Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Add box in left corner

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Add box in left corner

Unread postby samweb » May 5th, 2012, 11:47 am

Hi i have problem with my computer.
Since a few days a little advertisment box appears in the right corner of all browsers (also at websites where i definetly know that they don`t have adds).
I would be glad if you could help me :)
Greetings
Samuel

Here are the two logs:
DDS.txt

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Samuel 2 at 17:36:19 on 2012-05-05
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4094.1841 [GMT 2:00]
.
AV: Kaspersky Internet Security *Enabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
SP: Kaspersky Internet Security *Enabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security *Enabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
c:\xampp\apache\bin\httpd.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\EPSON Projector\EPSON USB Display V1.4\EMP_UDSA.exe
C:\PROGRA~2\WinTV\TVServer\HAUPPA~1.EXE
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\MouseWithoutBorders.exe
C:\PROGRA~2\WinTV\TVServer\CAPTUR~4.EXE
C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\MouseWithoutBorders.exe
C:\Windows\system32\taskhost.exe
c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\xampp\mysql\bin\mysqld.exe
C:\xampp\apache\bin\httpd.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\SysWOW64\STGRAMDiskHandler64.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\DDHelper.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\Zune\ZuneLauncher.exe
C:\ProgramData\Macrovision\FLEXnet Connect\11\ISUSPM.exe
C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe
C:\Users\Samuel 2\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\Samuel 2\AppData\Roaming\Spotify\spotify.exe
C:\Users\Samuel 2\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Steganos Privacy Suite 12\SteganosBrowserMonitor.exe
C:\Program Files (x86)\WinTV\Ir.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
C:\Users\Samuel 2\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Steganos Privacy Suite 12\SteganosHotKeyService.exe
C:\Program Files (x86)\Steganos Privacy Suite 12\fredirstarter.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\hijackthis\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\RunDll32.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
uInternet Settings,ProxyOverride = <local>
mWinlogon: Userinit=userinit.exe
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID-Anmelde-Hilfsprogramm: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: SMTTB2009 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - C:\Program Files (x86)\Pivot Stickfigure Toolbar\tbcore3.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Steganos Password Manager Toolbar: {9c65d12d-cf9d-454d-8049-61965d8c6fff} - C:\Program Files (x86)\Steganos Privacy Suite 12\SPMIEToolbar.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: Developer Tools: {1a6fe369-f28c-4ad9-a3e6-2bcb50807cf1} - C:\Program Files (x86)\Internet Explorer\iedvtool.dll
uRun: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\11\ISUSPM.exe" -scheduler
uRun: [ManyCam] "C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe" /silent
uRun: [Akamai NetSession Interface] "C:\Users\Samuel 2\AppData\Local\Akamai\netsession_win.exe"
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [AdobeBridge]
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [Spotify] "C:\Users\Samuel 2\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
uRun: [SSS12 Browser Monitor] "C:\Program Files (x86)\Steganos Privacy Suite 12\SteganosBrowserMonitor.exe"
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [EPSON_UD_START] "C:\Program Files (x86)\EPSON Projector\EPSON USB Display V1.4\EMP_UD.exe" -UDCONNECT
mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SSS12 HotKeys] "C:\Program Files (x86)\Steganos Privacy Suite 12\SteganosHotKeyService.exe"
mRun: [SSS12 File Redirection Starter] "C:\Program Files (x86)\Steganos Privacy Suite 12\fredirstarter.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [<NO NAME>]
StartupFolder: C:\Users\SAMUEL~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Samuel 2\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\SAMUEL~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AUTOST~1.LNK - C:\Program Files (x86)\WinTV\Ir.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
IE: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
IE: Nach Microsoft E&xel exportieren - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {024538B9-3F39-49FF-9503-975F743210FA} - {9C65D12D-CF9D-454d-8049-61965D8C6FFF} - C:\Program Files (x86)\Steganos Privacy Suite 12\SPMIEToolbar.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{4F6F725C-584D-4E5C-AE21-C7EC5D37ABCC} : DhcpNameServer = 192.168.178.1
TCP: Interfaces\{4F6F725C-584D-4E5C-AE21-C7EC5D37ABCC}\0527F66756E63656 : DhcpNameServer = 192.168.178.1
TCP: Interfaces\{4F6F725C-584D-4E5C-AE21-C7EC5D37ABCC}\64259445A51224F6870264F6E60275C414E4027353730302674435C4 : DhcpNameServer = 192.168.178.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
{0347C33E-8762-4905-BF09-768834316C61}
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}
{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{9FDDE16B-836F-4806-AB1F-1455CBEFF289}
{AE7CD045-E861-484f-8273-0445EE161910}
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
{d2ce3e00-f94a-4740-988e-03dc2f38c34f}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
{E33CF602-D945-461A-83F0-819F76A199F8}
{F4971EE7-DAA0-4053-9964-665D8EE6A077}
{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}
{8dcb7100-df86-4384-8842-8fa844297b3f}
{47833539-D0C5-4125-9FA8-0819E2EAAC93}
{9C65D12D-CF9D-454D-8049-61965D8C6FFF}
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
EB-X64: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - No File
mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun-x64: [EPSON_UD_START] "C:\Program Files (x86)\EPSON Projector\EPSON USB Display V1.4\EMP_UD.exe" -UDCONNECT
mRun-x64: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe"
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SSS12 HotKeys] "C:\Program Files (x86)\Steganos Privacy Suite 12\SteganosHotKeyService.exe"
mRun-x64: [SSS12 File Redirection Starter] "C:\Program Files (x86)\Steganos Privacy Suite 12\fredirstarter.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [(Standard)]
Hosts: 68.168.222.226 http://www.google-analytics.com.
Hosts: 68.168.222.226 ad-emea.doubleclick.net.
Hosts: 68.168.222.226 http://www.statcounter.com.
Hosts: 108.163.215.51 http://www.google-analytics.com.
Hosts: 108.163.215.51 ad-emea.doubleclick.net.
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Samuel 2\AppData\Roaming\Mozilla\Firefox\Profiles\kep8s61o.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Sony\Media Go\npmediago.dll
FF - plugin: C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll
FF - plugin: C:\Program Files (x86)\Virtual Earth 3D\npVE3D.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\Microsoft\Web Platform Installer\NPWPIDetector.dll
FF - plugin: C:\Users\Samuel 2\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\Samuel 2\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Users\Samuel 2\AppData\Roaming\Mozilla\plugins\npMeetingJoinPluginAOCUser.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 kl2;kl2;C:\Windows\system32\DRIVERS\kl2.sys --> C:\Windows\system32\DRIVERS\kl2.sys [?]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys --> C:\Windows\system32\DRIVERS\klim6.sys [?]
R1 SLEE_17_DRIVER;Steganos Live Encryption Engine 17 [Driver];C:\Windows\SleeN1764.sys [2010-2-17 108256]
R1 STGMFEngine64;Steganos RAM Disk Engine 64 Bit [Driver];\??\C:\Windows\system32\drivers\STGMFEngine64.sys --> C:\Windows\system32\drivers\STGMFEngine64.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 acedrv11;acedrv11;\??\C:\Windows\system32\drivers\acedrv11.sys --> C:\Windows\system32\drivers\acedrv11.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2009-12-3 92160]
R2 Apache2.2;Apache2.2;C:\xampp\apache\bin\httpd.exe [2011-9-10 18432]
R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [2011-4-25 202296]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
R2 EMP_UDSA;EMP_UDSA;C:\Program Files (x86)\EPSON Projector\EPSON USB Display V1.4\EMP_UDSA.exe [2010-6-17 98304]
R2 HauppaugeTVServer;HauppaugeTVServer;C:\PROGRA~2\WinTV\TVServer\HAUPPA~1.EXE [2009-12-25 434176]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2009-12-2 656624]
R2 Steganos Volatile Disk;Steganos Volatile Disk;C:\Windows\System32\STGRAMDiskHandler64.exe [2010-7-8 450560]
R2 TeamViewer5;TeamViewer 5;C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-7-6 173352]
R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-3-19 2666880]
R3 hcw17bda;Hauppauge SMS1000-based;C:\Windows\system32\drivers\hcw17bda.sys --> C:\Windows\system32\drivers\hcw17bda.sys [?]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\system32\DRIVERS\klmouflt.sys --> C:\Windows\system32\DRIVERS\klmouflt.sys [?]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
R3 LVUVC64;Logitech Webcam 300(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\Windows\system32\DRIVERS\ManyCam_x64.sys --> C:\Windows\system32\DRIVERS\ManyCam_x64.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 teamviewervpn;TeamViewer VPN Adapter;C:\Windows\system32\DRIVERS\teamviewervpn.sys --> C:\Windows\system32\DRIVERS\teamviewervpn.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-7 135664]
S2 MouseWithoutBordersSvc;Mouse without Borders Service;C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\MouseWithoutBordersSvc.exe [2011-8-31 17920]
S2 MsDepSvc;Web Deployment Agent Service;C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2011-9-8 75592]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-9 257696]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 gupdatem;Google Update-Dienst (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-7 135664]
S3 lvpopf64;Logitech POP Suppression Filter;C:\Windows\system32\DRIVERS\lvpopf64.sys --> C:\Windows\system32\DRIVERS\lvpopf64.sys [?]
S3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\system32\DRIVERS\LVPr2M64.sys --> C:\Windows\system32\DRIVERS\LVPr2M64.sys [?]
S3 MemoryStatus;MemoryStatus;C:\servicetest.exe [2012-1-4 29184]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 129976]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 VBoxUSB;VirtualBox USB;C:\Windows\system32\Drivers\VBoxUSB.sys --> C:\Windows\system32\Drivers\VBoxUSB.sys [?]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\Zune\WMZuneComm.exe [2011-8-5 306400]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-05-04 17:52:02 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-04 17:06:37 -------- d-----w- C:\Users\Samuel 2\AppData\Roaming\Malwarebytes
2012-05-04 17:06:22 -------- d-----w- C:\ProgramData\Malwarebytes
2012-05-04 13:42:35 8917360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{05257185-16A8-4DE4-9619-2591649A17F4}\mpengine.dll
2012-05-03 19:59:21 -------- d-----w- C:\Users\Samuel 2\AppData\Local\{24ACB722-ACF8-4ED2-9610-E49F281D8F1C}
2012-04-25 11:39:02 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2012-04-25 11:38:32 157352 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-04-25 11:38:32 129976 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-04-23 18:04:39 -------- d-----w- C:\Users\Samuel 2\AppData\Roaming\GetRightToGo
2012-04-23 17:59:59 -------- d-----w- C:\Users\Samuel 2\AppData\Roaming\Microsoft SQL Server Migration Assistant
2012-04-23 17:59:59 -------- d-----w- C:\Microsoft SQL Server Migration Assistant for MySQL
2012-04-22 16:50:28 -------- d-----w- C:\Program Files (x86)\DRPU Database Converter - MySQL to MS SQL (Demo)
2012-04-21 19:57:46 -------- d-----w- C:\Program Files (x86)\Microsoft WebMatrix
2012-04-13 16:38:10 -------- d-----w- C:\php
2012-04-12 23:10:41 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-04-12 23:10:40 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-04-12 23:10:40 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-04-12 23:05:08 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-04-12 23:05:08 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-04-12 23:05:07 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-04-12 23:05:05 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-04-12 23:05:05 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-04-12 23:05:05 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-04-12 23:05:05 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-04-12 18:25:49 -------- d-----w- C:\Users\Samuel 2\facebook
2012-04-10 21:55:34 -------- d-----w- C:\Windows\System32\drivers\UMDF\ko-KR
2012-04-10 21:55:30 -------- d-----w- C:\Windows\System32\drivers\UMDF\ms-MY
2012-04-10 21:55:27 -------- d-----w- C:\Windows\System32\drivers\UMDF\id-ID
2012-04-10 21:55:23 -------- d-----w- C:\Windows\System32\drivers\UMDF\sv-SE
2012-04-10 21:55:19 -------- d-----w- C:\Windows\System32\drivers\UMDF\nb-NO
2012-04-10 21:55:15 -------- d-----w- C:\Windows\System32\drivers\UMDF\hu-HU
2012-04-10 21:55:09 -------- d-----w- C:\Windows\System32\drivers\UMDF\fi-FI
2012-04-10 21:55:06 -------- d-----w- C:\Windows\System32\drivers\UMDF\el-GR
2012-04-10 21:55:03 -------- d-----w- C:\Windows\System32\drivers\UMDF\da-DK
2012-04-10 21:54:59 -------- d-----w- C:\Windows\System32\drivers\UMDF\cs-CZ
2012-04-10 21:54:56 -------- d-----w- C:\Windows\System32\drivers\UMDF\zh-TW
2012-04-10 21:54:50 -------- d-----w- C:\Windows\System32\drivers\UMDF\ru-RU
2012-04-10 21:54:47 -------- d-----w- C:\Windows\System32\drivers\UMDF\pl-PL
2012-04-10 21:54:40 -------- d-----w- C:\Windows\System32\drivers\UMDF\zh-CN
2012-04-10 21:54:36 -------- d-----w- C:\Windows\System32\drivers\UMDF\ja-JP
2012-04-10 21:54:33 -------- d-----w- C:\Windows\System32\drivers\UMDF\pt-BR
2012-04-10 21:54:29 -------- d-----w- C:\Windows\System32\drivers\UMDF\pt-PT
2012-04-10 21:54:26 -------- d-----w- C:\Windows\System32\drivers\UMDF\nl-NL
2012-04-10 21:54:22 -------- d-----w- C:\Windows\System32\drivers\UMDF\it-IT
2012-04-10 21:54:14 -------- d-----w- C:\Windows\System32\drivers\UMDF\fr-FR
2012-04-10 21:54:08 -------- d-----w- C:\Windows\System32\drivers\UMDF\es-ES
2012-04-10 21:52:35 -------- d-----w- C:\Windows\System32\drivers\UMDF\en-US
2012-04-09 12:15:11 8744608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-04-09 11:24:06 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-04-07 09:32:41 388096 ----a-r- C:\Users\Samuel 2\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-04-07 08:57:13 -------- d-----w- C:\Program Files (x86)\Common Files\Steganos
2012-04-07 08:57:01 -------- d-----w- C:\Program Files (x86)\Steganos Privacy Suite 12
2012-04-07 08:53:11 -------- d-----w- C:\Users\Samuel 2\AppData\Roaming\Steganos
.
==================== Find3M ====================
.
2012-05-04 19:15:23 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-08 13:44:02 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-23 08:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-02-17 06:38:26 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-02-17 05:34:22 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-02-17 04:58:24 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-02-17 04:57:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-02-07 09:02:40 1070352 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
.
============= FINISH: 17:39:21,62 ===============


Attach.txt
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 07.12.2009 18:22:12
System Uptime: 05.05.2012 17:17:47 (0 hours ago)
.
Motherboard: Dell Inc. | | 0N826N
Processor: Intel(R) Core(TM)2 Quad CPU Q8300 @ 2.50GHz | Socket 775 | 2498/333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 921 GiB total, 344,123 GiB free.
D: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Realtek PCIe FE Family Controller
Device ID: PCI\VEN_10EC&DEV_8136&SUBSYS_02E01028&REV_02\4&22F9660C&0&00E5
Manufacturer: Realtek
Name: Realtek PCIe FE Family Controller
PNP Device ID: PCI\VEN_10EC&DEV_8136&SUBSYS_02E01028&REV_02\4&22F9660C&0&00E5
Service: RTL8167
.
==== System Restore Points ===================
.
RP452: 17.04.2012 15:48:32 - Windows Update
RP453: 23.04.2012 19:59:17 - Installed Microsoft SQL Server Migration Assistant for MySQL
RP454: 24.04.2012 15:06:32 - Windows Update
RP455: 01.05.2012 18:07:09 - Windows Update
RP456: 03.05.2012 14:52:51 - Windows Update
RP457: 03.05.2012 14:56:35 - Windows Update
.
==== Hosts File Hijack ======================
.
Hosts: 68.168.222.226 http://www.google-analytics.com.
Hosts: 68.168.222.226 ad-emea.doubleclick.net.
Hosts: 68.168.222.226 http://www.statcounter.com.
Hosts: 108.163.215.51 http://www.google-analytics.com.
Hosts: 108.163.215.51 ad-emea.doubleclick.net.
Hosts: 108.163.215.51 http://www.statcounter.com.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Adobe Acrobat X Pro - English, Français, Deutsch
Adobe AIR
Adobe Community Help
Adobe Content Viewer
Adobe Creative Suite 5.5 Design Standard
Adobe Download Assistant
Adobe Edge Preview
Adobe Photoshop CS5.1
Adobe Reader X (10.1.3) - Deutsch
Adobe Widget Browser
Advertising Center
Akamai NetSession Interface
Akamai NetSession Interface Service
AnimatorDV Simple+ 9.02
Apple Application Support
Apple Software Update
Ask Toolbar Updater
Audacity 1.2.6
Aurora 8.0a2 (x86 en-US)
Babylon toolbar on IE
Bing API 2.0 SDK
Bing Bar
Bing Bar Platform
Bitcoin
BlueJ 3.0.4
BufferChm
Bus-Simulator 2009
CameraHelperMsi
CamStudio
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
D1400
D1400_Help
D3DX10
DarkWave Studio 3.2.9
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell Driver Download Manager
Dell Getting Started Guide
Dell Support Center (Support Software)
Dev-C++ 5 beta 9 release (4.9.9.2)
DeviceDiscovery
dj_sf_ProductContext
dj_sf_software
dj_sf_software_req
DMXControl 2.11
Dropbox
DRPU Database Converter - MySQL to MS SQL (Demo)
DS-MP3 Source 1.30
DVDStyler v1.8.3
DzSoft Perl Editor 5.8.7
EasyBits GO
EPSON USB Display
erLT
eSpeak version 1.45.05
Facebook Video Calling 1.2.0.159
Feedback Tool
FileAlyzer 2
FileZilla Client 3.5.3
fotobook Maker 2.1
FreeMind
GIMP 2.4.2
Git version 1.7.7-preview20111014
GnuWin32: Grep-2.5.4
Google Chrome
Google Earth
Google SketchUp 8
Google Update Helper
GPBaseService2
Hauppauge WinTV 7
Hauppauge WinTV Infrared Remote
Hex-Editor MX
HiJackThis
Hotfix für Microsoft Visual C++ 2008 Express Edition mit SP1 - DEU (KB945282)
Hotfix für Microsoft Visual C++ 2008 Express Edition mit SP1 - DEU (KB946040)
Hotfix für Microsoft Visual C++ 2008 Express Edition mit SP1 - DEU (KB946308)
Hotfix für Microsoft Visual C++ 2008 Express Edition mit SP1 - DEU (KB947540)
Hotfix für Microsoft Visual C++ 2008 Express Edition mit SP1 - DEU (KB947789)
Hotfix für Microsoft Visual C++ 2008 Express Edition mit SP1 - DEU (KB948127)
Hotfix für Microsoft Visual C++ 2010 Express - DEU (KB2635973)
Hotfix für Microsoft Visual Studio 2008 Remote Debugger Light (x64) - DEU (KB944899)
Hotfix für Microsoft Visual Web Developer 2010 Express - DEU (KB2548139)
Hotfix für Microsoft Visual Web Developer 2010 Express - DEU (KB2635973)
Hotfix für Microsoft Windows Phone Developer Tools - DEU (KB2635973)
Hotfix for Microsoft Visual C++ 2010 Express - DEU (KB2542054)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2280741)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2284668)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2295689)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2420513)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2452649)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2455033)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2485545)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982517)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982721)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB983233)
HP Officejet Pro 8500 A910 Hilfe
HP Update
HPPhotoGadget
HPPhotoSmartDiscLabelContent1
HPPhotosmartEssential
HPProductAssistant
HPSSupply
I.R.I.S. OCR
iClone v3.2 SE
IIS 7.5 Express
Imperium Romanum 1.03
Inno Setup version 3.0.7
Inno Setup Version 5.4.2
Internet-TV für Windows Media Center
ISTool 5.3.0.1
IZArc 4.1.2
Java Auto Updater
Java(TM) 6 Update 31
Java(TM) SE Development Kit 6 Update 20
Junk Mail filter update
Kaspersky Internet Security 2012
KiCad 2011.07.08
Logitech Webcam Software
Loksim3D
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Video Mask Maker
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
Magic 3D Easy View
Mail System Converter
ManyCam 2.6.55 (remove only)
MarketResearch
Media Go
Media Go Video Playback Engine 1.84.102.07010
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft ASP.NET MVC 2
Microsoft ASP.NET MVC 2 - DEU
Microsoft ASP.NET MVC 2 - VWD Express 2010 Tools
Microsoft ASP.NET MVC 2 - VWD Express 2010 Tools - DEU
Microsoft ASP.NET Web Pages
Microsoft ASP.NET Web Pages - DEU
Microsoft ASP.NET Web Pages 2
Microsoft Default Manager
Microsoft DirectX SDK (June 2010)
Microsoft Expression Blend 3 SDK
Microsoft Expression Blend 4
Microsoft Expression Blend 4 Add-in for Adobe FXG Import
Microsoft Expression Blend SDK for .NET 4
Microsoft Expression Blend SDK for Silverlight 4
Microsoft Expression Blend SDK for Windows Phone 7
Microsoft Expression Design 4
Microsoft Expression Encoder 4
Microsoft Expression Encoder 4 Screen Capture Codec
Microsoft Expression Studio 4
Microsoft Expression Web 4
Microsoft Expression Web 4 Service Pack 2
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Garage Mouse without Borders
Microsoft Lync 2010 Attendee
Microsoft MSDN 2005 Express Edition - DEU
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (German) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote MUI (German) 2007
Microsoft Office PowerPoint MUI (German) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Italian) 2007
Microsoft Office Proofing (German) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (German) 2007
Microsoft Office Word MUI (German) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Silverlight 3 SDK
Microsoft Silverlight 4 SDK - Deutsch
Microsoft Silverlight Tools for Visual Studio 2010
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server Compact 3.5 Design Tools DEU
Microsoft SQL Server Compact 3.5 SP2 DEU
Microsoft SQL Server Compact 4.0 SP1-Skripttools DEU CTP1
Microsoft SQL Server Database Publishing Wizard 1.4
Microsoft SQL Server Migration Assistant for MySQL
Microsoft SQL Server System CLR Types
Microsoft Visual C++ Compilers 2010 Standard - enu - x86
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Express Edition mit SP1 - DEU
Microsoft Visual C++ 2008 Express Edition with SP1 - DEU
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
Microsoft Visual C++ 2010 Express - DEU
Microsoft Visual J# 2.0 Redistributable Package
Microsoft Visual Studio 2008 Remote Debugger Light (x64) - DEU Service Pack 1 (KB945140)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
Microsoft Visual Studio 2010 Express for Windows Phone - DEU
Microsoft Visual Studio 2010 Service Pack 1
Microsoft Visual Web Developer 2010 Express - DEU
Microsoft WebMatrix 2
Microsoft Windows Phone 7 Developer Resources(DE)
Microsoft Windows Phone Developer Tools - DEU
Microsoft WSE 3.0 Runtime
Microsoft XNA Framework Redistributable 4.0
Microsoft XNA Game Studio 4.0
Microsoft XNA Game Studio 4.0 (ARP entry)
Microsoft XNA Game Studio 4.0 (Redists)
Microsoft XNA Game Studio 4.0 (Shared Components)
Microsoft XNA Game Studio 4.0 (Visual Studio)
Microsoft XNA Game Studio 4.0 (XnaLiveProxy)
Microsoft XNA Game Studio 4.0 Documentation
Microsoft XNA Game Studio 4.0 Language Pack (de-DE)
Microsoft XNA Game Studio 4.0 Windows Phone Extensions
Microsoft XNA Game Studio Platform Tools
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
MinGW 5.1.6
Miro Video Converter
Moho 5.4
Mozilla Firefox 12.0 (x86 de)
Mozilla Maintenance Service
Mozilla Thunderbird 12.0.1 (x86 de)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MySQL Connector Net 6.3.7
Nero 9 Essentials
Nero 9 Lite
Nero ControlCenter
Nero Installer
Nero Online Upgrade
Nero StartSmart
Nero StartSmart OEM
neroxml
Nmap 5.51
No23 Recorder
NWZ-E460 WALKMAN Guide
Opera 11.61
Opera 4.0 (Win9x/NT4.0)
Opera Mobile
PD Particles
PDF Settings CS5
Pegasus Mail
Pegasus Mail v4.51 R1 (Deutsche Komplettversion)
Phase 5 HTML-Editor
Pinnacle VideoSpin
Pivot Stickfigure Animator version 2.2.6
Pivot Stickfigure Toolbar
PlayStation(R)Network Downloader
PlayStation(R)Store
PowerDVD DX
ProtectDisc Driver, Version 11
QuickTime
Quiz 1.0
Realtek High Definition Audio Driver
Roxio Burn
Roxio Update Manager
SA32xx Device Manager
Safari
Samplisizer v1.2 (Demo)
Schiff-Simulator 2008
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Expression Design 4 (KB2667730)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Visual C++ 2008 Express Edition mit SP1 - DEU (KB2251487)
Sid Meier's Civilization 4 Complete
Skype Click to Call
Skype™ 5.8
SmartFTP Client Setup Files 4.0 (x64) (remove only)
SmartWebPrinting
SolutionCenter
Spotify
Status
Steganos Privacy Suite 12
Synapse Media Player
TeamViewer 5
TeamViewer 7
Text-To-Speech-Runtime
TmNationsForever Update 2010-03-15
Toolbox
Tools für Microsoft SQL Server 2005 Express Edition
TrayApp
Ulead GIF Animator Lite Edition 1.0
UltraMixer 2.4.5
UnloadSupport
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
Update für Microsoft Office Excel 2007 Help (KB963678)
Update für Microsoft Office Powerpoint 2007 Help (KB963669)
Update für Microsoft Office Word 2007 Help (KB963665)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
VirtualDJ Home FREE
WCF RIA Services V1.0 SP1
WebReg
Webtools von Microsoft SQL Server Compact 4.0 DEU
WildTangent-Spiele
Willi 2.9
Windows Internet Explorer Platform Preview
Windows Live Communications Platform
Windows Live Essentials
Windows Live Fotogalerie
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX control for remote connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Center Add-in for Silverlight
Windows Media Player Firefox Plugin
Windows Phone 7 Add-in for Visual Studio 2010 - DEU
WinPcap 4.1.2
WinRAR
WinSCP 4.2.9
WPF Toolkit February 2010 (Version 3.5.50211.1)
wxAdditions 2.8.11.03
wxFormBuilder 3.2.0
wxPack v2.8.11.03
wxVC 2.8.11.01
wxWidgets Compiled 2.8.11
XAMPP 1.7.7
Xenu's Link Sleuth
XMedia Recode 3.0.3.9
Yahoo! Detect
.
==== End Of File ===========================
samweb
Regular Member
 
Posts: 15
Joined: May 5th, 2012, 11:38 am
Advertisement
Register to Remove

Re: Add box in left corner

Unread postby Gary R » May 6th, 2012, 1:31 am

Looking over your logs, back soon.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21866
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Add box in left corner

Unread postby Gary R » May 6th, 2012, 2:08 am

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the "malware removal" forum and wait for help.


Unless informed of in advance, failure to post replies within 3 days will result in this thread being closed.


Hi samweb

I'm Gary R,

Before we start: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

I'd also recommend that you create a System Restore Point that we can restore to if necessary.

  • Click Start, and type Create a restore point into the Search programs and files box.
  • Now click on the Create a restore point icon at the top of the find list.
  • This will open a System Properties box, with the System Protection tab open ...
    • Click on the Create button in the lower part of the window.
    • Type Pre Malware Cleanup into the description box, then click Create.
    • Windows will now create a Restore Point and notify you when finished.
    • Exit any open windows.

Please observe these rules while we work:
  • Perform all actions in the order given.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with it till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to install any new software (other than those I ask you to) until we've got your computer clean.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process. If your defensive programmes warn you about any of those tools, be assured that they are not infected, and are safe to use.
If you can do these things, everything should go smoothly.
  • As you're using Vista or Windows7, it will be necessary to right click all tools we use and select ----> Run as Administrator

It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


There's a few things need taking care of on your computer, but first I need you to run a couple of extra scans for me .....

First

Download OTL by OldTimer to your Desktop.

If you already have a copy of OTL delete it and use this version.

