C:\Windows\system32\DRIVERS\ndiscap.sys
16:35:41.0338 4620  NdisCap - ok
16:35:41.0353 4620  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
16:35:41.0369 4620  NdisTapi - ok
16:35:41.0400 4620  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio        C:\Windows\system32\DRIVERS\ndisuio.sys
16:35:41.0416 4620  Ndisuio - ok
16:35:41.0463 4620  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan        C:\Windows\system32\DRIVERS\ndiswan.sys
16:35:41.0494 4620  NdisWan - ok
16:35:41.0525 4620  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy        C:\Windows\system32\drivers\NDProxy.sys
16:35:41.0541 4620  NDProxy - ok
16:35:41.0572 4620  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS        C:\Windows\system32\DRIVERS\netbios.sys
16:35:41.0587 4620  NetBIOS - ok
16:35:41.0634 4620  [ 09594D1089C523423B32A4229263F068 ] NetBT          C:\Windows\system32\DRIVERS\netbt.sys
16:35:41.0650 4620  NetBT - ok
16:35:41.0665 4620  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
16:35:41.0681 4620  Netlogon - ok
16:35:41.0712 4620  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
16:35:41.0743 4620  Netman - ok
16:35:41.0790 4620  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:35:41.0806 4620  NetMsmqActivator - ok
16:35:41.0806 4620  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:35:41.0821 4620  NetPipeActivator - ok
16:35:41.0821 4620  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
16:35:41.0853 4620  netprofm - ok
16:35:41.0853 4620  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:35:41.0868 4620  NetTcpActivator - ok
16:35:41.0868 4620  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:35:41.0868 4620  NetTcpPortSharing - ok
16:35:41.0899 4620  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960        C:\Windows\system32\DRIVERS\nfrd960.sys
16:35:41.0899 4620  nfrd960 - ok
16:35:41.0946 4620  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
16:35:41.0946 4620  NlaSvc - ok
16:35:41.0946 4620  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
16:35:41.0977 4620  Npfs - ok
16:35:41.0993 4620  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi            C:\Windows\system32\nsisvc.dll
16:35:42.0009 4620  nsi - ok
16:35:42.0024 4620  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
16:35:42.0040 4620  nsiproxy - ok
16:35:42.0102 4620  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
16:35:42.0133 4620  Ntfs - ok
16:35:42.0149 4620  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
16:35:42.0165 4620  Null - ok
16:35:42.0211 4620  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
16:35:42.0211 4620  nvraid - ok
16:35:42.0227 4620  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
16:35:42.0227 4620  nvstor - ok
16:35:42.0258 4620  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
16:35:42.0274 4620  nv_agp - ok
16:35:42.0305 4620  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
16:35:42.0321 4620  ohci1394 - ok
16:35:42.0336 4620  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
16:35:42.0352 4620  p2pimsvc - ok
16:35:42.0367 4620  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
16:35:42.0383 4620  p2psvc - ok
16:35:42.0383 4620  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport        C:\Windows\system32\DRIVERS\parport.sys
16:35:42.0399 4620  Parport - ok
16:35:42.0430 4620  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr        C:\Windows\system32\drivers\partmgr.sys
16:35:42.0430 4620  partmgr - ok
16:35:42.0445 4620  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
16:35:42.0461 4620  PcaSvc - ok
16:35:42.0508 4620  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci            C:\Windows\system32\drivers\pci.sys
16:35:42.0508 4620  pci - ok
16:35:42.0523 4620  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
16:35:42.0539 4620  pciide - ok
16:35:42.0539 4620  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
16:35:42.0555 4620  pcmcia - ok
16:35:42.0555 4620  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw            C:\Windows\system32\drivers\pcw.sys
16:35:42.0555 4620  pcw - ok
16:35:42.0570 4620  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
16:35:42.0601 4620  PEAUTH - ok
16:35:42.0648 4620  [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc    C:\Windows\system32\peerdistsvc.dll
16:35:42.0664 4620  PeerDistSvc - ok
16:35:42.0773 4620  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
16:35:42.0789 4620  PerfHost - ok
16:35:42.0835 4620  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla            C:\Windows\system32\pla.dll
16:35:42.0867 4620  pla - ok
16:35:42.0945 4620  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
16:35:42.0960 4620  PlugPlay - ok
16:35:42.0976 4620  PnkBstrA - ok
16:35:42.0991 4620  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg    C:\Windows\system32\pnrpauto.dll
16:35:43.0007 4620  PNRPAutoReg - ok
16:35:43.0007 4620  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc        C:\Windows\system32\pnrpsvc.dll
16:35:43.0023 4620  PNRPsvc - ok
16:35:43.0038 4620  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent    C:\Windows\System32\ipsecsvc.dll
16:35:43.0069 4620  PolicyAgent - ok
16:35:43.0085 4620  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power          C:\Windows\system32\umpo.dll
16:35:43.0116 4620  Power - ok
16:35:43.0147 4620  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
16:35:43.0163 4620  PptpMiniport - ok
16:35:43.0179 4620  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor      C:\Windows\system32\DRIVERS\processr.sys
16:35:43.0179 4620  Processor - ok
16:35:43.0241 4620  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc        C:\Windows\system32\profsvc.dll
16:35:43.0241 4620  ProfSvc - ok
16:35:43.0257 4620  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:35:43.0272 4620  ProtectedStorage - ok
16:35:43.0319 4620  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
16:35:43.0335 4620  Psched - ok
16:35:43.0366 4620  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
16:35:43.0381 4620  ql2300 - ok
16:35:43.0397 4620  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
16:35:43.0397 4620  ql40xx - ok
16:35:43.0413 4620  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE          C:\Windows\system32\qwave.dll
16:35:43.0428 4620  QWAVE - ok
16:35:43.0444 4620  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
16:35:43.0459 4620  QWAVEdrv - ok
16:35:43.0475 4620  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
16:35:43.0506 4620  RasAcd - ok
16:35:43.0537 4620  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn    C:\Windows\system32\DRIVERS\AgileVpn.sys
16:35:43.0569 4620  RasAgileVpn - ok
16:35:43.0584 4620  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto        C:\Windows\System32\rasauto.dll
16:35:43.0615 4620  RasAuto - ok
16:35:43.0647 4620  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp        C:\Windows\system32\DRIVERS\rasl2tp.sys
16:35:43.0662 4620  Rasl2tp - ok
16:35:43.0709 4620  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
16:35:43.0740 4620  RasMan - ok