  • Double click OTL.exe to launch the programme.
  • Check the following.
    • Scan all users.
    • Standard Output.
    • Lop check.
    • Purity check.
  • Under Extra Registry section, select Use SafeList
  • Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).
  • When finished it will produce two logs.
    • OTL.txt (open on your desktop).
    • Extras.txt (minimised in your taskbar)
  • Please post me both logs.

Next

Download TDSSKiller.zip and extract it to your Desktop.
  • Double click on TDSSKiller.exe to launch it.
    • If using Vista or Windows7, when prompted by UAC allow the prompt.
  • Click on Change parameters
    • Check Detect TDLFS file system
    • Click OK
  • Click on Start Scan
  • The scan will run.
  • When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
  • Now click on Report to open the log file created by TDSSKiller in your root directory C:\
  • Post the contents in your next reply please.
  • DO NOT TRY TO FIX ANYTHING AT THIS POINT

Summary of the logs I need from you in your next post:
  • OTL.txt
  • Extras.txt
  • TDSSKiller log
  • Do you use this computer for business purposes ?


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21866
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Add box in left corner

Unread postby samweb » May 6th, 2012, 8:21 am

First of all: I am not using this computer for buisness purposes it is my privat homecomputer
now the logs:
OTL.txt
OTL logfile created on: 06.05.2012 13:16:44 - Run 1
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\Samuel 2\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 1,66 Gb Available Physical Memory | 41,58% Memory free
7,99 Gb Paging File | 5,05 Gb Available in Paging File | 63,21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 920,75 Gb Total Space | 347,54 Gb Free Space | 37,75% Space Free | Partition Type: NTFS

Computer Name: SAMUELS-PC | User Name: Samuel 2 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.05.06 13:15:18 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Samuel 2\Downloads\OTL.exe
PRC - [2012.05.04 19:22:40 | 009,478,320 | ---- | M] (Spotify Ltd) -- C:\Users\Samuel 2\AppData\Roaming\Spotify\spotify.exe
PRC - [2012.05.01 19:16:24 | 000,400,344 | ---- | M] (Mozilla Messaging) -- C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
PRC - [2012.04.25 13:38:31 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.04.04 07:53:56 | 000,815,512 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2012.03.19 13:38:46 | 002,666,880 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012.03.13 06:37:52 | 003,331,872 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\Samuel 2\AppData\Local\Akamai\netsession_win.exe
PRC - [2012.02.23 13:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
PRC - [2012.02.15 01:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Users\Samuel 2\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.09.10 11:43:18 | 000,018,432 | ---- | M] (Apache Software Foundation) -- C:\xampp\apache\bin\httpd.exe
PRC - [2011.09.10 11:43:18 | 000,018,432 | ---- | M] (Apache Software Foundation) -- c:\xampp\apache\bin\httpd.exe
PRC - [2011.09.09 19:46:10 | 008,158,720 | ---- | M] () -- c:\xampp\mysql\bin\mysqld.exe
PRC - [2011.08.18 13:32:12 | 000,084,480 | ---- | M] (Steganos Software GmbH) -- C:\Program Files (x86)\Steganos Privacy Suite 12\SteganosHotKeyService.exe
PRC - [2011.08.18 13:32:10 | 000,057,344 | ---- | M] (Steganos Software GmbH) -- C:\Program Files (x86)\Steganos Privacy Suite 12\SteganosBrowserMonitor.exe
PRC - [2011.08.18 13:26:34 | 000,017,408 | ---- | M] (Steganos Software GmbH) -- C:\Program Files (x86)\Steganos Privacy Suite 12\fredirstarter.exe
PRC - [2011.05.13 06:45:56 | 001,756,232 | ---- | M] (ManyCam LLC) -- C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe
PRC - [2011.05.02 10:48:08 | 000,216,064 | ---- | M] (DDHelper) -- C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\DDHelper.exe
PRC - [2011.04.25 00:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
PRC - [2011.03.22 23:56:40 | 000,687,448 | ---- | M] () -- C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
PRC - [2011.03.01 23:14:08 | 000,190,808 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011.03.01 23:13:44 | 000,203,096 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
PRC - [2010.07.06 17:03:00 | 000,173,352 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
PRC - [2009.08.17 10:29:00 | 000,656,624 | ---- | M] (SoftThinks) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
PRC - [2009.07.16 08:29:44 | 000,307,200 | ---- | M] (Hauppauge Computer Works) -- C:\PROGRA~2\WinTV\TVServer\CAPTUR~4.EXE
PRC - [2009.07.13 16:22:32 | 000,434,176 | ---- | M] (Hauppauge Computer Works) -- C:\PROGRA~2\WinTV\TVServer\HAUPPA~1.EXE
PRC - [2009.06.24 21:19:50 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009.06.18 22:46:24 | 000,494,064 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2009.05.21 09:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
PRC - [2009.05.21 09:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
PRC - [2009.04.15 19:16:44 | 000,098,304 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\EPSON Projector\EPSON USB Display V1.4\EMP_UDSA.exe
PRC - [2008.12.18 15:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Programme\Dell\DellDock\DockLogin.exe
PRC - [2008.11.04 13:18:46 | 000,110,647 | ---- | M] (Hauppauge Computer Works) -- C:\Program Files (x86)\WinTV\Ir.exe
PRC - [2008.09.26 10:19:04 | 000,210,208 | ---- | M] (Acresso Corporation) -- C:\ProgramData\Macrovision\FLEXnet Connect\11\ISUSPM.exe


========== Modules (No Company Name) ==========

MOD - [2012.05.04 21:15:23 | 008,797,856 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
MOD - [2012.05.04 19:22:40 | 020,101,120 | ---- | M] () -- C:\Users\Samuel 2\AppData\Roaming\Spotify\Data\libcef.dll
MOD - [2012.05.01 19:16:25 | 001,952,728 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
MOD - [2012.05.01 19:16:25 | 000,162,776 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
MOD - [2012.05.01 19:16:25 | 000,021,976 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
MOD - [2012.04.25 13:38:28 | 001,952,696 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012.04.04 07:54:04 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\locale\de_de\acrotray.deu
MOD - [2012.02.16 16:05:54 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012.02.16 16:04:40 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2012.01.08 15:41:12 | 000,093,696 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
MOD - [2011.10.13 19:46:47 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.05.13 06:46:02 | 000,498,760 | ---- | M] () -- C:\Program Files (x86)\ManyCam\Bin\cximagecrt.dll
MOD - [2011.05.13 06:46:00 | 000,123,976 | ---- | M] () -- C:\Program Files (x86)\ManyCam\Bin\CrashRpt.dll
MOD - [2011.04.25 00:13:30 | 007,008,656 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtGui4.dll
MOD - [2011.04.25 00:13:28 | 000,192,912 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtSql4.dll
MOD - [2011.04.25 00:13:26 | 001,270,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtScript4.dll
MOD - [2011.04.25 00:13:26 | 000,758,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtNetwork4.dll
MOD - [2011.04.25 00:13:24 | 002,118,032 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtCore4.dll
MOD - [2011.04.25 00:13:24 | 002,089,360 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtDeclarative4.dll
MOD - [2011.04.20 20:56:28 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll
MOD - [2011.03.30 18:25:42 | 000,331,608 | ---- | M] () -- C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
MOD - [2011.03.22 23:56:40 | 000,687,448 | ---- | M] () -- C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
MOD - [2011.03.01 23:13:44 | 000,203,096 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
MOD - [2010.05.07 18:37:40 | 000,126,808 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
MOD - [2010.05.07 18:37:40 | 000,027,480 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
MOD - [2010.05.07 18:36:54 | 000,340,824 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
MOD - [2010.05.07 18:35:56 | 007,954,776 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
MOD - [2010.05.07 18:35:44 | 002,143,576 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
MOD - [2009.06.18 22:46:24 | 000,494,064 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009.07.17 19:06:22 | 000,033,280 | ---- | M] () [Auto | Running] -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2008.07.29 14:20:28 | 004,737,024 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90)
SRV - [2012.05.04 21:15:23 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.04.25 13:38:32 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.03.19 13:38:46 | 002,666,880 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012.02.29 10:16:46 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.01.04 15:46:38 | 000,029,184 | ---- | M] () [On_Demand | Stopped] -- c:\servicetest.exe -- (MemoryStatus)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.09.10 11:43:18 | 000,018,432 | ---- | M] (Apache Software Foundation) [Auto | Running] -- c:\xampp\apache\bin\httpd.exe -- (Apache2.2)
SRV - [2011.09.09 19:46:10 | 008,158,720 | ---- | M] () [Auto | Running] -- c:\xampp\mysql\bin\mysqld.exe -- (mysql)
SRV - [2011.09.08 16:12:10 | 000,075,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\IIS\Microsoft Web Deploy\MsDepSvc.exe -- (MsDepSvc)
SRV - [2011.08.31 17:34:02 | 000,017,920 | ---- | M] (Microsoft) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\MouseWithoutBordersSvc.exe -- (MouseWithoutBordersSvc)
SRV - [2011.08.05 12:53:12 | 000,467,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2011.08.05 12:53:12 | 000,306,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV - [2011.08.05 12:53:06 | 008,277,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2011.04.25 00:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -- (AVP)
SRV - [2010.12.10 17:36:54 | 000,153,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2010.09.22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.09.21 15:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.07.08 12:50:20 | 000,450,560 | ---- | M] (Softwareentwicklung Remus - ArchiCrypt) [Auto | Running] -- C:\Windows\SysWOW64\STGRAMDiskHandler64.exe -- (Steganos Volatile Disk)
SRV - [2010.07.06 17:03:00 | 000,173,352 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010.01.04 20:03:42 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009.08.17 10:29:00 | 000,656,624 | ---- | M] (SoftThinks) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)
SRV - [2009.07.13 16:22:32 | 000,434,176 | ---- | M] (Hauppauge Computer Works) [Auto | Running] -- C:\PROGRA~2\WinTV\TVServer\HAUPPA~1.EXE -- (HauppaugeTVServer)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.05.21 09:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2009.04.15 19:16:44 | 000,098,304 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files (x86)\EPSON Projector\EPSON USB Display V1.4\EMP_UDSA.exe -- (EMP_UDSA)
SRV - [2009.04.01 00:01:34 | 000,092,160 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Programme\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2008.12.18 15:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Programme\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2007.05.31 18:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 18:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.01.18 06:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) Logitech Webcam 300(UVC)
DRV:64bit: - [2012.01.18 06:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011.12.21 18:42:10 | 000,615,728 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2011.08.15 14:32:10 | 000,146,736 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2011.07.26 19:49:12 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2011.06.10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.10 19:36:24 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2011.03.04 14:23:28 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2)
DRV:64bit: - [2011.03.04 14:23:24 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)
DRV:64bit: - [2011.02.11 23:23:34 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (npf)
DRV:64bit: - [2010.11.20 15:34:02 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:35:32 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 12:49:51 | 000,146,432 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rmcast.sys -- (RMCAST)
DRV:64bit: - [2010.09.23 01:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010.09.03 16:45:08 | 000,028,576 | ---- | M] (Softwareentwicklung Remus - ArchiCrypt.com) [Driver] [Kernel | System | Running] -- C:\Windows\SysNative\drivers\STGMFEngine64.sys -- (STGMFEngine64)
DRV:64bit: - [2010.09.01 22:54:40 | 000,295,272 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\VMM.sys -- (vmm)
DRV:64bit: - [2010.07.12 14:49:14 | 000,072,648 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS)
DRV:64bit: - [2010.07.12 14:48:50 | 000,085,320 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K)
DRV:64bit: - [2010.05.07 18:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2010.05.07 18:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2010.03.11 11:17:14 | 000,035,112 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV:64bit: - [2009.11.02 21:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009.10.07 10:45:37 | 000,271,640 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvpopf64.sys -- (lvpopf64)
DRV:64bit: - [2009.07.17 19:06:20 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2009.07.17 19:06:16 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009.07.14 02:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009.07.09 12:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009.06.29 17:04:56 | 000,061,696 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hcw17bda.sys -- (hcw17bda)
DRV:64bit: - [2009.06.27 01:55:10 | 000,083,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.01.19 20:32:22 | 000,334,344 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11)
DRV:64bit: - [2008.03.13 09:46:00 | 000,027,136 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ManyCam_x64.sys -- (ManyCam)
DRV:64bit: - [2006.11.01 13:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2010.11.22 19:16:32 | 000,137,344 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\hwpsgt.sys -- (hwpsgt)
DRV - [2010.11.22 19:16:32 | 000,009,472 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\lemsgt.sys -- (lemsgt)
DRV - [2010.02.17 14:21:12 | 000,108,256 | ---- | M] (Softwareentwicklung Remus - ArchiCrypt - ) [Driver] [Kernel | System | Running] -- C:\Windows\SleeN1764.sys -- (SLEE_17_DRIVER)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {3022EC30-BE01-40C9-819C-A490324CFA0F}
IE:64bit: - HKLM\..\SearchScopes\{3022EC30-BE01-40C9-819C-A490324CFA0F}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {47A20817-C7C8-4F00-9472-675D993A0B01}
IE - HKLM\..\SearchScopes\{47A20817-C7C8-4F00-9472-675D993A0B01}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3109684298-3459403227-3296056258-1013\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USCON/8
IE - HKU\S-1-5-21-3109684298-3459403227-3296056258-1013\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3109684298-3459403227-3296056258-1013\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3109684298-3459403227-3296056258-1013\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-3109684298-3459403227-3296056258-1013\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B3 79 D4 B4 21 9A CC 01 [binary data]
IE - HKU\S-1-5-21-3109684298-3459403227-3296056258-1013\..\SearchScopes,DefaultScope = {47A20817-C7C8-4F00-9472-675D993A0B01}
IE - HKU\S-1-5-21-3109684298-3459403227-3296056258-1013\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=100581&tt=110911_startpage
IE - HKU\S-1-5-21-3109684298-3459403227-3296056258-1013\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?clien ... &src=kw&q={searchTerms}&locale=&apn_ptnrs=5J&apn_dtid=YYYYYYYYDE&apn_uid=711e51b0-7141-4717-b6c5-6abbfec3e135&apn_sauid=5CD5C783-5301-4871-8ADF-694208A5987F
IE - HKU\S-1-5-21-3109684298-3459403227-3296056258-1013\..\SearchScopes\{47A20817-C7C8-4F00-9472-675D993A0B01}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE8SRC&src=IE-SearchBox
IE - HKU\S-1-5-21-3109684298-3459403227-3296056258-1013\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = http://www.bigseekpro.com/search/browse ... ickfigure/{63CBFC9A-0DBA-4AB6-9D15-0DB1471D3BFF}?q={searchTerms}
IE - HKU\S-1-5-21-3109684298-3459403227-3296056258-1013\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3109684298-3459403227-3296056258-1013\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.736
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.1
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.4
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.51
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2011.03.12 17:04:32 | 000,000,000 | ---D | M]
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.5: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2011.03.12 17:04:32 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.5: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Samuel 2\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Samuel 2\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Samuel 2\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Aurora 8.0a2\extensions\\Components: C:\Program Files (x86)\Aurora\components [2011.10.27 20:07:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Aurora 8.0a2\extensions\\Plugins: C:\Program Files (x86)\Aurora\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.06.08 14:03:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012.04.26 19:24:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012.04.26 19:24:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012.04.26 19:24:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011.09.16 17:24:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012.05.03 14:59:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{09F060FA-566D-42D7-BF79-97AB30863433}: C:\Program Files (x86)\Steganos Privacy Suite 12\pfplugin [2012.04.07 10:57:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{00F0643E-B367-4779-B45D-7046EBA37A88}: C:\Program Files (x86)\Steganos Privacy Suite 12\spmplugin3 [2012.04.07 10:57:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.04.25 13:38:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.05.03 14:59:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.04.22 16:52:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.06.08 14:03:29 | 000,000,000 | ---D | M]

[2012.04.20 14:55:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Samuel 2\AppData\Roaming\mozilla\Extensions
[2012.05.02 18:20:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Samuel 2\AppData\Roaming\mozilla\Firefox\Profiles\kep8s61o.default\extensions
[2012.04.20 14:55:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.10.30 17:52:07 | 000,000,000 | ---D | M] (Babylon) -- C:\Program Files (x86)\mozilla firefox\extensions\ffxtlbr@babylon.com
[2009.12.07 21:21:18 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files (x86)\mozilla firefox\extensions\linkfilter@kaspersky.ru
[2012.04.25 13:38:32 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010.09.15 05:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.03.13 07:23:34 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.13 07:06:36 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.03.13 07:23:34 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.13 07:23:34 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.13 07:23:34 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.13 07:23:34 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

========== Chrome ==========

CHR - default_search_provider: Search (Enabled)
CHR - default_search_provider: search_url = http://www.bigseekpro.com/search/toolba ... ickfigure/{DB9CECAF-E669-EB8A-080A-38E4A6A39D12}?q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Samuel 2\AppData\Local\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 2\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 2\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 2\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 2\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 2\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 2\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 2\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 2\plugins\np-mswmp.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Samuel 2\AppData\Local\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Samuel 2\AppData\Local\Google\Chrome\Application\18.0.1025.168\pdf.dll
CHR - plugin: Microsoft Lync 2010 Attendee Meeting Join Plug-in (Enabled) = C:\Users\Samuel 2\AppData\Roaming\Mozilla\plugins\npMeetingJoinPluginAOCUser.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: WPI Detector 1.5 (Enabled) = C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Samuel 2\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Samuel 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Firebug Lite for Google Chrome = C:\Users\Samuel 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmagokdooijbeehmkpknfglimnifench\1.4.0.11967_0\
CHR - Extension: Facebook Colour Changer = C:\Users\Samuel 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpllmoilcakpgbeodibeifcfnndoheam\1.3.1_0\
CHR - Extension: Google-Suche = C:\Users\Samuel 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Modul zur Link-Untersuchung = C:\Users\Samuel 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.462_0\
CHR - Extension: Modul zur Link-Untersuchung = C:\Users\Samuel 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\
CHR - Extension: Virtuelle Tastatur = C:\Users\Samuel 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.374_0\
CHR - Extension: Virtuelle Tastatur = C:\Users\Samuel 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\
CHR - Extension: Skype Click to Call = C:\Users\Samuel 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\
CHR - Extension: Pivot Stickfigure = C:\Users\Samuel 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpcknfcdcgpffjddjeceioobdelceffo\1.0.0\
CHR - Extension: Google Mail = C:\Users\Samuel 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Anti-Banner = C:\Users\Samuel 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\

O1 HOSTS File: ([2012.03.31 00:23:30 | 000,001,401 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 68.168.222.226 www.google-analytics.com.
O1 - Hosts: 68.168.222.226 ad-emea.doubleclick.net.
O1 - Hosts: 68.168.222.226 www.statcounter.com.
O1 - Hosts: 108.163.215.51 www.google-analytics.com.
O1 - Hosts: 108.163.215.51 ad-emea.doubleclick.net.
O1 - Hosts: 108.163.215.51 www.statcounter.com.
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll File not found
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\Pivot Stickfigure Toolbar\tbcore3.dll ()
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Steganos Password Manager Toolbar) - {9C65D12D-CF9D-454D-8049-61965D8C6FFF} - C:\Program Files (x86)\Steganos Privacy Suite 12\SPMIEToolbar.dll (Steganos Software GmbH)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3109684298-3459403227-3296056258-1013\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-3109684298-3459403227-3296056258-1013\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Programme\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe File not found
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Zune Launcher] c:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [EPSON_UD_START] C:\Program Files (x86)\EPSON Projector\EPSON USB Display V1.4\EMP_UD.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SSS12 File Redirection Starter] C:\Program Files (x86)\Steganos Privacy Suite 12\fredirstarter.exe (Steganos Software GmbH)
O4 - HKLM..\Run: [SSS12 HotKeys] C:\Program Files (x86)\Steganos Privacy Suite 12\SteganosHotKeyService.exe (Steganos Software GmbH)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3109684298-3459403227-3296056258-1013..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-3109684298-3459403227-3296056258-1013..\Run: [Akamai NetSession Interface] C:\Users\Samuel 2\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKU\S-1-5-21-3109684298-3459403227-3296056258-1013..\Run: [ISUSPM] C:\ProgramData\Macrovision\FLEXnet Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKU\S-1-5-21-3109684298-3459403227-3296056258-1013..\Run: [ManyCam] C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe (ManyCam LLC)
O4 - HKU\S-1-5-21-3109684298-3459403227-3296056258-1013..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKU\S-1-5-21-3109684298-3459403227-3296056258-1013..\Run: [Spotify] C:\Users\Samuel 2\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKU\S-1-5-21-3109684298-3459403227-3296056258-1013..\Run: [SSS12 Browser Monitor] C:\Program Files (x86)\Steganos Privacy Suite 12\SteganosBrowserMonitor.exe (Steganos Software GmbH)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Annette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O4 - Startup: C:\Users\Bernhard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Ereignisprotokollese\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O4 - Startup: C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O4 - Startup: C:\Users\Samuel 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Samuel 2\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Steganos Password Manager - {024538B9-3F39-49FF-9503-975F743210FA} - C:\Program Files (x86)\Steganos Privacy Suite 12\SPMIEToolbar.dll (Steganos Software GmbH)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_14)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_14)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4F6F725C-584D-4E5C-AE21-C7EC5D37ABCC}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{a50621ef-79ff-11df-a46e-904ce519c12a}\Shell - "" = AutoRun
O33 - MountPoints2\{a50621ef-79ff-11df-a46e-904ce519c12a}\Shell\AutoRun\command - "" = K:\EMP_UDSe.exe /autorun
O33 - MountPoints2\{f76900dd-6f0b-11e0-b510-002564ded087}\Shell - "" = AutoRun
O33 - MountPoints2\{f76900dd-6f0b-11e0-b510-002564ded087}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.05.04 19:52:02 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012.05.04 19:48:11 | 000,000,000 | ---D | C] -- C:\Users\Samuel 2\Desktop\RK_Quarantine
[2012.05.04 19:06:37 | 000,000,000 | ---D | C] -- C:\Users\Samuel 2\AppData\Roaming\Malwarebytes
[2012.05.04 19:06:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.05.03 21:59:21 | 000,000,000 | ---D | C] -- C:\Users\Samuel 2\AppData\Local\{24ACB722-ACF8-4ED2-9610-E49F281D8F1C}
[2012.04.25 13:39:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.04.25 13:39:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012.04.23 20:04:39 | 000,000,000 | ---D | C] -- C:\Users\Samuel 2\AppData\Roaming\GetRightToGo
[2012.04.23 20:04:39 | 000,000,000 | ---D | C] -- C:\Users\Samuel 2\Documents\Downloads
[2012.04.23 20:00:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server Migration Assistant for MySQL
[2012.04.23 19:59:59 | 000,000,000 | ---D | C] -- C:\Microsoft SQL Server Migration Assistant for MySQL
[2012.04.23 19:59:59 | 000,000,000 | ---D | C] -- C:\Users\Samuel 2\AppData\Roaming\Microsoft SQL Server Migration Assistant
[2012.04.22 18:50:30 | 000,000,000 | ---D | C] -- C:\Users\Samuel 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DRPU Database Converter - MySQL to MS SQL (Demo)
[2012.04.22 18:50:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DRPU Database Converter - MySQL to MS SQL (Demo)
[2012.04.21 21:58:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft WebMatrix
[2012.04.21 21:57:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft WebMatrix
[2012.04.13 18:38:10 | 000,000,000 | ---D | C] -- C:\php
[2012.04.13 01:11:27 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.04.13 01:11:27 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.04.13 01:11:26 | 002,311,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.04.13 01:11:26 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.04.13 01:11:26 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.04.13 01:11:26 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.04.13 01:11:26 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.04.13 01:11:26 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.04.13 01:11:25 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.04.13 01:11:25 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.04.13 01:11:25 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.04.13 01:10:41 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.04.13 01:10:40 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012.04.13 01:10:40 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012.04.13 01:05:08 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2012.04.13 01:05:08 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
[2012.04.13 01:05:05 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012.04.12 20:25:49 | 000,000,000 | ---D | C] -- C:\Users\Samuel 2\facebook
[2012.04.10 23:52:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zune
[2012.04.09 14:15:11 | 008,744,608 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012.04.09 13:24:06 | 000,419,488 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.04.08 15:44:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.04.08 15:44:11 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012.04.08 15:44:11 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012.04.08 15:44:11 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012.04.07 11:32:41 | 000,000,000 | ---D | C] -- C:\Users\Samuel 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012.04.07 11:32:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\hijackthis
[2012.04.07 10:57:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steganos Privacy Suite 12
[2012.04.07 10:57:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steganos
[2012.04.07 10:57:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steganos Privacy Suite 12
[2012.04.07 10:53:11 | 000,000,000 | ---D | C] -- C:\Users\Samuel 2\AppData\Roaming\Steganos

========== Files - Modified Within 30 Days ==========

[2012.05.06 13:25:01 | 000,001,132 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3109684298-3459403227-3296056258-1013UA.job
[2012.05.06 13:15:23 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.06 13:15:23 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.06 13:15:04 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.05.06 13:11:01 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.05.06 13:05:03 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.05.06 13:04:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.05.06 13:04:05 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2012.05.06 13:03:57 | 3219,787,776 | -HS- | M] () -- C:\hiberfil.sys
[2012.05.06 01:41:00 | 000,001,122 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3109684298-3459403227-3296056258-1000UA.job
[2012.05.05 23:58:02 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3109684298-3459403227-3296056258-1013UA.job
[2012.05.05 20:58:02 | 000,000,918 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3109684298-3459403227-3296056258-1013Core.job
[2012.05.05 20:41:00 | 000,001,070 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3109684298-3459403227-3296056258-1000Core.job
[2012.05.04 23:07:38 | 000,002,979 | ---- | M] () -- C:\Users\Samuel 2\Desktop\HiJackThis.lnk
[2012.05.04 21:25:24 | 000,000,132 | ---- | M] () -- C:\Users\Samuel 2\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012.05.04 21:15:23 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.05.04 21:15:23 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.05.04 21:15:16 | 008,744,608 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012.05.04 19:52:16 | 000,007,622 | ---- | M] () -- C:\Users\Samuel 2\AppData\Local\resmon.resmoncfg
[2012.05.04 18:58:01 | 000,000,931 | ---- | M] () -- C:\Users\Samuel 2\Desktop\xampp_control.exe - Verknüpfung.lnk
[2012.05.04 16:25:00 | 000,001,080 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3109684298-3459403227-3296056258-1013Core.job
[2012.05.03 14:59:52 | 000,002,028 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
[2012.04.23 20:00:01 | 000,000,896 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft SQL Server Migration Assistant for MySQL.lnk
[2012.04.22 18:06:20 | 000,226,694 | ---- | M] () -- C:\Users\Samuel 2\Desktop\sogo-connector-10.0.1pre1.xpi
[2012.04.21 19:16:00 | 000,001,702 | ---- | M] () -- C:\server.key
[2012.04.21 19:15:10 | 000,001,666 | ---- | M] () -- C:\server.crt
[2012.04.20 14:55:07 | 000,001,055 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.04.20 14:46:31 | 000,022,523 | ---- | M] () -- C:\Users\Samuel 2\Desktop\bookmarks-2012-04-20.json
[2012.04.18 15:58:35 | 000,859,980 | ---- | M] () -- C:\Users\Samuel 2\Desktop\Kuppelentwurf2.psd
[2012.04.18 15:48:17 | 000,082,612 | ---- | M] () -- C:\Users\Samuel 2\Desktop\Kuppelentwurf.jpg
[2012.04.16 19:54:46 | 000,953,979 | ---- | M] () -- C:\Users\Samuel 2\AppContest_Ausschreibung_neu (2).pdf
[2012.04.16 19:48:50 | 001,794,026 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.04.16 19:48:50 | 000,767,098 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.04.16 19:48:50 | 000,709,452 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.04.16 19:48:50 | 000,178,116 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.04.16 19:48:50 | 000,144,286 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.04.10 23:52:36 | 000,000,929 | ---- | M] () -- C:\Users\Public\Desktop\Zune.lnk
[2012.04.08 15:44:02 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2012.04.08 15:44:02 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012.04.08 15:44:02 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012.04.08 15:44:02 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012.04.08 15:43:17 | 000,003,254 | ---- | M] () -- C:\Windows\Opera.ini
[2012.04.07 12:06:20 | 000,001,281 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.new
[2012.04.07 10:58:26 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Privacy Suite Hauptmenü.lnk

========== Files Created - No Company Name ==========

[2012.05.04 23:07:38 | 000,002,979 | ---- | C] () -- C:\Users\Samuel 2\Desktop\HiJackThis.lnk
[2012.05.04 18:58:01 | 000,000,931 | ---- | C] () -- C:\Users\Samuel 2\Desktop\xampp_control.exe - Verknüpfung.lnk
[2012.04.23 20:00:01 | 000,000,896 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft SQL Server Migration Assistant for MySQL.lnk
[2012.04.22 16:48:54 | 000,226,694 | ---- | C] () -- C:\Users\Samuel 2\Desktop\sogo-connector-10.0.1pre1.xpi
[2012.04.21 19:17:39 | 000,001,666 | ---- | C] () -- C:\server.crt
[2012.04.21 19:17:11 | 000,001,702 | ---- | C] () -- C:\server.key
[2012.04.20 14:55:07 | 000,001,067 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.04.20 14:55:07 | 000,001,055 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.04.20 14:46:30 | 000,022,523 | ---- | C] () -- C:\Users\Samuel 2\Desktop\bookmarks-2012-04-20.json
[2012.04.18 15:54:13 | 000,859,980 | ---- | C] () -- C:\Users\Samuel 2\Desktop\Kuppelentwurf2.psd
[2012.04.18 15:48:17 | 000,082,612 | ---- | C] () -- C:\Users\Samuel 2\Desktop\Kuppelentwurf.jpg
[2012.04.16 19:54:46 | 000,953,979 | ---- | C] () -- C:\Users\Samuel 2\AppContest_Ausschreibung_neu (2).pdf
[2012.04.11 17:39:05 | 000,001,104 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 7.lnk
[2012.04.10 23:52:36 | 000,000,929 | ---- | C] () -- C:\Users\Public\Desktop\Zune.lnk
[2012.04.09 13:25:00 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.04.07 10:58:26 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Privacy Suite Hauptmenü.lnk
[2012.03.12 19:47:11 | 000,000,132 | ---- | C] () -- C:\Users\Samuel 2\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2012.02.15 18:44:46 | 000,000,132 | ---- | C] () -- C:\Users\Samuel 2\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2012.01.25 19:59:12 | 000,000,132 | ---- | C] () -- C:\Users\Samuel 2\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012.01.18 06:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012.01.18 06:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012.01.18 06:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011.12.21 18:46:18 | 000,017,408 | ---- | C] () -- C:\Users\Samuel 2\AppData\Local\WebpageIcons.db
[2011.11.18 18:17:51 | 000,001,456 | ---- | C] () -- C:\Users\Samuel 2\AppData\Local\Adobe Für Web speichern 12.0 Prefs
[2011.10.30 17:55:21 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2011.09.10 16:25:53 | 000,003,254 | ---- | C] () -- C:\Windows\Opera.ini
[2011.08.14 12:12:51 | 000,000,173 | ---- | C] () -- C:\Users\Samuel 2\AppData\Local\msmathematics.qat.Samuel 2
[2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.02.11 23:23:34 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2011.01.21 22:26:23 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.12.30 22:10:29 | 000,007,622 | ---- | C] () -- C:\Users\Samuel 2\AppData\Local\resmon.resmoncfg
[2010.12.29 16:08:46 | 000,315,392 | ---- | C] () -- C:\Windows\autobuildnumber.exe
[2010.12.17 16:15:57 | 000,000,096 | ---- | C] () -- C:\Users\Samuel 2\AppData\Local\fusioncache.dat
[2010.12.08 18:26:36 | 000,000,600 | ---- | C] () -- C:\Users\Samuel 2\AppData\Roaming\winscp.rnd
[2010.11.26 23:12:28 | 000,000,600 | ---- | C] () -- C:\Users\Samuel 2\AppData\Local\PUTTY.RND
[2010.11.22 19:16:32 | 000,137,344 | ---- | C] () -- C:\Windows\SysWow64\drivers\hwpsgt.sys
[2010.11.22 19:16:32 | 000,009,472 | ---- | C] () -- C:\Windows\SysWow64\drivers\lemsgt.sys
[2010.11.02 11:59:12 | 000,981,059 | ---- | C] () -- C:\Windows\unins000.exe
[2010.11.02 11:59:12 | 000,009,332 | ---- | C] () -- C:\Windows\unins000.dat
[2010.09.13 17:42:36 | 000,002,913 | ---- | C] () -- C:\Users\Samuel 2\AppData\Local\Temppenciltemp.png
[2010.07.30 18:36:18 | 000,006,656 | ---- | C] () -- C:\Users\Samuel 2\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.07.26 19:01:54 | 000,020,179 | ---- | C] () -- C:\Users\Samuel 2\AppData\Roaming\UserTile.png
[2010.07.10 14:50:11 | 000,000,075 | RHS- | C] () -- C:\Windows\ICLET30.BIN
[2010.06.30 16:39:23 | 000,000,000 | ---- | C] () -- C:\Users\Samuel 2\AppData\Roaming\~QUIZ
[2010.06.09 18:36:49 | 000,001,463 | ---- | C] () -- C:\Users\Samuel 2\AppData\Local\RecConfig.xml
[2010.06.08 13:59:36 | 000,179,179 | ---- | C] () -- C:\Windows\hphins15.dat
[2010.06.08 13:59:36 | 000,002,011 | ---- | C] () -- C:\Windows\hphmdl15.dat

========== LOP Check ==========

[2010.12.25 16:42:21 | 000,000,000 | ---D | M] -- C:\Users\Samuel 2\AppData\Roaming\Arduino
[2010.11.22 19:18:01 | 000,000,000 | ---D | M] -- C:\Users\Samuel 2\AppData\Roaming\Ascaron Entertainment
[2011.11.18 16:18:59 | 000,000,000 | ---D | M] -- C:\Users\Samuel 2\AppData\Roaming\Bitcoin
[2010.10.06 17:17:44 | 000,000,000 | ---D | M] -- C:\Users\Samuel 2\AppData\Roaming\Blender Foundation
[2011.12.12 19:37:03 | 000,000,000 | ---D | M] -- C:\Users\Samuel 2\AppData\Roaming\CBL-Electronics
[2011.11.11 16:33:39 | 000,000,000 | ---D | M] -- C:\Users\Samuel 2\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011.10.30 18:12:36 | 000,000,000 | ---D | M] -- C:\Users\Samuel 2\AppData\Roaming\Cocoon Software
[2011.11.04 00:09:08 | 000,000,000 | ---D | M] -- C:\Users\Samuel 2\AppData\Roaming\com.adobe.DC3Module.AdobeADC
[2011.11.26 20:13:57 | 000,000,000 | ---D | M] -- C:\Users\Samuel 2\AppData\Roaming\com.adobe.dmp.contentviewer
[2011.11.02 20:16:41 | 000,000,000 | ---D | M] -- C:\Users\Samuel 2\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011.04.02 23:02:42 | 000,000,000 | ---D | M] -- C:\Users\Samuel 2\AppData\Roaming\DarkWave Studio
[2011.11.05 16:48:44 | 000,000,000 | ---D | M] -- C:\Users\Samuel 2\AppData\Roaming\Dev-Cpp
[2012.05.06 13:08:30 | 000,000,000 | ---D | M] -- C:\Users\Samuel 2\AppData\Roaming\Dropbox
[2010.05.21 12:40:38 | 000,000,000 | ---D | M] -- C:\Users\Samuel 2\AppData\Roaming\DzSoft
[2010.07.10 13:52:55 | 000,000,000 | ---D | M] -- C:\Users\Samuel 2\AppData\Roaming\EurekaLog
[2012.05.06 01:12:11 | 000,000,000 | ---D | M] -- C:\Users\Samuel 2\AppData\Roaming\FileZilla
[2010.07.02 21:35:25 | 000,000,000 | ---D | M] -- C:\Users\Samuel 2\AppData\Roaming\FOG Downloader
[2012.04.05 14:55:38 | 000,000,000 | ---D | M] -- C:\Users\Samuel 2\AppData\Roaming\FreeHideIP
[2010.11.16 18:35:37 | 000,000,000 | ---D | M] -- C:\Users\Samuel 2\AppData\Roaming\FRITZ!
[2012.04.23 20:05:04 | 000,000,000 | ---D | M] -- C:\Users\Samuel 2\AppData\Roaming\GetRightToGo
[2011.06.17 23:14:55 | 000,000,000 | ---D | M] -- C:\Users\Samuel 2\AppData\Roaming\go
[2012.01.13 16:27:36 | 000,000,000 | ---D | M] -- C:\Users\Samuel 2\AppData\Roaming\gtk-2.0
[2010.06.24 16:00:35 | 000,000,000 | ---D | M] -- C:\Users\Samuel 2\AppData\Roaming\Imperium Romanum
[2010.06.08 16:14:00 | 000,000,000 | ---D | M] -- C:\Users\Samuel 2\AppData\Roaming\Inkscape
[2010.10.03 19:57:03 | 000,000,000 | ---D | M] -- C:\Users\Samuel 2\AppData\Roaming\ISTool
[2011.02.09 14:55:53 | 000,000,000 | ---D | M] -- C:\Users\Samuel 2\AppData\Roaming\Leadertech
[2010.07.23 12:04:22 | 000,000,000 | ---D | M] -- C:\Users\Samuel 2\AppData\Roaming\Lost Marble
[2011.04.23 22:13:06 | 000,000,000 | ---D | M] -- C:\Users\Samuel 2\AppData\Roaming\ManyCam
[2010.11.26 19:33:43 | 000,000,000 | ---D | M] -- C:\Users\Samuel 2\AppData\Roaming\MrJobs
[2010.04.03 11:16:19 | 000,000,000 | ---D | M] -- C:\Users\Samuel 2\AppData\Roaming\Opera
[2010.07.26 19:01:54 | 000,000,000 | ---D | M] -- C:\Users\Samuel 2\AppData\Roaming\PeerNetworking
[2012.02.10 22:04:58 | 000,000,000 | ---D | M] -- C:\Users\Samuel 2\AppData\Roaming\PopSoft
[2011.12.25 15:04:19 | 000,000,000 | ---D | M] -- C:\Users\Samuel 2\AppData\Roaming\Sony
[2012.05.06 13:11:20 | 000,000,000 | ---D | M] -- C:\Users\Samuel 2\AppData\Roaming\Spotify
[2011.11.03 00:01:44 | 000,000,000 | ---D | M] -- C:\Users\Samuel 2\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012.04.08 09:21:37 | 000,000,000 | ---D | M] -- C:\Users\Samuel 2\AppData\Roaming\Steganos
[2012.04.11 17:39:39 | 000,000,000 | ---D | M] -- C:\Users\Samuel 2\AppData\Roaming\TeamViewer
[2011.11.01 19:36:17 | 000,000,000 | ---D | M] -- C:\Users\Samuel 2\AppData\Roaming\Thunderbird
[2011.05.28 22:45:18 | 000,000,000 | ---D | M] -- C:\Users\Samuel 2\AppData\Roaming\WildTangent
[2010.12.07 18:25:45 | 000,000,000 | ---D | M] -- C:\Users\Samuel 2\AppData\Roaming\Windows Live Writer
[2011.03.10 22:52:43 | 000,000,000 | ---D | M] -- C:\Users\Samuel 2\AppData\Roaming\XMedia Recode
[2012.05.05 20:58:02 | 000,000,918 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3109684298-3459403227-3296056258-1013Core.job
[2012.05.05 23:58:02 | 000,000,940 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3109684298-3459403227-3296056258-1013UA.job
[2012.03.26 13:29:56 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
samweb
Regular Member
 
Posts: 15
Joined: May 5th, 2012, 11:38 am

Re: Add box in left corner

Unread postby samweb » May 6th, 2012, 8:22 am

Extras.txt
OTL Extras logfile created on: 06.05.2012 13:16:44 - Run 1
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\Samuel 2\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 1,66 Gb Available Physical Memory | 41,58% Memory free
7,99 Gb Paging File | 5,05 Gb Available in Paging File | 63,21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 920,75 Gb Total Space | 347,54 Gb Free Space | 37,75% Space Free | Partition Type: NTFS

Computer Name: SAMUELS-PC | User Name: Samuel 2 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)

[HKEY_USERS\S-1-5-21-3109684298-3459403227-3296056258-1013\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [OpenAsAWebSite] -- C:\Program Files (x86)\Microsoft WebMatrix\WebMatrix.exe #ExecuteCommand# SiteFromFolder %L (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [OpenAsAWebSite] -- C:\Program Files (x86)\Microsoft WebMatrix\WebMatrix.exe #ExecuteCommand# SiteFromFolder %L (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{005D5FD1-D81F-43B7-985E-56A3DB1A2D05}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1B316360-DE57-493B-A13B-AE59E5CB901D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1CF4D80B-432C-41BB-8576-BD7604C58F53}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{3723E6A9-C58A-4E1C-88EA-F74C263A9377}" = rport=445 | protocol=6 | dir=out | app=system |
"{5E5DB2FA-A479-47CD-B275-60996B756A27}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{698C3B2D-40AC-4123-910F-702408B25EBE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6BC2F30B-6909-4FBD-AFA0-EF1F297599EB}" = rport=139 | protocol=6 | dir=out | app=system |
"{6D74E532-9CFF-4611-978E-E6EA1942943D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6F20DF38-328A-4C2C-B5CC-479D19482288}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{77837F83-9F73-43E2-9AC6-4D0BE5CF374A}" = rport=137 | protocol=17 | dir=out | app=system |
"{7ABA6765-2E61-410F-8BEA-31C9D325708F}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{7B280A8F-9758-420D-B3C1-546B5DD62998}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{7D52DC71-CB21-486E-BA73-DC33105685EA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7FEBCF18-E5B3-4A8C-8AB3-123924F13D19}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{8806161C-ABB5-4BA8-9429-D220E5B90AD0}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{8BF44CC5-3E24-4DF6-8271-5F74B282FB5A}" = lport=137 | protocol=17 | dir=in | app=system |
"{90DB1C9B-0CFB-403E-AD00-B421A78342BA}" = lport=445 | protocol=6 | dir=in | app=system |
"{A10A8012-0034-4CE8-A08D-1B8BF588D76A}" = rport=138 | protocol=17 | dir=out | app=system |
"{B16DF7C2-562F-49DE-8FFB-1D36BF54287C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B38C81A4-2525-4743-8875-7DE804C37E78}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B7E4B047-5D89-42E5-9D3D-7CA105E2CA7A}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{BD34C0A9-06CA-4BF0-B10E-D098258526C9}" = lport=10243 | protocol=6 | dir=in | app=system |
"{BE47A0C0-5344-44E2-87F4-964CF92DBCF8}" = lport=139 | protocol=6 | dir=in | app=system |
"{C036DEE1-E6B5-4E58-87A5-2D358A8B4805}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{CED4471D-85DC-48E5-B141-72F35C700953}" = rport=10243 | protocol=6 | dir=out | app=system |
"{D22AAED6-CA6D-4417-9B2E-891341303549}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{D71FA5E8-5FFD-4A78-B69F-DDAA82D5A0AE}" = lport=7000 | protocol=6 | dir=in | name=tcp-port für windows-easytransfer |
"{D9B9A99D-98FA-4F75-A65C-982139A0DD31}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{DB958B96-69A4-4548-8F2C-BBB6281B652C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E4E63616-03B5-4591-92FF-3CFC069F50F9}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{E6B45A7B-95CF-4C8D-AB79-A681C9D55555}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EB915A2E-19BB-4316-A698-D87FC9927521}" = lport=7000 | protocol=17 | dir=in | name=udp-port für windows-easytransfer |
"{ECB105F1-B86F-4744-B9E4-24ACB58E884D}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{EDA5910A-2E39-4F2E-8827-C7EF32D47A56}" = lport=138 | protocol=17 | dir=in | app=system |
"{FA042B9A-51C3-4577-9BEB-4A2EBDC37927}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FFF4787D-C31C-4B04-8EB6-9C0EBEBCCBCF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0148BD07-89EE-43A6-8ED3-4AA2975265A0}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\videospin\programs\rm.exe |
"{018F273C-1435-46F0-AC9D-4239FCCBF059}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{0215EB25-71D9-4EEF-80A8-CD173D26E7D8}" = dir=in | app=c:\users\samuel 2\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{04D54FF3-46A7-4547-896E-6EAC7A71D524}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{068100DD-57BC-4E91-9866-4DFDAA9D3610}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft expression\encoder 4\encoder.exe |
"{0D5CD689-CCF4-4ACD-97B8-12AC6CDDF94F}" = protocol=17 | dir=in | app=c:\program files (x86)\nmap\nmap.exe |
"{16472C4B-7107-4F2B-B4C5-554FD7A3B70C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1A1B8A3D-A1E9-409B-95E0-B181EA187530}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{1C4E0E23-ECBC-4B24-98A9-6BC91531D662}" = protocol=17 | dir=in | app=c:\program files (x86)\bitcoin\bitcoin.exe |
"{1C91B622-02EC-4781-BDC3-06E99C0C8D35}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{1D694409-6CFC-4609-BE4C-9FDAF0D81C10}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{1E6FF1B3-9C00-415D-BDB4-5DE61907237B}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\videospin\programs\umi.exe |
"{21FF7CD4-64D8-4840-B227-C7F8F635658C}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\devicesetup.exe |
"{2441E39F-9690-4C89-9459-5D2AF8D94B93}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{261D8D23-FAD9-4EDC-921E-350F560AEE40}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe |
"{26FBAC31-4DCA-4F70-B92D-0C80FB89E0D1}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{2742009D-D080-471B-A76B-E72784253834}" = protocol=17 | dir=in | app=c:\program files (x86)\2k games\firaxis games\sid meier's civilization 4 complete\beyond the sword\civ4beyondsword.exe |
"{29B12418-5ACC-45B5-AFC9-1582388C110A}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{2A9BBBC5-6E76-4B4D-B600-A3BEA7495812}" = protocol=17 | dir=in | app=c:\users\samuel 2\appdata\roaming\dropbox\bin\dropbox.exe |
"{2C3597F9-02BB-4E91-8879-6907644F9151}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{2CAE0786-C864-4959-9B94-B7CB975D3FC9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{2D8BE471-7592-4A1B-9E5F-4D1DFBB749AF}" = protocol=6 | dir=in | app=c:\program files (x86)\2k games\firaxis games\sid meier's civilization 4 complete\warlords\civ4warlords.exe |
"{338F0109-97EE-4C91-849E-CAE9895997E2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{37D85687-5F9B-4DEA-B27C-758767774368}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{386CBA36-30C8-4735-990E-46EA2C6639E8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{39C74321-46FD-4E72-A0B6-F9DDBF650E7E}" = protocol=17 | dir=in | app=c:\program files (x86)\ultramixer\jre\bin\javaw.exe |
"{3B9F3F24-4019-47F7-A762-6BC604CFF193}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3E27047C-BFF1-417B-BF4D-6FC4CEF3785F}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer.exe |
"{408126B1-5286-42B9-9D4F-E6D0B46B1093}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{40A27370-17EB-4A0C-9194-675B0F928D64}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{40FD43D4-4C5D-4FFE-845F-C22561A301B4}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{445605CC-A83C-4560-9877-345F2523D995}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe |
"{4474748C-0812-456C-8EA1-2CF30411399A}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{44FD494C-6060-44CC-8A32-63B20B92DD71}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{4591F74F-942E-40EA-BE21-88AAD118C1E8}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft expression\encoder 4\encoder.exe |
"{461BE9D5-8160-4FA4-8DCF-E6C3C90F61C9}" = protocol=17 | dir=in | app=c:\program files (x86)\2k games\firaxis games\sid meier's civilization 4 complete\warlords\civ4warlords.exe |
"{4C207EDA-565E-4473-AE7C-DB5DACFA2C6D}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{4D086C96-CD09-4C77-A0FC-8A545D6192E2}" = protocol=6 | dir=in | app=c:\users\samuel 2\appdata\local\akamai\netsession_win.exe |
"{50F12578-F1E5-4540-B6CF-543B043AAB91}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{542ACC47-73A0-4C61-95DC-7E3CD0DE77B9}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{587CB805-FEB7-43BD-AD28-0F50CAC7170D}" = dir=in | app=c:\program files (x86)\microsoft garage\mouse without borders\mousewithoutborders.exe |
"{5A06B3CB-35A5-4B21-B217-9E9D5BDA73CE}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\videospin\programs\rm.exe |
"{5B4379B4-6B47-4B7E-B0E0-C0F86B776368}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{5B650681-6FF2-43C6-A367-25F3CE56CB9A}" = protocol=6 | dir=in | app=c:\program files (x86)\nmap\nmap.exe |
"{5C315637-EC92-402F-894F-204CDEDD159D}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{5C708F1C-39A8-4162-9FBD-E62B5A1F5628}" = protocol=17 | dir=in | app=c:\users\samuel 2\appdata\roaming\dropbox\bin\dropbox.exe |
"{5E615D7B-3110-4115-B7E3-11B506634ADB}" = protocol=17 | dir=in | app=c:\windows\system32\migwiz\migwiz.exe |
"{64B134DF-B81C-48C5-BA9C-EB2401DF6BDA}" = protocol=6 | dir=in | app=c:\program files (x86)\ultramixer\jre\bin\javaw.exe |
"{664D945E-80A9-4E75-A8DF-85763C07A1A4}" = protocol=6 | dir=in | app=c:\users\samuel 2\appdata\roaming\dropbox\bin\dropbox.exe |
"{68A0619F-A600-42B0-9736-FE7B77FAC172}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{702649C3-CD5F-4278-8781-FCEB56A5184A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{762E9B73-F42B-4CEE-B52F-A37FF2FC4A2C}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\videospin\programs\videospin.exe |
"{7A0D16AE-961F-4EC8-B577-947B369EA06E}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\devicesetup.exe |
"{7D810004-B807-4421-B77C-43D85ACDAE3A}" = protocol=6 | dir=in | app=c:\users\samuel 2\appdata\roaming\dropbox\bin\dropbox.exe |
"{7F280AA9-1813-41AE-8B2F-53939237B329}" = protocol=17 | dir=in | app=c:\program files (x86)\2k games\firaxis games\sid meier's civilization 4 complete\civilization4.exe |
"{8203DD9A-B91C-4CDA-A9CB-E58AE3E599EA}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{87471F2A-CCE9-4841-B210-371CFF99625C}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{89FBA661-F9DF-4108-9DD3-2A8E6AAA2642}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{8E60FD53-23BA-443D-9D7E-736CEB8DF1AC}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8EA91449-D4D1-4857-BD37-1C7E73A7B52A}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{8F8B88E4-1746-4FB1-81D7-5A5CFDFAB330}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{93985F83-ED07-44FB-8CCB-14F549594F87}" = protocol=6 | dir=out | app=system |
"{9B3A76FA-EA3C-49F5-9CA5-069D745FE32C}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{9E179DE9-F9A2-408A-9100-D02880CB4FF6}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe |
"{9F872353-7694-410E-914D-BF8493960864}" = protocol=17 | dir=in | app=c:\users\samuel\appdata\local\temp\{691353a7-e62e-4672-8b9c-a7ccfca76884}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\cinergydvrhelper.exe |
"{A0098B60-3371-4355-ABDD-DC9F61F1B3DB}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{A3DBB843-E4DE-44C3-B629-78889C53C628}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe |
"{A690A9DE-DB26-41E4-99FF-A1E0134BB807}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{A76D6D07-76FB-4460-9FDF-485EF5FC9D44}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{AAFDF587-9FDE-488F-A3C9-466A6DA66385}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{AFB20094-A183-4A9D-A8DB-DDC9DC8D7C52}" = protocol=17 | dir=in | app=c:\users\samuel 2\appdata\local\akamai\netsession_win.exe |
"{B2A8A7AF-A449-495E-A1D8-A942DEE80824}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{B7EAE40C-7D5C-4D55-A6F0-9FC64AB765EE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B8F09A12-3BD0-4BC9-B42D-875F02132588}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{BBB50818-A338-4434-9767-29A3A35B38F8}" = protocol=6 | dir=in | app=c:\windows\system32\migwiz\migwiz.exe |
"{C322176D-B1B3-41B8-9D4E-4E3AE7592DA0}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{CACE07E8-F2C7-4B9E-ABCF-C3F2897365F6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CD90C90F-2760-4956-AD5C-D062D2850767}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D0E395A3-24FE-4BD8-9D53-2D20353E4DF5}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe |
"{D1E255EA-4AAC-4BEE-A103-5472A64EC70A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{D416E139-B26B-4946-B4F2-C31C6E103FBF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D66E201B-653F-4A97-A66B-FA4BDB97671D}" = protocol=6 | dir=in | app=c:\program files (x86)\bitcoin\bitcoin.exe |
"{D96EA4C2-092D-49FB-B14E-DF388B6F5951}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{DA6A0D6B-EDEE-4ACC-A9EB-3EC4966DBB86}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{DDBC4A0B-7BB5-4BDE-9601-595DF8B5720C}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\videospin\programs\umi.exe |
"{E3392A00-2299-425B-B6A0-05F53A5ADD1C}" = protocol=6 | dir=in | app=c:\users\samuel\appdata\local\temp\{691353a7-e62e-4672-8b9c-a7ccfca76884}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\cinergydvrhelper.exe |
"{E5A225D2-EF45-48D1-BC39-A65286BA5A76}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer.exe |
"{E7F611F1-CAE1-4BE0-8BC5-1177DCD37287}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{E81AFD21-4893-4EA8-AF6B-2E64C1B25F85}" = protocol=6 | dir=in | app=c:\program files (x86)\2k games\firaxis games\sid meier's civilization 4 complete\beyond the sword\civ4beyondsword.exe |
"{ECC116DE-D0BD-472A-8E82-21877245C2D6}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{EE070736-EFE4-4DEE-A5AD-7B02325038E4}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\videospin\programs\videospin.exe |
"{EEF58301-059C-4145-831F-22FE6CCE7014}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F19EE0B2-53EA-4295-A9C7-F9A51C172B9D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F4DF955F-1A12-4AF1-A9DB-D4AF42DAD019}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{F52D2AA3-A3F8-40CA-8210-A82D14D4DAA7}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd dx\pdvddxsrv.exe |
"{F65F0C85-9632-4DC3-A3A6-3760DE5216DE}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{F847AEC0-2F6C-486C-B76F-13C8C93CF9CB}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd dx\powerdvd.exe |
"{F8E1CCED-1711-4675-AAD6-9793748B6028}" = protocol=6 | dir=in | app=c:\program files (x86)\2k games\firaxis games\sid meier's civilization 4 complete\civilization4.exe |
"{F9F8127E-AD69-493F-92E8-5342A596FEE5}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{FCAC4D90-27AC-4C06-904D-4CEAE3211804}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FEB44DD9-0358-4584-A57B-A7C5061B379F}" = protocol=58 | dir=in | app=system |
"{FF339DE9-6323-4035-BE17-7BBA5458FC5D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{316A6852-497A-4BD3-974F-33EE0C22C7F0}C:\program files (x86)\nmap\nmap.exe" = protocol=6 | dir=in | app=c:\program files (x86)\nmap\nmap.exe |
"TCP Query User{3B8BFF05-DF52-485E-A727-B0D7340092DE}C:\program files (x86)\microsoft expression\encoder 4\encoder.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft expression\encoder 4\encoder.exe |
"TCP Query User{6DA9E130-D98E-4949-A8DF-83149FDCEC9D}C:\program files (x86)\bitcoin\bitcoin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bitcoin\bitcoin.exe |
"TCP Query User{C19A2861-01C0-434E-8AC9-F7F8EEBCAC6F}C:\program files (x86)\ultramixer\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ultramixer\jre\bin\javaw.exe |
"UDP Query User{7B997554-E581-4CFD-847F-6114E87D9AB8}C:\program files (x86)\nmap\nmap.exe" = protocol=17 | dir=in | app=c:\program files (x86)\nmap\nmap.exe |
"UDP Query User{9BB262D7-3E87-4F3B-9F85-B04E24E0A25B}C:\program files (x86)\microsoft expression\encoder 4\encoder.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft expression\encoder 4\encoder.exe |
"UDP Query User{BEB6827E-A540-4C12-A7B0-AEE775F09A8C}C:\program files (x86)\ultramixer\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ultramixer\jre\bin\javaw.exe |
"UDP Query User{C6023B74-335B-40B3-952E-F7ED1642233F}C:\program files (x86)\bitcoin\bitcoin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bitcoin\bitcoin.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1C55470A-7C9E-4C63-B466-6AFFC69E94E9}" = Windows Live Family Safety
"{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{1FBEA8BA-D40B-48BC-85BC-EE2D5575F27C}" = Microsoft SQL Server VSS Writer
"{26A24AE4-039D-4CA4-87B4-2F86416014FF}" = Java(TM) 6 Update 14 (64-bit)
"{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)
"{2DF4C5DD-7417-301D-935D-939D3B7B5997}" = Microsoft Help Viewer 1.0 Language Pack - DEU
"{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)
"{3C983A67-DFB2-3D3D-AD9E-CA1A5A09FD18}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - DEU
"{3CDDD063-7FC2-43A7-9EC0-B3F1E38C7649}" = HP Deskjet Printer Driver Software 13.0 Rel. 1
"{4432F6A4-33D7-41B9-88E4-6735CF334671}" = Microsoft Visual Studio 2005 Remote Debugger Light (x64) - DEU
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{471AAD2C-9078-4DAC-BD43-FA10FB7C3FCE}" = Microsoft SQL Server 2008 R2 Native Client
"{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{54AC5197-9CE4-4C42-B191-16F5918479EC}" = Microsoft Web Platform Installer 4.0
"{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5DE154DF-A55E-4FA5-BE59-32E78FCACF3E}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{6ACE7F46-FACE-4125-AE86-672F4F2A6A28}" = Bing Maps 3D
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}" = MobileMe Control Panel
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)
"{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)
"{7C39E0D1-E138-42B1-B083-213EC2CF7692}" = Microsoft SQL Server Native Client
"{8219EDCB-CE5A-4348-B056-AAC0FE4E99D0}" = Microsoft IntelliType Pro 8.2
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)
"{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)
"{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud
"{8E16BB50-E49A-3647-BD4D-4D150DCCBFAE}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune
"{9B9E4031-ED35-4BE0-A397-BEC2CC88C471}" = Oracle VM VirtualBox 4.1.2
"{A0061DDB-0688-4406-99F9-3934EBB5ADBE}" = AxCrypt 1.7.2614.0
"{A0212756-D0C9-4AAA-B61C-DB01235FA830}" = Microsoft Web Deploy 3.0
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)
"{A80AF0FF-16ED-3B44-9103-A874B3771422}" = Windows Phone Emulator x64 - DEU
"{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{C214301F-F5D7-36D9-B3A2-1467C5586495}" = Microsoft Help Viewer 1.1 Language Pack - DEU
"{C3600AE6-93A0-3DB7-B7AA-45BD58F133B5}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{C3EAE456-7E7A-451F-80EF-F34C7A13C558}" = Microsoft SQL Server Compact 3.5 SP2 x64 DEU
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CA62C93E-A637-4BEC-B90D-69ABFBEB402C}" = Microsoft SQL Server Compact 4.0 SP1 x64 DEU CTP1
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D1AFFA41-BB7A-4398-A86A-2B935FC3A649}" = MySQL Server 5.1
"{D285FC5F-3021-32E9-9C59-24CA325BDC5C}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DB61F989-7664-4E18-97C8-0AC4C5DD9FFC}" = e-mix 5.6.4 Basic Edition
"{DE2C9D5F-C55C-30E8-9322-2B8E8B5DF87C}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - deu
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E0FE1E14-3A7A-4DB0-9FFA-0DD945AE84DB}" = HP Officejet Pro 8500 A910 - Grundlegende Software für das Gerät
"{E5748D30-7E6D-3A8E-BFE6-C1D02C6DDABB}" = Microsoft Help Viewer 1.1
"{E57B7E0A-8BE5-42E2-BE60-C07ED680A063}" = Microsoft Mathematics (64-bit)
"{E60B7350-EA5F-41E0-9D6F-E508781E36D2}" = Dell Dock
"{E6420CCB-92BE-3ACB-BDC3-69FBDD319C94}" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - DEU
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F5C819A5-E068-4f7d-B91A-1BD18702AFFB}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"3134FEF0E1D959EC0CC2E458C94B7057B2AC0CC9" = Windows-Treiberpaket - FTDI CDM Driver Package (10/22/2009 2.06.00)
"3CAABDB4D5E19760A561BDB6506A3E8432AE8457" = Windows-Treiberpaket - Das USB (09/20/2010 1.6.0)
"883C6F371CE9B23C1CF864201BD5C4BBCA440808" = Windows-Treiberpaket - Das (WinUSB) USB (12/14/2011 1.4)
"88EB56038379B8B7DCFB4D2448A60F52E064B265" = Windows-Treiberpaket - FTDI CDM Driver Package (10/22/2009 2.06.00)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Dell Wireless WLAN Card Utility" = Dell Wireless WLAN Card Utility
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"lvdrivers_12.10" = Logitech Webcam Software-Treiberpaket
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU
"Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1
"Microsoft Help Viewer 1.1 Language Pack - DEU" = Microsoft Help Viewer 1.1 Language Pack - DEU
"Microsoft IntelliType Pro 8.2" = Microsoft IntelliType Pro 8.2
"Microsoft Visual Studio 2005 Remote Debugger Light (x64) - DEU" = Microsoft Visual Studio 2005 Remote Debugger Light (x64) - DEU
"Microsoft Visual Studio 2008 Remote Debugger Light (x64) - DEU" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - DEU
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU" = Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU
"NVIDIA Drivers" = NVIDIA Drivers
"Shop for HP Supplies" = Shop for HP Supplies
"Zune" = Zune