16:35:43.0740 4620  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
16:35:43.0771 4620  RasPppoe - ok
16:35:43.0787 4620  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp        C:\Windows\system32\DRIVERS\rassstp.sys
16:35:43.0803 4620  RasSstp - ok
16:35:43.0849 4620  [ 77F665941019A1594D887A74F301FA2F ] rdbss          C:\Windows\system32\DRIVERS\rdbss.sys
16:35:43.0881 4620  rdbss - ok
16:35:43.0896 4620  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
16:35:43.0896 4620  rdpbus - ok
16:35:44.0005 4620  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
16:35:44.0037 4620  RDPCDD - ok
16:35:44.0083 4620  [ 1B6163C503398B23FF8B939C67747683 ] RDPDR          C:\Windows\system32\drivers\rdpdr.sys
16:35:44.0083 4620  RDPDR - ok
16:35:44.0099 4620  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
16:35:44.0130 4620  RDPENCDD - ok
16:35:44.0130 4620  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
16:35:44.0161 4620  RDPREFMP - ok
16:35:44.0208 4620  [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
16:35:44.0208 4620  RdpVideoMiniport - ok
16:35:44.0255 4620  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD          C:\Windows\system32\drivers\RDPWD.sys
16:35:44.0255 4620  RDPWD - ok
16:35:44.0302 4620  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
16:35:44.0302 4620  rdyboost - ok
16:35:44.0349 4620  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
16:35:44.0380 4620  RemoteAccess - ok
16:35:44.0380 4620  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
16:35:44.0411 4620  RemoteRegistry - ok
16:35:44.0442 4620  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
16:35:44.0458 4620  RpcEptMapper - ok
16:35:44.0489 4620  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
16:35:44.0489 4620  RpcLocator - ok
16:35:44.0536 4620  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs          C:\Windows\system32\rpcss.dll
16:35:44.0567 4620  RpcSs - ok
16:35:44.0567 4620  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
16:35:44.0583 4620  rspndr - ok
16:35:44.0645 4620  [ F4C374B1C46DE294B573BB43723AC3F6 ] RTL8167        C:\Windows\system32\DRIVERS\Rt64win7.sys
16:35:44.0661 4620  RTL8167 - ok
16:35:44.0692 4620  [ E60C0A09F997826C7627B244195AB581 ] s3cap          C:\Windows\system32\drivers\vms3cap.sys
16:35:44.0692 4620  s3cap - ok
16:35:44.0707 4620  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs          C:\Windows\system32\lsass.exe
16:35:44.0707 4620  SamSs - ok
16:35:44.0754 4620  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
16:35:44.0754 4620  sbp2port - ok
16:35:44.0770 4620  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
16:35:44.0801 4620  SCardSvr - ok
16:35:44.0848 4620  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
16:35:44.0863 4620  scfilter - ok
16:35:44.0910 4620  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
16:35:44.0941 4620  Schedule - ok
16:35:44.0988 4620  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc    C:\Windows\System32\certprop.dll
16:35:45.0004 4620  SCPolicySvc - ok
16:35:45.0035 4620  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
16:35:45.0051 4620  SDRSVC - ok
16:35:45.0066 4620  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
16:35:45.0082 4620  secdrv - ok
16:35:45.0129 4620  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
16:35:45.0144 4620  seclogon - ok
16:35:45.0160 4620  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
16:35:45.0191 4620  SENS - ok
16:35:45.0207 4620  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
16:35:45.0207 4620  SensrSvc - ok
16:35:45.0222 4620  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum        C:\Windows\system32\DRIVERS\serenum.sys
16:35:45.0238 4620  Serenum - ok
16:35:45.0238 4620  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
16:35:45.0253 4620  Serial - ok
16:35:45.0269 4620  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
16:35:45.0285 4620  sermouse - ok
16:35:45.0331 4620  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
16:35:45.0347 4620  SessionEnv - ok
16:35:45.0394 4620  [ A554811BCD09279536440C964AE35BBF ] sffdisk        C:\Windows\system32\drivers\sffdisk.sys
16:35:45.0394 4620  sffdisk - ok
16:35:45.0409 4620  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
16:35:45.0409 4620  sffp_mmc - ok
16:35:45.0425 4620  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd        C:\Windows\system32\drivers\sffp_sd.sys
16:35:45.0441 4620  sffp_sd - ok
16:35:45.0456 4620  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy        C:\Windows\system32\DRIVERS\sfloppy.sys
16:35:45.0456 4620  sfloppy - ok
16:35:45.0472 4620  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
16:35:45.0503 4620  SharedAccess - ok
16:35:45.0534 4620  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:35:45.0565 4620  ShellHWDetection - ok
16:35:45.0581 4620  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:35:45.0597 4620  SiSRaid2 - ok
16:35:45.0597 4620  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
16:35:45.0612 4620  SiSRaid4 - ok
16:35:45.0675 4620  [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate    C:\Program Files (x86)\Skype\Updater\Updater.exe
16:35:45.0675 4620  SkypeUpdate - ok
16:35:45.0721 4620  [ C337738BA4BD745E0983EC6EF262798D ] SmartViewService C:\Program Files (x86)\DeviceVM\SmartView\SmartViewService.exe
16:35:45.0737 4620  SmartViewService - ok
16:35:45.0753 4620  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb            C:\Windows\system32\DRIVERS\smb.sys
16:35:45.0768 4620  Smb - ok
16:35:45.0799 4620  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
16:35:45.0799 4620  SNMPTRAP - ok
16:35:45.0815 4620  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr          C:\Windows\system32\drivers\spldr.sys
16:35:45.0831 4620  spldr - ok
16:35:45.0862 4620  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler        C:\Windows\System32\spoolsv.exe
16:35:45.0877 4620  Spooler - ok
16:35:45.0971 4620  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
16:35:46.0018 4620  sppsvc - ok
16:35:46.0049 4620  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify    C:\Windows\system32\sppuinotify.dll
16:35:46.0065 4620  sppuinotify - ok
16:35:46.0111 4620  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv            C:\Windows\system32\DRIVERS\srv.sys
16:35:46.0111 4620  srv - ok
16:35:46.0127 4620  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
16:35:46.0143 4620  srv2 - ok
16:35:46.0158 4620  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
16:35:46.0158 4620  srvnet - ok
16:35:46.0205 4620  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV        C:\Windows\System32\ssdpsrv.dll
16:35:46.0236 4620  SSDPSRV - ok
16:35:46.0236 4620  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc        C:\Windows\system32\sstpsvc.dll
16:35:46.0267 4620  SstpSvc - ok
16:35:46.0283 4620  Steam Client Service - ok
16:35:46.0283 4620  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
16:35:46.0299 4620  stexstor - ok
16:35:46.0330 4620  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