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{01C79EF3-DE84-4B56-B638-8BEA0D507506}" = Microsoft XNA Game Studio 4.0 (XnaLiveProxy)
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{04F3038E-4120-44CC-B330-E05F737246A5}" = Roxio Update Manager
"{0536BCDF-7EF6-48F6-8765-A3C065A065A5}" = Microsoft Expression Blend SDK for .NET 4
"{0666E46E-A860-4353-BE6D-13AA72FABB57}" = Microsoft XNA Game Studio Platform Tools
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{07C57B29-D2E4-4959-84A5-016F2BE11A35}" = Microsoft Windows Phone 7 Developer Resources(DE)
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{08C84CC6-E7FD-4B2D-BBF9-B02CC90EE031}" = Microsoft XNA Game Studio 4.0 (Shared Components)
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{09adb098-20a9-4029-a67a-0151adc87376}" = Nero 9 Essentials
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{0EDBEB2B-7C8D-42E6-8312-0F84394A3223}" = Windows Media Center Add-in for Silverlight
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F1D1572-9311-4590-A8A6-425224984E54}" = Steganos Privacy Suite 12
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{100A46D7-2CA2-4E8A-9D2F-A5D9E66AB228}" = IIS 7.5 Express
"{1013BBD9-890E-4762-A7FE-9B6E75D5FC45}" = Miro Video Converter
"{13A5E785-5197-4EAD-8EE3-D660271E49BC}" = Feedback Tool
"{14F94B3D-3136-469F-BB40-B0A65B2C86F2}" = D1400
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{15F02176-0D12-4FAF-B2CD-2767C7781427}" = Google SketchUp 8
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{167A1F6A-9BF2-4B24-83DB-C6D659F680EA}" = Media Go
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1762BA00-6EBE-4430-9FBB-16F516B4A46D}" = Microsoft Expression Blend SDK for Windows Phone 7
"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1D537C29-27C9-4EE2-92BC-22D0910EAE9D}" = Microsoft XNA Game Studio 4.0 Language Pack (de-DE)
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
"{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{29D3773E-54F4-23C2-D523-236A4453B845}_is1" = FileAlyzer 2
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2CE77981-14DE-4773-8106-27C9C964720C}" = Microsoft ASP.NET MVC 2 - VWD Express 2010 Tools - DEU
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2F8B731A-5F2D-3EA8-8B25-C3E5E43F4BDB}" = Microsoft Visual C++ Compilers 2010 Standard - enu - x86
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{30D1F3D2-54CF-481D-A005-F94B0E98FEEC}" = Sid Meier's Civilization 4 Complete
"{32A3A4F4-B792-11D6-A78A-00B0D0160200}" = Java(TM) SE Development Kit 6 Update 20
"{32E2F180-247C-4077-B06A-20F9868568E0}_is1" = UltraMixer 2.4.5
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34EF7358-ABC7-8469-5FB6-C5C0146F099E}" = Media Go Video Playback Engine 1.84.102.07010
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{3F4EB5FE-B5BE-4069-A5A8-6D9262E1B379}" = Microsoft XNA Game Studio 4.0 Documentation
"{3FF8E8A7-5BA8-4D9E-B976-B05B2B00B0AE}" = Microsoft Expression Web 4
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{44228375-A198-489B-B90F-F88A1A78D5F5}" = Microsoft Lync 2010 Attendee
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D26B533-269B-4C01-B59E-80A6864824A5}" = Microsoft Expression Encoder 4
"{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{4E33D05D-76CF-5D3C-4D5D-7727530FA161}" = Adobe Content Viewer
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{53CF3920-648B-4F99-8D05-6A6C5298F57B}" = Adobe Creative Suite 5.5 Design Standard
"{553B3EFC-4D47-36D4-B15E-BE098BAEC8AC}" = Windows Phone 7 Add-in for Visual Studio 2010 - DEU
"{558358E5-E4F3-4374-BA1D-26FF39EF87D9}" = Microsoft Silverlight Tools for Visual Studio 2010
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5AB7D739-1735-3A9E-BE73-C43507CB4E6F}" = Microsoft Visual Studio 2010 Service Pack 1
"{5B52E1FF-BD66-4582-97BA-55C575C19504}" = Microsoft MSDN 2005 Express Edition - DEU
"{5BDFAB82-060E-438B-AB4F-A2331B2294C0}" = Microsoft ASP.NET MVC 2 - VWD Express 2010 Tools
"{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
"{5DDF31D2-63BB-4268-895B-FB05A82A1C00}" = Microsoft XNA Game Studio 4.0 Windows Phone Extensions
"{5E1375CB-6792-4464-8715-CC3EC83D48FA}" = VirtualDJ Home FREE
"{5EE6E987-1B79-4A93-832B-27472C7D1579}" = WPF Toolkit February 2010 (Version 3.5.50211.1)
"{5FD88490-011C-4DF1-B886-F298D955171B}" = MySQL Connector Net 6.3.7
"{616C6F39-4CE1-3434-A665-2F6A04C09A7F}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{623B8278-8CAD-45C1-B844-58B687C07805}" = Bing Bar Platform
"{631471BE-DEAB-454B-A9AC-CE3EB42C28B3}" = Microsoft ASP.NET Web Pages
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{638AA518-6A32-33CC-B88F-BCD20B2DCF2E}" = Microsoft Visual Web Developer 2010 Express - DEU
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{68BD57D3-D606-411E-A7E0-3EB6EA5660F6}" = Microsoft XNA Game Studio 4.0 (Redists)
"{69A14245-327E-4681-9537-A5610A1AFD34}" = Windows Internet Explorer Platform Preview
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6D172D0A-B9F1-4046-AFAB-8599288545BF}" = Safari
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{73BE04D9-BA0E-4BAF-9C9D-677278BDB3DC}" = Microsoft XNA Game Studio 4.0 (ARP entry)
"{7650F538-6274-44EA-8F50-843479073333}" = EPSON USB Display
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{76FAE3C6-F0F2-43D3-9D94-C2AD772C2326}" = Webtools von Microsoft SQL Server Compact 4.0 DEU
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7977F710-8ECD-4E2A-B38E-4AF910EC02DB}" = Microsoft ASP.NET Web Pages 2
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{7CDC26F7-D6BF-442A-B599-0075A48310F7}" = SA32xx Device Manager
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7FC7AD70-1DF3-4B84-9AA2-4FB680F45572}_is1" = Hex-Editor MX
"{803910CC-3A39-45E3-A594-0D5512A60A86}" = Microsoft Silverlight 4 SDK - Deutsch
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{83F2B8F4-5CF3-4BE9-9772-9543EAE4AC5F}" = Microsoft SQL Server 2008 R2 Management Objects
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{871B2A9D-0F12-44B3-88C1-E0CB10A232E4}" = HP Officejet Pro 8500 A910 Hilfe
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B0CB1FA-6D45-4D41-B7BA-5F13EA6BEC5A}" = Adobe Edge Preview
"{8C496FBF-DB4A-468D-A3A1-15E127382218}" = Microsoft XNA Game Studio 4.0 (Visual Studio)
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FD0F94D-4594-48A0-BE99-5265367603D8}" = Microsoft Expression Design 4
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90C0847F-6563-401F-BC3A-AB2B11E5B062}" = Microsoft SQL Server Compact 4.0 SP1-Skripttools DEU CTP1
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9158FF30-78D7-40EF-B83E-451AC5334640}" = Adobe Photoshop CS5.1
"{9219F0C5-4320-43D3-8A23-F8B4C6F02DEE}" = Microsoft Expression Blend 4 Add-in for Adobe FXG Import
"{92D36098-7AF2-4046-8E8E-2CFFBBEF1452}" = Microsoft WebMatrix 2
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93EEC4E9-EEFE-4027-ACD3-6E8C1D085975}" = Microsoft ASP.NET Web Pages - DEU
"{9494E966-5FCF-472F-A295-3168417FD175}" = Bing API 2.0 SDK
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.1.2
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet-TV für Windows Media Center
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn
"{A3FBF944-11B9-4DA6-AA48-65F2DD548EE9}" = dj_sf_ProductContext
"{A4D58206-7E8F-41F2-BD94-85009F3AEA28}" = NWZ-E460 WALKMAN Guide
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{A9E12684-DD23-4D11-ACAF-6041954BCA00}_is1" = ISTool 5.3.0.1
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B006B9E9-41DD-4479-9177-3743A53B7735}" = Microsoft Expression Blend 3 SDK
"{B0682940-6FFB-4850-80BA-B2FEF0D64BA8}" = Microsoft Expression Blend SDK for Silverlight 4
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B3583CBE-10A5-4FDB-85E9-6E6648D5E54E}" = Microsoft SQL Server Migration Assistant for MySQL
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{BBAAAD82-6242-420F-86D4-BD72BB5E6C86}" = Tools für Microsoft SQL Server 2005 Express Edition
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{BDE646E8-86E0-50E1-37BC-0AEBB2185D76}" = Adobe Widget Browser
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C2E1ED34-EF54-43D4-B634-8C76B15CFF18}" = iClone v3.2 SE
"{C3F6EF04-8292-482D-9A2B-47CF5758C8FC}" = Microsoft Expression Studio 4
"{C3F6F200-6D7B-4879-B9EE-700C0CE1FCDA}" = Microsoft SQL Server System CLR Types
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C8088AE5-A62A-4C29-A3D5-E5E258B517DE}_is1" = wxWidgets Compiled 2.8.11
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D3BC954F-D661-474C-B367-30EB6E56542E}" = Microsoft Garage Mouse without Borders
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5A7D7AB-3093-3619-9261-74DB250ECF7B}" = Microsoft Visual C++ 2008 Express Edition with SP1 - DEU
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{d868dd8d-b155-4108-93a7-7d336088edd0}" = Nero 9 Lite
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D9E6001A-5DC3-4620-AF7A-80B6CD48645D}" = WCF RIA Services V1.0 SP1
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEEB5FE3-40F5-3C5B-8F85-5306EF3C08F4}" = Microsoft Visual C++ 2010 Express - DEU
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1845F1C-068C-F8F4-D31D-D3540D47C453}" = Adobe Download Assistant
"{E32260E7-0B10-43C7-9B77-AB9F4184676D}" = Microsoft SQL Server Compact 3.5 Design Tools DEU
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E4E9CBC9-1CF5-48E3-AF6F-1AB44A856346}" = Microsoft ASP.NET MVC 2 - DEU
"{E68B0A8D-5FD5-4689-A5B6-155C01026BAC}" = dj_sf_software_req
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EC0AEEE8-3D70-4792-B4D1-1BFBC7D8BEEB}" = dj_sf_software
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{EFE673F6-688A-42ed-9C6C-9DD8CF5A9B89}" = D1400_Help
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F21D2032-60FE-4729-9C87-46F1615FB965}" = Microsoft Expression Encoder 4 Screen Capture Codec
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F39359B6-58F1-4837-BE9B-D111FAF50D74}" = Microsoft Visual Studio 2010 Express for Windows Phone - DEU
"{F5993FCC-DF5D-4879-B70D-AA1F379C5C6B}" = Microsoft Expression Web 4 Service Pack 2
"{F7800FC1-6948-4D64-A9BC-3EEDDA408D25}" = Microsoft Expression Blend 4
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA55C144-16EC-4C19-ABFF-2E172C26950D}_is1" = Opera Mobile
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FEB15887-0932-4D2D-BB85-6AC03FBF1AA8}" = Pinnacle VideoSpin
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"Adobe AIR" = Adobe AIR
"Akamai" = Akamai NetSession Interface Service
"AnimatorDV Simple+ 9.02_is1" = AnimatorDV Simple+ 9.02
"Audacity_is1" = Audacity 1.2.6
"Aurora 8.0a2 (x86 en-US)" = Aurora 8.0a2 (x86 en-US)
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"BabylonToolbar" = Babylon toolbar on IE
"Blend_4.0.20901.0" = Microsoft Expression Blend 4
"BlueJ_is1" = BlueJ 3.0.4
"Bus-Simulator 2009_is1" = Bus-Simulator 2009
"CamStudio" = CamStudio
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.dmp.contentviewer" = Adobe Content Viewer
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Widget Browser
"DarkWave Studio" = DarkWave Studio 3.2.9
"Design_7.0.20516.0" = Microsoft Expression Design 4
"Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
"DMXControl" = DMXControl 2.11
"DRPU Database Converter - MySQL to MS SQL (Demo)" = DRPU Database Converter - MySQL to MS SQL (Demo)
"DS-MP3 Source" = DS-MP3 Source 1.30
"DVDStyler_is1" = DVDStyler v1.8.3
"dzperl_is1" = DzSoft Perl Editor 5.8.7
"Encoder_4.0.1651.0" = Microsoft Expression Encoder 4
"eSpeak_is1" = eSpeak version 1.45.05
"ExpressionStudio_4.0.20705.0" = Microsoft Expression Studio 4
"FileZilla Client" = FileZilla Client 3.5.3
"fotobook Maker_is1" = fotobook Maker 2.1
"Git_is1" = Git version 1.7.7-preview20111014
"Grep-2.5.4_is1" = GnuWin32: Grep-2.5.4
"Hauppauge WinTV 7" = Hauppauge WinTV 7
"Hauppauge WinTV Infrared Remote" = Hauppauge WinTV Infrared Remote
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Imperium Romanum" = Imperium Romanum 1.03
"Inno Setup 3_is1" = Inno Setup version 3.0.7
"Inno Setup 5_is1" = Inno Setup Version 5.4.2
"InstallShield_{C2E1ED34-EF54-43D4-B634-8C76B15CFF18}" = iClone v3.2 SE
"InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"KiCad" = KiCad 2011.07.08
"Loksim3D" = Loksim3D
"Magic 3D Easy View_is1" = Magic 3D Easy View
"ManyCam" = ManyCam 2.6.55 (remove only)
"Microsoft DirectX SDK (June 2010)" = Microsoft DirectX SDK (June 2010)
"Microsoft MSDN 2005 Express Edition - DEU" = Microsoft MSDN 2005 Express Edition - DEU
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual C++ 2008 Express Edition with SP1 - DEU" = Microsoft Visual C++ 2008 Express Edition mit SP1 - DEU
"Microsoft Visual C++ 2010 Express - DEU" = Microsoft Visual C++ 2010 Express - DEU
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Microsoft Visual Studio 2010 Express for Windows Phone - DEU" = Microsoft Windows Phone Developer Tools - DEU
"Microsoft Visual Studio 2010 Service Pack 1" = Microsoft Visual Studio 2010 Service Pack 1
"Microsoft Visual Web Developer 2010 Express - DEU" = Microsoft Visual Web Developer 2010 Express - DEU
"MinGW" = MinGW 5.1.6
"Moho_is1" = Moho 5.4
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"Mozilla Thunderbird 12.0.1 (x86 de)" = Mozilla Thunderbird 12.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nmap" = Nmap 5.51
"Opera 11.61.1250" = Opera 11.61
"Opera 4.0 (Win9x/NT4.0)" = Opera 4.0 (Win9x/NT4.0)
"Pegasus Mail" = Pegasus Mail
"Pegasus Mail, Deutsche Komplettversion_is1" = Pegasus Mail v4.51 R1 (Deutsche Komplettversion)
"Pivot Stickfigure Animator_is1" = Pivot Stickfigure Animator version 2.2.6
"Pivot Stickfigure Toolbar" = Pivot Stickfigure Toolbar
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"Quiz_is1" = Quiz 1.0
"Samplisizer v1.2 (Demo)" = Samplisizer v1.2 (Demo)
"ShipSim2008" = Schiff-Simulator 2008
"SmartFTP Client 4.0 (x64) Setup Files" = SmartFTP Client Setup Files 4.0 (x64) (remove only)
"ST4UNST #1" = Mail System Converter
"ST5UNST #1" = PD Particles
"Synapse" = Synapse Media Player
"TeamViewer 5" = TeamViewer 5
"TeamViewer 7" = TeamViewer 7
"TmNationsForever_is1" = TmNationsForever Update 2010-03-15
"Ulead GIF Animator Lite Edition 1.0" = Ulead GIF Animator Lite Edition 1.0
"Web_4.0.1303.0" = Microsoft Expression Web 4
"WildTangent dell Master Uninstall" = WildTangent-Spiele
"Willi_is1" = Willi 2.9
"WinGimp-2.0_is1" = GIMP 2.4.2
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.2
"WinRAR archiver" = WinRAR
"winscp3_is1" = WinSCP 4.2.9
"wxAdditions_is1" = wxAdditions 2.8.11.03
"wxFormBuilder_is1" = wxFormBuilder 3.2.0
"wxPack_is1" = wxPack v2.8.11.03
"wxVC_is1" = wxVC 2.8.11.01
"xampp" = XAMPP 1.7.7
"Xenu's Link Sleuth" = Xenu's Link Sleuth
"XMedia Recode" = XMedia Recode 3.0.3.9
"XNA Game Studio 4.0" = Microsoft XNA Game Studio 4.0
"YTdetect" = Yahoo! Detect

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3109684298-3459403227-3296056258-1013\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"Akamai" = Akamai NetSession Interface
"Bitcoin" = Bitcoin
"Dropbox" = Dropbox
"f031ef6ac137efc5" = Dell Driver Download Manager
"Game Organizer" = EasyBits GO
"Google Chrome" = Google Chrome
"Spotify" = Spotify

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 01.05.2012 12:01:39 | Computer Name = Samuels-PC | Source = Apache Service | ID = 3299
Description = The Apache service named reported the following error: >>> [Tue May
01 18:01:39 2012] [warn] _default_ VirtualHost overlap on port 80, the first has
precedence .

Error - 02.05.2012 09:53:55 | Computer Name = Samuels-PC | Source = Apache Service | ID = 3299
Description = The Apache service named reported the following error: >>> [Wed May
02 15:53:55 2012] [warn] _default_ VirtualHost overlap on port 80, the first has
precedence .

Error - 03.05.2012 08:06:51 | Computer Name = Samuels-PC | Source = Apache Service | ID = 3299
Description = The Apache service named reported the following error: >>> [Thu May
03 14:06:51 2012] [warn] _default_ VirtualHost overlap on port 80, the first has
precedence .

Error - 04.05.2012 09:34:00 | Computer Name = Samuels-PC | Source = Apache Service | ID = 3299
Description = The Apache service named reported the following error: >>> [Fri May
04 15:34:00 2012] [warn] _default_ VirtualHost overlap on port 80, the first has
precedence .

Error - 04.05.2012 13:54:10 | Computer Name = Samuels-PC | Source = Apache Service | ID = 3299
Description = The Apache service named reported the following error: >>> [Fri May
04 19:54:10 2012] [warn] _default_ VirtualHost overlap on port 80, the first has
precedence .

Error - 05.05.2012 08:28:26 | Computer Name = Samuels-PC | Source = Apache Service | ID = 3299
Description = The Apache service named reported the following error: >>> [Sat May
05 14:28:26 2012] [warn] _default_ VirtualHost overlap on port 80, the first has
precedence .

Error - 05.05.2012 11:18:41 | Computer Name = Samuels-PC | Source = Apache Service | ID = 3299
Description = The Apache service named reported the following error: >>> [Sat May
05 17:18:41 2012] [warn] _default_ VirtualHost overlap on port 80, the first has
precedence .

Error - 05.05.2012 17:45:35 | Computer Name = Samuels-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: OfficeLiveSignIn.exe, Version: 2.0.2313.0,
Zeitstempel: 0x491c0a79 Name des fehlerhaften Moduls: OfficeLiveSignIn.exe, Version:
2.0.2313.0, Zeitstempel: 0x491c0a79 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00003ce7
ID
des fehlerhaften Prozesses: 0x1bdc Startzeit der fehlerhaften Anwendung: 0x01cd2b054a4b870c
Pfad
der fehlerhaften Anwendung: C:\Program Files (x86)\Microsoft\Office Live\OfficeLiveSignIn.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\Microsoft\Office Live\OfficeLiveSignIn.exe
Berichtskennung:
a4ae0662-96fb-11e1-bc35-080027001cf7

Error - 05.05.2012 18:44:27 | Computer Name = Samuels-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: OfficeLiveSignIn.exe, Version: 2.0.2313.0,
Zeitstempel: 0x491c0a79 Name des fehlerhaften Moduls: OfficeLiveSignIn.exe, Version:
2.0.2313.0, Zeitstempel: 0x491c0a79 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00003ce7
ID
des fehlerhaften Prozesses: 0x1340 Startzeit der fehlerhaften Anwendung: 0x01cd2b107b46aaca
Pfad
der fehlerhaften Anwendung: C:\Program Files (x86)\Microsoft\Office Live\OfficeLiveSignIn.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\Microsoft\Office Live\OfficeLiveSignIn.exe
Berichtskennung:
ddf74c57-9703-11e1-bc35-080027001cf7

Error - 06.05.2012 07:04:17 | Computer Name = Samuels-PC | Source = Apache Service | ID = 3299
Description = The Apache service named reported the following error: >>> [Sun May
06 13:04:17 2012] [warn] _default_ VirtualHost overlap on port 80, the first has
precedence .

[ Broadcom Wireless LAN Events ]
Error - 01.04.2012 18:25:30 | Computer Name = Samuels-PC | Source = WLAN-Tray | ID = 0
Description = 00:25:30, Mon, Apr 02, 12 Error - Error in WNetOpenEnum trying to disconnect
drives

Error - 01.04.2012 18:25:30 | Computer Name = Samuels-PC | Source = WLAN-Tray | ID = 0
Description = 00:25:30, Mon, Apr 02, 12 Error - Error in WNetOpenEnum trying to disconnect
drives

[ Media Center Events ]
Error - 14.12.2011 10:50:49 | Computer Name = Samuels-PC | Source = MCUpdate | ID = 0
Description = 15:50:24 - MCESpotlight konnte nicht abgerufen werden (Fehler: Die
zugrunde liegende Verbindung wurde geschlossen: Die Verbindung wurde unerwartet
getrennt..)

Error - 19.12.2011 08:58:14 | Computer Name = Samuels-PC | Source = MCUpdate | ID = 0
Description = 13:58:09 - MCEClientUX konnte nicht abgerufen werden (Fehler: Die
zugrunde liegende Verbindung wurde geschlossen: Die Verbindung wurde unerwartet
getrennt..)

Error - 19.12.2011 08:59:42 | Computer Name = Samuels-PC | Source = MCUpdate | ID = 0
Description = 13:59:11 - EpgListings konnte nicht abgerufen werden (Fehler: Die
zugrunde liegende Verbindung wurde geschlossen: Die Verbindung wurde unerwartet
getrennt..)

Error - 19.12.2011 10:00:33 | Computer Name = Samuels-PC | Source = MCUpdate | ID = 0
Description = 15:00:22 - MCEClientUX konnte nicht abgerufen werden (Fehler: Die
zugrunde liegende Verbindung wurde geschlossen: Die Verbindung wurde unerwartet
getrennt..)