16:35:46.0345 4620  stisvc - ok
16:35:46.0377 4620  [ 7785DC213270D2FC066538DAF94087E7 ] storflt        C:\Windows\system32\drivers\vmstorfl.sys
16:35:46.0392 4620  storflt - ok
16:35:46.0408 4620  [ C40841817EF57D491F22EB103DA587CC ] StorSvc        C:\Windows\system32\storsvc.dll
16:35:46.0408 4620  StorSvc - ok
16:35:46.0423 4620  [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc        C:\Windows\system32\drivers\storvsc.sys
16:35:46.0439 4620  storvsc - ok
16:35:46.0470 4620  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
16:35:46.0470 4620  swenum - ok
16:35:46.0517 4620  [ E08E46FDD841B7184194011CA1955A0B ] swprv          C:\Windows\System32\swprv.dll
16:35:46.0548 4620  swprv - ok
16:35:46.0564 4620  Synth3dVsc - ok
16:35:46.0626 4620  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain        C:\Windows\system32\sysmain.dll
16:35:46.0642 4620  SysMain - ok
16:35:46.0689 4620  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:35:46.0704 4620  TabletInputService - ok
16:35:46.0751 4620  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv        C:\Windows\System32\tapisrv.dll
16:35:46.0767 4620  TapiSrv - ok
16:35:46.0767 4620  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS            C:\Windows\System32\tbssvc.dll
16:35:46.0798 4620  TBS - ok
16:35:46.0860 4620  [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip          C:\Windows\system32\drivers\tcpip.sys
16:35:46.0891 4620  Tcpip - ok
16:35:46.0938 4620  [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
16:35:46.0969 4620  TCPIP6 - ok
16:35:46.0985 4620  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
16:35:47.0001 4620  tcpipreg - ok
16:35:47.0001 4620  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
16:35:47.0016 4620  TDPIPE - ok
16:35:47.0032 4620  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP          C:\Windows\system32\drivers\tdtcp.sys
16:35:47.0032 4620  TDTCP - ok
16:35:47.0094 4620  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx            C:\Windows\system32\DRIVERS\tdx.sys
16:35:47.0125 4620  tdx - ok
16:35:47.0141 4620  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
16:35:47.0141 4620  TermDD - ok
16:35:47.0188 4620  [ 2E648163254233755035B46DD7B89123 ] TermService    C:\Windows\System32\termsrv.dll
16:35:47.0219 4620  TermService - ok
16:35:47.0250 4620  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
16:35:47.0250 4620  Themes - ok
16:35:47.0266 4620  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER    C:\Windows\system32\mmcss.dll
16:35:47.0297 4620  THREADORDER - ok
16:35:47.0313 4620  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
16:35:47.0344 4620  TrkWks - ok
16:35:47.0391 4620  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:35:47.0422 4620  TrustedInstaller - ok
16:35:47.0453 4620  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
16:35:47.0484 4620  tssecsrv - ok
16:35:47.0515 4620  [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
16:35:47.0515 4620  TsUsbFlt - ok
16:35:47.0531 4620  tsusbhub - ok
16:35:47.0578 4620  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
16:35:47.0609 4620  tunnel - ok
16:35:47.0609 4620  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
16:35:47.0625 4620  uagp35 - ok
16:35:47.0656 4620  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
16:35:47.0671 4620  udfs - ok
16:35:47.0703 4620  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect      C:\Windows\system32\UI0Detect.exe
16:35:47.0703 4620  UI0Detect - ok
16:35:47.0734 4620  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
16:35:47.0734 4620  uliagpkx - ok
16:35:47.0796 4620  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus          C:\Windows\system32\drivers\umbus.sys
16:35:47.0796 4620  umbus - ok
16:35:47.0843 4620  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
16:35:47.0843 4620  UmPass - ok
16:35:47.0874 4620  [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService    C:\Windows\System32\umrdp.dll
16:35:47.0874 4620  UmRdpService - ok
16:35:47.0905 4620  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
16:35:47.0921 4620  upnphost - ok
16:35:47.0968 4620  [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64      C:\Windows\system32\Drivers\usbaapl64.sys
16:35:47.0983 4620  USBAAPL64 ( UnsignedFile.Multi.Generic ) - warning
16:35:47.0983 4620  USBAAPL64 - detected UnsignedFile.Multi.Generic (1)
16:35:48.0030 4620  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
16:35:48.0046 4620  usbaudio - ok
16:35:48.0077 4620  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp        C:\Windows\system32\DRIVERS\usbccgp.sys
16:35:48.0093 4620  usbccgp - ok
16:35:48.0124 4620  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
16:35:48.0124 4620  usbcir - ok
16:35:48.0139 4620  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci        C:\Windows\system32\DRIVERS\usbehci.sys
16:35:48.0139 4620  usbehci - ok
16:35:48.0186 4620  [ 858BE9C0E498C8E505E198E17EECE0D9 ] usbfilter      C:\Windows\system32\DRIVERS\usbfilter.sys
16:35:48.0186 4620  usbfilter - ok
16:35:48.0202 4620  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
16:35:48.0217 4620  usbhub - ok
16:35:48.0233 4620  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci        C:\Windows\system32\DRIVERS\usbohci.sys
16:35:48.0233 4620  usbohci - ok
16:35:48.0280 4620  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
16:35:48.0295 4620  usbprint - ok
16:35:48.0327 4620  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan        C:\Windows\system32\DRIVERS\usbscan.sys
16:35:48.0342 4620  usbscan - ok
16:35:48.0358 4620  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR        C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:35:48.0358 4620  USBSTOR - ok
16:35:48.0358 4620  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci        C:\Windows\system32\drivers\usbuhci.sys
16:35:48.0373 4620  usbuhci - ok
16:35:48.0405 4620  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
16:35:48.0420 4620  usbvideo - ok
16:35:48.0436 4620  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms          C:\Windows\System32\uxsms.dll
16:35:48.0467 4620  UxSms - ok
16:35:48.0483 4620  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
16:35:48.0483 4620  VaultSvc - ok
16:35:48.0498 4620  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
16:35:48.0514 4620  vdrvroot - ok
16:35:48.0545 4620  [ 8D6B481601D01A456E75C3210F1830BE ] vds            C:\Windows\System32\vds.exe
16:35:48.0576 4620  vds - ok
16:35:48.0592 4620  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga            C:\Windows\system32\DRIVERS\vgapnp.sys
16:35:48.0607 4620  vga - ok
16:35:48.0623 4620  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave        C:\Windows\System32\drivers\vga.sys
16:35:48.0639 4620  VgaSave - ok
16:35:48.0654 4620  VGPU - ok
16:35:48.0670 4620  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp          C:\Windows\system32\drivers\vhdmp.sys
16:35:48.0685 4620  vhdmp - ok
16:35:48.0717 4620  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
16:35:48.0717 4620  viaide - ok
16:35:48.0763 4620  [ 86EA3E79AE350FEA5331A1303054005F ] vmbus          C:\Windows\system32\drivers\vmbus.sys
16:35:48.0763 4620  vmbus - ok
16:35:48.0779 4620  [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
16:35:48.0795 4620  VMBusHID - ok
16:35:48.0810 4620  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
16:35:48.0810 4620  volmgr - ok
16:35:48.0857 4620  [ A255814907C89BE58B79EF2F189B843B ] volmgrx        C:\Windows\system32\drivers\volmgrx.sys
16:35:48.0873 4620  volmgrx - ok
16:35:48.0919 4620  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap        C:\Windows\system32\drivers\volsnap.sys
16:35:48.0919 4620  volsnap - ok
16:35:48.0966 4620  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid        C:\Windows\system32\DRIVERS\vsmraid.sys
16:35:48.0966 4620  vsmraid - ok
16:35:49.0029 4620  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS            C:\Windows\system32\vssvc.exe
16:35:49.0060 4620  VSS - ok
16:35:49.0060 4620  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
16:35:49.0075 4620  vwifibus - ok
16:35:49.0091 4620  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time        C:\Windows\system32\w32time.dll
16:35:49.0122 4620  W32Time - ok
16:35:49.0138 4620  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
16:35:49.0153 4620  WacomPen - ok
16:35:49.0185 4620  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
16:35:49.0200 4620  WANARP - ok
16:35:49.0216 4620  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
16:35:49.0247 4620  Wanarpv6 - ok
16:35:49.0278 4620  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
16:35:49.0309 4620  wbengine - ok
16:35:49.0325 4620  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
16:35:49.0341 4620  WbioSrvc - ok
16:35:49.0372 4620  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc        C:\Windows\System32\wcncsvc.dll
16:35:49.0387 4620  wcncsvc - ok
16:35:49.0403 4620  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:35:49.0403 4620  WcsPlugInService - ok
16:35:49.0450 4620  [ 147C60622CB53E901EFD8BB6D44A4C46 ] WCUService_STC_IE C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe
16:35:49.0465 4620  WCUService_STC_IE - ok
16:35:49.0481 4620  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
16:35:49.0481 4620  Wd - ok
16:35:49.0512 4620  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
16:35:49.0528 4620  Wdf01000 - ok
16:35:49.0559 4620  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
16:35:49.0559 4620  WdiServiceHost - ok
16:35:49.0575 4620  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost  C:\Windows\system32\wdi.dll
16:35:49.0575 4620  WdiSystemHost - ok
16:35:49.0606 4620  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient      C:\Windows\System32\webclnt.dll
16:35:49.0621 4620  WebClient - ok
16:35:49.0653 4620  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
16:35:49.0668 4620  Wecsvc - ok
16:35:49.0684 4620  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport  C:\Windows\System32\wercplsupport.dll
16:35:49.0715 4620  wercplsupport - ok
16:35:49.0731 4620  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
16:35:49.0762 4620  WerSvc - ok
16:35:49.0762 4620  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
16:35:49.0777 4620  WfpLwf - ok
16:35:49.0793 4620  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
16:35:49.0809 4620  WIMMount - ok
16:35:49.0809 4620  WinDefend - ok
16:35:49.0824 4620  WinHttpAutoProxySvc - ok
16:35:49.0871 4620  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt        C:\Windows\system32\wbem\WMIsvc.dll
16:35:49.0887 4620  Winmgmt - ok
16:35:49.0933 4620  [ BCB1310604AA415C4508708975B3931E ] WinRM          C:\Windows\system32\WsmSvc.dll
16:35:49.0980 4620  WinRM - ok
16:35:50.0027 4620  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
16:35:50.0043 4620  WinUsb - ok
16:35:50.0074 4620  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc        C:\Windows\System32\wlansvc.dll
16:35:50.0089 4620  Wlansvc - ok
16:35:50.0214 4620  [ 98F138897EF4246381D197CB81846D62 ] wlidsvc        C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:35:50.0245 4620  wlidsvc - ok
16:35:50.0292 4620  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi        C:\Windows\system32\drivers\wmiacpi.sys
16:35:50.0292 4620  WmiAcpi - ok
16:35:50.0308 4620  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
16:35:50.0308 4620  wmiApSrv - ok
16:35:50.0323 4620  WMPNetworkSvc - ok
16:35:50.0339 4620  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
16:35:50.0355 4620  WPCSvc - ok
16:35:50.0370 4620  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
16:35:50.0386 4620  WPDBusEnum - ok
16:35:50.0401 4620  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl        C:\Windows\system32\drivers\ws2ifsl.sys
16:35:50.0417 4620  ws2ifsl - ok
16:35:50.0433 4620  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
16:35:50.0448 4620  wscsvc - ok
16:35:50.0448 4620  WSearch - ok
16:35:50.0511 4620  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
16:35:50.0542 4620  wuauserv - ok
16:35:50.0573 4620  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
16:35:50.0589 4620  WudfPf - ok
16:35:50.0620 4620  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
16:35:50.0635 4620  WUDFRd - ok
16:35:50.0667 4620  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc        C:\Windows\System32\WUDFSvc.dll
16:35:50.0667 4620  wudfsvc - ok
16:35:50.0682 4620  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc        C:\Windows\System32\wwansvc.dll
16:35:50.0698 4620  WwanSvc - ok
16:35:50.0713 4620  ================ Scan global ===============================
16:35:50.0745 4620  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
16:35:50.0776 4620  [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
16:35:50.0791 4620  [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
16:35:50.0807 4620  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
16:35:50.0823 4620  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
16:35:50.0823 4620  [Global] - ok
16:35:50.0823 4620  ================ Scan MBR ==================================
16:35:50.0854 4620  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
16:35:51.0088 4620  \Device\Harddisk0\DR0 - ok
16:35:51.0088 4620  ================ Scan VBR ==================================
16:35:51.0088 4620  [ 88246EC84101CE5E4A53BDAEB27D73CC ] \Device\Harddisk0\DR0\Partition1
16:35:51.0088 4620  \Device\Harddisk0\DR0\Partition1 - ok
16:35:51.0088 4620  [ 72F42BCF3E62F61ED4FA550A401132D3 ] \Device\Harddisk0\DR0\Partition2
16:35:51.0088 4620  \Device\Harddisk0\DR0\Partition2 - ok
16:35:51.0088 4620  ============================================================
16:35:51.0088 4620  Scan finished
16:35:51.0088 4620  ============================================================
16:35:51.0103 0988  Detected object count: 1
16:35:51.0103 0988  Actual detected object count: 1
16:35:59.0995 0988  USBAAPL64 ( UnsignedFile.Multi.Generic ) - skipped by user
16:35:59.0995 0988  USBAAPL64 ( UnsignedFile.Multi.Generic ) - User select action: Skip