Error - 24.12.2011 17:55:58 | Computer Name = Samuels-PC | Source = MCUpdate | ID = 0
Description = 22:55:58 - MCESpotlight konnte nicht abgerufen werden (Fehler: Die
zugrunde liegende Verbindung wurde geschlossen: Die Verbindung wurde unerwartet
getrennt..)

Error - 24.12.2011 17:56:36 | Computer Name = Samuels-PC | Source = MCUpdate | ID = 0
Description = 22:56:16 - MCEClientUX konnte nicht abgerufen werden (Fehler: Die
zugrunde liegende Verbindung wurde geschlossen: Die Verbindung wurde unerwartet
getrennt..)

Error - 24.12.2011 17:57:13 | Computer Name = Samuels-PC | Source = MCUpdate | ID = 0
Description = 22:56:56 - Broadband konnte nicht abgerufen werden (Fehler: Die zugrunde
liegende Verbindung wurde geschlossen: Die Verbindung wurde unerwartet getrennt..)


Error - 24.12.2011 18:01:36 | Computer Name = Samuels-PC | Source = MCUpdate | ID = 0
Description = 22:57:47 - EpgListings konnte nicht abgerufen werden (Fehler: Die
zugrunde liegende Verbindung wurde geschlossen: Die Verbindung wurde unerwartet
getrennt..)

Error - 30.12.2011 14:38:15 | Computer Name = Samuels-PC | Source = MCUpdate | ID = 0
Description = 19:38:14 - Fehler beim Herstellen der Internetverbindung. 19:38:15
- Serververbindung konnte nicht hergestellt werden..

Error - 30.12.2011 14:39:05 | Computer Name = Samuels-PC | Source = MCUpdate | ID = 0
Description = 19:38:20 - Fehler beim Herstellen der Internetverbindung. 19:38:20
- Serververbindung konnte nicht hergestellt werden..

[ OSession Events ]
Error - 27.02.2010 13:56:51 | Computer Name = Samuels-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 101
seconds with 60 seconds of active time. This session ended with a crash.

Error - 27.02.2010 13:57:03 | Computer Name = Samuels-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 06.05.2012 07:04:14 | Computer Name = Samuels-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "lemsgt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275

Error - 06.05.2012 07:04:17 | Computer Name = Samuels-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Nero BackItUp Scheduler 4.0" wurde aufgrund folgenden
Fehlers nicht gestartet: %%2

Error - 06.05.2012 07:04:31 | Computer Name = Samuels-PC | Source = HTTP | ID = 15005
Description =

Error - 06.05.2012 07:04:32 | Computer Name = Samuels-PC | Source = iScsiPrt | ID = 1
Description = Vom Initiator konnte keine Verbindung mit dem Ziel hergestellt werden.
Die Ziel-IP-Adresse und die TCP-Anschlussnummer sind in Sicherungsdaten angegeben.

Error - 06.05.2012 07:04:32 | Computer Name = Samuels-PC | Source = iScsiPrt | ID = 70
Description = Fehler beim Verarbeiten der iSCSI-Anmeldeanforderung. Die Anforderung
wurde nicht wiederholt. Der Fehlerstatus wird in den Sicherungsdaten angegeben.

Error - 06.05.2012 07:04:36 | Computer Name = Samuels-PC | Source = iScsiPrt | ID = 1
Description = Vom Initiator konnte keine Verbindung mit dem Ziel hergestellt werden.
Die Ziel-IP-Adresse und die TCP-Anschlussnummer sind in Sicherungsdaten angegeben.

Error - 06.05.2012 07:04:36 | Computer Name = Samuels-PC | Source = iScsiPrt | ID = 70
Description = Fehler beim Verarbeiten der iSCSI-Anmeldeanforderung. Die Anforderung
wurde nicht wiederholt. Der Fehlerstatus wird in den Sicherungsdaten angegeben.

Error - 06.05.2012 07:04:51 | Computer Name = Samuels-PC | Source = iScsiPrt | ID = 1
Description = Vom Initiator konnte keine Verbindung mit dem Ziel hergestellt werden.
Die Ziel-IP-Adresse und die TCP-Anschlussnummer sind in Sicherungsdaten angegeben.

Error - 06.05.2012 07:04:51 | Computer Name = Samuels-PC | Source = iScsiPrt | ID = 70
Description = Fehler beim Verarbeiten der iSCSI-Anmeldeanforderung. Die Anforderung
wurde nicht wiederholt. Der Fehlerstatus wird in den Sicherungsdaten angegeben.

Error - 06.05.2012 07:05:09 | Computer Name = Samuels-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Web Deployment Agent Service" wurde mit folgendem Fehler
beendet: %%-2146233088


< End of report >
samweb
Regular Member
 
Posts: 15
Joined: May 5th, 2012, 11:38 am

Re: Add box in left corner

Unread postby samweb » May 6th, 2012, 8:23 am

TDSSKiller log
14:19:40.0223 2572 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
14:19:41.0466 2572 ============================================================
14:19:41.0466 2572 Current date / time: 2012/05/06 14:19:41.0466
14:19:41.0466 2572 SystemInfo:
14:19:41.0466 2572
14:19:41.0466 2572 OS Version: 6.1.7601 ServicePack: 1.0
14:19:41.0466 2572 Product type: Workstation
14:19:41.0467 2572 ComputerName: SAMUELS-PC
14:19:41.0467 2572 UserName: Samuel 2
14:19:41.0467 2572 Windows directory: C:\Windows
14:19:41.0467 2572 System windows directory: C:\Windows
14:19:41.0467 2572 Running under WOW64
14:19:41.0467 2572 Processor architecture: Intel x64
14:19:41.0467 2572 Number of processors: 4
14:19:41.0467 2572 Page size: 0x1000
14:19:41.0467 2572 Boot type: Normal boot
14:19:41.0467 2572 ============================================================
14:19:44.0041 2572 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:19:44.0102 2572 ============================================================
14:19:44.0102 2572 \Device\Harddisk0\DR0:
14:19:44.0117 2572 MBR partitions:
14:19:44.0117 2572 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x27800, BlocksNum 0x155F000
14:19:44.0117 2572 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1586800, BlocksNum 0x7317F800
14:19:44.0117 2572 ============================================================
14:19:44.0326 2572 C: <-> \Device\Harddisk0\DR0\Partition1
14:19:44.0326 2572 ============================================================
14:19:44.0326 2572 Initialize success
14:19:44.0326 2572 ============================================================
14:19:51.0578 5232 ============================================================
14:19:51.0578 5232 Scan started
14:19:51.0578 5232 Mode: Manual; TDLFS;
14:19:51.0578 5232 ============================================================
14:20:06.0953 5232 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
14:20:06.0957 5232 1394ohci - ok
14:20:07.0349 5232 acedrv11 (6ce02d42183cdf31315f208ae35f153f) C:\Windows\system32\drivers\acedrv11.sys
14:20:07.0370 5232 acedrv11 - ok
14:20:07.0440 5232 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
14:20:07.0444 5232 ACPI - ok
14:20:07.0485 5232 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
14:20:07.0486 5232 AcpiPmi - ok
14:20:07.0740 5232 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
14:20:07.0742 5232 AdobeARMservice - ok
14:20:08.0132 5232 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:20:08.0134 5232 AdobeFlashPlayerUpdateSvc - ok
14:20:08.0528 5232 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
14:20:08.0545 5232 adp94xx - ok
14:20:08.0812 5232 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
14:20:08.0823 5232 adpahci - ok
14:20:08.0979 5232 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
14:20:08.0981 5232 adpu320 - ok
14:20:09.0030 5232 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
14:20:09.0032 5232 AeLookupSvc - ok
14:20:09.0244 5232 AERTFilters (3ac22a3dfa8a050e35f0e3cd99d0cdf2) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
14:20:09.0255 5232 AERTFilters - ok
14:20:09.0494 5232 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
14:20:09.0508 5232 AFD - ok
14:20:09.0580 5232 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
14:20:09.0581 5232 agp440 - ok
14:20:09.0650 5232 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
14:20:09.0664 5232 ALG - ok
14:20:09.0704 5232 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
14:20:09.0705 5232 aliide - ok
14:20:09.0723 5232 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
14:20:09.0723 5232 amdide - ok
14:20:09.0766 5232 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
14:20:09.0774 5232 AmdK8 - ok
14:20:09.0792 5232 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
14:20:09.0793 5232 AmdPPM - ok
14:20:09.0896 5232 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
14:20:09.0898 5232 amdsata - ok
14:20:10.0055 5232 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
14:20:10.0058 5232 amdsbs - ok
14:20:10.0148 5232 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
14:20:10.0149 5232 amdxata - ok
14:20:10.0386 5232 Apache2.2 (f41e453a90ef19217cee1675f5256ee7) c:\xampp\apache\bin\httpd.exe
14:20:10.0388 5232 Apache2.2 - ok
14:20:10.0512 5232 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
14:20:10.0514 5232 AppID - ok
14:20:10.0640 5232 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
14:20:10.0650 5232 AppIDSvc - ok
14:20:10.0739 5232 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
14:20:10.0758 5232 Appinfo - ok
14:20:11.0232 5232 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:20:11.0234 5232 Apple Mobile Device - ok
14:20:11.0322 5232 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
14:20:11.0324 5232 arc - ok
14:20:11.0389 5232 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
14:20:11.0410 5232 arcsas - ok
14:20:11.0969 5232 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
14:20:11.0980 5232 aspnet_state - ok
14:20:12.0207 5232 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
14:20:12.0241 5232 AsyncMac - ok
14:20:12.0374 5232 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
14:20:12.0374 5232 atapi - ok
14:20:12.0670 5232 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
14:20:12.0692 5232 AudioEndpointBuilder - ok
14:20:12.0700 5232 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
14:20:12.0705 5232 AudioSrv - ok
14:20:13.0149 5232 AVP (2718dc27571bd1e37813f5759d2dc118) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
14:20:13.0160 5232 AVP - ok
14:20:13.0280 5232 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
14:20:13.0282 5232 AxInstSV - ok
14:20:13.0495 5232 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
14:20:13.0502 5232 b06bdrv - ok
14:20:13.0573 5232 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
14:20:13.0576 5232 b57nd60a - ok
14:20:13.0662 5232 BCM42RLY (e001dd475a7c27ebe5a0db45c11bad71) C:\Windows\system32\drivers\BCM42RLY.sys
14:20:13.0663 5232 BCM42RLY - ok
14:20:14.0575 5232 BCM43XX (f4cd5f52850bf2c978de178f256ba372) C:\Windows\system32\DRIVERS\bcmwl664.sys
14:20:14.0629 5232 BCM43XX - ok
14:20:14.0948 5232 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
14:20:14.0950 5232 BDESVC - ok
14:20:15.0232 5232 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
14:20:15.0254 5232 Beep - ok
14:20:16.0441 5232 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
14:20:16.0456 5232 BFE - ok
14:20:16.0934 5232 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
14:20:16.0968 5232 BITS - ok
14:20:17.0082 5232 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
14:20:17.0083 5232 blbdrive - ok
14:20:18.0122 5232 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
14:20:18.0131 5232 Bonjour Service - ok
14:20:18.0275 5232 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
14:20:18.0292 5232 bowser - ok
14:20:18.0333 5232 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:20:18.0334 5232 BrFiltLo - ok
14:20:18.0372 5232 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:20:18.0390 5232 BrFiltUp - ok
14:20:18.0580 5232 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
14:20:18.0593 5232 Browser - ok
14:20:18.0656 5232 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
14:20:18.0665 5232 Brserid - ok
14:20:18.0799 5232 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
14:20:18.0813 5232 BrSerWdm - ok
14:20:18.0832 5232 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
14:20:18.0833 5232 BrUsbMdm - ok
14:20:18.0868 5232 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
14:20:18.0869 5232 BrUsbSer - ok
14:20:18.0928 5232 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
14:20:18.0940 5232 BTHMODEM - ok
14:20:19.0052 5232 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
14:20:19.0054 5232 bthserv - ok
14:20:19.0312 5232 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
14:20:19.0314 5232 cdfs - ok
14:20:19.0490 5232 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
14:20:19.0493 5232 cdrom - ok
14:20:19.0600 5232 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
14:20:19.0612 5232 CertPropSvc - ok
14:20:19.0681 5232 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
14:20:19.0682 5232 circlass - ok
14:20:19.0909 5232 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
14:20:19.0915 5232 CLFS - ok
14:20:20.0116 5232 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:20:20.0162 5232 clr_optimization_v2.0.50727_32 - ok
14:20:20.0280 5232 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:20:20.0297 5232 clr_optimization_v2.0.50727_64 - ok
14:20:20.0739 5232 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:20:20.0740 5232 clr_optimization_v4.0.30319_32 - ok
14:20:20.0811 5232 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:20:20.0812 5232 clr_optimization_v4.0.30319_64 - ok
14:20:20.0828 5232 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
14:20:20.0829 5232 CmBatt - ok
14:20:20.0899 5232 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
14:20:20.0901 5232 cmdide - ok
14:20:21.0112 5232 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
14:20:21.0119 5232 CNG - ok
14:20:21.0134 5232 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
14:20:21.0135 5232 Compbatt - ok
14:20:21.0181 5232 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
14:20:21.0182 5232 CompositeBus - ok
14:20:21.0194 5232 COMSysApp - ok
14:20:21.0220 5232 connctfy - ok
14:20:21.0225 5232 connctfyMP - ok
14:20:21.0248 5232 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
14:20:21.0248 5232 crcdisk - ok
14:20:21.0756 5232 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
14:20:21.0759 5232 CryptSvc - ok
14:20:21.0848 5232 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
14:20:21.0856 5232 DcomLaunch - ok
14:20:21.0887 5232 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
14:20:21.0908 5232 defragsvc - ok
14:20:22.0139 5232 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
14:20:22.0141 5232 DfsC - ok
14:20:22.0174 5232 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
14:20:22.0179 5232 Dhcp - ok
14:20:22.0190 5232 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
14:20:22.0191 5232 discache - ok
14:20:22.0211 5232 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
14:20:22.0212 5232 Disk - ok
14:20:22.0663 5232 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
14:20:22.0679 5232 Dnscache - ok
14:20:23.0263 5232 DockLoginService (0840abbbdf438691ee65a20040635cbe) C:\Program Files\Dell\DellDock\DockLogin.exe
14:20:23.0265 5232 DockLoginService - ok
14:20:23.0624 5232 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
14:20:23.0628 5232 dot3svc - ok
14:20:23.0831 5232 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
14:20:23.0840 5232 DPS - ok
14:20:23.0887 5232 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
14:20:23.0888 5232 drmkaud - ok
14:20:23.0969 5232 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
14:20:23.0981 5232 DXGKrnl - ok
14:20:24.0018 5232 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
14:20:24.0020 5232 EapHost - ok
14:20:24.0795 5232 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
14:20:24.0864 5232 ebdrv - ok
14:20:24.0969 5232 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
14:20:24.0972 5232 EFS - ok
14:20:25.0229 5232 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
14:20:25.0238 5232 ehRecvr - ok
14:20:25.0347 5232 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
14:20:25.0349 5232 ehSched - ok
14:20:25.0570 5232 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
14:20:25.0649 5232 elxstor - ok
14:20:25.0872 5232 EMP_UDSA (e5803c17e4b69d217c19a31e17646c5e) C:\Program Files (x86)\EPSON Projector\EPSON USB Display V1.4\EMP_UDSA.exe
14:20:25.0919 5232 EMP_UDSA - ok
14:20:25.0959 5232 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
14:20:25.0960 5232 ErrDev - ok
14:20:26.0018 5232 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
14:20:26.0025 5232 EventSystem - ok
14:20:26.0048 5232 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
14:20:26.0050 5232 exfat - ok
14:20:26.0070 5232 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
14:20:26.0073 5232 fastfat - ok
14:20:26.0305 5232 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
14:20:26.0314 5232 Fax - ok
14:20:26.0329 5232 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
14:20:26.0330 5232 fdc - ok
14:20:26.0350 5232 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
14:20:26.0352 5232 fdPHost - ok
14:20:26.0363 5232 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
14:20:26.0365 5232 FDResPub - ok
14:20:26.0376 5232 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
14:20:26.0377 5232 FileInfo - ok
14:20:26.0391 5232 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
14:20:26.0393 5232 Filetrace - ok
14:20:26.0409 5232 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
14:20:26.0410 5232 flpydisk - ok
14:20:26.0435 5232 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
14:20:26.0439 5232 FltMgr - ok
14:20:26.0627 5232 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
14:20:26.0640 5232 FontCache - ok
14:20:26.0776 5232 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:20:26.0788 5232 FontCache3.0.0.0 - ok
14:20:26.0884 5232 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
14:20:26.0885 5232 FsDepends - ok
14:20:26.0942 5232 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
14:20:26.0943 5232 fssfltr - ok
14:20:27.0425 5232 fsssvc (4ce9dac1518ff7e77bd213e6394b9d77) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
14:20:27.0459 5232 fsssvc - ok
14:20:27.0607 5232 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
14:20:27.0624 5232 Fs_Rec - ok
14:20:27.0687 5232 FTDIBUS (ed07200cff78facfb66ebb0b89f503a4) C:\Windows\system32\drivers\ftdibus.sys
14:20:27.0688 5232 FTDIBUS - ok
14:20:27.0703 5232 FTSER2K (9980e7584484a009e77e9bfa14c0c18a) C:\Windows\system32\drivers\ftser2k.sys
14:20:27.0705 5232 FTSER2K - ok
14:20:27.0778 5232 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
14:20:27.0786 5232 fvevol - ok
14:20:27.0818 5232 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
14:20:27.0820 5232 gagp30kx - ok
14:20:27.0924 5232 GameConsoleService (e53ee18a21c025deabcfe0f72fc481bb) C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe
14:20:27.0928 5232 GameConsoleService - ok
14:20:27.0979 5232 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:20:27.0980 5232 GEARAspiWDM - ok
14:20:28.0646 5232 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
14:20:28.0656 5232 gpsvc - ok
14:20:28.0964 5232 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:20:28.0965 5232 gupdate - ok
14:20:28.0979 5232 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:20:28.0981 5232 gupdatem - ok
14:20:29.0213 5232 HauppaugeTVServer (6b1768972fb81d31de294ed8827dc6f7) C:\PROGRA~2\WinTV\TVServer\HAUPPA~1.EXE
14:20:29.0219 5232 HauppaugeTVServer - ok
14:20:29.0409 5232 hcw17bda (edab8aa9f2b68e52ad0ff26dc7ff8448) C:\Windows\system32\drivers\hcw17bda.sys
14:20:29.0410 5232 hcw17bda - ok
14:20:29.0426 5232 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
14:20:29.0427 5232 hcw85cir - ok
14:20:29.0474 5232 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
14:20:29.0476 5232 HDAudBus - ok
14:20:29.0494 5232 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
14:20:29.0495 5232 HidBatt - ok
14:20:29.0519 5232 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
14:20:29.0521 5232 HidBth - ok
14:20:29.0542 5232 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
14:20:29.0543 5232 HidIr - ok
14:20:29.0612 5232 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
14:20:29.0614 5232 hidserv - ok
14:20:29.0647 5232 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
14:20:29.0648 5232 HidUsb - ok
14:20:29.0687 5232 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
14:20:29.0690 5232 hkmsvc - ok
14:20:29.0886 5232 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
14:20:29.0890 5232 HomeGroupListener - ok
14:20:29.0942 5232 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
14:20:29.0946 5232 HomeGroupProvider - ok
14:20:30.0231 5232 hpqcxs08 (1dae5c46d42b02a6d5862e1482efb390) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
14:20:30.0234 5232 hpqcxs08 - ok
14:20:30.0276 5232 hpqddsvc (99e8eef42fe2f4af29b08c3355dd7685) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
14:20:30.0351 5232 hpqddsvc - ok
14:20:30.0383 5232 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
14:20:30.0385 5232 HpSAMD - ok
14:20:30.0676 5232 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
14:20:30.0686 5232 HTTP - ok
14:20:30.0729 5232 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
14:20:30.0730 5232 hwpolicy - ok
14:20:30.0745 5232 hwpsgt - ok
14:20:30.0798 5232 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
14:20:30.0799 5232 i8042prt - ok
14:20:30.0878 5232 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
14:20:30.0883 5232 iaStorV - ok
14:20:31.0063 5232 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:20:31.0114 5232 idsvc - ok
14:20:31.0208 5232 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
14:20:31.0209 5232 iirsp - ok
14:20:31.0286 5232 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
14:20:31.0297 5232 IKEEXT - ok
14:20:31.0503 5232 IntcAzAudAddService (f2b52c7b1c8e6a4fc4c4564f4a421f23) C:\Windows\system32\drivers\RTKVHD64.sys
14:20:31.0522 5232 IntcAzAudAddService - ok
14:20:31.0682 5232 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
14:20:31.0683 5232 intelide - ok
14:20:31.0713 5232 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
14:20:31.0714 5232 intelppm - ok
14:20:31.0742 5232 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
14:20:31.0745 5232 IPBusEnum - ok
14:20:31.0973 5232 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:20:31.0974 5232 IpFilterDriver - ok
14:20:32.0047 5232 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
14:20:32.0056 5232 iphlpsvc - ok
14:20:32.0065 5232 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
14:20:32.0066 5232 IPMIDRV - ok
14:20:32.0083 5232 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
14:20:32.0085 5232 IPNAT - ok
14:20:32.0466 5232 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
14:20:32.0476 5232 iPod Service - ok
14:20:32.0515 5232 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
14:20:32.0516 5232 IRENUM - ok
14:20:32.0531 5232 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
14:20:32.0532 5232 isapnp - ok
14:20:32.0561 5232 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
14:20:32.0564 5232 iScsiPrt - ok
14:20:32.0589 5232 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
14:20:32.0590 5232 kbdclass - ok
14:20:32.0735 5232 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
14:20:32.0736 5232 kbdhid - ok
14:20:32.0765 5232 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:20:32.0767 5232 KeyIso - ok
14:20:32.0831 5232 KL1 (e656fe10d6d27794afa08136685a69e8) C:\Windows\system32\DRIVERS\kl1.sys
14:20:32.0837 5232 KL1 - ok
14:20:32.0853 5232 kl2 (d865dd8b0448e3f963d68c04c532858f) C:\Windows\system32\DRIVERS\kl2.sys
14:20:32.0853 5232 kl2 - ok
14:20:32.0933 5232 KLIF (c7d4f357c482dd37e2b05f34093b7b0c) C:\Windows\system32\DRIVERS\klif.sys
14:20:32.0941 5232 KLIF - ok
14:20:32.0957 5232 KLIM6 (89fb5a33d7171b6d84f5eb721d5055e1) C:\Windows\system32\DRIVERS\klim6.sys
14:20:32.0958 5232 KLIM6 - ok
14:20:32.0966 5232 klmouflt (9468d07e91ba136d82415f5dfc1fe168) C:\Windows\system32\DRIVERS\klmouflt.sys
14:20:32.0966 5232 klmouflt - ok
14:20:32.0985 5232 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
14:20:32.0987 5232 KSecDD - ok
14:20:33.0002 5232 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
14:20:33.0004 5232 KSecPkg - ok
14:20:33.0033 5232 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
14:20:33.0034 5232 ksthunk - ok
14:20:33.0109 5232 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
14:20:33.0115 5232 KtmRm - ok
14:20:33.0187 5232 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
14:20:33.0192 5232 LanmanServer - ok
14:20:33.0243 5232 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
14:20:33.0248 5232 LanmanWorkstation - ok
14:20:33.0290 5232 lemsgt - ok
14:20:33.0317 5232 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
14:20:33.0319 5232 lltdio - ok
14:20:33.0344 5232 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
14:20:33.0349 5232 lltdsvc - ok
14:20:33.0366 5232 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
14:20:33.0368 5232 lmhosts - ok
14:20:33.0397 5232 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
14:20:33.0398 5232 LSI_FC - ok
14:20:33.0417 5232 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
14:20:33.0419 5232 LSI_SAS - ok
14:20:33.0431 5232 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:20:33.0433 5232 LSI_SAS2 - ok
14:20:33.0452 5232 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:20:33.0453 5232 LSI_SCSI - ok
14:20:33.0489 5232 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
14:20:33.0491 5232 luafv - ok
14:20:33.0571 5232 lvpopf64 (b2085e335f2b57077b0cbadb6f1245cd) C:\Windows\system32\DRIVERS\lvpopf64.sys
14:20:33.0626 5232 lvpopf64 - ok
14:20:33.0656 5232 LVPr2M64 (b3944d06eb4b64d57bd7e5fe89415f58) C:\Windows\system32\DRIVERS\LVPr2M64.sys
14:20:33.0657 5232 LVPr2M64 - ok
14:20:33.0698 5232 LVPr2Mon (b3944d06eb4b64d57bd7e5fe89415f58) C:\Windows\system32\DRIVERS\LVPr2M64.sys
14:20:33.0699 5232 LVPr2Mon - ok
14:20:33.0806 5232 LVRS64 (0c85b2b6fb74b36a251792d45e0ef860) C:\Windows\system32\DRIVERS\lvrs64.sys
14:20:33.0811 5232 LVRS64 - ok
14:20:34.0156 5232 LVUVC64 (ff3a488924b0032b1a9ca6948c1fa9e8) C:\Windows\system32\DRIVERS\lvuvc64.sys
14:20:34.0230 5232 LVUVC64 - ok
14:20:34.0439 5232 ManyCam (d33e2b74cf8b3a652bf0a9fbd068e87a) C:\Windows\system32\DRIVERS\ManyCam_x64.sys
14:20:34.0440 5232 ManyCam - ok
14:20:34.0578 5232 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
14:20:34.0581 5232 Mcx2Svc - ok
14:20:34.0620 5232 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
14:20:34.0621 5232 megasas - ok
14:20:34.0671 5232 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
14:20:34.0675 5232 MegaSR - ok
14:20:34.0734 5232 MemoryStatus (a3c50aa94102953b78690bac139363f8) c:\servicetest.exe
14:20:34.0735 5232 MemoryStatus - ok
14:20:34.0801 5232 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:20:34.0803 5232 MMCSS - ok
14:20:34.0820 5232 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
14:20:34.0821 5232 Modem - ok
14:20:34.0851 5232 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
14:20:34.0852 5232 monitor - ok
14:20:34.0911 5232 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
14:20:34.0913 5232 mouclass - ok
14:20:34.0925 5232 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
14:20:34.0926 5232 mouhid - ok
14:20:34.0971 5232 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
14:20:34.0974 5232 mountmgr - ok
14:20:35.0080 5232 MouseWithoutBordersSvc (a78c362449b2d00f89af06993fb94a26) C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\MouseWithoutBordersSvc.exe
14:20:35.0091 5232 MouseWithoutBordersSvc - ok
14:20:35.0150 5232 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
14:20:35.0153 5232 MozillaMaintenance - ok
14:20:35.0237 5232 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
14:20:35.0239 5232 mpio - ok
14:20:35.0255 5232 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
14:20:35.0257 5232 mpsdrv - ok
14:20:35.0337 5232 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
14:20:35.0348 5232 MpsSvc - ok
14:20:35.0526 5232 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
14:20:35.0529 5232 MRxDAV - ok
14:20:35.0580 5232 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:20:35.0583 5232 mrxsmb - ok
14:20:35.0650 5232 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:20:35.0654 5232 mrxsmb10 - ok
14:20:35.0677 5232 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:20:35.0680 5232 mrxsmb20 - ok
14:20:35.0707 5232 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
14:20:35.0708 5232 msahci - ok
14:20:35.0797 5232 MsDepSvc (2d6ad3f31ee339fae063614369e37757) C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe
14:20:35.0800 5232 MsDepSvc - ok
14:20:35.0833 5232 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
14:20:35.0836 5232 msdsm - ok
14:20:35.0866 5232 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
14:20:35.0870 5232 MSDTC - ok
14:20:35.0893 5232 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
14:20:35.0895 5232 Msfs - ok
14:20:35.0905 5232 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
14:20:35.0906 5232 mshidkmdf - ok
14:20:35.0919 5232 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
14:20:35.0920 5232 msisadrv - ok
14:20:35.0946 5232 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
14:20:35.0949 5232 MSiSCSI - ok
14:20:35.0953 5232 msiserver - ok
14:20:35.0974 5232 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
14:20:35.0975 5232 MSKSSRV - ok
14:20:35.0992 5232 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
14:20:35.0993 5232 MSPCLOCK - ok
14:20:36.0002 5232 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
14:20:36.0003 5232 MSPQM - ok
14:20:36.0147 5232 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
14:20:36.0152 5232 MsRPC - ok
14:20:36.0167 5232 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
14:20:36.0168 5232 mssmbios - ok
14:20:36.0286 5232 MSSQL$SQLEXPRESS - ok
14:20:36.0325 5232 MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe
14:20:36.0327 5232 MSSQLServerADHelper - ok
14:20:36.0368 5232 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
14:20:36.0369 5232 MSTEE - ok
14:20:36.0799 5232 msvsmon90 (cb4a082af58d1a0969f931816d5cfb05) C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe
14:20:36.0848 5232 msvsmon90 - ok
14:20:37.0009 5232 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
14:20:37.0010 5232 MTConfig - ok
14:20:37.0034 5232 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
14:20:37.0036 5232 Mup - ok
14:20:37.0187 5232 mysql - ok
14:20:37.0307 5232 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
14:20:37.0314 5232 napagent - ok
14:20:37.0360 5232 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
14:20:37.0364 5232 NativeWifiP - ok
14:20:37.0417 5232 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
14:20:37.0429 5232 NDIS - ok
14:20:37.0445 5232 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
14:20:37.0446 5232 NdisCap - ok
14:20:37.0477 5232 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
14:20:37.0478 5232 NdisTapi - ok
14:20:37.0592 5232 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
14:20:37.0594 5232 Ndisuio - ok
14:20:37.0645 5232 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
14:20:37.0647 5232 NdisWan - ok
14:20:37.0653 5232 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
14:20:37.0655 5232 NDProxy - ok
14:20:37.0736 5232 Nero BackItUp Scheduler 4.0 - ok
14:20:37.0759 5232 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
14:20:37.0761 5232 NetBIOS - ok
14:20:37.0950 5232 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
14:20:37.0953 5232 NetBT - ok
14:20:37.0991 5232 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:20:37.0993 5232 Netlogon - ok
14:20:38.0076 5232 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
14:20:38.0086 5232 Netman - ok
14:20:38.0242 5232 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:20:38.0244 5232 NetMsmqActivator - ok
14:20:38.0248 5232 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:20:38.0249 5232 NetPipeActivator - ok
14:20:38.0298 5232 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
14:20:38.0305 5232 netprofm - ok
14:20:38.0309 5232 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:20:38.0311 5232 NetTcpActivator - ok
14:20:38.0315 5232 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:20:38.0317 5232 NetTcpPortSharing - ok
14:20:38.0361 5232 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
14:20:38.0363 5232 nfrd960 - ok
14:20:38.0402 5232 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
14:20:38.0408 5232 NlaSvc - ok
14:20:38.0502 5232 npf (351533acc2a069b94e80bbfc177e8fdf) C:\Windows\system32\drivers\npf.sys
14:20:38.0503 5232 npf - ok
14:20:38.0553 5232 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
14:20:38.0554 5232 Npfs - ok
14:20:38.0572 5232 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
14:20:38.0574 5232 nsi - ok
14:20:38.0593 5232 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
14:20:38.0594 5232 nsiproxy - ok
14:20:38.0999 5232 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
14:20:39.0019 5232 Ntfs - ok
14:20:39.0107 5232 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
14:20:39.0108 5232 Null - ok
14:20:39.0145 5232 NVHDA (cb599955ce2ce9694721562f9481cd84) C:\Windows\system32\drivers\nvhda64v.sys
14:20:39.0147 5232 NVHDA - ok
14:20:39.0934 5232 nvlddmkm (51bd7ef17f0b525994ad5b3748c8288b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
14:20:40.0093 5232 nvlddmkm - ok
14:20:40.0252 5232 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
14:20:40.0254 5232 nvraid - ok
14:20:40.0269 5232 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
14:20:40.0272 5232 nvstor - ok
14:20:40.0320 5232 nvsvc (fce8537bf5d504680212d536a3bfe5e2) C:\Windows\system32\nvvsvc.exe
14:20:40.0327 5232 nvsvc - ok
14:20:40.0370 5232 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
14:20:40.0372 5232 nv_agp - ok
14:20:40.0526 5232 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
14:20:40.0533 5232 odserv - ok
14:20:40.0555 5232 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
14:20:40.0556 5232 ohci1394 - ok
14:20:40.0629 5232 ose (067db5b067722997fcafe1858163d411) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:20:40.0656 5232 ose - ok
14:20:40.0746 5232 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:20:40.0752 5232 p2pimsvc - ok
14:20:40.0784 5232 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
14:20:40.0791 5232 p2psvc - ok
14:20:40.0823 5232 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
14:20:40.0825 5232 Parport - ok
14:20:40.0880 5232 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
14:20:40.0881 5232 partmgr - ok
14:20:40.0904 5232 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
14:20:40.0908 5232 PcaSvc - ok
14:20:40.0930 5232 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
14:20:40.0933 5232 pci - ok
14:20:40.0945 5232 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
14:20:40.0946 5232 pciide - ok
14:20:40.0968 5232 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
14:20:40.0971 5232 pcmcia - ok
14:20:40.0992 5232 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
14:20:40.0993 5232 pcw - ok
14:20:41.0085 5232 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
14:20:41.0092 5232 PEAUTH - ok
14:20:41.0172 5232 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
14:20:41.0174 5232 PerfHost - ok
14:20:41.0429 5232 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
14:20:41.0446 5232 pla - ok
14:20:41.0516 5232 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
14:20:41.0524 5232 PlugPlay - ok
14:20:41.0547 5232 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
14:20:41.0549 5232 PNRPAutoReg - ok
14:20:41.0576 5232 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:20:41.0580 5232 PNRPsvc - ok
14:20:41.0697 5232 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
14:20:41.0704 5232 PolicyAgent - ok
14:20:41.0740 5232 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
14:20:41.0745 5232 Power - ok
14:20:42.0007 5232 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
14:20:42.0009 5232 PptpMiniport - ok
14:20:42.0028 5232 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
14:20:42.0030 5232 Processor - ok
14:20:42.0099 5232 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
14:20:42.0103 5232 ProfSvc - ok
14:20:42.0145 5232 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:20:42.0147 5232 ProtectedStorage - ok
14:20:42.0329 5232 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
14:20:42.0331 5232 Psched - ok
14:20:42.0379 5232 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
14:20:42.0380 5232 PxHlpa64 - ok
14:20:42.0459 5232 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
14:20:42.0490 5232 ql2300 - ok
14:20:42.0757 5232 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
14:20:42.0759 5232 ql40xx - ok
14:20:42.0794 5232 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
14:20:42.0799 5232 QWAVE - ok
14:20:42.0810 5232 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
14:20:42.0811 5232 QWAVEdrv - ok
14:20:43.0100 5232 RapiMgr (a55e7d0d873b2c97585b3b5926ac6ade) C:\Windows\WindowsMobile\rapimgr.dll
14:20:43.0104 5232 RapiMgr - ok
14:20:43.0114 5232 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
14:20:43.0115 5232 RasAcd - ok
14:20:43.0153 5232 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
14:20:43.0154 5232 RasAgileVpn - ok
14:20:43.0168 5232 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
14:20:43.0171 5232 RasAuto - ok
14:20:43.0221 5232 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:20:43.0223 5232 Rasl2tp - ok
14:20:43.0285 5232 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
14:20:43.0290 5232 RasMan - ok
14:20:43.0320 5232 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
14:20:43.0322 5232 RasPppoe - ok
14:20:43.0339 5232 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
14:20:43.0341 5232 RasSstp - ok
14:20:43.0396 5232 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
14:20:43.0400 5232 rdbss - ok
14:20:43.0415 5232 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
14:20:43.0416 5232 rdpbus - ok
14:20:43.0427 5232 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:20:43.0428 5232 RDPCDD - ok
14:20:43.0457 5232 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
14:20:43.0458 5232 RDPENCDD - ok
14:20:43.0473 5232 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
14:20:43.0474 5232 RDPREFMP - ok
14:20:43.0670 5232 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
14:20:43.0673 5232 RDPWD - ok
14:20:43.0729 5232 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
14:20:43.0732 5232 rdyboost - ok
14:20:43.0759 5232 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
14:20:43.0762 5232 RemoteAccess - ok
14:20:43.0796 5232 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
14:20:43.0800 5232 RemoteRegistry - ok
14:20:43.0903 5232 RMCAST (caf88d6573d21cd2aa27001ddbfdc74d) C:\Windows\system32\DRIVERS\RMCAST.sys
14:20:43.0905 5232 RMCAST - ok
14:20:43.0919 5232 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
14:20:43.0923 5232 RpcEptMapper - ok
14:20:43.0937 5232 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
14:20:43.0949 5232 RpcLocator - ok
14:20:44.0072 5232 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
14:20:44.0077 5232 RpcSs - ok
14:20:44.0106 5232 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
14:20:44.0108 5232 rspndr - ok
14:20:44.0231 5232 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
14:20:44.0238 5232 RTL8167 - ok
14:20:44.0277 5232 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:20:44.0279 5232 SamSs - ok
14:20:44.0326 5232 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
14:20:44.0346 5232 sbp2port - ok
14:20:44.0507 5232 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
14:20:44.0514 5232 SCardSvr - ok
14:20:44.0557 5232 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
14:20:44.0559 5232 scfilter - ok
14:20:44.0700 5232 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
14:20:44.0717 5232 Schedule - ok
14:20:44.0760 5232 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
14:20:44.0762 5232 SCPolicySvc - ok
14:20:44.0815 5232 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
14:20:44.0819 5232 SDRSVC - ok
14:20:44.0952 5232 SeaPort (16a252022535b680046f6e34e136d378) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
14:20:44.0957 5232 SeaPort - ok
14:20:45.0012 5232 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
14:20:45.0013 5232 secdrv - ok
14:20:45.0053 5232 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
14:20:45.0056 5232 seclogon - ok
14:20:45.0107 5232 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
14:20:45.0110 5232 SENS - ok
14:20:45.0126 5232 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
14:20:45.0136 5232 SensrSvc - ok
14:20:45.0150 5232 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
14:20:45.0151 5232 Serenum - ok
14:20:45.0170 5232 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
14:20:45.0172 5232 Serial - ok
14:20:45.0251 5232 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
14:20:45.0252 5232 sermouse - ok
14:20:45.0341 5232 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
14:20:45.0345 5232 SessionEnv - ok
14:20:45.0408 5232 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
14:20:45.0410 5232 sffdisk - ok
14:20:45.0425 5232 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
14:20:45.0426 5232 sffp_mmc - ok
14:20:45.0437 5232 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
14:20:45.0438 5232 sffp_sd - ok
14:20:45.0460 5232 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
14:20:45.0461 5232 sfloppy - ok
14:20:45.0559 5232 SftService (dbeb7c353fb71e7d8b9abce62d93d590) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
14:20:45.0627 5232 SftService - ok
14:20:45.0693 5232 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
14:20:45.0699 5232 SharedAccess - ok
14:20:45.0745 5232 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
14:20:45.0752 5232 ShellHWDetection - ok
14:20:45.0799 5232 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:20:45.0800 5232 SiSRaid2 - ok
14:20:45.0822 5232 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
14:20:45.0824 5232 SiSRaid4 - ok
14:20:45.0954 5232 SkypeUpdate (8c5477eb1c03ca76cd8eb66a610a9e90) C:\Program Files (x86)\Skype\Updater\Updater.exe
14:20:45.0956 5232 SkypeUpdate - ok
14:20:46.0023 5232 SLEE_17_DRIVER (544788d536087daf32b846f10d8392f5) C:\Windows\Sleen1764.sys
14:20:46.0025 5232 SLEE_17_DRIVER - ok
14:20:46.0062 5232 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
14:20:46.0064 5232 Smb - ok
14:20:46.0098 5232 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
14:20:46.0112 5232 SNMPTRAP - ok
14:20:46.0130 5232 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
14:20:46.0131 5232 spldr - ok
14:20:46.0236 5232 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
14:20:46.0245 5232 Spooler - ok
14:20:46.0575 5232 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
14:20:46.0617 5232 sppsvc - ok
14:20:46.0727 5232 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
14:20:46.0730 5232 sppuinotify - ok
14:20:46.0804 5232 sprtsvc_DellSupportCenter (d630b6f2e8379b6f10dc16e82a426552) C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
14:20:46.0807 5232 sprtsvc_DellSupportCenter - ok
14:20:46.0904 5232 SQLBrowser (86ebd8b1f23e743aad21f4d5b4d40985) c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
14:20:46.0937 5232 SQLBrowser - ok
14:20:47.0012 5232 SQLWriter (3c432a96363097870995e2a3c8b66abd) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
14:20:47.0014 5232 SQLWriter - ok
14:20:47.0229 5232 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
14:20:47.0235 5232 srv - ok
14:20:47.0308 5232 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
14:20:47.0314 5232 srv2 - ok
14:20:47.0335 5232 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
14:20:47.0338 5232 srvnet - ok
14:20:47.0384 5232 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
14:20:47.0388 5232 SSDPSRV - ok
14:20:47.0407 5232 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
14:20:47.0411 5232 SstpSvc - ok
14:20:47.0427 5232 Steganos Volatile Disk - ok
14:20:47.0458 5232 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
14:20:47.0459 5232 stexstor - ok
14:20:47.0517 5232 STGMFEngine64 (70d9e406a1170a801b0d9ccecf9d6914) C:\Windows\system32\drivers\STGMFEngine64.sys
14:20:47.0518 5232 STGMFEngine64 - ok
14:20:47.0583 5232 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
14:20:47.0593 5232 StillCam - ok
14:20:47.0769 5232 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
14:20:47.0779 5232 stisvc - ok
14:20:47.0820 5232 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
14:20:47.0821 5232 swenum - ok
14:20:47.0972 5232 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
14:20:47.0979 5232 SwitchBoard - ok
14:20:48.0015 5232 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
14:20:48.0024 5232 swprv - ok
14:20:48.0189 5232 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
14:20:48.0210 5232 SysMain - ok
14:20:48.0424 5232 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
14:20:48.0428 5232 TabletInputService - ok
14:20:48.0506 5232 taphss (f33fdc72298df4bf9813a55d21f4eb31) C:\Windows\system32\DRIVERS\taphss.sys
14:20:48.0515 5232 taphss - ok
14:20:48.0539 5232 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
14:20:48.0545 5232 TapiSrv - ok
14:20:48.0566 5232 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
14:20:48.0578 5232 TBS - ok
14:20:48.0880 5232 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
14:20:48.0901 5232 Tcpip - ok
14:20:49.0312 5232 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
14:20:49.0321 5232 TCPIP6 - ok
14:20:49.0434 5232 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
14:20:49.0436 5232 tcpipreg - ok
14:20:49.0465 5232 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
14:20:49.0466 5232 TDPIPE - ok
14:20:49.0559 5232 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
14:20:49.0562 5232 TDTCP - ok
14:20:49.0604 5232 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
14:20:49.0606 5232 tdx - ok
14:20:49.0855 5232 TeamViewer5 (213723e1a736910c644b457de6d095e2) C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
14:20:49.0859 5232 TeamViewer5 - ok
14:20:50.0027 5232 TeamViewer7 (a4d2ce94b028ef1e437cf4ac3d8ff26c) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
14:20:50.0079 5232 TeamViewer7 - ok
14:20:50.0252 5232 teamviewervpn (f5520dbb47c60ee83024b38720abda24) C:\Windows\system32\DRIVERS\teamviewervpn.sys
14:20:50.0253 5232 teamviewervpn - ok
14:20:50.0297 5232 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
14:20:50.0298 5232 TermDD - ok
14:20:50.0448 5232 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
14:20:50.0458 5232 TermService - ok
14:20:50.0465 5232 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
14:20:50.0468 5232 Themes - ok
14:20:50.0480 5232 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:20:50.0482 5232 THREADORDER - ok
14:20:50.0499 5232 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
14:20:50.0503 5232 TrkWks - ok
14:20:50.0625 5232 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
14:20:50.0628 5232 TrustedInstaller - ok
14:20:50.0673 5232 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:20:50.0675 5232 tssecsrv - ok
14:20:50.0734 5232 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
14:20:50.0736 5232 TsUsbFlt - ok
14:20:50.0799 5232 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
14:20:50.0801 5232 tunnel - ok
14:20:50.0834 5232 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
14:20:50.0836 5232 uagp35 - ok
14:20:50.0896 5232 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
14:20:50.0900 5232 udfs - ok
14:20:50.0918 5232 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
14:20:50.0921 5232 UI0Detect - ok
14:20:50.0968 5232 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
14:20:50.0969 5232 uliagpkx - ok
14:20:50.0993 5232 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
14:20:50.0995 5232 umbus - ok
14:20:51.0011 5232 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
14:20:51.0013 5232 UmPass - ok
14:20:51.0044 5232 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
14:20:51.0060 5232 upnphost - ok
14:20:51.0113 5232 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
14:20:51.0115 5232 usbaudio - ok
14:20:51.0158 5232 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
14:20:51.0160 5232 usbccgp - ok
14:20:51.0215 5232 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
14:20:51.0217 5232 usbcir - ok
14:20:51.0260 5232 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
14:20:51.0262 5232 usbehci - ok
14:20:51.0391 5232 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
14:20:51.0395 5232 usbhub - ok
14:20:51.0410 5232 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
14:20:51.0412 5232 usbohci - ok
14:20:51.0436 5232 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
14:20:51.0437 5232 usbprint - ok
14:20:51.0484 5232 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:20:51.0486 5232 USBSTOR - ok
14:20:51.0531 5232 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
14:20:51.0533 5232 usbuhci - ok
14:20:51.0573 5232 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
14:20:51.0577 5232 usbvideo - ok
14:20:51.0641 5232 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys
14:20:51.0655 5232 usb_rndisx - ok
14:20:51.0675 5232 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
14:20:51.0678 5232 UxSms - ok
14:20:51.0718 5232 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:20:51.0720 5232 VaultSvc - ok
14:20:51.0784 5232 VBoxDrv (c40fecb0bd5da4e40690ef9ae4558a8c) C:\Windows\system32\DRIVERS\VBoxDrv.sys
14:20:51.0787 5232 VBoxDrv - ok
14:20:51.0836 5232 VBoxNetAdp (b3fc2d5f35e05e12c28f786c140d1cbd) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
14:20:51.0839 5232 VBoxNetAdp - ok
14:20:51.0897 5232 VBoxNetFlt (91ef7f61587323cb1658fe919d091ec3) C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
14:20:51.0900 5232 VBoxNetFlt - ok
14:20:51.0938 5232 VBoxUSB (ceb09d7c50f047aa457212188d28fc28) C:\Windows\system32\Drivers\VBoxUSB.sys
14:20:51.0940 5232 VBoxUSB - ok
14:20:51.0962 5232 VBoxUSBMon (cf8b6507670127041ca78ef82c56ee45) C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
14:20:51.0964 5232 VBoxUSBMon - ok
14:20:51.0990 5232 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
14:20:51.0992 5232 vdrvroot - ok
14:20:52.0173 5232 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
14:20:52.0182 5232 vds - ok
14:20:52.0207 5232 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
14:20:52.0209 5232 vga - ok
14:20:52.0226 5232 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
14:20:52.0227 5232 VgaSave - ok
14:20:52.0250 5232 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
14:20:52.0253 5232 vhdmp - ok
14:20:52.0317 5232 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
14:20:52.0319 5232 viaide - ok
14:20:52.0391 5232 vmm (21c96aa588d3993191761a08dbaabb15) C:\Windows\system32\Drivers\vmm.sys
14:20:52.0395 5232 vmm - ok
14:20:52.0411 5232 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
14:20:52.0413 5232 volmgr - ok
14:20:52.0449 5232 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
14:20:52.0454 5232 volmgrx - ok
14:20:52.0478 5232 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
14:20:52.0482 5232 volsnap - ok
14:20:52.0504 5232 vpcbus (b4a73ca4ef9a02b9738cea9ad5fe5917) C:\Windows\system32\drivers\vpchbus.sys
14:20:52.0507 5232 vpcbus - ok
14:20:52.0531 5232 vpcusb (5fb42082b0d19a0268705f1dd343df20) C:\Windows\system32\drivers\vpcusb.sys
14:20:52.0533 5232 vpcusb - ok
14:20:52.0558 5232 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
14:20:52.0561 5232 vsmraid - ok
14:20:52.0722 5232 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
14:20:52.0742 5232 VSS - ok
14:20:52.0887 5232 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
14:20:52.0889 5232 vwifibus - ok
14:20:52.0898 5232 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
14:20:52.0899 5232 vwififlt - ok
14:20:52.0921 5232 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
14:20:52.0922 5232 vwifimp - ok
14:20:52.0965 5232 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
14:20:52.0972 5232 W32Time - ok
14:20:52.0990 5232 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
14:20:52.0991 5232 WacomPen - ok
14:20:53.0040 5232 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:20:53.0042 5232 WANARP - ok
14:20:53.0065 5232 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:20:53.0067 5232 Wanarpv6 - ok
14:20:53.0280 5232 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
14:20:53.0327 5232 wbengine - ok
14:20:53.0431 5232 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
14:20:53.0436 5232 WbioSrvc - ok
14:20:53.0522 5232 WcesComm (8bda6db43aa54e8bb5e0794541ddc209) C:\Windows\WindowsMobile\wcescomm.dll
14:20:53.0529 5232 WcesComm - ok
14:20:53.0583 5232 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
14:20:53.0588 5232 wcncsvc - ok
14:20:53.0606 5232 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
14:20:53.0610 5232 WcsPlugInService - ok
14:20:53.0680 5232 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
14:20:53.0681 5232 Wd - ok
14:20:53.0736 5232 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
14:20:53.0744 5232 Wdf01000 - ok
14:20:53.0783 5232 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:20:53.0787 5232 WdiServiceHost - ok
14:20:53.0791 5232 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:20:53.0794 5232 WdiSystemHost - ok
14:20:53.0837 5232 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
14:20:53.0843 5232 WebClient - ok
14:20:53.0867 5232 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
14:20:53.0872 5232 Wecsvc - ok
14:20:53.0886 5232 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
14:20:53.0889 5232 wercplsupport - ok
14:20:53.0916 5232 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
14:20:53.0919 5232 WerSvc - ok
14:20:53.0941 5232 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
14:20:53.0942 5232 WfpLwf - ok
14:20:53.0979 5232 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
14:20:53.0994 5232 WimFltr - ok
14:20:54.0023 5232 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
14:20:54.0025 5232 WIMMount - ok
14:20:54.0061 5232 WinDefend - ok
14:20:54.0071 5232 WinHttpAutoProxySvc - ok
14:20:54.0134 5232 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
14:20:54.0162 5232 Winmgmt - ok
14:20:54.0344 5232 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
14:20:54.0367 5232 WinRM - ok
14:20:54.0528 5232 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
14:20:54.0529 5232 WinUsb - ok
14:20:54.0579 5232 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
14:20:54.0590 5232 Wlansvc - ok
14:20:54.0685 5232 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
14:20:54.0687 5232 wlcrasvc - ok
14:20:54.0908 5232 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:20:54.0952 5232 wlidsvc - ok
14:20:55.0039 5232 wltrysvc (13b0a570e1ae451c92da550085d72cf3) C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
14:20:55.0054 5232 wltrysvc - ok
14:20:55.0154 5232 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
14:20:55.0155 5232 WmiAcpi - ok
14:20:55.0249 5232 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
14:20:55.0264 5232 wmiApSrv - ok
14:20:55.0294 5232 WMPNetworkSvc - ok
14:20:55.0460 5232 WMZuneComm (83b6ca03c846fcd47f9883d77d1eb27b) c:\Program Files\Zune\WMZuneComm.exe
14:20:55.0474 5232 WMZuneComm - ok
14:20:55.0504 5232 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
14:20:55.0507 5232 WPCSvc - ok
14:20:55.0557 5232 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
14:20:55.0561 5232 WPDBusEnum - ok
14:20:55.0582 5232 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
14:20:55.0583 5232 ws2ifsl - ok
14:20:55.0599 5232 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
14:20:55.0603 5232 wscsvc - ok
14:20:55.0608 5232 WSearch - ok
14:20:55.0847 5232 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
14:20:55.0878 5232 wuauserv - ok
14:20:56.0042 5232 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
14:20:56.0045 5232 WudfPf - ok
14:20:56.0127 5232 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:20:56.0141 5232 WUDFRd - ok
14:20:56.0193 5232 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
14:20:56.0197 5232 wudfsvc - ok
14:20:56.0228 5232 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
14:20:56.0244 5232 WwanSvc - ok
14:20:56.0863 5232 ZuneNetworkSvc (67b787c34fb2888d01b130ae007042d8) c:\Program Files\Zune\ZuneNss.exe
14:20:56.0949 5232 ZuneNetworkSvc - ok
14:20:57.0021 5232 ZuneWlanCfgSvc (4d89fc1c20cf655739efac5da81a67bc) c:\Program Files\Zune\ZuneWlanCfgSvc.exe
14:20:57.0028 5232 ZuneWlanCfgSvc - ok
14:20:57.0111 5232 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
14:20:57.0395 5232 \Device\Harddisk0\DR0 - ok
14:20:57.0399 5232 Boot (0x1200) (a48fdd98b86014909aa225e748ace617) \Device\Harddisk0\DR0\Partition0
14:20:57.0401 5232 \Device\Harddisk0\DR0\Partition0 - ok
14:20:57.0431 5232 Boot (0x1200) (e9b34657fd117ee14e3c4983a4361be5) \Device\Harddisk0\DR0\Partition1
14:20:57.0432 5232 \Device\Harddisk0\DR0\Partition1 - ok
14:20:57.0433 5232 ============================================================
14:20:57.0433 5232 Scan finished
14:20:57.0433 5232 ============================================================
14:20:57.0445 7072 Detected object count: 0
14:20:57.0445 7072 Actual detected object count: 0
samweb
Regular Member
 
Posts: 15
Joined: May 5th, 2012, 11:38 am

Re: Add box in left corner

Unread postby Gary R » May 6th, 2012, 12:35 pm

OK, there's a few things to take care of, and a few new scans to run.

First

Old versions of java can be exploited, please go to start > control panel > programs > uninstall a program and uninstall

Java(TM) 6 Update 14 (64-bit)
Java(TM) 6 Update 31


Reboot your computer when finished.

Now download and install JDK 6 Update 32 (JDK or JRE).

Next

  • Double click OTL.exe to launch the programme.
  • Copy/Paste the contents of the code box below into the Custom Scans/Fixes box.
Code: Select all
:OTL
IE - HKU\S-1-5-21-3109684298-3459403227-3296056258-1013\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = http://www.bigseekpro.com/search/browse ... ickfigure/{63CBFC9A-0DBA-4AB6-9D15-0DB1471D3BFF}?q={searchTerms}
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3109684298-3459403227-3296056258-1013\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_14)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_14)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_14)
O33 - MountPoints2\{a50621ef-79ff-11df-a46e-904ce519c12a}\Shell - "" = AutoRun
O33 - MountPoints2\{a50621ef-79ff-11df-a46e-904ce519c12a}\Shell\AutoRun\command - "" = K:\EMP_UDSe.exe /autorun
O33 - MountPoints2\{f76900dd-6f0b-11e0-b510-002564ded087}\Shell - "" = AutoRun
O33 - MountPoints2\{f76900dd-6f0b-11e0-b510-002564ded087}\Shell\AutoRun\command - "" = I:\AutoRun.exe

:Files
ipconfig /flushdns /c
C:\Program Files (x86)\Hotspot Shield

:Commands
[CreateRestorePoint]
[EmptyFlash]
[EmptyTemp]
[ResetHosts]

  • Click the Run Fix button.
  • OTL will now process the instructions.
  • When finished a box will open asking you to open the fix log, click OK.
  • The fix log will open.
  • Copy/Paste the log in your next reply please.

Note: If necessary, OTL may re-boot your computer, or request that you do so, if it does, re-boot your computer. A log will be produced upon re-boot.

Next

I'd like you to check some files for Viruses.
C:\Windows\System32\drivers\STGMFEngine64.sys
C:\Windows\SysWOW64\drivers\hwpsgt.sys
C:\Windows\SysWOW64\drivers\lemsgt.sys
C:\Windows\SleeN1764.sys

  • Browse to the first file in the quote box above.
  • Click Send/Submit, and the file will upload to VirusTotal/Jotti, where it will be scanned by several anti-virus programmes.
  • After a while, a window will open, with details of what the scans found.
  • Note details of any viruses found.
  • Repeat for all files on the list, and post me the details please.