markusg 11.01.2013 16:43
hi
combofix:
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

craphere 11.01.2013 17:32
Hier der Log Vom Combofix! Erstmal panik geschoben, da das ding mir erstmal jede internetverindung genommen hat und ich nichts lesen konnte ! Bin ja Nicht ganz pc doof aber Das hier übersteigt mein horizont check da nicht mal annähernd durch ;) !

Code:
ComboFix 13-01-11.01 - Lukas 11.01.2013  17:26:45.2.4 - x64
Microsoft Windows 7 Enterprise  6.1.7601.1.1252.49.1031.18.16364.13786 [GMT 1:00]
ausgeführt von:: c:\users\Lukas\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-12-11 bis 2013-01-11  ))))))))))))))))))))))))))))))
.
.
2013-01-11 16:29 . 2013-01-11 16:29        --------        d-----w-        c:\users\Default\AppData\Local\temp
2013-01-10 19:31 . 2013-01-10 19:31        --------        d-----w-        c:\programdata\HTC
2013-01-10 15:47 . 2013-01-10 15:47        76232        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{E861B26D-9E0C-45B6-AAF3-39288EF3C622}\offreg.dll
2013-01-10 15:29 . 2012-11-19 00:01        9125352        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{E861B26D-9E0C-45B6-AAF3-39288EF3C622}\mpengine.dll
2013-01-10 13:19 . 2013-01-10 13:19        --------        d-----w-        c:\users\Lukas\AppData\Local\Programs
2013-01-10 13:16 . 2013-01-10 13:16        2889        ----a-w-        c:\programdata\dsgsdgdsgdsgw.js
2013-01-09 02:25 . 2013-01-09 02:25        --------        d-----w-        c:\program files (x86)\AC Tool
2013-01-07 09:42 . 2013-01-07 09:42        --------        d-----w-        c:\program files\iPod
2013-01-07 09:42 . 2013-01-07 09:43        --------        d-----w-        c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-01-07 09:42 . 2013-01-07 09:43        --------        d-----w-        c:\program files\iTunes
2012-12-24 10:00 . 2012-12-24 10:39        --------        d-----w-        c:\users\Lukas\AppData\Roaming\ts3overlay_hook_win64
2012-12-16 21:11 . 2012-12-16 21:12        --------        d-----w-        c:\users\Lukas\AppData\Roaming\.minecraft
2012-12-16 15:43 . 2012-12-16 15:43        --------        d-----w-        c:\users\Lukas\AppData\Roaming\rigonauts
2012-12-16 15:40 . 2012-07-26 07:46        2560        ----a-w-        c:\windows\system32\drivers\de-DE\wdf01000.sys.mui
2012-12-16 15:40 . 2012-07-26 04:55        785512        ----a-w-        c:\windows\system32\drivers\Wdf01000.sys
2012-12-16 15:40 . 2012-07-26 04:55        54376        ----a-w-        c:\windows\system32\drivers\WdfLdr.sys
2012-12-16 15:40 . 2012-07-26 02:36        9728        ----a-w-        c:\windows\system32\Wdfres.dll
2012-12-16 15:38 . 2012-07-26 03:08        229888        ----a-w-        c:\windows\system32\WUDFHost.exe
2012-12-16 15:38 . 2012-07-26 03:08        84992        ----a-w-        c:\windows\system32\WUDFSvc.dll
2012-12-16 15:38 . 2012-07-26 03:08        744448        ----a-w-        c:\windows\system32\WUDFx.dll
2012-12-16 15:38 . 2012-07-26 03:08        45056        ----a-w-        c:\windows\system32\WUDFCoinstaller.dll
2012-12-16 15:38 . 2012-07-26 03:08        194048        ----a-w-        c:\windows\system32\WUDFPlatform.dll
2012-12-16 15:38 . 2012-07-26 02:26        87040        ----a-w-        c:\windows\system32\drivers\WUDFPf.sys
2012-12-16 15:38 . 2012-07-26 02:26        198656        ----a-w-        c:\windows\system32\drivers\WUDFRd.sys
2012-12-16 15:36 . 2012-08-31 18:19        1659760        ----a-w-        c:\windows\system32\drivers\ntfs.sys
2012-12-16 15:36 . 2012-11-09 05:45        2048        ----a-w-        c:\windows\system32\tzres.dll
2012-12-16 15:36 . 2012-11-09 04:42        2048        ----a-w-        c:\windows\SysWow64\tzres.dll
2012-12-16 15:36 . 2012-10-09 18:17        55296        ----a-w-        c:\windows\system32\dhcpcsvc6.dll
2012-12-16 15:36 . 2012-10-09 18:17        226816        ----a-w-        c:\windows\system32\dhcpcore6.dll
2012-12-16 15:36 . 2012-10-09 17:40        44032        ----a-w-        c:\windows\SysWow64\dhcpcsvc6.dll
2012-12-16 15:36 . 2012-10-09 17:40        193536        ----a-w-        c:\windows\SysWow64\dhcpcore6.dll
2012-12-16 15:34 . 2012-08-24 18:05        220160        ----a-w-        c:\windows\system32\wintrust.dll
2012-12-16 15:34 . 2012-08-24 16:57        172544        ----a-w-        c:\windows\SysWow64\wintrust.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-14 15:49 . 2012-09-24 16:25        24176        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-12-12 15:47 . 2012-12-12 15:47        95208        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-12-12 15:47 . 2012-12-12 15:47        746984        ----a-w-        c:\windows\SysWow64\deployJava1.dll
2012-12-12 15:47 . 2012-12-12 15:47        821736        ----a-w-        c:\windows\SysWow64\npDeployJava1.dll
2012-12-12 15:36 . 2012-04-25 14:44        73656        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-12 15:36 . 2012-04-25 14:44        697272        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-09 15:45 . 2012-04-30 06:28        281520        ----a-w-        c:\windows\SysWow64\PnkBstrB.xtr
2012-12-09 15:45 . 2012-04-30 05:09        281520        ----a-w-        c:\windows\SysWow64\PnkBstrB.exe
2012-12-09 15:45 . 2012-04-30 05:09        280904        ----a-w-        c:\windows\SysWow64\PnkBstrB.ex0
2012-11-19 19:17 . 2012-04-30 05:09        76888        ----a-w-        c:\windows\SysWow64\PnkBstrA.exe
2012-11-18 00:46 . 2009-08-18 11:49        564632        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2012-11-18 00:45 . 2009-08-18 10:24        19696        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-10-16 08:38 . 2012-12-16 15:35        135168        ----a-w-        c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-12-16 15:35        350208        ----a-w-        c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-12-16 15:35        561664        ----a-w-        c:\windows\apppatch\AcLayers.dll
2012-10-13 19:56 . 2012-10-13 19:56        283200        ----a-w-        c:\windows\system32\drivers\dtsoftbus01.sys
2012-04-24 21:43 . 2012-04-24 21:43        0        ----a-w-        c:\program files\nsy5591.tmp
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0F3DC9E0-C459-4a40-BCF8-747BD9322E10}"= "c:\program files (x86)\DeviceVM\SmartView\AddressBarSearch.dll" [2010-09-02 162080]
.
[HKEY_CLASSES_ROOT\clsid\{0f3dc9e0-c459-4a40-bcf8-747bd9322e10}]
[HKEY_CLASSES_ROOT\AddressBarSearch.SearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{4E8E0178-00EF-413d-9324-E7B3E31572E3}]
[HKEY_CLASSES_ROOT\AddressBarSearch.SearchHook]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\data\Progamme\Steam\steam.exe" [2012-12-01 1354736]
"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2011-12-05 393216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"XFastUsb"="c:\program files (x86)\XFastUsb\XFastUsb.exe" [2012-04-24 4942336]
"SmartViewAgent"="c:\program files (x86)\DeviceVM\SmartView\SmartViewAgent.exe" [2010-09-02 948504]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-09-28 642728]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"iTunesHelper"="c:\data\Progamme\itunes\iTunesHelper.exe" [2012-12-12 152544]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
.
R2 AODDriver4.01;AODDriver4.01;c:\program files\ATI\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R3 FNETTBOH_305;FNETTBOH_305;c:\windows\system32\drivers\FNETTBOH_305.SYS [2012-04-25 31808]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S1 AsrAppCharger;AsrAppCharger;c:\windows\system32\DRIVERS\AsrAppCharger.sys [2011-05-10 17192]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-10-13 283200]
S1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [2012-04-24 15936]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-09-28 239616]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-09-28 361984]
S2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-04-09 57472]
S2 SmartViewService;SmartView service;c:\program files (x86)\DeviceVM\SmartView\SmartViewService.exe [2010-09-02 125216]
S2 WCUService_STC_IE;Splashtop Connect IE Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe [2011-03-22 497480]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-03-04 126952]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-03-04 390632]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [2009-11-17 32344]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-04-21 471144]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-10-19 39480]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 11670323
*NewlyCreated* - 27941410
*Deregistered* - 11670323
*Deregistered* - 27941410
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-05-18 11855976]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2009-08-13 415752]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2009-08-13 4195848]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\1zop6hfg.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/?ref=logo
FF - ExtSQL: 2012-12-08 21:39; {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}; c:\users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\1zop6hfg.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi
FF - ExtSQL: 2012-12-12 17:52; ich@maltegoetz.de; c:\users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\1zop6hfg.default\extensions\ich@maltegoetz.de
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2918150296-1997832558-1535474348-1000\Software\SecuROM\License information*]
"datasecu"=hex:de,53,60,83,da,87,3b,a6,4e,1e,09,c1,88,11,9a,4e,1f,b5,d3,05,0f,
  a6,43,5b,3f,d0,77,6b,3c,4a,88,61,6e,46,1d,ea,05,d9,a3,29,2b,f3,ae,2a,37,b1,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-01-11  17:31:03
ComboFix-quarantined-files.txt  2013-01-11 16:31
.
Vor Suchlauf: 14 Verzeichnis(se), 470.315.966.464 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 470.255.788.032 Bytes frei
.
- - End Of File - - 597E871DE48097FD24A8DB1D0E55E07D

markusg 11.01.2013 19:49
Hi
lade den CCleaner standard:
CCleaner - Download - Filepony
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.

craphere 11.01.2013 21:33
Code:
AC Tool                09.01.2013                Notwendig
Acrobat.com        Adobe Systems Incorporated        24.04.2012                1.1.377 Notwendig
Adobe AIR        Adobe Systems Inc.        24.04.2012                1.0.4990
Adobe Flash Player 11 Plugin        Adobe Systems Incorporated        12.12.2012        6,00MB        11.5.502.135
Adobe Reader 9.5.2        Adobe Systems Incorporated        13.12.2012        103MB        9.5.2
Adobe Shockwave Player 11.6        Adobe Systems, Inc.        28.10.2012                11.6.8.638
AION Free-To-Play        Gameforge        22.06.2012        22,6MB        2.70.0000  unnötig
AION Free-To-Play PTS        Gameforge        12.07.2012        22,6MB        3.00.0000  unnötig
AMD Catalyst Install Manager        Advanced Micro Devices, Inc.        23.10.2012        26,3MB        8.0.891.0  Notwendig
Apple Application Support        Apple Inc.        10.12.2012        65,0MB        2.3.2  Notwendig 
Apple Mobile Device Support        Apple Inc.        10.12.2012        25,1MB        6.0.1.3        Notwendig
Apple Software Update        Apple Inc.        27.04.2012        2,38MB        2.1.3.127          Notwendig
ArcaniA – Gothic 4        Spellbound Studios        11.10.2012                          Notwendig
Arcania: Fall of Setarrif        Spellbound Studios        11.10.2012                Notwendig
Asmedia ASM104x USB 3.0 Host Controller Driver        Asmedia Technology        24.04.2012        2,22MB        1.10.1.0  Notwendig
ASRock App Charger v1.0.5        ASRock Inc.        24.04.2012        1,32MB        Notwendig
ASRock eXtreme Tuner v0.1.91                24.04.2012        16,6MB        Notwendig
ASRock InstantBoot v1.28                24.04.2012                    unnötig
Battlefield 3™        Electronic Arts        19.11.2012                1.4.0.0        Notwendig
Battlefield Play4Free (Lukas)        EA Digital illusions        21.09.2012                unnötig
BattleForge™        Electronic Arts        09.07.2012        88,4MB        1.0.0.0  unnötig
Battlelog Web Plugins        EA Digital Illusions CE AB        20.11.2012                2.1.2  Notwendig
Blacklight Retribution        Perfect World Entertainment        30.04.2012                1.00.9500  Notwendig
Bonjour        Apple Inc.        27.04.2012        2,00MB        3.0.0.10  unnötig
Borderlands        Gearbox Software        28.07.2012                Notwendig
BOSS        BOSS Development Team        04.08.2012                2.0.0 unnötig
BRINK        Splash Damage        14.07.2012                Notwendig
Bunch Of Heroes                23.09.2012                Notwendig
Castle Crashers                26.11.2012                  Notwendig
CCleaner        Piriform        19.12.2012                3.26      notwendig?
Cheat Engine 6.2        Dark Byte        24.06.2012        27,0MB        unnötig
Counter-Strike        Valve        24.04.2012                Notwendig
Counter-Strike: Global Offensive Beta                15.08.2012        Notwendig       
Counter-Strike: Source        Valve        12.07.2012                Notwendig
CryEngine(R)2 Sandbox(TM)2        Electronic Arts        08.09.2012        39,1MB        1.00.0000  Notwendig
Crysis        Crytek        11.09.2012                Notwendig
Crysis 2 Maximum Edition        Electronic Arts        09.09.2012                Notwendig
Crysis Warhead        Crytek        10.09.2012                Notwendig
DAEMON Tools Lite        DT Soft Ltd        13.10.2012                4.45.4.0314 unnötig
Dota 2                25.04.2012                Notwendig
DUNGEONS - Steam Special Edition        Realmforge Studios        12.08.2012        unnötig       
DUNGEONS - The Dark Lord (Steam Special Edition)                12.08.2012        unnötig       
ESN Sonar        ESN Social Software AB        20.11.2012                0.70.4 unbekannt
Fallout: New Vegas        Bethesda Softworks        14.07.2012                unnötig
GameSpy Comrade        GameSpy        07.09.2012        19,0MB        1.5.0.156 unnötig
Garry's Mod        Team Garry        12.07.2012                Notwendig
Garry's Mod 13 Beta        TEAM GARRY        24.08.2012        Notwendig       
GIMP 2.8.2        The GIMP Team        04.09.2012        244MB        2.8.2    unnötig
Global Agenda        Hi-Rez Studios        26.04.2012        Notwendig       
Gothic                11.10.2012                Notwendig
Gothic 3        Piranha Bytes        11.10.2012        Notwendig       
Gothic II: Gold Edition        Piranha Bytes        11.10.2012        Notwendig       
Grand Theft Auto IV        Rockstar        08.11.2012        Notwendig       
Hitman: Contracts        Eidos        11.09.2012        unnötig       
Homefront        THQ        06.10.2012                unnötig
HP Deskjet 2050 J510 series - Grundlegende Software für das Gerät        Hewlett-Packard Co.        12.12.2012        102MB        28.0.1313.0 Notwendig
Hunted: The Demon's Forge        Bethesda        15.07.2012        Notwendig       
Hydrophobia: Prophecy        Dark Energy Digital        04.09.2012        Notwendig       
iTunes        Apple Inc.        07.01.2013        189MB        11.0.1.12      Notwendig
Java 7 Update 9        Oracle        12.12.2012        128MB        7.0.90          Notwendig
Just Cause 2        Avalanche Studios        24.08.2012                Notwendig
Killing Floor        Tripwire Interactive        29.10.2012                Notwendig
Killing Floor Mod: Defence Alliance 2                29.10.2012        Notwendig       
LIMBO                28.12.2012                                        Notwendig
Logitech GamePanel Software 3.03.133        Logitech Inc.        09.11.2012        53,8MB        3.03.133      Notwendig
Malwarebytes Anti-Malware Version 1.70.0.1100        Malwarebytes Corporation        10.01.2013        18,4MB        1.70.0.1100    Notwendig ????
Metro 2033        THQ        06.10.2012                Notwendig
Microsoft .NET Framework 1.1        Microsoft        07.09.2012        34,8MB        1.1.4322                Notwendig
Microsoft .NET Framework 4 Client Profile        Microsoft Corporation        02.01.2011        38,8MB        4.0.30319        Notwendig
Microsoft .NET Framework 4 Client Profile DEU Language Pack        Microsoft Corporation        02.01.2011        2,93MB        4.0.30319        Notwendig
Microsoft .NET Framework 4 Extended DEU Language Pack        Microsoft Corporation        25.04.2012        10,6MB        4.0.30319        Notwendig
Microsoft Games for Windows - LIVE        Microsoft Corporation        09.11.2012        8,31MB        3.1.186.0  unnötig
Microsoft Games for Windows - LIVE Redistributable        Microsoft Corporation        18.11.2012        31,3MB        3.5.92.0    unnötig
Microsoft Visual C++ 2005 Redistributable        Microsoft Corporation        09.07.2012        298KB        8.0.59193    Notwendig
Microsoft Visual C++ 2005 Redistributable (x64)        Microsoft Corporation        11.09.2012        708KB        8.0.56336    Notwendig
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17        Microsoft Corporation        25.04.2012        252KB        9.0.30729        Notwendig
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148        Microsoft Corporation        24.04.2012        788KB        9.0.30729.4148    Notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022        Microsoft Corporation        12.08.2012        1,42MB        9.0.21022          Notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17        Microsoft Corporation        14.07.2012        240KB        9.0.30729      Notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148        Microsoft Corporation        24.04.2012        596KB        9.0.30729.4148  Notwendig
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319        Microsoft Corporation        24.04.2012        13,6MB        10.0.30319      Notwendig
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219        Microsoft Corporation        14.07.2012        11,1MB        10.0.40219        Notwendig       
Microsoft XNA Framework Redistributable 4.0        Microsoft Corporation        25.04.2012        9,17MB        4.0.20823.0                Notwendig       
Mirror's Edge        DICE        24.08.2012                Notwendig       
Mozilla Firefox 15.0 (x86 en-US)        Mozilla        30.08.2012        159GB        15.0 notwedig
Mozilla Maintenance Service        Mozilla        30.08.2012        327KB        15.0  unbekannt
NC Launcher (GameForge)        NCsoft        22.06.2012                unnötig
Need For Speed™ World        Electronic Arts        09.07.2012        13,5MB        1.0.0.991unnötig
Nexuiz        IllFonic        15.08.2012                unnötig
Nexus Mod Manager        Black Tree Gaming        04.08.2012        13,4MB        0.19.0 unnötig
NVIDIA PhysX        NVIDIA Corporation        30.04.2012        78,9MB        9.10.0513 unnötig
OpenAL                04.09.2012                unnötig
Origin        Electronic Arts, Inc.        18.11.2012                9.0.15.65        Notwendig
Pando Media Booster        Pando Networks Inc.        29.04.2012        5,46MB        2.6.0.7        Notwendig
Philips SPZ3000 Webcam        Philips        16.05.2012                2.1unnötig
Philips ToUcam Fun Camera                16.05.2012                unnötig
Philips ToUcam Pro Camera                16.05.2012                unnötig
PL-2303 USB-to-Serial                23.05.2012                unnötig
PunkBuster Services        Even Balance, Inc.        19.11.2012                0.991 unbekannt
Realm of the Mad God                31.07.2012                unnötig
Realtek Ethernet Controller Driver        Realtek        24.04.2012                7.44.421.2011                Notwendig
Realtek High Definition Audio Driver        Realtek Semiconductor Corp.        24.04.2012                6.0.1.6378                Notwendig
Rigonauts                16.12.2012        Notwendig       
Roll                13.10.2012                Unbekannt
Skype™ 6.0        Skype Technologies S.A.        22.11.2012        20,3MB        6.0.126          Notwendig
SmartView for IE        DeviceVM, Inc.        24.04.2012                1.0.4.1    unnötig
Steam        Valve Corporation        25.04.2012        1,59MB        1.0.0.0          Notwendig
Super Monday Night Combat                26.04.2012                unnötig
TeamSpeak 3 Client        TeamSpeak Systems GmbH        25.04.2012                3.0.6        Notwendig
Terraria                25.04.2012                Notwendig
The Binding of Isaac                22.06.2012                Notwendig
The Elder Scrolls V: Skyrim        Bethesda Game Studios        14.07.2012                Notwendig
Torchlight II                27.09.2012                Notwendig
Waveform                02.09.2012                Notwendig
Windows Live ID Sign-in Assistant        Microsoft Corporation        18.11.2012        10,0MB        6.500.3165.0    unnötig
Windows-Treiberpaket - Philips (spc999) Image  (12/14/2009 1.00.0.0000)        Philips        16.05.2012                12/14/2009 1.00.0.0000  ubekannt
Windows-Treiberpaket - Philips (VM20d7) Image  (08/02/2010 300.2000.4001.07)        Philips        16.05.2012                08/02/2010 300.2000.4001.07 unbekannt
Windows-Treiberpaket - Philips CL (phaudlwr) MEDIA  (05/20/2009 1.0.5.12)        Philips CL        16.05.2012                05/20/2009 1.0.5.12 unbekannt
Windows-Treiberpaket - Philips USB  (12/14/2009 1.00.0.0000)        Philips        16.05.2012                12/14/2009 1.00.0.0000 unbekannt  treiber webcam ?
WinRAR 4.11 (64-Bit)        win.rar GmbH        25.04.2012                4.11.0        Notwendig
XFastUsb                24.04.2012                unnötig
xrecode II 1.0.0.195                13.10.2012        24,4MB Unbekannt

markusg 11.01.2013 21:41
wieso ist nur die Hälfte beschriftet?

craphere 11.01.2013 21:43
-> edit kommt...

Edit kommt sofort--

Bin soweit, sollte alles beschriftet sein , sry hatte die halbe anweisung überlesen..

craphere 14.01.2013 22:25
Bump

markusg 15.01.2013 21:13
deinstaliere:
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden, instalieren.
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen

bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok



deinstaliere:
AION : alle
BOSS
Cheat
DAEMON
DUNGEONS : alle
ESN
Fallout:
GameSpy
GIMP
Hitman:
Homefront
Java
downloade Java jre:
Java-Downloads für alle Betriebssysteme
klicke:
Download der Java-Software für Windows Offline
laden, und instalieren
deinstaliere:
Need
NC
Nexuiz
Nexus
Philips : alle
PL
Realm
SmartView
Super
Windows Live
XFastUsb
xrecode

öffne CCleaner, analysieren starten, pc neustarten.
Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste
    mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

craphere 16.01.2013 22:07
Hier der Log vom ADWC



Code:
# AdwCleaner v2.105 - Datei am 16/01/2013 um 22:06:53 erstellt
# Aktualisiert am 08/01/2013 von Xplode
# Betriebssystem : Windows 7 Enterprise Service Pack 1 (64 bits)
# Benutzer : Lukas - LUKASTOWER
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Lukas\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0E5680D1-BF44-4929-94AF-FD30D784AD1D}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0E5680D1-BF44-4929-94AF-FD30D784AD1D}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16450

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v15.0 (en-US)

Datei : C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\1zop6hfg.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [963 octets] - [16/01/2013 22:06:53]

########## EOF - C:\AdwCleaner[R1].txt - [1022 octets] ##########

markusg 16.01.2013 22:11
Hi,


Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Schließe
    alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein
    Rechner wird neu gestartet, je nach Schwere der Infektion auch mehrmals - das ist normal. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den
    Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x = fortlaufende Nummer)

neustarten, teste bitte, wie der PC + Programme wie Browser laufen


Alle Zeitangaben in WEZ +1. Es ist jetzt 10:31 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131