Next

Please run a scan with ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
  • Please go HERE then click on: Image
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Copy and paste that log in your next reply please.
  • Now click on: Image (Selecting Uninstall application on close if you so wish)

Summary of the logs I need from you in your next post:
  • OTL fix log
  • Results from VirusTotal or Jotti's
  • E-Set log


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.

PS. I'm going to be out for the rest of this evening, so I won't see any replies before tomorrow morning earliest.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21866
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Add box in left corner

Unread postby samweb » May 7th, 2012, 1:11 am

First of all: I cant send you an OTL log, because OTL cant reset my hosts file he is working for it now for about 12 hours and it doesnt work he showed a message: cant rewrite hostfile or something like this...

Here are the results of the virus total:
C:\Windows\System32\drivers\STGMFEngine64.sys
SHA256: dd4b6a77b6bffe2d10b4cd11e9856542a161d20c1bac13790f12d87072f055f5
SHA1: ddb4709ed515ac8cf3fa507c579d038515223663
MD5: 70d9e406a1170a801b0d9ccecf9d6914
File size: 27.9 KB ( 28576 bytes )
File name: STGMFEngine64.sys
File type: unknown
Detection ratio: 0 / 42
Analysis date: 2012-05-06 18:09:39 UTC ( 1 Minute ago )
0
0
More details
Antivirus Result Update
AhnLab-V3 - 20120506
AntiVir - 20120506
Antiy-AVL - 20120506
Avast - 20120506
AVG - 20120506
BitDefender - 20120506
ByteHero - 20120505
CAT-QuickHeal - 20120505
ClamAV - 20120506
Commtouch - 20120506
Comodo - 20120506
DrWeb - 20120506
Emsisoft - 20120506
eSafe - 20120506
eTrust-Vet - 20120504
F-Prot - 20120506
F-Secure - 20120506
Fortinet - 20120506
GData - 20120506
Ikarus - 20120506
Jiangmin - 20120506
K7AntiVirus - 20120505
Kaspersky - 20120506
McAfee - 20120506
McAfee-GW-Edition - 20120506
Microsoft - 20120506
NOD32 - 20120506
Norman - 20120506
nProtect - 20120506
Panda - 20120506
PCTools - 20120506
Rising - 20120504
Sophos - 20120506
SUPERAntiSpyware - 20120411
Symantec - 20120506
TheHacker - 20120505
TrendMicro - 20120506
TrendMicro-HouseCall - 20120506
VBA32 - 20120504
VIPRE - 20120506
ViRobot - 20120506
VirusBuster - 20120506


C:\Windows\SysWOW64\drivers\hwpsgt.sys
SHA256: 73dec8d53c0c6da7806afc0617652a660bd08beeda288962c44f846afc4c5a6f
SHA1: 43f407ecdc0d87a3713126b757ccaad07ade285f
MD5: a439ebd90afdb1f516c875b9b317832f
File size: 134.1 KB ( 137344 bytes )
File name: hwpsgt.sys
File type: Win32 EXE
Detection ratio: 0 / 42
Analysis date: 2012-05-06 18:02:06 UTC ( 0 Minuten ago )
1
0
More details
Antivirus Result Update
AhnLab-V3 - 20120506
AntiVir - 20120506
Antiy-AVL - 20120506
Avast - 20120506
AVG - 20120506
BitDefender - 20120506
ByteHero - 20120505
CAT-QuickHeal - 20120505
ClamAV - 20120506
Commtouch - 20120506
Comodo - 20120506
DrWeb - 20120506
Emsisoft - 20120506
eSafe - 20120506
eTrust-Vet - 20120504
F-Prot - 20120506
F-Secure - 20120506
Fortinet - 20120506
GData - 20120506
Ikarus - 20120506
Jiangmin - 20120506
K7AntiVirus - 20120505
Kaspersky - 20120506
McAfee - 20120506
McAfee-GW-Edition - 20120506
Microsoft - 20120506
NOD32 - 20120506
Norman - 20120506
nProtect - 20120506
Panda - 20120506
PCTools - 20120506
Rising - 20120504
Sophos - 20120506
SUPERAntiSpyware - 20120411
Symantec - 20120506
TheHacker - 20120505
TrendMicro - 20120506
TrendMicro-HouseCall - 20120506
VBA32 - 20120504
VIPRE - 20120506
ViRobot - 20120506
VirusBuster - 20120506

C:\Windows\SysWOW64\drivers\lemsgt.sys
SHA256: bfc3590c1c80794b3e9d367340a87a1519a014e99dc0e323aa6c00b7ce59521a
SHA1: 548dd6359abbcc8c84ce346d078664eeedc716f7
MD5: 057da656166893842dd401c25a058c4e
File size: 9.3 KB ( 9472 bytes )
File name: lemsgt.sys
File type: Win32 EXE
Detection ratio: 0 / 42
Analysis date: 2012-05-06 18:11:16 UTC ( 0 Minuten ago )
0
0
More details
Antivirus Result Update
AhnLab-V3 - 20120506
AntiVir - 20120506
Antiy-AVL - 20120506
Avast - 20120506
AVG - 20120506
BitDefender - 20120506
ByteHero - 20120505
CAT-QuickHeal - 20120505
ClamAV - 20120506
Commtouch - 20120506
Comodo - 20120506
DrWeb - 20120506
Emsisoft - 20120506
eSafe - 20120506
eTrust-Vet - 20120504
F-Prot - 20120506
F-Secure - 20120506
Fortinet - 20120506
GData - 20120506
Ikarus - 20120506
Jiangmin - 20120506
K7AntiVirus - 20120505
Kaspersky - 20120506
McAfee - 20120506
McAfee-GW-Edition - 20120506
Microsoft - 20120506
NOD32 - 20120506
Norman - 20120506
nProtect - 20120506
Panda - 20120506
PCTools - 20120506
Rising - 20120504
Sophos - 20120506
SUPERAntiSpyware - 20120411
Symantec - 20120506
TheHacker - 20120505
TrendMicro - 20120506
TrendMicro-HouseCall - 20120506
VBA32 - 20120504
VIPRE - 20120506
ViRobot - 20120506
VirusBuster - 20120506

C:\Windows\SleeN1764.sys
SHA256: d38c18ed147be4bc7ce5db50da1deeebd192e1d615b2a3f3b5957a1421b9a2c2
SHA1: 0bbc70ce12dadf2af7fee5637bc81df9dca86988
MD5: 544788d536087daf32b846f10d8392f5
File size: 105.7 KB ( 108256 bytes )
File name: SleeN1764.sys
File type: unknown
Detection ratio: 0 / 42
Analysis date: 2012-05-06 18:14:35 UTC ( 0 Minuten ago )
0
0
More details
Antivirus Result Update
AhnLab-V3 - 20120506
AntiVir - 20120506
Antiy-AVL - 20120506
Avast - 20120506
AVG - 20120506
BitDefender - 20120506
ByteHero - 20120505
CAT-QuickHeal - 20120505
ClamAV - 20120506
Commtouch - 20120506
Comodo - 20120506
DrWeb - 20120506
Emsisoft - 20120506
eSafe - 20120506
eTrust-Vet - 20120504
F-Prot - 20120506
F-Secure - 20120506
Fortinet - 20120506
GData - 20120506
Ikarus - 20120506
Jiangmin - 20120506
K7AntiVirus - 20120505
Kaspersky - 20120506
McAfee - 20120506
McAfee-GW-Edition - 20120506
Microsoft - 20120506
NOD32 - 20120506
Norman - 20120506
nProtect - 20120506
Panda - 20120506
PCTools - 20120506
Rising - 20120504
Sophos - 20120506
SUPERAntiSpyware - 20120411
Symantec - 20120506
TheHacker - 20120505
TrendMicro - 20120506
TrendMicro-HouseCall - 20120506
VBA32 - 20120504
VIPRE - 20120506
ViRobot - 20120506
VirusBuster - 20120506
samweb
Regular Member
 
Posts: 15
Joined: May 5th, 2012, 11:38 am

Re: Add box in left corner

Unread postby samweb » May 7th, 2012, 1:12 am

And here is the E-Set log:

C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarApp.dll a variant of Win32/Toolbar.Babylon application
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarEng.dll Win32/Toolbar.Babylon application
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarsrv.exe probably a variant of Win32/Toolbar.Babylon application
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarTlbr.dll Win32/Toolbar.Babylon application
C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A application
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application
C:\Program Files (x86)\hijackthis\Trend Micro\HiJackThis\backups\backup-20120407-120151-187.dll Win32/Toolbar.Babylon application
C:\Users\Samuel 2\AppData\Local\TempDIR\BetterInstaller.exe a variant of Win32/Somoto.A application
C:\Users\Samuel 2\Downloads\ConnectifyInstaller.exe Win32/OpenCandy application
C:\Users\Samuel 2\Downloads\DarkWave-Studio-3_2_9.exe Win32/OpenCandy application
C:\Users\Samuel 2\Downloads\DVDStyler-1.8.3-win32.exe Win32/OpenCandy application
C:\Users\Samuel 2\Downloads\installer_moho_5_4_english.exe Win32/Toggle application
C:\Users\Samuel 2\Downloads\IZArc4.1.2.exe Win32/OpenCandy application
C:\Users\Samuel 2\Downloads\SoftonicDownloader19209.exe a variant of Win32/SoftonicDownloader.A application
C:\Users\Samuel 2\Downloads\SoftonicDownloader94668.exe a variant of Win32/SoftonicDownloader.A application
C:\Users\Samuel 2\Downloads\SoftonicDownloader_fuer_design-your-own-home-architecture.exe a variant of Win32/SoftonicDownloader.A application
C:\Users\Samuel 2\Downloads\SoftonicDownloader_fuer_envisioneer-express.exe a variant of Win32/SoftonicDownloader.A application
C:\Users\Samuel 2\Downloads\SoftonicDownloader_fuer_espeak.exe Win32/SoftonicDownloader application
C:\Users\Samuel 2\Downloads\SoftonicDownloader_fuer_freemind.exe Win32/SoftonicDownloader.D application
C:\Users\Samuel 2\Downloads\SoftonicDownloader_fuer_inno-setup.exe Win32/SoftonicDownloader.D application
C:\Users\Samuel 2\Downloads\SoftonicDownloader_fuer_java-se-development-kit-jdk.exe a variant of Win32/SoftonicDownloader.A application
C:\Users\Samuel 2\Downloads\SoftonicDownloader_fuer_kicad.exe Win32/SoftonicDownloader application
C:\Users\Samuel 2\Downloads\SoftonicDownloader_fuer_poweriso.exe a variant of Win32/SoftonicDownloader.A application
C:\Users\Samuel 2\Downloads\SoftonicDownloader_fuer_quick-media-converter.exe a variant of Win32/SoftonicDownloader.A application
C:\Users\Samuel 2\Downloads\SoftonicDownloader_fuer_sweet-home-3d.exe a variant of Win32/SoftonicDownloader.A application
C:\Users\Samuel 2\Downloads\SUPERsetup201149.exe Win32/OpenCandy application
C:\Users\Samuel 2\Downloads\winscp429setup(1).exe Win32/OpenCandy application
C:\Users\Samuel 2\Downloads\winscp429setup.exe Win32/OpenCandy application
C:\Users\Samuel 2\Hortus\bitcoinminer\cgminer-2.0.6-win32\cgminer-cpuonly.exe a variant of Win32/BitCoinMiner.B application
C:\Users\Samuel 2\Hortus\Verschiedenes\stick\ConnectifyInstaller.exe Win32/OpenCandy application
samweb
Regular Member
 
Posts: 15
Joined: May 5th, 2012, 11:38 am

Re: Add box in left corner

Unread postby Gary R » May 7th, 2012, 2:06 am

Go to the folder ... C:\_OTL\MovedFiles ... and look to see if there are any files in it. They will be named ... MMDDYYYY_HHMMSS.log ... (where MDYHMS are replaced by numbers representing the date and time the file was created)

If there is a file there for the fix you have just run, please post me the contents, if not please let me know.

Next

  • Double click OTL.exe to launch the programme.
  • Copy/Paste the contents of the code box below into the Custom Scans/Fixes box.
Code: Select all
:Files
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar
C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A application
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe
C:\Users\Samuel 2\AppData\Local\TempDIR\BetterInstaller.exe
C:\Users\Samuel 2\Downloads\ConnectifyInstaller.exe
C:\Users\Samuel 2\Downloads\DarkWave-Studio-3_2_9.exe
C:\Users\Samuel 2\Downloads\DVDStyler-1.8.3-win32.exe 
C:\Users\Samuel 2\Downloads\installer_moho_5_4_english.exe
C:\Users\Samuel 2\Downloads\IZArc4.1.2.exe
C:\Users\Samuel 2\Downloads\SoftonicDownloader19209.exe
C:\Users\Samuel 2\Downloads\SoftonicDownloader94668.exe
C:\Users\Samuel 2\Downloads\SoftonicDownloader_fuer_design-your-own-home-architecture.exe
C:\Users\Samuel 2\Downloads\SoftonicDownloader_fuer_envisioneer-express.exe
C:\Users\Samuel 2\Downloads\SoftonicDownloader_fuer_espeak.exe
C:\Users\Samuel 2\Downloads\SoftonicDownloader_fuer_freemind.exe
C:\Users\Samuel 2\Downloads\SoftonicDownloader_fuer_inno-setup.exe
C:\Users\Samuel 2\Downloads\SoftonicDownloader_fuer_java-se-development-kit-jdk.exe
C:\Users\Samuel 2\Downloads\SoftonicDownloader_fuer_kicad.exe
C:\Users\Samuel 2\Downloads\SoftonicDownloader_fuer_poweriso.exe
C:\Users\Samuel 2\Downloads\SoftonicDownloader_fuer_quick-media-converter.exe
C:\Users\Samuel 2\Downloads\SoftonicDownloader_fuer_sweet-home-3d.exe
C:\Users\Samuel 2\Downloads\SUPERsetup201149.exe
C:\Users\Samuel 2\Downloads\winscp429setup(1).exe 
C:\Users\Samuel 2\Downloads\winscp429setup.exe
C:\Users\Samuel 2\Hortus\bitcoinminer\cgminer-2.0.6-win32\cgminer-cpuonly.exe
C:\Users\Samuel 2\Hortus\Verschiedenes\stick\ConnectifyInstaller.exe

  • Click the Run Fix button.
  • OTL will now process the instructions.
  • When finished a box will open asking you to open the fix log, click OK.
  • The fix log will open.
  • Copy/Paste the log in your next reply please.

Note: If necessary, OTL may re-boot your computer, or request that you do so, if it does, re-boot your computer. A log will be produced upon re-boot.

Next

Can you run a new scan for me with OTL .....

  • Double click OTL.exe to launch the programme.
  • Check the following.
    • Scan all users.
    • Standard Output.
    • Lop check.
    • Purity check.
  • Under Extra Registry section, select Use SafeList
  • Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).
  • When finished it will produce only one log this time.
    • OTL.txt (open on your desktop).
  • Please post me the log.

Summary of the logs I need from you in your next post:
  • OTL fix log (if present) from C:\_OTL\MovedFiles
  • New OTL fix log (from the fix you've just run)
  • OTL.txt


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21866
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Add box in left corner

Unread postby samweb » May 7th, 2012, 8:21 am

Here is the old otl log


Files\Folders moved on Reboot...
File move failed. C:\Users\Samuel 2\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LZF6HSXQ\index[2].htm scheduled to be moved on reboot.
File move failed. C:\Windows\temp\klsFAB2.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

Registry entries deleted on Reboot...

the other one will send you when done...
samweb
Regular Member
 
Posts: 15
Joined: May 5th, 2012, 11:38 am

Re: Add box in left corner

Unread postby samweb » May 7th, 2012, 8:23 am

Here is the otl fix log:

========== FILES ==========
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\bh folder moved successfully.
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10 folder moved successfully.
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar folder moved successfully.
Invalid Switch: HiddenStart.A application
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe moved successfully.
C:\Users\Samuel 2\AppData\Local\TempDIR\BetterInstaller.exe moved successfully.
C:\Users\Samuel 2\Downloads\ConnectifyInstaller.exe moved successfully.
C:\Users\Samuel 2\Downloads\DarkWave-Studio-3_2_9.exe moved successfully.
C:\Users\Samuel 2\Downloads\DVDStyler-1.8.3-win32.exe moved successfully.
C:\Users\Samuel 2\Downloads\installer_moho_5_4_english.exe moved successfully.
C:\Users\Samuel 2\Downloads\IZArc4.1.2.exe moved successfully.
C:\Users\Samuel 2\Downloads\SoftonicDownloader19209.exe moved successfully.
C:\Users\Samuel 2\Downloads\SoftonicDownloader94668.exe moved successfully.
C:\Users\Samuel 2\Downloads\SoftonicDownloader_fuer_design-your-own-home-architecture.exe moved successfully.
C:\Users\Samuel 2\Downloads\SoftonicDownloader_fuer_envisioneer-express.exe moved successfully.
C:\Users\Samuel 2\Downloads\SoftonicDownloader_fuer_espeak.exe moved successfully.
C:\Users\Samuel 2\Downloads\SoftonicDownloader_fuer_freemind.exe moved successfully.
C:\Users\Samuel 2\Downloads\SoftonicDownloader_fuer_inno-setup.exe moved successfully.
C:\Users\Samuel 2\Downloads\SoftonicDownloader_fuer_java-se-development-kit-jdk.exe moved successfully.
C:\Users\Samuel 2\Downloads\SoftonicDownloader_fuer_kicad.exe moved successfully.
C:\Users\Samuel 2\Downloads\SoftonicDownloader_fuer_poweriso.exe moved successfully.
C:\Users\Samuel 2\Downloads\SoftonicDownloader_fuer_quick-media-converter.exe moved successfully.
C:\Users\Samuel 2\Downloads\SoftonicDownloader_fuer_sweet-home-3d.exe moved successfully.
C:\Users\Samuel 2\Downloads\SUPERsetup201149.exe moved successfully.
C:\Users\Samuel 2\Downloads\winscp429setup(1).exe moved successfully.
C:\Users\Samuel 2\Downloads\winscp429setup.exe moved successfully.
C:\Users\Samuel 2\Hortus\bitcoinminer\cgminer-2.0.6-win32\cgminer-cpuonly.exe moved successfully.
C:\Users\Samuel 2\Hortus\Verschiedenes\stick\ConnectifyInstaller.exe moved successfully.

OTL by OldTimer - Version 3.2.42.2 log created on 05072012_142402
samweb
Regular Member
 
Posts: 15
Joined: May 5th, 2012, 11:38 am

Re: Add box in left corner

Unread postby samweb » May 7th, 2012, 8:42 am

And here is the OTL logfile:

OTL logfile created on: 07.05.2012 14:34:09 - Run 2
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\Samuel 2\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 1,49 Gb Available Physical Memory | 37,30% Memory free
7,99 Gb Paging File | 5,18 Gb Available in Paging File | 64,81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 920,75 Gb Total Space | 346,82 Gb Free Space | 37,67% Space Free | Partition Type: NTFS

Computer Name: SAMUELS-PC | User Name: Samuel 2 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.05.06 13:15:18 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Samuel 2\Downloads\OTL.exe
PRC - [2012.05.04 19:22:40 | 009,478,320 | ---- | M] (Spotify Ltd) -- C:\Users\Samuel 2\AppData\Roaming\Spotify\spotify.exe
PRC - [2012.04.25 13:38:31 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.04.04 07:53:56 | 000,815,512 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2012.03.19 13:38:46 | 002,666,880 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012.03.13 06:37:52 | 003,331,872 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\Samuel 2\AppData\Local\Akamai\netsession_win.exe
PRC - [2012.02.23 13:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
PRC - [2012.02.15 01:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Users\Samuel 2\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.09.10 11:43:18 | 000,018,432 | ---- | M] (Apache Software Foundation) -- C:\xampp\apache\bin\httpd.exe
PRC - [2011.09.10 11:43:18 | 000,018,432 | ---- | M] (Apache Software Foundation) -- c:\xampp\apache\bin\httpd.exe
PRC - [2011.09.09 19:46:10 | 008,158,720 | ---- | M] () -- c:\xampp\mysql\bin\mysqld.exe
PRC - [2011.08.18 13:32:12 | 000,084,480 | ---- | M] (Steganos Software GmbH) -- C:\Program Files (x86)\Steganos Privacy Suite 12\SteganosHotKeyService.exe
PRC - [2011.08.18 13:32:10 | 000,057,344 | ---- | M] (Steganos Software GmbH) -- C:\Program Files (x86)\Steganos Privacy Suite 12\SteganosBrowserMonitor.exe
PRC - [2011.08.18 13:26:34 | 000,017,408 | ---- | M] (Steganos Software GmbH) -- C:\Program Files (x86)\Steganos Privacy Suite 12\fredirstarter.exe
PRC - [2011.05.13 06:45:56 | 001,756,232 | ---- | M] (ManyCam LLC) -- C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe
PRC - [2011.05.02 10:48:08 | 000,216,064 | ---- | M] (DDHelper) -- C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\DDHelper.exe
PRC - [2011.04.25 00:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
PRC - [2011.03.22 23:56:40 | 000,687,448 | ---- | M] () -- C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
PRC - [2011.03.01 23:14:08 | 000,190,808 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011.03.01 23:13:44 | 000,203,096 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
PRC - [2010.07.06 17:03:00 | 000,173,352 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
PRC - [2009.08.17 10:29:00 | 000,656,624 | ---- | M] (SoftThinks) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
PRC - [2009.07.16 08:29:44 | 000,307,200 | ---- | M] (Hauppauge Computer Works) -- C:\PROGRA~2\WinTV\TVServer\CAPTUR~4.EXE
PRC - [2009.07.13 16:22:32 | 000,434,176 | ---- | M] (Hauppauge Computer Works) -- C:\PROGRA~2\WinTV\TVServer\HAUPPA~1.EXE
PRC - [2009.06.24 21:19:50 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009.06.18 22:46:24 | 000,494,064 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2009.05.21 09:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
PRC - [2009.05.21 09:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
PRC - [2009.04.15 19:16:44 | 000,098,304 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\EPSON Projector\EPSON USB Display V1.4\EMP_UDSA.exe
PRC - [2008.12.18 15:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Programme\Dell\DellDock\DockLogin.exe
PRC - [2008.11.04 13:18:46 | 000,110,647 | ---- | M] (Hauppauge Computer Works) -- C:\Program Files (x86)\WinTV\Ir.exe
PRC - [2008.09.26 10:19:04 | 000,210,208 | ---- | M] (Acresso Corporation) -- C:\ProgramData\Macrovision\FLEXnet Connect\11\ISUSPM.exe


========== Modules (No Company Name) ==========

MOD - [2012.05.04 21:15:23 | 008,797,856 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
MOD - [2012.05.04 19:22:40 | 020,101,120 | ---- | M] () -- C:\Users\Samuel 2\AppData\Roaming\Spotify\Data\libcef.dll
MOD - [2012.04.25 13:38:28 | 001,952,696 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012.04.04 07:54:04 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\locale\de_de\acrotray.deu
MOD - [2012.02.16 16:05:54 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012.02.16 16:04:40 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2012.01.08 15:41:12 | 000,093,696 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
MOD - [2011.10.13 19:46:47 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.05.13 06:46:02 | 000,498,760 | ---- | M] () -- C:\Program Files (x86)\ManyCam\Bin\cximagecrt.dll
MOD - [2011.05.13 06:46:00 | 000,123,976 | ---- | M] () -- C:\Program Files (x86)\ManyCam\Bin\CrashRpt.dll
MOD - [2011.04.25 00:13:30 | 007,008,656 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtGui4.dll
MOD - [2011.04.25 00:13:28 | 000,192,912 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtSql4.dll
MOD - [2011.04.25 00:13:26 | 001,270,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtScript4.dll
MOD - [2011.04.25 00:13:26 | 000,758,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtNetwork4.dll
MOD - [2011.04.25 00:13:24 | 002,118,032 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtCore4.dll
MOD - [2011.04.25 00:13:24 | 002,089,360 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtDeclarative4.dll
MOD - [2011.04.20 20:56:28 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll
MOD - [2011.03.30 18:25:42 | 000,331,608 | ---- | M] () -- C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
MOD - [2011.03.22 23:56:40 | 000,687,448 | ---- | M] () -- C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
MOD - [2011.03.01 23:13:44 | 000,203,096 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
MOD - [2010.05.07 18:37:40 | 000,126,808 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
MOD - [2010.05.07 18:37:40 | 000,027,480 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
MOD - [2010.05.07 18:36:54 | 000,340,824 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
MOD - [2010.05.07 18:35:56 | 007,954,776 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
MOD - [2010.05.07 18:35:44 | 002,143,576 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
MOD - [2009.06.18 22:46:24 | 000,494,064 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009.07.17 19:06:22 | 000,033,280 | ---- | M] () [Auto | Running] -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2008.07.29 14:20:28 | 004,737,024 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90)
SRV - [2012.05.04 21:15:23 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.04.25 13:38:32 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.03.19 13:38:46 | 002,666,880 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012.02.29 10:16:46 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.01.04 15:46:38 | 000,029,184 | ---- | M] () [On_Demand | Stopped] -- c:\servicetest.exe -- (MemoryStatus)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.09.10 11:43:18 | 000,018,432 | ---- | M] (Apache Software Foundation) [Auto | Running] -- c:\xampp\apache\bin\httpd.exe -- (Apache2.2)
SRV - [2011.09.09 19:46:10 | 008,158,720 | ---- | M] () [Auto | Running] -- c:\xampp\mysql\bin\mysqld.exe -- (mysql)
SRV - [2011.09.08 16:12:10 | 000,075,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\IIS\Microsoft Web Deploy\MsDepSvc.exe -- (MsDepSvc)
SRV - [2011.08.31 17:34:02 | 000,017,920 | ---- | M] (Microsoft) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\MouseWithoutBordersSvc.exe -- (MouseWithoutBordersSvc)
SRV - [2011.08.05 12:53:12 | 000,467,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2011.08.05 12:53:12 | 000,306,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV - [2011.08.05 12:53:06 | 008,277,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2011.04.25 00:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -- (AVP)
SRV - [2010.12.10 17:36:54 | 000,153,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2010.09.22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.09.21 15:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.07.08 12:50:20 | 000,450,560 | ---- | M] (Softwareentwicklung Remus - ArchiCrypt) [Auto | Running] -- C:\Windows\SysWOW64\STGRAMDiskHandler64.exe -- (Steganos Volatile Disk)
SRV - [2010.07.06 17:03:00 | 000,173,352 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010.01.04 20:03:42 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009.08.17 10:29:00 | 000,656,624 | ---- | M] (SoftThinks) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)
SRV - [2009.07.13 16:22:32 | 000,434,176 | ---- | M] (Hauppauge Computer Works) [Auto | Running] -- C:\PROGRA~2\WinTV\TVServer\HAUPPA~1.EXE -- (HauppaugeTVServer)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.05.21 09:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2009.04.15 19:16:44 | 000,098,304 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files (x86)\EPSON Projector\EPSON USB Display V1.4\EMP_UDSA.exe -- (EMP_UDSA)
SRV - [2009.04.01 00:01:34 | 000,092,160 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Programme\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2008.12.18 15:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Programme\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2007.05.31 18:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 18:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.01.18 06:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) Logitech Webcam 300(UVC)
DRV:64bit: - [2012.01.18 06:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011.12.21 18:42:10 | 000,615,728 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2011.08.15 14:32:10 | 000,146,736 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2011.07.26 19:49:12 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2011.06.10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.10 19:36:24 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2011.03.04 14:23:28 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2)
DRV:64bit: - [2011.03.04 14:23:24 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)
DRV:64bit: - [2011.02.11 23:23:34 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (npf)
DRV:64bit: - [2010.11.20 15:34:02 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:35:32 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 12:49:51 | 000,146,432 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rmcast.sys -- (RMCAST)
DRV:64bit: - [2010.09.23 01:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010.09.03 16:45:08 | 000,028,576 | ---- | M] (Softwareentwicklung Remus - ArchiCrypt.com) [Driver] [Kernel | System | Running] -- C:\Windows\SysNative\drivers\STGMFEngine64.sys -- (STGMFEngine64)
DRV:64bit: - [2010.09.01 22:54:40 | 000,295,272 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\VMM.sys -- (vmm)
DRV:64bit: - [2010.07.12 14:49:14 | 000,072,648 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS)
DRV:64bit: - [2010.07.12 14:48:50 | 000,085,320 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K)
DRV:64bit: - [2010.05.07 18:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2010.05.07 18:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2010.03.11 11:17:14 | 000,035,112 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV:64bit: - [2009.11.02 21:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009.10.07 10:45:37 | 000,271,640 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvpopf64.sys -- (lvpopf64)
DRV:64bit: - [2009.07.17 19:06:20 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2009.07.17 19:06:16 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009.07.14 02:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009.07.09 12:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009.06.29 17:04:56 | 000,061,696 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hcw17bda.sys -- (hcw17bda)
DRV:64bit: - [2009.06.27 01:55:10 | 000,083,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.01.19 20:32:22 | 000,334,344 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11)
DRV:64bit: - [2008.03.13 09:46:00 | 000,027,136 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ManyCam_x64.sys -- (ManyCam)
DRV:64bit: - [2006.11.01 13:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2010.11.22 19:16:32 | 000,137,344 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\hwpsgt.sys -- (hwpsgt)
DRV - [2010.11.22 19:16:32 | 000,009,472 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\lemsgt.sys -- (lemsgt)
DRV - [2010.02.17 14:21:12 | 000,108,256 | ---- | M] (Softwareentwicklung Remus - ArchiCrypt - ) [Driver] [Kernel | System | Running] -- C:\Windows\SleeN1764.sys -- (SLEE_17_DRIVER)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {3022EC30-BE01-40C9-819C-A490324CFA0F}
IE:64bit: - HKLM\..\SearchScopes\{3022EC30-BE01-40C9-819C-A490324CFA0F}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {47A20817-C7C8-4F00-9472-675D993A0B01}
IE - HKLM\..\SearchScopes\{47A20817-C7C8-4F00-9472-675D993A0B01}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3109684298-3459403227-3296056258-1013\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USCON/8
IE - HKU\S-1-5-21-3109684298-3459403227-3296056258-1013\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3109684298-3459403227-3296056258-1013\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3109684298-3459403227-3296056258-1013\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-3109684298-3459403227-3296056258-1013\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B3 79 D4 B4 21 9A CC 01 [binary data]
IE - HKU\S-1-5-21-3109684298-3459403227-3296056258-1013\..\SearchScopes,DefaultScope = {47A20817-C7C8-4F00-9472-675D993A0B01}
IE - HKU\S-1-5-21-3109684298-3459403227-3296056258-1013\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=100581&tt=110911_startpage
IE - HKU\S-1-5-21-3109684298-3459403227-3296056258-1013\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?clien ... &src=kw&q={searchTerms}&locale=&apn_ptnrs=5J&apn_dtid=YYYYYYYYDE&apn_uid=711e51b0-7141-4717-b6c5-6abbfec3e135&apn_sauid=5CD5C783-5301-4871-8ADF-694208A5987F
IE - HKU\S-1-5-21-3109684298-3459403227-3296056258-1013\..\SearchScopes\{47A20817-C7C8-4F00-9472-675D993A0B01}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE8SRC&src=IE-SearchBox
IE - HKU\S-1-5-21-3109684298-3459403227-3296056258-1013\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3109684298-3459403227-3296056258-1013\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.736
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.1
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.4
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.51
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\system32\npdeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2011.03.12 17:04:32 | 000,000,000 | ---D | M]
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.5: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2011.03.12 17:04:32 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.5: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Samuel 2\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Samuel 2\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Samuel 2\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Aurora 8.0a2\extensions\\Components: C:\Program Files (x86)\Aurora\components [2011.10.27 20:07:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Aurora 8.0a2\extensions\\Plugins: C:\Program Files (x86)\Aurora\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.06.08 14:03:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012.04.26 19:24:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012.04.26 19:24:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012.04.26 19:24:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011.09.16 17:24:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012.05.03 14:59:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{09F060FA-566D-42D7-BF79-97AB30863433}: C:\Program Files (x86)\Steganos Privacy Suite 12\pfplugin [2012.04.07 10:57:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{00F0643E-B367-4779-B45D-7046EBA37A88}: C:\Program Files (x86)\Steganos Privacy Suite 12\spmplugin3 [2012.04.07 10:57:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.04.25 13:38:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.05.03 14:59:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.04.22 16:52:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.06.08 14:03:29 | 000,000,000 | ---D | M]

[2012.04.20 14:55:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Samuel 2\AppData\Roaming\mozilla\Extensions
[2012.05.02 18:20:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Samuel 2\AppData\Roaming\mozilla\Firefox\Profiles\kep8s61o.default\extensions
[2012.04.20 14:55:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.10.30 17:52:07 | 000,000,000 | ---D | M] (Babylon) -- C:\Program Files (x86)\mozilla firefox\extensions\ffxtlbr@babylon.com
[2009.12.07 21:21:18 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files (x86)\mozilla firefox\extensions\linkfilter@kaspersky.ru
[2012.04.25 13:38:32 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010.09.15 05:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.03.13 07:23:34 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.13 07:06:36 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.03.13 07:23:34 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.13 07:23:34 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.13 07:23:34 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.13 07:23:34 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

========== Chrome ==========

CHR - default_search_provider: Search (Enabled)
CHR - default_search_provider: search_url = http://www.bigseekpro.com/search/toolba ... ickfigure/{DB9CECAF-E669-EB8A-080A-38E4A6A39D12}?q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Samuel 2\AppData\Local\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 2\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 2\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 2\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 2\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 2\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 2\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 2\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 2\plugins\np-mswmp.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Samuel 2\AppData\Local\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Samuel 2\AppData\Local\Google\Chrome\Application\18.0.1025.168\pdf.dll
CHR - plugin: Microsoft Lync 2010 Attendee Meeting Join Plug-in (Enabled) = C:\Users\Samuel 2\AppData\Roaming\Mozilla\plugins\npMeetingJoinPluginAOCUser.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: WPI Detector 1.5 (Enabled) = C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Samuel 2\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Samuel 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Firebug Lite for Google Chrome = C:\Users\Samuel 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmagokdooijbeehmkpknfglimnifench\1.4.0.11967_0\
CHR - Extension: Facebook Colour Changer = C:\Users\Samuel 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpllmoilcakpgbeodibeifcfnndoheam\1.3.1_0\
CHR - Extension: Google-Suche = C:\Users\Samuel 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Modul zur Link-Untersuchung = C:\Users\Samuel 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.462_0\
CHR - Extension: Modul zur Link-Untersuchung = C:\Users\Samuel 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\
CHR - Extension: Virtuelle Tastatur = C:\Users\Samuel 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.374_0\
CHR - Extension: Virtuelle Tastatur = C:\Users\Samuel 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\
CHR - Extension: Skype Click to Call = C:\Users\Samuel 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\
CHR - Extension: Pivot Stickfigure = C:\Users\Samuel 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpcknfcdcgpffjddjeceioobdelceffo\1.0.0\
CHR - Extension: Google Mail = C:\Users\Samuel 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Anti-Banner = C:\Users\Samuel 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\

O1 HOSTS File: ([2012.03.31 00:23:30 | 000,001,401 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 68.168.222.226 www.google-analytics.com.
O1 - Hosts: 68.168.222.226 ad-emea.doubleclick.net.
O1 - Hosts: 68.168.222.226 www.statcounter.com.
O1 - Hosts: 108.163.215.51 www.google-analytics.com.
O1 - Hosts: 108.163.215.51 ad-emea.doubleclick.net.
O1 - Hosts: 108.163.215.51 www.statcounter.com.
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\Pivot Stickfigure Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Steganos Password Manager Toolbar) - {9C65D12D-CF9D-454D-8049-61965D8C6FFF} - C:\Program Files (x86)\Steganos Privacy Suite 12\SPMIEToolbar.dll (Steganos Software GmbH)
O3 - HKU\S-1-5-21-3109684298-3459403227-3296056258-1013\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Programme\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe File not found
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Zune Launcher] c:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [EPSON_UD_START] C:\Program Files (x86)\EPSON Projector\EPSON USB Display V1.4\EMP_UD.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SSS12 File Redirection Starter] C:\Program Files (x86)\Steganos Privacy Suite 12\fredirstarter.exe (Steganos Software GmbH)
O4 - HKLM..\Run: [SSS12 HotKeys] C:\Program Files (x86)\Steganos Privacy Suite 12\SteganosHotKeyService.exe (Steganos Software GmbH)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3109684298-3459403227-3296056258-1013..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-3109684298-3459403227-3296056258-1013..\Run: [Akamai NetSession Interface] C:\Users\Samuel 2\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKU\S-1-5-21-3109684298-3459403227-3296056258-1013..\Run: [ISUSPM] C:\ProgramData\Macrovision\FLEXnet Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKU\S-1-5-21-3109684298-3459403227-3296056258-1013..\Run: [ManyCam] C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe (ManyCam LLC)
O4 - HKU\S-1-5-21-3109684298-3459403227-3296056258-1013..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKU\S-1-5-21-3109684298-3459403227-3296056258-1013..\Run: [Spotify] C:\Users\Samuel 2\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKU\S-1-5-21-3109684298-3459403227-3296056258-1013..\Run: [SSS12 Browser Monitor] C:\Program Files (x86)\Steganos Privacy Suite 12\SteganosBrowserMonitor.exe (Steganos Software GmbH)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Annette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O4 - Startup: C:\Users\Bernhard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Ereignisprotokollese\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O4 - Startup: C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O4 - Startup: C:\Users\Samuel 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Samuel 2\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Steganos Password Manager - {024538B9-3F39-49FF-9503-975F743210FA} - C:\Program Files (x86)\Steganos Privacy Suite 12\SPMIEToolbar.dll (Steganos Software GmbH)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4F6F725C-584D-4E5C-AE21-C7EC5D37ABCC}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.05.06 19:08:48 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.05.06 19:07:45 | 000,544,032 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\npdeployJava1.dll
[2012.05.06 19:07:45 | 000,525,600 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll
[2012.05.06 19:07:44 | 000,191,264 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
[2012.05.06 19:07:44 | 000,172,320 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
[2012.05.06 19:07:44 | 000,172,320 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
[2012.05.06 19:07:26 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012.05.04 19:52:02 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012.05.04 19:48:11 | 000,000,000 | ---D | C] -- C:\Users\Samuel 2\Desktop\RK_Quarantine
[2012.05.04 19:06:37 | 000,000,000 | ---D | C] -- C:\Users\Samuel 2\AppData\Roaming\Malwarebytes
[2012.05.04 19:06:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.05.03 21:59:21 | 000,000,000 | ---D | C] -- C:\Users\Samuel 2\AppData\Local\{24ACB722-ACF8-4ED2-9610-E49F281D8F1C}
[2012.04.25 13:39:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.04.25 13:39:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012.04.23 20:04:39 | 000,000,000 | ---D | C] -- C:\Users\Samuel 2\AppData\Roaming\GetRightToGo
[2012.04.23 20:04:39 | 000,000,000 | ---D | C] -- C:\Users\Samuel 2\Documents\Downloads
[2012.04.23 20:00:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server Migration Assistant for MySQL
[2012.04.23 19:59:59 | 000,000,000 | ---D | C] -- C:\Microsoft SQL Server Migration Assistant for MySQL
[2012.04.23 19:59:59 | 000,000,000 | ---D | C] -- C:\Users\Samuel 2\AppData\Roaming\Microsoft SQL Server Migration Assistant
[2012.04.22 18:50:30 | 000,000,000 | ---D | C] -- C:\Users\Samuel 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DRPU Database Converter - MySQL to MS SQL (Demo)
[2012.04.22 18:50:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DRPU Database Converter - MySQL to MS SQL (Demo)
[2012.04.21 21:58:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft WebMatrix
[2012.04.21 21:57:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft WebMatrix
[2012.04.13 18:38:10 | 000,000,000 | ---D | C] -- C:\php
[2012.04.13 01:11:27 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.04.13 01:11:27 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.04.13 01:11:26 | 002,311,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.04.13 01:11:26 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.04.13 01:11:26 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.04.13 01:11:26 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.04.13 01:11:26 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.04.13 01:11:26 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.04.13 01:11:25 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.04.13 01:11:25 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.04.13 01:11:25 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.04.13 01:10:41 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.04.13 01:10:40 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012.04.13 01:10:40 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012.04.13 01:05:08 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2012.04.13 01:05:08 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
[2012.04.13 01:05:05 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012.04.12 20:25:49 | 000,000,000 | ---D | C] -- C:\Users\Samuel 2\facebook
[2012.04.10 23:52:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zune
[2012.04.09 14:15:11 | 008,744,608 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012.04.09 13:24:06 | 000,419,488 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

========== Files - Modified Within 30 Days ==========

[2012.05.07 14:38:06 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.07 14:38:06 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.07 14:27:40 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.05.07 14:27:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.05.07 14:27:07 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2012.05.07 14:27:00 | 3219,787,776 | -HS- | M] () -- C:\hiberfil.sys
[2012.05.07 14:25:00 | 000,001,132 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3109684298-3459403227-3296056258-1013UA.job
[2012.05.07 14:15:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.05.07 14:11:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.05.07 13:41:00 | 000,001,122 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3109684298-3459403227-3296056258-1000UA.job
[2012.05.07 11:58:01 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3109684298-3459403227-3296056258-1013UA.job
[2012.05.06 20:59:05 | 000,000,918 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3109684298-3459403227-3296056258-1013Core.job
[2012.05.06 20:41:00 | 000,001,070 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3109684298-3459403227-3296056258-1000Core.job
[2012.05.06 19:07:32 | 000,191,264 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
[2012.05.06 19:07:32 | 000,172,320 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
[2012.05.06 19:07:31 | 000,544,032 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\npdeployJava1.dll
[2012.05.06 19:07:31 | 000,525,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll
[2012.05.06 19:07:31 | 000,172,320 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
[2012.05.06 18:56:51 | 000,003,254 | ---- | M] () -- C:\Windows\Opera.ini
[2012.05.06 16:25:00 | 000,001,080 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3109684298-3459403227-3296056258-1013Core.job
[2012.05.04 23:07:38 | 000,002,979 | ---- | M] () -- C:\Users\Samuel 2\Desktop\HiJackThis.lnk
[2012.05.04 21:25:24 | 000,000,132 | ---- | M] () -- C:\Users\Samuel 2\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012.05.04 21:15:23 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.05.04 21:15:23 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.05.04 21:15:16 | 008,744,608 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012.05.04 19:52:16 | 000,007,622 | ---- | M] () -- C:\Users\Samuel 2\AppData\Local\resmon.resmoncfg
[2012.05.04 18:58:01 | 000,000,931 | ---- | M] () -- C:\Users\Samuel 2\Desktop\xampp_control.exe - Verknüpfung.lnk
[2012.05.03 14:59:52 | 000,002,028 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
[2012.04.23 20:00:01 | 000,000,896 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft SQL Server Migration Assistant for MySQL.lnk
[2012.04.22 18:06:20 | 000,226,694 | ---- | M] () -- C:\Users\Samuel 2\Desktop\sogo-connector-10.0.1pre1.xpi
[2012.04.21 19:16:00 | 000,001,702 | ---- | M] () -- C:\server.key
[2012.04.21 19:15:10 | 000,001,666 | ---- | M] () -- C:\server.crt
[2012.04.20 14:55:07 | 000,001,055 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.04.20 14:46:31 | 000,022,523 | ---- | M] () -- C:\Users\Samuel 2\Desktop\bookmarks-2012-04-20.json
[2012.04.18 15:58:35 | 000,859,980 | ---- | M] () -- C:\Users\Samuel 2\Desktop\Kuppelentwurf2.psd
[2012.04.18 15:48:17 | 000,082,612 | ---- | M] () -- C:\Users\Samuel 2\Desktop\Kuppelentwurf.jpg
[2012.04.16 19:54:46 | 000,953,979 | ---- | M] () -- C:\Users\Samuel 2\AppContest_Ausschreibung_neu (2).pdf
[2012.04.16 19:48:50 | 001,794,026 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.04.16 19:48:50 | 000,767,098 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.04.16 19:48:50 | 000,709,452 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.04.16 19:48:50 | 000,178,116 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.04.16 19:48:50 | 000,144,286 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.04.10 23:52:36 | 000,000,929 | ---- | M] () -- C:\Users\Public\Desktop\Zune.lnk
[2012.04.08 15:44:02 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll

========== Files Created - No Company Name ==========

[2012.05.04 23:07:38 | 000,002,979 | ---- | C] () -- C:\Users\Samuel 2\Desktop\HiJackThis.lnk
[2012.05.04 18:58:01 | 000,000,931 | ---- | C] () -- C:\Users\Samuel 2\Desktop\xampp_control.exe - Verknüpfung.lnk
[2012.04.23 20:00:01 | 000,000,896 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft SQL Server Migration Assistant for MySQL.lnk
[2012.04.22 16:48:54 | 000,226,694 | ---- | C] () -- C:\Users\Samuel 2\Desktop\sogo-connector-10.0.1pre1.xpi
[2012.04.21 19:17:39 | 000,001,666 | ---- | C] () -- C:\server.crt
[2012.04.21 19:17:11 | 000,001,702 | ---- | C] () -- C:\server.key
[2012.04.20 14:55:07 | 000,001,067 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.04.20 14:55:07 | 000,001,055 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.04.20 14:46:30 | 000,022,523 | ---- | C] () -- C:\Users\Samuel 2\Desktop\bookmarks-2012-04-20.json
[2012.04.18 15:54:13 | 000,859,980 | ---- | C] () -- C:\Users\Samuel 2\Desktop\Kuppelentwurf2.psd
[2012.04.18 15:48:17 | 000,082,612 | ---- | C] () -- C:\Users\Samuel 2\Desktop\Kuppelentwurf.jpg
[2012.04.16 19:54:46 | 000,953,979 | ---- | C] () -- C:\Users\Samuel 2\AppContest_Ausschreibung_neu (2).pdf
[2012.04.11 17:39:05 | 000,001,104 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 7.lnk
[2012.04.10 23:52:36 | 000,000,929 | ---- | C] () -- C:\Users\Public\Desktop\Zune.lnk
[2012.04.09 13:25:00 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.03.12 19:47:11 | 000,000,132 | ---- | C] () -- C:\Users\Samuel 2\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2012.02.15 18:44:46 | 000,000,132 | ---- | C] () -- C:\Users\Samuel 2\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2012.01.25 19:59:12 | 000,000,132 | ---- | C] () -- C:\Users\Samuel 2\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012.01.18 06:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012.01.18 06:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012.01.18 06:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011.12.21 18:46:18 | 000,017,408 | ---- | C] () -- C:\Users\Samuel 2\AppData\Local\WebpageIcons.db
[2011.11.18 18:17:51 | 000,001,456 | ---- | C] () -- C:\Users\Samuel 2\AppData\Local\Adobe Für Web speichern 12.0 Prefs
[2011.10.30 17:55:21 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2011.09.10 16:25:53 | 000,003,254 | ---- | C] () -- C:\Windows\Opera.ini
[2011.08.14 12:12:51 | 000,000,173 | ---- | C] () -- C:\Users\Samuel 2\AppData\Local\msmathematics.qat.Samuel 2
[2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.02.11 23:23:34 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2011.01.21 22:26:23 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.12.30 22:10:29 | 000,007,622 | ---- | C] () -- C:\Users\Samuel 2\AppData\Local\resmon.resmoncfg
[2010.12.29 16:08:46 | 000,315,392 | ---- | C] () -- C:\Windows\autobuildnumber.exe
[2010.12.17 16:15:57 | 000,000,096 | ---- | C] () -- C:\Users\Samuel 2\AppData\Local\fusioncache.dat
[2010.12.08 18:26:36 | 000,000,600 | ---- | C] () -- C:\Users\Samuel 2\AppData\Roaming\winscp.rnd
[2010.11.26 23:12:28 | 000,000,600 | ---- | C] () -- C:\Users\Samuel 2\AppData\Local\PUTTY.RND
[2010.11.22 19:16:32 | 000,137,344 | ---- | C] () -- C:\Windows\SysWow64\drivers\hwpsgt.sys
[2010.11.22 19:16:32 | 000,009,472 | ---- | C] () -- C:\Windows\SysWow64\drivers\lemsgt.sys
[2010.11.02 11:59:12 | 000,981,059 | ---- | C] () -- C:\Windows\unins000.exe
[2010.11.02 11:59:12 | 000,009,332 | ---- | C] () -- C:\Windows\unins000.dat
[2010.09.13 17:42:36 | 000,002,913 | ---- | C] () -- C:\Users\Samuel 2\AppData\Local\Temppenciltemp.png
[2010.07.30 18:36:18 | 000,006,656 | ---- | C] () -- C:\Users\Samuel 2\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.07.26 19:01:54 | 000,020,179 | ---- | C] () -- C:\Users\Samuel 2\AppData\Roaming\UserTile.png
[2010.07.10 14:50:11 | 000,000,075 | RHS- | C] () -- C:\Windows\ICLET30.BIN
[2010.06.30 16:39:23 | 000,000,000 | ---- | C] () -- C:\Users\Samuel 2\AppData\Roaming\~QUIZ
[2010.06.09 18:36:49 | 000,001,463 | ---- | C] () -- C:\Users\Samuel 2\AppData\Local\RecConfig.xml
[2010.06.08 13:59:36 | 000,179,179 | ---- | C] () -- C:\Windows\hphins15.dat
[2010.06.08 13:59:36 | 000,002,011 | ---- | C] () -- C:\Windows\hphmdl15.dat

========== LOP Check ==========

[2010.12.25 16:42:21 | 000,000,000 | ---D | M] -- C:\Users\Samuel 2\AppData\Roaming\Arduino
[2010.11.22 19:18:01 | 000,000,000 | ---D | M] -- C:\Users\Samuel 2\AppData\Roaming\Ascaron Entertainment
[2011.11.18 16:18:59 | 000,000,000 | ---D | M] -- C:\Users\Samuel 2\AppData\Roaming\Bitcoin
[2010.10.06 17:17:44 | 000,000,000 | ---D | M] -- C:\Users\Samuel 2\AppData\Roaming\Blender Foundation
[2011.12.12 19:37:03 | 000,000,000 | ---D | M] -- C:\Users\Samuel 2\AppData\Roaming\CBL-Electronics
[2011.11.11 16:33:39 | 000,000,000 | ---D | M] -- C:\Users\Samuel 2\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011.10.30 18:12:36 | 000,000,000 | ---D | M] -- C:\Users\Samuel 2\AppData\Roaming\Cocoon Software
[2011.11.04 00:09:08 | 000,000,000 | ---D | M] -- C:\Users\Samuel 2\AppData\Roaming\com.adobe.DC3Module.AdobeADC
[2011.11.26 20:13:57 | 000,000,000 | ---D | M] -- C:\Users\Samuel 2\AppData\Roaming\com.adobe.dmp.contentviewer
[2011.11.02 20:16:41 | 000,000,000 | ---D | M] -- C:\Users\Samuel 2\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011.04.02 23:02:42 | 000,000,000 | ---D | M] -- C:\Users\Samuel 2\AppData\Roaming\DarkWave Studio
[2011.11.05 16:48:44 | 000,000,000 | ---D | M] -- C:\Users\Samuel 2\AppData\Roaming\Dev-Cpp
[2012.05.07 14:30:38 | 000,000,000 | ---D | M] -- C:\Users\Samuel 2\AppData\Roaming\Dropbox
[2010.05.21 12:40:38 | 000,000,000 | ---D | M] -- C:\Users\Samuel 2\AppData\Roaming\DzSoft
[2010.07.10 13:52:55 | 000,000,000 | ---D | M] -- C:\Users\Samuel 2\AppData\Roaming\EurekaLog
[2012.05.06 01:12:11 | 000,000,000 | ---D | M] -- C:\Users\Samuel 2\AppData\Roaming\FileZilla
[2010.07.02 21:35:25 | 000,000,000 | ---D | M] -- C:\Users\Samuel 2\AppData\Roaming\FOG Downloader
[2012.04.05 14:55:38 | 000,000,000 | ---D | M] -- C:\Users\Samuel 2\AppData\Roaming\FreeHideIP
[2010.11.16 18:35:37 | 000,000,000 | ---D | M] -- C:\Users\Samuel 2\AppData\Roaming\FRITZ!
[2012.04.23 20:05:04 | 000,000,000 | ---D | M] -- C:\Users\Samuel 2\AppData\Roaming\GetRightToGo
[2011.06.17 23:14:55 | 000,000,000 | ---D | M] -- C:\Users\Samuel 2\AppData\Roaming\go
[2012.01.13 16:27:36 | 000,000,000 | ---D | M] -- C:\Users\Samuel 2\AppData\Roaming\gtk-2.0
[2010.06.24 16:00:35 | 000,000,000 | ---D | M] -- C:\Users\Samuel 2\AppData\Roaming\Imperium Romanum
[2010.06.08 16:14:00 | 000,000,000 | ---D | M] -- C:\Users\Samuel 2\AppData\Roaming\Inkscape
[2010.10.03 19:57:03 | 000,000,000 | ---D | M] -- C:\Users\Samuel 2\AppData\Roaming\ISTool
[2011.02.09 14:55:53 | 000,000,000 | ---D | M] -- C:\Users\Samuel 2\AppData\Roaming\Leadertech
[2010.07.23 12:04:22 | 000,000,000 | ---D | M] -- C:\Users\Samuel 2\AppData\Roaming\Lost Marble
[2011.04.23 22:13:06 | 000,000,000 | ---D | M] -- C:\Users\Samuel 2\AppData\Roaming\ManyCam
[2010.11.26 19:33:43 | 000,000,000 | ---D | M] -- C:\Users\Samuel 2\AppData\Roaming\MrJobs
[2010.04.03 11:16:19 | 000,000,000 | ---D | M] -- C:\Users\Samuel 2\AppData\Roaming\Opera
[2010.07.26 19:01:54 | 000,000,000 | ---D | M] -- C:\Users\Samuel 2\AppData\Roaming\PeerNetworking
[2012.02.10 22:04:58 | 000,000,000 | ---D | M] -- C:\Users\Samuel 2\AppData\Roaming\PopSoft
[2011.12.25 15:04:19 | 000,000,000 | ---D | M] -- C:\Users\Samuel 2\AppData\Roaming\Sony
[2012.05.07 14:33:46 | 000,000,000 | ---D | M] -- C:\Users\Samuel 2\AppData\Roaming\Spotify
[2011.11.03 00:01:44 | 000,000,000 | ---D | M] -- C:\Users\Samuel 2\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012.04.08 09:21:37 | 000,000,000 | ---D | M] -- C:\Users\Samuel 2\AppData\Roaming\Steganos
[2012.04.11 17:39:39 | 000,000,000 | ---D | M] -- C:\Users\Samuel 2\AppData\Roaming\TeamViewer
[2011.11.01 19:36:17 | 000,000,000 | ---D | M] -- C:\Users\Samuel 2\AppData\Roaming\Thunderbird
[2011.05.28 22:45:18 | 000,000,000 | ---D | M] -- C:\Users\Samuel 2\AppData\Roaming\WildTangent
[2010.12.07 18:25:45 | 000,000,000 | ---D | M] -- C:\Users\Samuel 2\AppData\Roaming\Windows Live Writer
[2011.03.10 22:52:43 | 000,000,000 | ---D | M] -- C:\Users\Samuel 2\AppData\Roaming\XMedia Recode
[2012.05.06 20:59:05 | 000,000,918 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3109684298-3459403227-3296056258-1013Core.job
[2012.05.07 11:58:01 | 000,000,940 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3109684298-3459403227-3296056258-1013UA.job
[2012.03.26 13:29:56 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
samweb
Regular Member
 
Posts: 15
Joined: May 5th, 2012, 11:38 am

Re: Add box in left corner

Unread postby samweb » May 7th, 2012, 8:46 am

One more note: maybe i should try the [ResetHosts] Command in OTL one more time, maybe one of the programms I deleted through the OTL fix was locking the host file... (because i got a message at otl: access denied or something like that...)
samweb
Regular Member
 
Posts: 15
Joined: May 5th, 2012, 11:38 am

Re: Add box in left corner

Unread postby Gary R » May 7th, 2012, 9:11 am

No don't bother doing that, we have other ways of resetting your hosts file.

I'll get back to you once I've finished looking over your latest logs.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21866
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 54 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware