Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Taskmanager schließt bei Drücken von "mehr Details"

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 01.02.2013, 12:05   #1
Quadpac
 
Taskmanager schließt bei Drücken von "mehr Details" - Standard

Taskmanager schließt bei Drücken von "mehr Details"



Hallo Leutles,

habe mich auf eurem Board wirklich totgelesen, super Tipps , aber irgendwie hat es mir nicht weitergeholfen, wahrscheinlich liegts an meinen 0815-PC-Kentnissen.

Hier mein Problem (gab es ja schon mehrfach):

Taskmanager beendet sich automatisch wenn ich auf "mehr Details" klicke, nach ca. 3-4 Sekunden.
Habe Malwarebytes Anti-Malware drüber laufen lassen, hatte aber nichts gefunden.
Kaspersky hat auch nichts gefunden.
Habe scannow ausgeführt, der hat was repariert, werde ich beim nächsten Start merken.
Habe HiJakThis starten lassen und hier mein Logfile, hoffe ich habe es nach der Anleitung richtig bearbeitet....
Ich benutze Windows 8 Pro, bin kein P2P-User, habe eigentlich nur Originalsoftware auf dem Rechner und einiges an Freeware. Habe die gleichen Teile auch auf meinen Tablet, aber da geht alles.

Ich hoffe, ich habt ein Tipp für mich

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:21:40, on 01.02.2013
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v10.0 (10.00.9200.16453)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\MEDION\MEDION NAS TOOL\MEDION NAS TOOL.exe
C:\Program Files (x86)\Fieldston Software\gSyncit\gsyncit.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\SpeedProject\SpeedCommander 13\SpeedCommander.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://lenovo13.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://www.mystart.com/?pr=vmn&id=yolobartb&v=1_0&ent=hp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
O2 - BHO: ContentBlockerBrowserHelperObject - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
O2 - BHO: VirtualKeyboardBrowserHelperObject - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O2 - BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll
O2 - BHO: ClassicIE9BHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll
O3 - Toolbar: Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\runner_avp.exe"
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
O4 - HKCU\..\Run: [MEDION NAS TOOL] C:\Program Files (x86)\MEDION\MEDION NAS TOOL\MEDION NAS TOOL.exe
O4 - HKCU\..\Run: [gSyncit] C:\Program Files (x86)\Fieldston Software\gSyncit\gsyncit.exe
O4 - HKCU\..\Run: [] \
O4 - HKCU\..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
O4 - HKCU\..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O9 - Extra button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra button: (no name) - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE9_32.exe
O9 - Extra 'Tools' menuitem: Classic IE9 Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE9_32.exe
O9 - Extra button: (no name) - {64964764-1101-4bbd-8891-B56B1A53B9B3} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~2\NVIDIA~1\3DVISI~1\nvStInit.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Classic Shell Service (ClassicShellService) - IvoSoft - C:\Program Files\Classic Shell\ClassicShellService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update-Dienst (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Samsung Network Fax Server - Samsung Electronics Co., Ltd. - C:\Windows\system32\spool\drivers\x64\3\NetFaxServer64.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12454 bytes

Alt 01.02.2013, 14:24   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Taskmanager schließt bei Drücken von "mehr Details" - Standard

Taskmanager schließt bei Drücken von "mehr Details"





Lesestoff:
Bitte keine Hijackthis-Logfiles posten!!!


Zitat:
Zitat von Larusso Beitrag anzeigen
Uns ist klar, dass HijackThis wahrscheinlich eines der bekanntesten Analysetools ist.
Jedoch scannt es nur noch sehr oberflächlich und gibt uns für eine genaue Analyse eures Systems zu wenig Informationen.

Darum, bitte keine HijackThis Logfiles posten, sondern folgendes lesen und abarbeiten.

http://www.trojaner-board.de/69886-a...-beachten.html

Nur mit diesen Informationen können wir euch helfen.

Danke
__________________

__________________

Alt 01.02.2013, 16:41   #3
Quadpac
 
Taskmanager schließt bei Drücken von "mehr Details" - Standard

Taskmanager schließt bei Drücken von "mehr Details"



So, nun mal hoffentlich doch nach Anleitung

OTLOTL Logfile:
Code:
ATTFilter
OTL logfile created on: 01.02.2013 16:17:40 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\****\Downloads
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16453)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,94 Gb Total Physical Memory | 4,18 Gb Available Physical Memory | 70,36% Memory free
11,94 Gb Paging File | 10,04 Gb Available in Paging File | 84,04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1801,30 Gb Total Space | 1089,88 Gb Free Space | 60,50% Space Free | Partition Type: NTFS
Drive D: | 60,00 Gb Total Space | 44,46 Gb Free Space | 74,10% Space Free | Partition Type: NTFS
Drive E: | 261,84 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: ****-PC | User Name: **** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.02.01 16:14:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\****\Downloads\OTL.exe
PRC - [2013.01.29 01:33:04 | 000,213,384 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler.exe
PRC - [2013.01.16 21:36:36 | 000,167,104 | ---- | M] (Fieldston Software) -- C:\Program Files (x86)\Fieldston Software\gSyncit\gsyncit.exe
PRC - [2012.12.29 09:55:32 | 000,068,608 | ---- | M] (IvoSoft) -- C:\Program Files\Classic Shell\ClassicShellService.exe
PRC - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.12.17 19:50:28 | 016,328,976 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
PRC - [2012.12.01 12:59:27 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
PRC - [2012.11.30 22:43:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.08.16 13:37:56 | 000,277,504 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2012.08.16 13:37:50 | 000,007,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2012.07.19 18:00:54 | 000,365,376 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2012.07.19 18:00:52 | 000,277,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2012.07.19 18:00:29 | 000,166,720 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
PRC - [2012.07.13 16:27:00 | 000,769,432 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2012.07.10 08:54:12 | 001,822,208 | ---- | M] () -- C:\Program Files (x86)\MEDION\MEDION NAS TOOL\MEDION NAS TOOL.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.02.01 16:11:39 | 001,169,408 | ---- | M] () -- C:\Users\****\AppData\Local\Temp\_MEI65122\wx._core_.pyd
MOD - [2013.02.01 16:11:39 | 001,024,616 | ---- | M] () -- C:\Users\****\AppData\Local\Temp\_MEI65122\windows._cacheinvalidation.pyd
MOD - [2013.02.01 16:11:39 | 000,807,424 | ---- | M] () -- C:\Users\****\AppData\Local\Temp\_MEI65122\wx._windows_.pyd
MOD - [2013.02.01 16:11:39 | 000,792,576 | ---- | M] () -- C:\Users\****\AppData\Local\Temp\_MEI65122\wx._gdi_.pyd
MOD - [2013.02.01 16:11:39 | 000,731,136 | ---- | M] () -- C:\Users\****\AppData\Local\Temp\_MEI65122\wx._misc_.pyd
MOD - [2013.02.01 16:11:39 | 000,645,120 | ---- | M] () -- C:\Users\****\AppData\Local\Temp\_MEI65122\_ssl.pyd
MOD - [2013.02.01 16:11:39 | 000,571,392 | ---- | M] () -- C:\Users\****\AppData\Local\Temp\_MEI65122\pysqlite2._sqlite.pyd
MOD - [2013.02.01 16:11:39 | 000,354,304 | ---- | M] () -- C:\Users\****\AppData\Local\Temp\_MEI65122\pythoncom26.dll
MOD - [2013.02.01 16:11:39 | 000,311,808 | ---- | M] () -- C:\Users\****\AppData\Local\Temp\_MEI65122\_hashlib.pyd
MOD - [2013.02.01 16:11:39 | 000,263,168 | ---- | M] () -- C:\Users\****\AppData\Local\Temp\_MEI65122\win32com.shell.shell.pyd
MOD - [2013.02.01 16:11:39 | 000,153,088 | ---- | M] () -- C:\Users\****\AppData\Local\Temp\_MEI65122\pyexpat.pyd
MOD - [2013.02.01 16:11:39 | 000,121,856 | ---- | M] () -- C:\Users\****\AppData\Local\Temp\_MEI65122\wx._wizard.pyd
MOD - [2013.02.01 16:11:39 | 000,111,104 | ---- | M] () -- C:\Users\****\AppData\Local\Temp\_MEI65122\win32file.pyd
MOD - [2013.02.01 16:11:39 | 000,110,592 | ---- | M] () -- C:\Users\****\AppData\Local\Temp\_MEI65122\win32security.pyd
MOD - [2013.02.01 16:11:39 | 000,110,592 | ---- | M] () -- C:\Users\****\AppData\Local\Temp\_MEI65122\pywintypes26.dll
MOD - [2013.02.01 16:11:39 | 000,096,256 | ---- | M] () -- C:\Users\****\AppData\Local\Temp\_MEI65122\win32api.pyd
MOD - [2013.02.01 16:11:39 | 000,086,016 | ---- | M] () -- C:\Users\****\AppData\Local\Temp\_MEI65122\_elementtree.pyd
MOD - [2013.02.01 16:11:39 | 000,073,728 | ---- | M] () -- C:\Users\****\AppData\Local\Temp\_MEI65122\_ctypes.pyd
MOD - [2013.02.01 16:11:39 | 000,070,656 | ---- | M] () -- C:\Users\****\AppData\Local\Temp\_MEI65122\wx._html2.pyd
MOD - [2013.02.01 16:11:39 | 000,040,448 | ---- | M] () -- C:\Users\****\AppData\Local\Temp\_MEI65122\_socket.pyd
MOD - [2013.02.01 16:11:39 | 000,039,424 | ---- | M] () -- C:\Users\****\AppData\Local\Temp\_MEI65122\win32inet.pyd
MOD - [2013.02.01 16:11:39 | 000,036,352 | ---- | M] () -- C:\Users\****\AppData\Local\Temp\_MEI65122\win32process.pyd
MOD - [2013.02.01 16:11:39 | 000,023,040 | ---- | M] () -- C:\Users\****\AppData\Local\Temp\_MEI65122\win32ts.pyd
MOD - [2013.02.01 16:11:39 | 000,022,528 | ---- | M] () -- C:\Users\****\AppData\Local\Temp\_MEI65122\win32pdh.pyd
MOD - [2013.02.01 16:11:39 | 000,017,920 | ---- | M] () -- C:\Users\****\AppData\Local\Temp\_MEI65122\win32profile.pyd
MOD - [2013.02.01 16:11:39 | 000,011,776 | ---- | M] () -- C:\Users\****\AppData\Local\Temp\_MEI65122\win32crypt.pyd
MOD - [2013.02.01 16:11:38 | 001,056,256 | ---- | M] () -- C:\Users\****\AppData\Local\Temp\_MEI65122\wx._controls_.pyd
MOD - [2013.02.01 16:11:38 | 000,585,728 | ---- | M] () -- C:\Users\****\AppData\Local\Temp\_MEI65122\unicodedata.pyd
MOD - [2013.02.01 16:11:38 | 000,017,920 | ---- | M] () -- C:\Users\****\AppData\Local\Temp\_MEI65122\win32event.pyd
MOD - [2013.02.01 16:11:38 | 000,011,776 | ---- | M] () -- C:\Users\****\AppData\Local\Temp\_MEI65122\select.pyd
MOD - [2013.01.29 17:08:50 | 000,121,920 | ---- | M] () -- C:\Program Files\Microsoft Office 15\root\Office15\JitV.dll
MOD - [2013.01.29 17:04:55 | 000,354,368 | ---- | M] () -- C:\Program Files\Microsoft Office 15\root\Office15\c2r32.dll
MOD - [2013.01.29 17:04:54 | 000,312,912 | ---- | M] () -- C:\Program Files\Microsoft Office 15\root\Office15\AppVIsvStream32.dll
MOD - [2013.01.16 21:36:34 | 001,940,992 | ---- | M] () -- C:\Program Files (x86)\Fieldston Software\gSyncit\gSyncit.core.dll
MOD - [2012.11.22 00:33:58 | 000,837,632 | ---- | M] () -- C:\Program Files (x86)\Fieldston Software\gSyncit\System.Data.SQLite.dll
MOD - [2012.08.17 21:38:56 | 000,479,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll
MOD - [2012.07.10 08:54:12 | 001,822,208 | ---- | M] () -- C:\Program Files (x86)\MEDION\MEDION NAS TOOL\MEDION NAS TOOL.exe
MOD - [2012.01.09 03:25:56 | 000,806,912 | ---- | M] () -- C:\Program Files (x86)\MEDION\MEDION NAS TOOL\LIBEAY32.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012.12.29 09:55:32 | 000,068,608 | ---- | M] (IvoSoft) [Auto | Running] -- C:\Program Files\Classic Shell\ClassicShellService.exe -- (ClassicShellService)
SRV:64bit: - [2012.12.06 05:23:00 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2012.12.06 05:22:59 | 000,178,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2012.11.23 18:07:10 | 001,855,064 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe -- (OfficeSvc)
SRV:64bit: - [2012.11.06 05:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2012.11.06 05:17:41 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2012.09.20 10:10:47 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2012.09.20 07:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2012.09.20 07:30:41 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2012.09.10 07:54:54 | 000,239,616 | ---- | M] (Samsung Electronics Co., Ltd.) [Auto | Running] -- C:\Windows\SysNative\spool\drivers\x64\3\NetFaxServer64.exe -- (Samsung Network Fax Server)
SRV:64bit: - [2012.07.26 04:17:59 | 000,015,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2012.07.26 04:08:04 | 001,968,128 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2012.07.26 04:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2012.07.26 04:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2012.07.26 04:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2012.07.26 04:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2012.07.26 04:06:36 | 000,463,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2012.07.26 04:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2012.07.26 04:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2012.07.26 04:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012.07.26 04:06:00 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2012.07.26 04:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012.07.26 04:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2012.07.26 04:05:28 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2012.07.26 04:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2012.07.26 04:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2012.06.19 19:10:34 | 000,634,632 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV - [2013.01.19 17:14:12 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.01.12 20:13:18 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.12.03 16:47:14 | 001,259,880 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.12.02 08:09:41 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012.12.01 12:59:27 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe -- (AVP)
SRV - [2012.11.30 22:43:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.11.06 05:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012.09.10 07:54:54 | 000,239,616 | ---- | M] (Samsung Electronics Co., Ltd.) [Auto | Running] -- C:\Windows\system32\spool\drivers\x64\3\NetFaxServer64.exe -- (Samsung Network Fax Server)
SRV - [2012.08.16 13:37:50 | 000,007,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2012.07.26 04:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2012.07.19 18:00:54 | 000,365,376 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012.07.19 18:00:52 | 000,277,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012.07.19 18:00:29 | 000,166,720 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service)
SRV - [2012.07.13 16:27:00 | 000,769,432 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.12.05 16:06:57 | 000,048,472 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\klwfp.sys -- (klwfp)
DRV:64bit: - [2012.12.05 16:06:57 | 000,029,016 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\klkbdflt.sys -- (klkbdflt)
DRV:64bit: - [2012.12.01 13:08:37 | 000,029,528 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2012.12.01 13:08:36 | 000,612,696 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\klif.sys -- (KLIF)
DRV:64bit: - [2012.11.27 08:00:32 | 000,194,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2012.11.27 04:56:29 | 000,031,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2012.11.27 04:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2012.11.20 05:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2012.11.06 08:52:07 | 000,445,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2012.11.06 08:36:23 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:64bit: - [2012.11.06 04:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2012.11.02 15:38:32 | 000,050,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\point64.sys -- (Point64)
DRV:64bit: - [2012.11.01 21:52:50 | 000,075,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2012.10.12 09:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.10.11 08:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2012.10.11 08:13:49 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
DRV:64bit: - [2012.10.11 06:19:44 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2012.09.20 08:55:33 | 000,337,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2012.09.20 08:55:33 | 000,212,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2012.09.20 08:55:30 | 000,120,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2012.09.20 08:55:29 | 000,028,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2012.09.20 08:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2012.09.20 08:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2012.09.20 08:03:08 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:64bit: - [2012.08.16 13:33:42 | 000,645,952 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2012.08.13 16:49:40 | 000,178,008 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\kneps.sys -- (kneps)
DRV:64bit: - [2012.08.07 16:17:10 | 001,576,080 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RTWlanU.sys -- (RtlWlanu)
DRV:64bit: - [2012.08.07 16:17:10 | 001,576,080 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RTWlanU.sys -- (RTL8192cu)
DRV:64bit: - [2012.08.02 15:09:32 | 000,028,504 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2012.07.30 17:04:12 | 000,690,832 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2012.07.27 18:38:24 | 000,029,616 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\klelam.sys -- (klelam)
DRV:64bit: - [2012.07.26 06:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.07.26 06:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:64bit: - [2012.07.26 06:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2012.07.26 06:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2012.07.26 06:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2012.07.26 06:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2012.07.26 06:00:55 | 000,283,888 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2012.07.26 06:00:55 | 000,077,552 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:64bit: - [2012.07.26 06:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2012.07.26 06:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2012.07.26 06:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2012.07.26 06:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2012.07.26 06:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2012.07.26 06:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2012.07.26 06:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2012.07.26 06:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2012.07.26 06:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:64bit: - [2012.07.26 06:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012.07.26 06:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012.07.26 05:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2012.07.26 05:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2012.07.26 05:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:64bit: - [2012.07.26 05:44:30 | 000,258,288 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2012.07.26 05:36:15 | 000,034,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2012.07.26 04:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012.07.26 03:29:47 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2012.07.26 03:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2012.07.26 03:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2012.07.26 03:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2012.07.26 03:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2012.07.26 03:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2012.07.26 03:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2012.07.26 03:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2012.07.26 03:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2012.07.26 03:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2012.07.26 03:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2012.07.26 03:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2012.07.26 03:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2012.07.26 03:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2012.07.26 03:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012.07.26 03:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2012.07.26 03:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2012.07.26 03:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.07.26 03:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2012.07.26 03:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2012.07.26 03:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2012.07.26 03:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2012.07.03 16:25:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012.07.02 23:16:02 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012.06.24 00:24:52 | 015,283,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012.06.19 17:28:12 | 000,458,584 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\kl1.sys -- (kl1)
DRV:64bit: - [2012.02.15 14:16:48 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\SSPORT.sys -- (SSPORT)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = h**t://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = h**t://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = h**t://lenovo13.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = h**t://www.mystart.com/?pr=vmn&id=yolobartb&v=1_0&ent=hp
IE - HKCU\..\SearchScopes,DefaultScope = {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
IE - HKCU\..\SearchScopes\{04FECF4B-1673-4021-80A5-5AAFF6BD005E}: "URL" = h**t://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = h**t://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = h**t://www2.mystart.com/results.php?pr=vmn&id=yolobartb&v=1_0&ent=ch&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "h**t://www.google.de"
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.13
FF - prefs.js..extensions.enabledAddons: youtubeunblocker%40unblocker.yt:0.3.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2012.12.20 18:47:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2012.12.20 18:47:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2012.12.20 18:47:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2012.12.20 18:47:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2012.12.20 18:47:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.19 17:14:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.13 07:37:44 | 000,000,000 | ---D | M]
 
[2012.12.03 06:41:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Extensions
[2013.02.01 09:06:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\s8t324qt.default\extensions
[2013.01.12 22:14:30 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\s8t324qt.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013.01.29 07:33:10 | 000,004,412 | ---- | M] () (No name found) -- C:\Users\****\AppData\Roaming\mozilla\firefox\profiles\s8t324qt.default\extensions\youtubeunblocker@unblocker.yt.xpi
[2013.01.18 00:26:03 | 000,256,017 | ---- | M] () (No name found) -- C:\Users\****\AppData\Roaming\mozilla\firefox\profiles\s8t324qt.default\extensions\{9cfdd5db-2841-4970-acbc-b812ac1092e8}.xpi
[2013.02.01 09:06:32 | 000,817,973 | ---- | M] () (No name found) -- C:\Users\****\AppData\Roaming\mozilla\firefox\profiles\s8t324qt.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.12.03 06:41:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.01.19 17:14:13 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.11.29 10:19:31 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.11.29 10:19:31 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.11.29 10:19:31 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.11.29 10:19:32 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.10.31 21:30:44 | 000,002,242 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\mystarttb.xml
[2012.11.29 10:19:31 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.11.29 10:19:31 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: h**t://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: h**t://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\pdf.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0\plugin/npABPlugin.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\plugin/npUrlAdvisor.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4190_0\plugin/npVKPlugin.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0\plugin/online_banking_npapi.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Users\****\AppData\Roaming\Mozilla\plugins\np-mswmp.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: Java(TM) Platform SE 7 U9 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - Extension: Google Drive = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Adblock Plus = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.3.4_1\
CHR - Extension: Google-Suche = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Modul zur Link-Untersuchung = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\
CHR - Extension: Sicherer Zahlungsverkehr = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0\
CHR - Extension: Virtuelle Tastatur = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4190_0\
CHR - Extension: Google Maps = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.7_0\
CHR - Extension: Amazon Deutsch = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\mckgjahkffbhkbbginonfihaohmbdcie\1.0_0\
CHR - Extension: CleanWebApp (Adblock + Privacy) = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjkcflkplhgpebknipkekjggglimnone\0.1.3_0\
CHR - Extension: Google Mail = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Anti-Banner = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0\
 
O1 HOSTS File: ([2012.07.26 06:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (ClassicIE9BHO Class) - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_64.dll (IvoSoft)
O2 - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (ClassicIE9BHO Class) - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll (IvoSoft)
O3:64bit: - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
O3 - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelliType Pro] c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\runner_avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [] \ File not found
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKCU..\Run: [gSyncit] C:\Program Files (x86)\Fieldston Software\gSyncit\gsyncit.exe (Fieldston Software)
O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics)
O4 - HKCU..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O4 - HKCU..\Run: [MEDION NAS TOOL] C:\Program Files (x86)\MEDION\MEDION NAS TOOL\MEDION NAS TOOL.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ConfirmFileDelete = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - h**t://rover.ebay.com/rover/1/707-154514-44482-15/4 File not found
O9:64bit: - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - h**t://rover.ebay.com/rover/1/707-154514-44482-15/4 File not found
O9:64bit: - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Classic IE9 Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE9_32.exe (IvoSoft)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Classic IE9 Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE9_32.exe (IvoSoft)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{032A9019-D334-4199-9B12-3BC8F6E32088}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{281685EA-5281-425D-A206-752B81C1E90D}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL) -  File not found
O20 - AppInit_DLLs: (C:\PROGRA~2\NVIDIA~1\3DVISI~1\nvStInit.dll) -  File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{3e53439b-3bbf-11e2-be92-d43d7e2e44d0}\Shell - "" = AutoRun
O33 - MountPoints2\{3e53439b-3bbf-11e2-be92-d43d7e2e44d0}\Shell\AutoRun\command - "" = "J:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.01 11:19:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2013.02.01 11:19:32 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2013.01.31 07:20:06 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Malwarebytes
[2013.01.31 07:19:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.01.30 06:38:53 | 000,000,000 | ---D | C] -- C:\Users\****\Documents\Benutzerdefinierte Office-Vorlagen
[2013.01.29 17:05:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
[2013.01.29 17:00:15 | 000,000,000 | R--D | C] -- C:\Users\****\SkyDrive
[2013.01.29 17:00:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SkyDrive
[2013.01.29 17:00:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft SkyDrive
[2013.01.29 16:34:36 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office 15
[2013.01.28 23:10:57 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2013.01.28 22:56:41 | 000,000,000 | ---D | C] -- C:\Users\****\Application Data
[2013.01.28 22:56:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NAVIGON
[2013.01.28 22:56:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NAVIGON
[2013.01.28 15:35:28 | 000,000,000 | ---D | C] -- C:\Users\****\Documents\Wondershare PDF Password Remover
[2013.01.26 10:59:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
[2013.01.26 10:58:51 | 000,821,824 | ---- | C] (Devguru Co., Ltd.) -- C:\Windows\SysWow64\dgderapi.dll
[2013.01.22 08:29:58 | 000,000,000 | ---D | C] -- C:\Program Files\Paint.NET
[2013.01.22 08:29:32 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\Paint.NET
[2013.01.18 10:03:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013.01.17 19:01:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ACD Systems
[2013.01.17 19:01:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ACD Systems
[2013.01.17 19:01:56 | 000,000,000 | ---D | C] -- C:\Program Files\ACD Systems
[2013.01.13 07:55:20 | 000,000,000 | ---D | C] -- C:\Users\****\Documents\AdobeStockPhotos
[2013.01.13 06:38:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photoshop CS2
[2013.01.12 23:46:14 | 000,000,000 | ---D | C] -- C:\Users\****\Documents\Updater
[2013.01.12 23:43:12 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Adobe PDF
[2013.01.12 23:43:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe Systems Shared
[2013.01.12 23:40:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PhotoshopCS2
[2013.01.12 22:12:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\yolobartb
[2013.01.12 20:20:16 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\Newshosting
[2013.01.12 20:20:16 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\CrashRpt
[2013.01.12 20:20:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Caphyon
[2013.01.12 20:19:07 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Newshosting
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.01 16:17:19 | 000,001,253 | ---- | M] () -- C:\Users\****\Desktop\HiJackThis - Verknüpfung.lnk
[2013.02.01 16:17:19 | 000,001,074 | ---- | M] () -- C:\Users\****\Desktop\gmer_2.0.18454 - Verknüpfung.lnk
[2013.02.01 16:17:19 | 000,000,969 | ---- | M] () -- C:\Users\****\Desktop\OTL - Verknüpfung.lnk
[2013.02.01 16:17:19 | 000,000,677 | ---- | M] () -- C:\Users\****\Desktop\defogger_disable - Verknüpfung.lnk
[2013.02.01 16:17:19 | 000,000,637 | ---- | M] () -- C:\Users\****\Desktop\Defogger - Verknüpfung.lnk
[2013.02.01 16:13:16 | 000,000,000 | ---- | M] () -- C:\Users\****\defogger_reenable
[2013.02.01 16:10:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.01 11:19:32 | 000,002,985 | ---- | M] () -- C:\Users\****\Desktop\HiJackThis.lnk
[2013.02.01 11:07:49 | 000,001,126 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.02.01 11:07:48 | 000,001,122 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.02.01 11:07:22 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.01 11:04:03 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013.02.01 11:04:00 | 810,344,447 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.01 09:17:46 | 000,018,066 | ---- | M] () -- C:\Users\****\Documents\cc_20130201_091741.reg
[2013.01.29 15:37:36 | 001,748,838 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.01.29 15:37:36 | 000,752,930 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.01.29 15:37:36 | 000,711,084 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.01.29 15:37:36 | 000,156,156 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.01.29 15:37:36 | 000,132,952 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.01.18 09:57:08 | 000,103,008 | ---- | M] () -- C:\Users\****\Documents\cc_20130118_095701.reg
[2013.01.15 21:13:01 | 005,041,248 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2013.02.01 16:17:19 | 000,001,253 | ---- | C] () -- C:\Users\****\Desktop\HiJackThis - Verknüpfung.lnk
[2013.02.01 16:17:19 | 000,001,074 | ---- | C] () -- C:\Users\****\Desktop\gmer_2.0.18454 - Verknüpfung.lnk
[2013.02.01 16:17:19 | 000,000,969 | ---- | C] () -- C:\Users\****\Desktop\OTL - Verknüpfung.lnk
[2013.02.01 16:17:19 | 000,000,677 | ---- | C] () -- C:\Users\****\Desktop\defogger_disable - Verknüpfung.lnk
[2013.02.01 16:17:19 | 000,000,637 | ---- | C] () -- C:\Users\****\Desktop\Defogger - Verknüpfung.lnk
[2013.02.01 16:13:16 | 000,000,000 | ---- | C] () -- C:\Users\****\defogger_reenable
[2013.02.01 11:19:32 | 000,002,985 | ---- | C] () -- C:\Users\****\Desktop\HiJackThis.lnk
[2013.02.01 09:17:44 | 000,018,066 | ---- | C] () -- C:\Users\****\Documents\cc_20130201_091741.reg
[2013.01.29 17:00:15 | 000,002,188 | ---- | C] () -- C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk
[2013.01.22 08:30:09 | 000,001,304 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk
[2013.01.18 09:57:06 | 000,103,008 | ---- | C] () -- C:\Users\****\Documents\cc_20130118_095701.reg
[2013.01.15 21:12:46 | 005,041,248 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.01.13 18:11:27 | 000,110,592 | ---- | C] () -- C:\Windows\SysNative\OEMLicense.dll
[2013.01.13 18:11:27 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2013.01.12 23:43:52 | 000,002,093 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help Center.lnk
[2012.12.20 11:49:14 | 000,001,982 | ---- | C] () -- C:\Users\****\AppData\Local\recently-used.xbel
[2012.12.18 10:06:10 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012.12.15 16:42:54 | 001,554,336 | ---- | C] () -- C:\Windows\TotalUninstaller.exe
[2012.12.07 12:57:41 | 000,003,584 | ---- | C] () -- C:\Users\****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.12.06 12:55:57 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2012.12.03 06:56:22 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012.11.28 14:17:18 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012.11.28 14:17:18 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012.11.28 14:17:18 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012.11.28 14:17:18 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012.09.10 11:57:43 | 012,317,888 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.07.26 09:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2012.07.26 09:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2012.07.26 08:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2012.07.26 02:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2012.07.25 21:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2012.07.25 21:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012.07.25 21:22:56 | 000,733,840 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin
[2012.07.25 21:22:56 | 000,492,340 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin
[2012.06.19 18:52:42 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
[2012.06.02 15:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
 
========== ZeroAccess Check ==========
 
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.11.06 05:19:27 | 019,789,824 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.11.06 05:20:00 | 017,560,576 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.07.26 04:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012.07.26 04:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.07.26 04:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---

EXTRASOTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 01.02.2013 16:17:40 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\****\Downloads
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16453)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,94 Gb Total Physical Memory | 4,18 Gb Available Physical Memory | 70,36% Memory free
11,94 Gb Paging File | 10,04 Gb Available in Paging File | 84,04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1801,30 Gb Total Space | 1089,88 Gb Free Space | 60,50% Space Free | Partition Type: NTFS
Drive D: | 60,00 Gb Total Space | 44,46 Gb Free Space | 74,10% Space Free | Partition Type: NTFS
Drive E: | 261,84 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: ****-PC | User Name: **** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office XP\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office XP\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
h**t [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
h**ts [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [ACDSee Pro 6.Manage] -- "C:\Program Files\ACD Systems\ACDSee Pro\6.0\ACDSeeQVPro6.exe" "%1" (ACD Systems International Inc.)
Directory [Bilder-Planet Fotoservice] -- "C:\Program Files (x86)\Bilder-Planet\Bilder-Planet Fotoservice\Bilder-Planet Fotoservice.exe" "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\Bilder-Planet\Bilder-Planet Fotoservice\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office XP\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office XP\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
h**t [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
h**ts [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [ACDSee Pro 6.Manage] -- "C:\Program Files\ACD Systems\ACDSee Pro\6.0\ACDSeeQVPro6.exe" "%1" (ACD Systems International Inc.)
Directory [Bilder-Planet Fotoservice] -- "C:\Program Files (x86)\Bilder-Planet\Bilder-Planet Fotoservice\Bilder-Planet Fotoservice.exe" "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\Bilder-Planet\Bilder-Planet Fotoservice\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02087CE3-4E42-4FD1-82A4-3EE436DD47DE}" = rport=2869 | protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{08A4D5F4-6C64-497E-BA1C-4C46646E38BF}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{0BBC201B-5D5F-46DC-8027-53647FF4939A}" = rport=445 | protocol=6 | dir=out | app=system | 
"{0D687A0F-BE87-4AE1-BE8D-55B649DEEB65}" = lport=139 | protocol=6 | dir=in | app=system | 
"{1A8F3265-266F-4E48-A6FF-49FBD562EE48}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{1AB2073E-B1A2-42BF-A39B-C9B2EAE017C9}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\dashost.exe | 
"{1EE1DCC9-6032-4872-B315-CC4BD2A3D2C2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{21BE37CE-EAF4-4E16-8440-804AC7EA9AA5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{2262521A-39A5-475A-AC42-C14756F14F95}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{22B630F8-BC50-4E1F-9684-D7D8A8FEBF77}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{25B82CB3-1954-4CBC-AD04-6C85B5A3FFB8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{27011B1B-9D18-4FFC-A4B4-6EDE64797779}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{2AB978A1-63F9-4EA6-B1BE-72A41B9253A7}" = lport=445 | protocol=6 | dir=in | app=system | 
"{2E8004F3-D9D4-4D7E-9F74-3FBA06E82336}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{2E9D6F5C-B10A-4793-94EE-F4129E94D4FD}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{37DF2BB3-1ACA-4D96-B2A2-0F4081D12F8E}" = lport=138 | protocol=17 | dir=in | app=system | 
"{3C078360-D22A-4CF5-8FFB-35CA2E63F97C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{3C691BD1-3187-4E8E-BC72-3E6E034E5418}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{49A33F85-9D43-4611-AA16-05CD35B3A17A}" = rport=139 | protocol=6 | dir=out | app=system | 
"{4A103A03-94BF-4073-8BCA-577B6E0F9B08}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{5F7DF415-F44A-48B0-AB27-631F78F8AE68}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{61839DCC-73DC-46BA-927C-79B89F9518ED}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{65CC6FA4-3E53-4B33-AF6F-282F0F7371D7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{661DC6C6-EC01-4341-AD36-D8262CD0C3D4}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\outlook.exe | 
"{747FC4B8-A75F-489C-8996-034ED2AA3963}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{943E9B02-5A65-4103-904E-2F3AF24DD8B5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{9FDD1B61-2DD3-4F34-84D3-D4EAE65A954D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{AA126DC7-DD58-49A2-81CC-073938F88B55}" = rport=137 | protocol=17 | dir=out | app=system | 
"{B7400448-871A-4CAA-A55F-77F9574510C9}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{BA128828-9878-4B4E-9A86-2971449EB11D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{BF58A29C-9086-4AEE-A669-F33144527E7B}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{C23C793F-22ED-47D3-A1BC-A8DDEA43101B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F1EE98A0-BEE3-45DF-B03C-4660FA782C1A}" = lport=137 | protocol=17 | dir=in | app=system | 
"{F3C5EB45-9E8E-4490-AEB2-2298FA346D78}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{F5BBAB3D-BFBB-4EA2-BA1E-21F5C606224A}" = rport=138 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09039F4A-0CA1-434F-95EF-BC280F237B38}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\easy document creator\usdagent.exe | 
"{0AD460BC-E035-4957-8978-62C83863E025}" = dir=out | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
"{0AF96C80-3540-443C-B6DD-CA2AD459F3B1}" = dir=out | name=amazon | 
"{1449FE7C-8453-4AB3-AFE2-0EFE6AECBC7C}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{1506C6B9-47F4-4495-8851-1C57CF474D31}" = dir=in | name=ebay | 
"{15BBE609-B0FD-46CC-9E90-805FD6167B97}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{2230F223-150B-4AB8-93A1-864F146C63F6}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{256AB823-EFFD-48A4-8AB9-8B91395D3688}" = dir=out | name=accuweather for windows 8 | 
"{2A1CE9AB-D0AF-4EAF-AAE1-BF58EE9DC13C}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\cdas2pc\cdas2pc.exe | 
"{359ACD1D-5902-4267-8752-21096DCCC41C}" = dir=out | name=windows_ie_ac_001 | 
"{35C4E44E-D9E6-4B1E-ACE4-2F936F6AA7F6}" = dir=in | app=c:\users\****\appdata\local\microsoft\skydrive\skydrive.exe | 
"{37255170-1469-4107-8308-0F5ACDE6D2EC}" = dir=in | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | 
"{38D07375-E772-49AB-A1EF-E6BFB08EA910}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{3D6CEE1E-2272-462A-B7C2-BC1A2ECC7303}" = dir=out | name=@{microsoft.bingmaps_1.5.1.240_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | 
"{41991FCB-A232-4B06-8BA4-65FCCA8F2A75}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{41BA55FC-3842-4BAB-97C2-7374522F5D1A}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\ids.application.exe | 
"{5448048C-D6D8-4C8F-B262-6E7107DEEA38}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\ordersupplies.exe | 
"{5498E73A-E8AB-4B79-9CF9-37A60BF840C4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{54BCEEDF-D674-4DF0-B742-ACBEB1F7F1E0}" = dir=out | name=cinetrailer | 
"{576A212E-3A5A-45F6-8AF1-51E24E866F78}" = dir=in | name=meinestadt.de | 
"{58AA3F12-24DD-47EE-8A96-18FE4B11FD2B}" = dir=out | name=ebay | 
"{5A2846AF-D722-4808-A108-2B237BC2D153}" = dir=in | name=meinestadt.de | 
"{6018F42B-D692-4EDF-B628-8B4E60ABE6C2}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{60BECB40-B432-4A4C-A43E-F67F9C129967}" = dir=out | name=windows_ie_ac_001 | 
"{671EF1DA-B769-41C9-BB5E-AD3E7690DCCB}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{687F70E8-00A6-497F-8257-57715200A0B4}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\ordersupplies.exe | 
"{68B3AB5D-44DE-443E-9814-D1ABA8521567}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{69DB0B21-23BF-46DB-B6CA-9EBC93387DE5}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{6A80FB52-FAF9-49F4-9ED5-BD1F1EDC3CDF}" = dir=in | name=ebay | 
"{6B53840B-DB2F-45B6-9731-8CEF2F0FE9EE}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\easy document creator\usdagent.exe | 
"{6CE0BC13-69D1-416D-AC12-D3477736A2D8}" = dir=out | name=@{microsoft.bingweather_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | 
"{783B9D25-DE36-4F35-BD97-9BE80DDE39C8}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\cdas2pc\cdas2pc.exe | 
"{78FA9CB5-77D3-41AF-9F70-7BEAFD0A8320}" = dir=out | name=billiger.de | 
"{7CC0032A-134C-4577-B41D-4FEF7E446227}" = dir=out | name=meinestadt.de | 
"{7E69E84E-CDDF-4928-AEA6-1B18EA51FFDE}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{80C7EDCC-4118-42BD-AEB8-E40DEFC54FA2}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} | 
"{82D4E3BE-6A1A-4D2B-80F9-652281FD68C5}" = dir=in | name=@{microsoft.reader_6.2.9200.20523_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{919BD155-D11B-4DC5-9B90-26A9DA3DEC97}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | 
"{92C3C5D2-EBFC-4D95-9E8B-FD9546DB04E4}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{9C03F437-BE28-4AC9-B57F-CD0BAC59C8B3}" = dir=out | name=@{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | 
"{9F506187-1BC9-46D0-BB18-7397CB193724}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | 
"{A22A74A2-DC11-4B4B-AF57-B3A20AEB4DD3}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{A2BDA04E-165F-4F6A-9AAE-673FDF4562D3}" = protocol=6 | dir=in | app=c:\program files\common files\common desktop agent\cdasrv.exe | 
"{A569BA88-7C68-4F3A-BC58-2114B59B458E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{A5CCD083-CD65-4851-812D-D7D371C9EA7A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A6FDCAA2-EDCB-42E5-AFC6-839A756708ED}" = dir=out | name=@{microsoft.reader_6.2.9200.20523_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{A708470A-EFD8-4E34-9A61-9031BE0898A3}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{A9A25E19-2611-486F-A265-73B9C261E030}" = dir=out | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | 
"{ABF6CF8F-4F4F-402E-9090-96EE17D0D0A2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{AC539E1C-B39B-4233-81E9-FF3EFCDD9770}" = dir=out | name=meinestadt.de | 
"{B195DDB8-CF20-4FC9-8776-E48364BDE82F}" = dir=out | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
"{B85E93D3-083B-454A-B280-49525369B6C3}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\idsalert.exe | 
"{B97176EE-7C23-44E3-85B0-B36C6E40D770}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{BF0EE90B-F9E3-4444-853D-C6AAF410863E}" = dir=out | name=tunein radio | 
"{BF584E1C-87F6-4CAB-AB30-93D8C4253B66}" = protocol=17 | dir=in | app=c:\program files\common files\common desktop agent\cdasrv.exe | 
"{C4829335-AA2F-498D-9171-744420781D67}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{C6B1BFCD-F999-4B54-8EFC-A38722F22DB4}" = protocol=6 | dir=out | app=system | 
"{C970AB73-F9A6-48CE-9A37-F8896E84004D}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} | 
"{CCA69ED0-9C08-4D4D-82D7-41F0BBA70215}" = dir=out | name=bild tablet | 
"{CCF15CC4-F80C-4F2E-9117-5C6DA5BBF4C8}" = dir=out | name=google search | 
"{CF746311-38EA-447D-A8FD-30D0EC742DC6}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{D5208706-0914-4D3B-A740-C3406E521C61}" = dir=out | name=@{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | 
"{DA190246-9A4E-4AB1-85AE-908F040BCE5B}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{DBBE0C5B-BBFD-4649-88B2-2495ABB8F20B}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{E2CD4F90-5655-4B5F-9C6F-E28395AF1190}" = dir=in | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
"{E57152FB-74F4-49E3-BAE2-1FAB57BB3F75}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E6CD37E1-75DB-4DE0-A242-0F84C96DD9AA}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\idsalert.exe | 
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{E7DAB137-AB79-4174-B68B-BA154BDD0B6A}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\ids.application.exe | 
"{E8849646-ACB6-4278-81D6-83F24A70212F}" = dir=out | name=ebay | 
"{E9C97649-988F-46CB-96A0-16599C6F7C1C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{EAFB3CD2-F842-4BED-8615-25DA89D6E39E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F573C6B5-F1EF-4857-9E30-47090A081C02}" = dir=in | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
"{F705D212-263F-498C-A409-12822FB891EA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F81CDE02-59AB-4CFA-9847-02D18189B922}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{FB374F96-E473-428D-9E6F-DD57DCE27AB4}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"TCP Query User{5F4D2146-4926-4150-A193-D0A6C21EC96E}C:\program files (x86)\medion\medion nas tool\medion nas tool.exe" = protocol=6 | dir=in | app=c:\program files (x86)\medion\medion nas tool\medion nas tool.exe | 
"UDP Query User{8E639A68-DCB6-4E8F-85D7-22107951C06A}C:\program files (x86)\medion\medion nas tool\medion nas tool.exe" = protocol=17 | dir=in | app=c:\program files (x86)\medion\medion nas tool\medion nas tool.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{031A0E14-0413-4C97-9772-2639B782F46F}" = Common Desktop Agent
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{258D56DE-24F2-479E-BED2-8103CB0B9D58}" = MAGIX Video deluxe 2013 Plus
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{7AB6F8D7-7804-4662-BE8C-1AFCCD602D9F}" = Microsoft-Maus- und Tastatur-Center
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{90150000-008F-0000-1000-0000000FF1CE}" = Office 15 Click-to-Run Licensing Component
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{977D1ABF-4089-4CA7-BA33-CC75808B7ACE}" = Intel® Trusted Connect Service Client
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 310.70
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 310.70
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 310.70
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 310.70
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CAF674E0-808C-4CF4-8868-A755EBABA228}" = ACDSee Pro 6
"{CB00799C-0E4F-4FD1-A046-BD24321BCDFF}" = Classic Shell
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"CCleaner" = CCleaner
"HomeBusinessRetail - de-de" = Microsoft Office Home and Business 2013 - de-de
"Microsoft Mouse and Keyboard Center" = Microsoft-Maus- und Tastatur-Center
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0DBC021C-95D9-435A-A4B0-E6515AFD1A71}" = Nero Prerequisite Installer 2.0
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1719FAD6-2F6A-4F5E-BF2B-1F6F6F1E3806_PasswordRemover}_is1" = Wondershare PDF Password Remover (Build 1.3.0)
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{236BB7C4-4419-42FD-0407-1E257A25E34D}" = Adobe Photoshop CS2
"{2432E589-6256-4513-B0BF-EFA8E325D5F0}" = Nero SharedVideoCodecs
"{2890E324-6F3B-4975-8B95-E7D6D80E0226}" = Nero Burning ROM Help (CHM)
"{35BD47F4-C19B-474F-AACC-E8C0BE38148A}" = Photo Common
"{3AAB08A3-F129-4BD5-B409-AE674F93759D}" = Prerequisite installer
"{3D9167B2-87EB-4713-90B4-E46F2CAFE28D}" = Nero BurningROM 12
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{41FEC76C-9F4C-4A9A-B872-C605A4E04BBF}" = Photo Common
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4AA5B8A5-BEEF-4AD8-B11D-4443A042EA4F}" = Adobe Dreamweaver CS3
"{4C0D8B3E-63F0-4773-83F5-C5B7795B0FB8}" = Photo Gallery
"{52FE9150-B4B1-42BE-8F05-7D559757E450}" = Movie Maker
"{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"{5963F4B4-D138-47CD-ADEF-470E87E185BD}" = Nero Burning ROM
"{61889FC7-9738-439A-96B3-17AF981BDDEF}" = Movie Maker
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{75FCD3A9-D7F8-46AD-BC90-91A6364B9334}" = Galeria de Fotografias
"{786C5747-0C40-4930-9AFE-113BCE553101}" = Adobe Stock Photos 1.0
"{7A21C722-F259-4976-B7AA-6658E5FDEDAF}" = Google Drive
"{7CA39252-B140-4F7D-951E-AA7F18523CFF}" = WEKA Musterbetriebsanweisungen 6.4
"{7D386596-0E80-4808-8AAE-C1DDA8212F7F}" = Adobe Setup
"{81019508-84DC-476E-8C49-BD77A61217D9}" = Fotogalleri
"{8698AFE8-285C-44EA-A282-13DBD7039F1C}" = Photo Common
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8EDBA74D-0686-4C99-BFDD-F894678E5101}" = Adobe Common File Installer
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90150000-008C-0000-0000-0000000FF1CE}" = Office 15 Click-to-Run Extensibility Component
"{90150000-008C-0407-0000-0000000FF1CE}" = Office 15 Click-to-Run Localization Component
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABC88553-8770-4B97-B43E-5A90647A5B63}" = Nero ControlCenter
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.01) - Deutsch
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B6B5F07C-88D5-49D3-A1A7-A6D4BC37DCCC}" = SNS Upload for Easy Document Creator
"{B74D4E10-6884-0000-0000-000000000101}" = Adobe Bridge 1.0
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C994C746-C6D0-4EBA-B09E-DF7B18381B69}" = Nero ControlCenter Help (CHM)
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA895310-E517-4401-86B6-7E4C7825C3E1}" = gSyncit
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DF6478C8-7643-4E80-8077-3D51614A3DBA}" = Movie Maker
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E9787678-119F-4D52-B551-6739B2B22101}" = Adobe Help Center 1.0
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe_25db75244653b42cb93dc27939d1c0e" = Adobe Dreamweaver CS3
"Bilder-Planet Fotoservice" = Bilder-Planet Fotoservice
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"Google Chrome" = Google Chrome
"GrabIt_is1" = GrabIt 1.7.2 Beta 6 (build 1008)
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"KLiteCodecPack_is1" = K-Lite Codec Pack 9.5.0 (Full)
"MAGIX_{258D56DE-24F2-479E-BED2-8103CB0B9D58}" = MAGIX Video deluxe 2013 Plus
"MEDION NAS TOOL" = MEDION NAS TOOL
"Mozilla Firefox 18.0.1 (x86 de)" = Mozilla Firefox 18.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NAVIGON Fresh" = NAVIGON Fresh 3.4.1
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.SingleImage" = Microsoft Office Home and Business 2010
"QuickPar" = QuickPar 0.9
"Samsung CLX-3300 Series XPS (Windows 8)" = Samsung CLX-3300 Series XPS (Windows 8)
"Samsung Easy Deployment Manager" = Samsung Easy Deployment Manager
"Samsung Easy Document Creator" = Samsung Easy Document Creator
"Samsung Easy Printer Manager" = Samsung Easy Printer Manager
"Samsung Network PC Fax" = Samsung Network PC Fax
"Samsung OCR Software" = Samsung OCR Software
"Samsung Scan Process Machine" = Samsung Scan Process Machine
"SetIP" = SetIP
"SpeedCommander 13" = SpeedCommander 13
"UltraISO_is1" = UltraISO V7.55 ME
"WEKA Musterbetriebsanweisungen 6.4" = WEKA Musterbetriebsanweisungen 6.4
"Winamp" = Winamp
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"MyFreeCodec" = MyFreeCodec
"SkyDriveSetup.exe" = Microsoft SkyDrive
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 27.01.2013 21:36:00 | Computer Name = ****-PC | Source = ESENT | ID = 454
Description = svchost (1676) SRUJet: Bei Datenbankwiederherstellung trat ein unerwarteter
 Fehler -509 auf.
 
Error - 27.01.2013 21:37:00 | Computer Name = ****-PC | Source = ESENT | ID = 454
Description = svchost (1676) SRUJet: Bei Datenbankwiederherstellung trat ein unerwarteter
 Fehler -509 auf.
 
Error - 27.01.2013 21:37:00 | Computer Name = ****-PC | Source = ESENT | ID = 454
Description = svchost (1676) SRUJet: Bei Datenbankwiederherstellung trat ein unerwarteter
 Fehler -509 auf.
 
Error - 27.01.2013 21:37:00 | Computer Name = ****-PC | Source = ESENT | ID = 454
Description = svchost (1676) SRUJet: Bei Datenbankwiederherstellung trat ein unerwarteter
 Fehler -509 auf.
 
Error - 27.01.2013 21:38:00 | Computer Name = ****-PC | Source = ESENT | ID = 454
Description = svchost (1676) SRUJet: Bei Datenbankwiederherstellung trat ein unerwarteter
 Fehler -509 auf.
 
Error - 27.01.2013 21:38:00 | Computer Name = ****-PC | Source = ESENT | ID = 454
Description = svchost (1676) SRUJet: Bei Datenbankwiederherstellung trat ein unerwarteter
 Fehler -509 auf.
 
Error - 27.01.2013 21:38:00 | Computer Name = ****-PC | Source = ESENT | ID = 454
Description = svchost (1676) SRUJet: Bei Datenbankwiederherstellung trat ein unerwarteter
 Fehler -509 auf.
 
Error - 27.01.2013 21:39:00 | Computer Name = ****-PC | Source = ESENT | ID = 454
Description = svchost (1676) SRUJet: Bei Datenbankwiederherstellung trat ein unerwarteter
 Fehler -509 auf.
 
Error - 27.01.2013 21:39:00 | Computer Name = ****-PC | Source = ESENT | ID = 454
Description = svchost (1676) SRUJet: Bei Datenbankwiederherstellung trat ein unerwarteter
 Fehler -509 auf.
 
Error - 27.01.2013 21:39:00 | Computer Name = ****-PC | Source = ESENT | ID = 454
Description = svchost (1676) SRUJet: Bei Datenbankwiederherstellung trat ein unerwarteter
 Fehler -509 auf.
 
[ System Events ]
Error - 27.12.2012 15:45:05 | Computer Name = ****-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.    Modulpfad:
 C:\Windows\system32\Rtlihvs.dll  Fehlercode: 126  
 
Error - 28.12.2012 22:27:03 | Computer Name = ****-PC | Source = Microsoft-Windows-Kernel-Boot | ID = 16
Description = 
 
Error - 28.12.2012 22:27:29 | Computer Name = ****-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?29.?12.?2012 um 03:14:18 unerwartet heruntergefahren.
 
Error - 28.12.2012 22:27:22 | Computer Name = ****-PC | Source = volsnap | ID = 393241
Description = Die Schattenkopien von Volume "C:" wurden gelöscht, weil der Schattenkopiespeicher
 nicht rechtzeitig vergrößert wurde. Sie sollten die E/A-Last auf dem System verringern
 oder ein Schattenkopie-Speichervolume, von dem keine Schattenkopie erstellt wird,
 auswählen.
 
Error - 28.12.2012 22:27:32 | Computer Name = ****-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.    Modulpfad:
 C:\Windows\system32\Rtlihvs.dll  Fehlercode: 126  
 
Error - 28.12.2012 22:27:44 | Computer Name = ****-PC | Source = BugCheck | ID = 1001
Description = 
 
Error - 29.12.2012 16:48:45 | Computer Name = ****-PC | Source = Microsoft-Windows-Kernel-Boot | ID = 16
Description = 
 
Error - 29.12.2012 16:49:02 | Computer Name = ****-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?29.?12.?2012 um 20:03:02 unerwartet heruntergefahren.
 
Error - 29.12.2012 16:49:03 | Computer Name = ****-PC | Source = BugCheck | ID = 1001
Description = 
 
Error - 29.12.2012 16:49:05 | Computer Name = ****-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.    Modulpfad:
 C:\Windows\system32\Rtlihvs.dll  Fehlercode: 126  
 
 
< End of report >
         
--- --- ---
__________________

Alt 01.02.2013, 16:44   #4
Quadpac
 
Taskmanager schließt bei Drücken von "mehr Details" - Standard

Taskmanager schließt bei Drücken von "mehr Details"



GMER

GMER Logfile:
Code:
ATTFilter
GMER 2.0.18454 - h**t://www.gmer.net
Rootkit scan 2013-02-01 16:26:55
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\00000034 ST2000DM001-9YN164 rev.CC4G 1863,02GB
Running: gmer_2.0.18454.exe; Driver: C:\Users\****\AppData\Local\Temp\pftorpow.sys


---- User code sections - GMER 2.0 ----

.text    C:\Windows\System32\spoolsv.exe[1716] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                                                                             000007f837f5177a 4 bytes [F5, 37, F8, 07]
.text    C:\Windows\System32\spoolsv.exe[1716] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                                                                             000007f837f51782 4 bytes [F5, 37, F8, 07]
.text    C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[1896] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                                         000007f837f5177a 4 bytes [F5, 37, F8, 07]
.text    C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[1896] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                                         000007f837f51782 4 bytes [F5, 37, F8, 07]
.text    C:\Windows\system32\spool\drivers\x64\3\NetFaxServer64.exe[2064] C:\Windows\SYSTEM32\WSOCK32.dll!recvfrom + 742                                                                                000007f82da21b32 4 bytes [A2, 2D, F8, 07]
.text    C:\Windows\system32\spool\drivers\x64\3\NetFaxServer64.exe[2064] C:\Windows\SYSTEM32\WSOCK32.dll!recvfrom + 750                                                                                000007f82da21b3a 4 bytes [A2, 2D, F8, 07]
.text    C:\Windows\System32\dwm.exe[584] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                                                                                  000007f837f5177a 4 bytes [F5, 37, F8, 07]
.text    C:\Windows\System32\dwm.exe[584] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                                                                                  000007f837f51782 4 bytes [F5, 37, F8, 07]
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[6912] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                                                              000007f832cb1532 4 bytes [CB, 32, F8, 07]
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[6912] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                                                              000007f832cb153a 4 bytes [CB, 32, F8, 07]
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[6912] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                                                            000007f832cb165a 4 bytes [CB, 32, F8, 07]
.text    C:\Windows\system32\nvvsvc.exe[6652] C:\Windows\system32\MSIMG32.dll!GradientFill + 690                                                                                                        000007f832cb1532 4 bytes [CB, 32, F8, 07]
.text    C:\Windows\system32\nvvsvc.exe[6652] C:\Windows\system32\MSIMG32.dll!GradientFill + 698                                                                                                        000007f832cb153a 4 bytes [CB, 32, F8, 07]
.text    C:\Windows\system32\nvvsvc.exe[6652] C:\Windows\system32\MSIMG32.dll!TransparentBlt + 246                                                                                                      000007f832cb165a 4 bytes [CB, 32, F8, 07]
.text    C:\Windows\system32\nvvsvc.exe[6652] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                                                                              000007f837f5177a 4 bytes [F5, 37, F8, 07]
.text    C:\Windows\system32\nvvsvc.exe[6652] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                                                                              000007f837f51782 4 bytes [F5, 37, F8, 07]
.text    C:\Program Files\Classic Shell\ClassicStartMenu.exe[4432] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                                                                   000007f832cb1532 4 bytes [CB, 32, F8, 07]
.text    C:\Program Files\Classic Shell\ClassicStartMenu.exe[4432] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                                                                   000007f832cb153a 4 bytes [CB, 32, F8, 07]
.text    C:\Program Files\Classic Shell\ClassicStartMenu.exe[4432] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                                                                 000007f832cb165a 4 bytes [CB, 32, F8, 07]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4876] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                                                                000007f832cb1532 4 bytes [CB, 32, F8, 07]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4876] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                                                                000007f832cb153a 4 bytes [CB, 32, F8, 07]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4876] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                                                              000007f832cb165a 4 bytes [CB, 32, F8, 07]
.text    C:\Windows\explorer.exe[4256] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                                                                                               000007f832cb1532 4 bytes [CB, 32, F8, 07]
.text    C:\Windows\explorer.exe[4256] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                                                                                               000007f832cb153a 4 bytes [CB, 32, F8, 07]
.text    C:\Windows\explorer.exe[4256] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                                                                                             000007f832cb165a 4 bytes [CB, 32, F8, 07]
.text    C:\Windows\explorer.exe[4256] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                                                                                     000007f837f5177a 4 bytes [F5, 37, F8, 07]
.text    C:\Windows\explorer.exe[4256] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                                                                                     000007f837f51782 4 bytes [F5, 37, F8, 07]
.text    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[6980] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                                                                       000007f832cb1532 4 bytes [CB, 32, F8, 07]
.text    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[6980] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                                                                       000007f832cb153a 4 bytes [CB, 32, F8, 07]
.text    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[6980] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                                                                     000007f832cb165a 4 bytes [CB, 32, F8, 07]
.text    C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[5000] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                                              000007f837f5177a 4 bytes [F5, 37, F8, 07]
.text    C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[5000] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                                              000007f837f51782 4 bytes [F5, 37, F8, 07]
.text    C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[5000] C:\Windows\SYSTEM32\WSOCK32.dll!recvfrom + 742                                                                            000007f82da21b32 4 bytes [A2, 2D, F8, 07]
.text    C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[5000] C:\Windows\SYSTEM32\WSOCK32.dll!recvfrom + 750                                                                            000007f82da21b3a 4 bytes [A2, 2D, F8, 07]
.text    C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[5000] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                                                        000007f832cb1532 4 bytes [CB, 32, F8, 07]
.text    C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[5000] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                                                        000007f832cb153a 4 bytes [CB, 32, F8, 07]
.text    C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[5000] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                                                      000007f832cb165a 4 bytes [CB, 32, F8, 07]
.text    C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[4880] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                                             000007f837f5177a 4 bytes [F5, 37, F8, 07]
.text    C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[4880] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                                             000007f837f51782 4 bytes [F5, 37, F8, 07]
.text    C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[4880] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                                                       000007f832cb1532 4 bytes [CB, 32, F8, 07]
.text    C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[4880] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                                                       000007f832cb153a 4 bytes [CB, 32, F8, 07]
.text    C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[4880] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                                                     000007f832cb165a 4 bytes [CB, 32, F8, 07]
.text    C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[4880] C:\Windows\SYSTEM32\WSOCK32.dll!recvfrom + 742                                                                           000007f82da21b32 4 bytes [A2, 2D, F8, 07]
.text    C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[4880] C:\Windows\SYSTEM32\WSOCK32.dll!recvfrom + 750                                                                           000007f82da21b3a 4 bytes [A2, 2D, F8, 07]
.text    C:\Program Files (x86)\Fieldston Software\gSyncit\gsyncit.exe[4584] C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesCommonX86\SYSTEM\MSMAPI\1031\MSMAPI32.DLL!MAPIUninitialize + 77  00000000734d1320 4 bytes [67, 41, 48, 8C]
.text    C:\Windows\splwow64.exe[3968] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                                                                                     000007f837f5177a 4 bytes [F5, 37, F8, 07]
.text    C:\Windows\splwow64.exe[3968] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                                                                                     000007f837f51782 4 bytes [F5, 37, F8, 07]

---- Threads - GMER 2.0 ----

Thread   C:\Windows\system32\csrss.exe [4296:4408]                                                                                                                                                      fffff9600091d5e8
Thread   C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe [3492:6660]                                                                    000007f834795990
Thread   C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe [3492:3696]                                                                    000007f83506b364
Thread   C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe [3492:4552]                                                                    000007f82c31ad20
Thread   C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe [3492:6136]                                                                    000007f82c31ad20
---- Processes - GMER 2.0 ----

Library  C:\Program (*** suspicious ***) @ C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [1564]                                                                0000000016080000
Library  C:\Program (*** suspicious ***) @ C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [3876]                                                                   0000000016080000
Library  C:\Program (*** suspicious ***) @ C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [3716]                                                                        0000000016080000
Library  C:\Program (*** suspicious ***) @ C:\Program Files (x86)\Fieldston Software\gSyncit\gsyncit.exe [4584]                                                                                         0000000068f30000
Library  C:\Program (*** suspicious ***) @ C:\Program Files (x86)\Fieldston Software\gSyncit\gsyncit.exe [4584]                                                                                         000000006d450000

---- Disk sectors - GMER 2.0 ----

Disk     \Device\Harddisk0\DR0                                                                                                                                                                          unknown MBR code

---- EOF - GMER 2.0 ----
         
--- --- ---

Alt 01.02.2013, 16:47   #5
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Taskmanager schließt bei Drücken von "mehr Details" - Standard

Taskmanager schließt bei Drücken von "mehr Details"



Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner?
Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 01.02.2013, 18:41   #6
Quadpac
 
Taskmanager schließt bei Drücken von "mehr Details" - Standard

Taskmanager schließt bei Drücken von "mehr Details"



ne, aber ich mache grad mal einen scan, aber des dauert ewig

hier quickscan:

Malwarebytes Anti-Malware (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.02.01.07

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16466
**** :: ****-PC [Administrator]

Schutz: Deaktiviert

01.02.2013 18:42:27
mbam-log-2013-02-01 (18-42-27).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 255307
Laufzeit: 2 Minute(n), 7 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Geändert von Quadpac (01.02.2013 um 18:46 Uhr)

Alt 01.02.2013, 18:53   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Taskmanager schließt bei Drücken von "mehr Details" - Standard

Taskmanager schließt bei Drücken von "mehr Details"



Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Malwarebytes Anti-Rootkit

Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Entpacke das Archiv auf deinem Desktop.
  • Im neu erstellten Ordner starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 02.02.2013, 06:13   #8
Quadpac
 
Taskmanager schließt bei Drücken von "mehr Details" - Standard

Taskmanager schließt bei Drücken von "mehr Details"



Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.01.0.1017
Malwarebytes : Free Anti-Malware download

Database version: v2013.02.01.10

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16466
**** :: ****-PC [administrator]

01.02.2013 22:48:10
mbar-log-2013-02-01 (22-48-10).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 11084
Time elapsed: 17 minute(s), 49 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         

Geändert von cosinus (04.02.2013 um 13:50 Uhr) Grund: CODE-Tags

Alt 02.02.2013, 15:54   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Taskmanager schließt bei Drücken von "mehr Details" - Standard

Taskmanager schließt bei Drücken von "mehr Details"



Bitte die folgenden Logs endlich in CODE-Tags posten!!

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.



1. aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.


2. TDSS-Killer

Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 03.02.2013, 15:33   #10
Quadpac
 
Taskmanager schließt bei Drücken von "mehr Details" - Standard

Taskmanager schließt bei Drücken von "mehr Details"



hallp, das geht aber fix hier
Vielen Dank erst einmal für die viele Unterstützung...

Code:
ATTFilter
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-02-03 11:59:23
-----------------------------
11:59:23.855    OS Version: Windows x64 6.2.9200 
11:59:23.855    Number of processors: 4 586 0x3A09
11:59:23.855    ComputerName: ****-PC  UserName: 
11:59:23.855    Initialze error 1 
12:00:15.309    AVAST engine defs: 13020201
12:00:17.325    Service scanning
12:00:17.841    Modules scanning
12:00:17.841    Disk 0 trace - called modules:
12:00:17.872    
12:00:17.872    AVAST engine scan C:\Windows
12:00:17.872    AVAST engine scan C:\Windows\system32
12:00:17.887    AVAST engine scan C:\Windows\system32\drivers
12:00:17.887    AVAST engine scan C:\Users\Torsten
12:00:17.887    AVAST engine scan C:\ProgramData
12:00:17.887    Scan finished successfully
12:00:49.749    The log file has been saved successfully to "C:\Temp\aswMBR.txt"
         
HIER HAT ER 5 OBJEKTE GEFUNDEN


Code:
ATTFilter
12:56:47.0627 6236  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
12:56:47.0627 6236  UEFI system
12:56:47.0893 6236  ============================================================
12:56:47.0893 6236  Current date / time: 2013/02/03 12:56:47.0893
12:56:47.0893 6236  SystemInfo:
12:56:47.0893 6236  
12:56:47.0893 6236  OS Version: 6.2.9200 ServicePack: 0.0
12:56:47.0893 6236  Product type: Workstation
12:56:47.0893 6236  ComputerName: ****-PC
12:56:47.0893 6236  UserName: ****
12:56:47.0893 6236  Windows directory: C:\Windows
12:56:47.0893 6236  System windows directory: C:\Windows
12:56:47.0893 6236  Running under WOW64
12:56:47.0893 6236  Processor architecture: Intel x64
12:56:47.0893 6236  Number of processors: 4
12:56:47.0893 6236  Page size: 0x1000
12:56:47.0893 6236  Boot type: Normal boot
12:56:47.0893 6236  ============================================================
12:56:48.0471 6236  Drive \Device\Harddisk0\DR0 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:56:48.0502 6236  ============================================================
12:56:48.0502 6236  \Device\Harddisk0\DR0:
12:56:48.0502 6236  GPT partitions:
12:56:48.0502 6236  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {6F0883CE-9C08-4DEE-A62D-4A2691890D5D}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0xFA000
12:56:48.0502 6236  \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {14E78501-700D-4592-B3E8-6F87F2060787}, Name: EFI system partition, StartLBA 0xFA800, BlocksNum 0x32000
12:56:48.0502 6236  \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {C6D49EEE-FD0F-43A8-8D8C-8DD587C07A71}, Name: Microsoft reserved partition, StartLBA 0x12C800, BlocksNum 0x40000
12:56:48.0502 6236  \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {8D7F0CC6-879E-47F6-A767-0ED8FD3B0659}, UniqueGUID: {90A2DAA2-EA96-4B3A-B4CD-662844D88E56}, Name: Basic data partition, StartLBA 0x16C800, BlocksNum 0x200000
12:56:48.0502 6236  \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {A82706A9-BA23-4689-BC39-0F1139A329BC}, Name: Basic data partition, StartLBA 0x36C800, BlocksNum 0xE129B000
12:56:48.0502 6236  \Device\Harddisk0\DR0\Partition6: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {FA7F2EB9-BBA7-4497-A693-4949EA2902CE}, Name: Basic data partition, StartLBA 0xE1607800, BlocksNum 0x7801000
12:56:48.0502 6236  MBR partitions:
12:56:48.0502 6236  ============================================================
12:56:48.0549 6236  C: <-> \Device\Harddisk0\DR0\Partition5
12:56:48.0580 6236  D: <-> \Device\Harddisk0\DR0\Partition6
12:56:48.0580 6236  ============================================================
12:56:48.0580 6236  Initialize success
12:56:48.0580 6236  ============================================================
12:57:03.0081 0076  ============================================================
12:57:03.0081 0076  Scan started
12:57:03.0081 0076  Mode: Manual; SigCheck; TDLFS; 
12:57:03.0081 0076  ============================================================
12:57:03.0722 0076  ================ Scan system memory ========================
12:57:03.0722 0076  System memory - ok
12:57:03.0722 0076  ================ Scan services =============================
12:57:05.0363 0076  [ E890C46E4754F0DF51BAFCC8D2E07498 ] 1394ohci        C:\Windows\System32\drivers\1394ohci.sys
12:57:05.0441 0076  1394ohci - ok
12:57:05.0472 0076  [ 4F18D4C7EA14F11A7211F60D553C03DB ] 3ware           C:\Windows\system32\drivers\3ware.sys
12:57:05.0488 0076  3ware - ok
12:57:05.0503 0076  [ 975AABEB243B800C23626D6B652C5A9C ] ACPI            C:\Windows\system32\drivers\ACPI.sys
12:57:05.0519 0076  ACPI - ok
12:57:05.0535 0076  [ DC968C37822117E576B933F34A2D130C ] acpiex          C:\Windows\system32\Drivers\acpiex.sys
12:57:05.0550 0076  acpiex - ok
12:57:05.0550 0076  [ 0CA9F7C3A78227C21A0A7854E245CFB2 ] acpipagr        C:\Windows\System32\drivers\acpipagr.sys
12:57:05.0581 0076  acpipagr - ok
12:57:05.0597 0076  [ 8EB8DA03B142D3DD1EB9ED8107A76C43 ] AcpiPmi         C:\Windows\System32\drivers\acpipmi.sys
12:57:05.0613 0076  AcpiPmi - ok
12:57:05.0628 0076  [ CBCE725C5D86ABA7D2604E22951AA9B8 ] acpitime        C:\Windows\System32\drivers\acpitime.sys
12:57:05.0644 0076  acpitime - ok
12:57:05.0675 0076  [ 8B46D5A1D3EF08232C04D0EAFB871FB2 ] Adobe LM Service C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
12:57:05.0691 0076  Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning
12:57:05.0691 0076  Adobe LM Service - detected UnsignedFile.Multi.Generic (1)
12:57:05.0738 0076  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
12:57:05.0738 0076  AdobeARMservice - ok
12:57:05.0800 0076  [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
12:57:05.0816 0076  AdobeFlashPlayerUpdateSvc - ok
12:57:05.0847 0076  [ 93C6388592B99925C1D1576E465BC80F ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
12:57:05.0863 0076  adp94xx - ok
12:57:05.0878 0076  [ D27763E0247292654E7F7D16444C7C72 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
12:57:05.0910 0076  adpahci - ok
12:57:05.0925 0076  [ 67B90070FF48F794AF19F9FCF0080D75 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
12:57:05.0941 0076  adpu320 - ok
12:57:05.0957 0076  [ 974AE60BF5B90E31412D93596C968E5B ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
12:57:06.0003 0076  AeLookupSvc - ok
12:57:06.0019 0076  [ 36D6A3201721558A8AFBCC09C2DA4C2C ] AFD             C:\Windows\system32\drivers\afd.sys
12:57:06.0050 0076  AFD - ok
12:57:06.0066 0076  [ 01590377A5AB19E792528C628A2A68F9 ] agp440          C:\Windows\system32\drivers\agp440.sys
12:57:06.0082 0076  agp440 - ok
12:57:06.0097 0076  [ D1BE8E6E5B3AF23A4393AF1BF867977A ] ALG             C:\Windows\System32\alg.exe
12:57:06.0144 0076  ALG - ok
12:57:06.0175 0076  [ 025E8C755BE293E50854D26D1BBE5133 ] AllUserInstallAgent C:\Windows\system32\AUInstallAgent.dll
12:57:06.0191 0076  AllUserInstallAgent - ok
12:57:06.0207 0076  [ 5A81054B824004B1ECC04F0034A1CDF9 ] AmdK8           C:\Windows\System32\drivers\amdk8.sys
12:57:06.0238 0076  AmdK8 - ok
12:57:06.0253 0076  [ B849D453E644FAB9BC8EF6DC8CA9C4C6 ] AmdPPM          C:\Windows\System32\drivers\amdppm.sys
12:57:06.0269 0076  AmdPPM - ok
12:57:06.0269 0076  [ 35A0EB5AECB0FA3C41A2FB514A562304 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
12:57:06.0285 0076  amdsata - ok
12:57:06.0300 0076  [ 00452671904F5EE94B50BF0219C97164 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
12:57:06.0300 0076  amdsbs - ok
12:57:06.0316 0076  [ EA3FFE53E92E59C87E3ECA9BEB20D9B7 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
12:57:06.0332 0076  amdxata - ok
12:57:06.0332 0076  [ 83B3682CE922FB0F415734B26D9D6233 ] AppID           C:\Windows\system32\drivers\appid.sys
12:57:06.0378 0076  AppID - ok
12:57:06.0394 0076  [ CE2BEAD7F31816FF0AC490D048C969F9 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
12:57:06.0410 0076  AppIDSvc - ok
12:57:06.0410 0076  [ D64C4AFEE8277F35EF729A2B924666B0 ] Appinfo         C:\Windows\System32\appinfo.dll
12:57:06.0425 0076  Appinfo - ok
12:57:06.0441 0076  [ E933401B392387F4BE34DE8BAF1722A7 ] arc             C:\Windows\system32\drivers\arc.sys
12:57:06.0457 0076  arc - ok
12:57:06.0457 0076  [ 07CA323EF2E8247A568AB0F3662AD644 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
12:57:06.0472 0076  arcsas - ok
12:57:06.0488 0076  [ 74DBAEC35366C4EE7670428808715A6A ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
12:57:06.0503 0076  AsyncMac - ok
12:57:06.0519 0076  [ A721FF570C2387E383BDDEA9632863C9 ] atapi           C:\Windows\system32\drivers\atapi.sys
12:57:06.0519 0076  atapi - ok
12:57:06.0582 0076  [ 810ED88782952228AF9C0985FB7D259E ] AudioEndpointBuilder C:\Windows\System32\AudioEndpointBuilder.dll
12:57:06.0628 0076  AudioEndpointBuilder - ok
12:57:06.0644 0076  [ 25CA8B87479A374919563B3EE7136F32 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
12:57:06.0675 0076  Audiosrv - ok
12:57:06.0707 0076  [ 587EFD6A3A30A35A27904D21AE1FB882 ] AVP             C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
12:57:06.0738 0076  AVP - ok
12:57:06.0769 0076  [ 89491EF71D5EA011127832C588002853 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
12:57:06.0800 0076  AxInstSV - ok
12:57:06.0832 0076  [ 87AB5BB072A3F128541D5B815F82FFDD ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
12:57:06.0847 0076  b06bdrv - ok
12:57:06.0863 0076  [ 81703BC5D68DEDBB086C2368FBE7B334 ] BasicDisplay    C:\Windows\System32\drivers\BasicDisplay.sys
12:57:06.0878 0076  BasicDisplay - ok
12:57:06.0894 0076  [ 5EC68164E14D25675C98BBB5F09E8606 ] BasicRender     C:\Windows\System32\drivers\BasicRender.sys
12:57:06.0910 0076  BasicRender - ok
12:57:06.0941 0076  [ 89143A7BA7850F5C7E61B43BB44B6418 ] BDESVC          C:\Windows\System32\bdesvc.dll
12:57:06.0957 0076  BDESVC - ok
12:57:06.0972 0076  [ 9E7AEA59776D904607985AFFE7E5E183 ] Beep            C:\Windows\system32\drivers\Beep.sys
12:57:07.0004 0076  Beep - ok
12:57:07.0019 0076  [ 9E6A544F465C582AB42444A217CF04DC ] BFE             C:\Windows\System32\bfe.dll
12:57:07.0051 0076  BFE - ok
12:57:07.0082 0076  [ D598C44A7072D3108D8D8102EC5E07F7 ] BITS            C:\Windows\System32\qmgr.dll
12:57:07.0129 0076  BITS - ok
12:57:07.0129 0076  [ B17AC10B47C7FCB44D22A1F06415840E ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
12:57:07.0176 0076  bowser - ok
12:57:07.0207 0076  [ 975398A3D2C1FEA73FC93931978DF354 ] BrokerInfrastructure C:\Windows\System32\bisrv.dll
12:57:07.0222 0076  BrokerInfrastructure - ok
12:57:07.0238 0076  [ 310068BDA80B1D55C36580FD8A873FAF ] Browser         C:\Windows\System32\browser.dll
12:57:07.0269 0076  Browser - ok
12:57:07.0285 0076  [ 3AA4309EBD9491E516F13FE3DC752FEE ] BthAvrcpTg      C:\Windows\System32\drivers\BthAvrcpTg.sys
12:57:07.0301 0076  BthAvrcpTg - ok
12:57:07.0316 0076  [ 616EB8748C988AEE98D93DA141C3D3B4 ] BthHFEnum       C:\Windows\System32\drivers\bthhfenum.sys
12:57:07.0379 0076  BthHFEnum - ok
12:57:07.0394 0076  [ DCB4EBD928A6FB368BE6CAE522412DE1 ] bthhfhid        C:\Windows\System32\drivers\BthHFHid.sys
12:57:07.0410 0076  bthhfhid - ok
12:57:07.0426 0076  [ 033916CE8784A848B9A3D686B7F66D97 ] BTHMODEM        C:\Windows\System32\drivers\bthmodem.sys
12:57:07.0472 0076  BTHMODEM - ok
12:57:07.0504 0076  [ A4387C3D271959313E2577DB7BE8BA7A ] bthserv         C:\Windows\system32\bthserv.dll
12:57:07.0519 0076  bthserv - ok
12:57:07.0535 0076  [ 990B1BABE6E81FB18E65A87EBEFB1772 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
12:57:07.0551 0076  cdfs - ok
12:57:07.0566 0076  [ 339BFF85D788268752DA8C9644B188EE ] cdrom           C:\Windows\System32\drivers\cdrom.sys
12:57:07.0597 0076  cdrom - ok
12:57:07.0629 0076  [ BAF8F0F55BC300E5F882E521F054E345 ] CertPropSvc     C:\Windows\System32\certprop.dll
12:57:07.0660 0076  CertPropSvc - ok
12:57:07.0676 0076  [ F64B7D1A37CC1D5F421D5359EEC81E2E ] circlass        C:\Windows\System32\drivers\circlass.sys
12:57:07.0707 0076  circlass - ok
12:57:07.0754 0076  [ 93C7703442C7CBD4053FC7DE07D9C896 ] ClassicShellService C:\Program Files\Classic Shell\ClassicShellService.exe
12:57:07.0769 0076  ClassicShellService ( UnsignedFile.Multi.Generic ) - warning
12:57:07.0769 0076  ClassicShellService - detected UnsignedFile.Multi.Generic (1)
12:57:07.0785 0076  [ 9905168708DB68849B879B5548F68AB3 ] CLFS            C:\Windows\system32\drivers\CLFS.sys
12:57:07.0816 0076  CLFS - ok
12:57:07.0816 0076  [ 2DC8538A2260647484A6C921CA837313 ] CmBatt          C:\Windows\System32\drivers\CmBatt.sys
12:57:07.0847 0076  CmBatt - ok
12:57:07.0879 0076  [ E708BFF0473EC6B271EA46B65B16CA56 ] CNG             C:\Windows\system32\Drivers\cng.sys
12:57:07.0894 0076  CNG - ok
12:57:07.0910 0076  [ 0E5B1E9E7122EDAAF1F6CE047965CA92 ] CompositeBus    C:\Windows\System32\drivers\CompositeBus.sys
12:57:07.0941 0076  CompositeBus - ok
12:57:07.0941 0076  COMSysApp - ok
12:57:07.0941 0076  [ D9CB0782AF819548072AA45B70F8B22D ] condrv          C:\Windows\system32\drivers\condrv.sys
12:57:07.0972 0076  condrv - ok
12:57:07.0988 0076  [ F0E78B119D12BA81F163D48C0FF30B9A ] CryptSvc        C:\Windows\system32\cryptsvc.dll
12:57:08.0004 0076  CryptSvc - ok
12:57:08.0019 0076  [ C4D01BD86D6B207275FC143EEA951D75 ] dam             C:\Windows\system32\drivers\dam.sys
12:57:08.0035 0076  dam - ok
12:57:08.0051 0076  [ E6CE7188CC47AE5DAFDAF552D370C52F ] dc3d            C:\Windows\System32\drivers\dc3d.sys
12:57:08.0066 0076  dc3d - ok
12:57:08.0097 0076  [ 1EC6E533C954BDDF2A37E7851A7E58FD ] DcomLaunch      C:\Windows\system32\rpcss.dll
12:57:08.0144 0076  DcomLaunch - ok
12:57:08.0191 0076  [ C8650D1F61149AA546BDBC99172EBBC1 ] defragsvc       C:\Windows\System32\defragsvc.dll
12:57:08.0347 0076  defragsvc - ok
12:57:08.0363 0076  [ 5EAEF67AE2AF4D2DC664B649DB7B2E16 ] DeviceAssociationService C:\Windows\system32\das.dll
12:57:08.0379 0076  DeviceAssociationService - ok
12:57:08.0394 0076  [ 799BE46D45D486704CE0F37CA5385262 ] DeviceInstall   C:\Windows\system32\umpnpmgr.dll
12:57:08.0410 0076  DeviceInstall - ok
12:57:08.0457 0076  [ 09D9EB9E7898F8E6561473A20CC808B9 ] Dfsc            C:\Windows\system32\Drivers\dfsc.sys
12:57:08.0472 0076  Dfsc - ok
12:57:08.0488 0076  [ 9E0E72222264745ADEB0E5AC680B0ED6 ] Dhcp            C:\Windows\system32\dhcpcore.dll
12:57:08.0535 0076  Dhcp - ok
12:57:08.0551 0076  [ 3C736FAE17BA6F91BA37594AAB139CD0 ] discache        C:\Windows\system32\drivers\discache.sys
12:57:08.0566 0076  discache - ok
12:57:08.0582 0076  [ 560495FF4CA22E1D9B1972FA18F43B6F ] disk            C:\Windows\system32\drivers\disk.sys
12:57:08.0597 0076  disk - ok
12:57:08.0613 0076  [ 82A7C72593793FE1EADA7A305BD1567A ] dmvsc           C:\Windows\System32\drivers\dmvsc.sys
12:57:08.0644 0076  dmvsc - ok
12:57:08.0660 0076  [ 066B9710B36AB550E01EEFCA52155968 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
12:57:08.0691 0076  Dnscache - ok
12:57:08.0707 0076  [ 9949AD2ABA168A618D46C799D6CC898C ] dot3svc         C:\Windows\System32\dot3svc.dll
12:57:08.0738 0076  dot3svc - ok
12:57:08.0738 0076  [ 109FC3F80BF4F4DC5A071058074F13C1 ] DPS             C:\Windows\system32\dps.dll
12:57:08.0769 0076  DPS - ok
12:57:08.0785 0076  [ 9C7C183F937951AE17C5B8B3259CF3FF ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
12:57:08.0816 0076  drmkaud - ok
12:57:08.0832 0076  [ BF48F32EE248C3D371DA5DC93BBEADA7 ] DsmSvc          C:\Windows\System32\DeviceSetupManager.dll
12:57:08.0863 0076  DsmSvc - ok
12:57:08.0910 0076  [ 898BF1647BBF012B38EF45C7F9F7A67E ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
12:57:08.0941 0076  DXGKrnl - ok
12:57:08.0957 0076  [ 58BA473DD88F5FC1932282BA683AA03E ] Eaphost         C:\Windows\System32\eapsvc.dll
12:57:08.0988 0076  Eaphost - ok
12:57:09.0019 0076  [ 5AB97B3282D7D6114949D1EB5C8598E4 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
12:57:09.0098 0076  ebdrv - ok
12:57:09.0144 0076  [ F702AB6181513303AB0FC8D59E52708B ] EFS             C:\Windows\System32\lsass.exe
12:57:09.0176 0076  EFS - ok
12:57:09.0191 0076  [ 66D60BD9A4C05616ABECA2A901475098 ] EhStorClass     C:\Windows\system32\drivers\EhStorClass.sys
12:57:09.0191 0076  EhStorClass - ok
12:57:09.0223 0076  [ A61D0F543024E458C0FE32352E1978E2 ] EhStorTcgDrv    C:\Windows\system32\drivers\EhStorTcgDrv.sys
12:57:09.0238 0076  EhStorTcgDrv - ok
12:57:09.0238 0076  [ D790D058D67582DB9C84C2D33695FE6B ] ErrDev          C:\Windows\System32\drivers\errdev.sys
12:57:09.0254 0076  ErrDev - ok
12:57:09.0269 0076  [ F9E01C2D9F8BC049E04CF5DC24A5F638 ] EventSystem     C:\Windows\system32\es.dll
12:57:09.0316 0076  EventSystem - ok
12:57:09.0316 0076  [ 7A4D6FEB8C52B3FE855E4DCDF9107E03 ] exfat           C:\Windows\system32\drivers\exfat.sys
12:57:09.0332 0076  exfat - ok
12:57:09.0348 0076  [ 60996602A7111FD2D086E803F33E4282 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
12:57:09.0363 0076  fastfat - ok
12:57:09.0379 0076  [ F0E7F8382ED5E138B0DFA4CB5058BCFE ] Fax             C:\Windows\system32\fxssvc.exe
12:57:09.0426 0076  Fax - ok
12:57:09.0426 0076  [ 73B2D11DF0B6E03A0CB0323218ACB3E4 ] fdc             C:\Windows\System32\drivers\fdc.sys
12:57:09.0441 0076  fdc - ok
12:57:09.0473 0076  [ 0828E3E7BD77C89149EAD3232BFD38DB ] fdPHost         C:\Windows\system32\fdPHost.dll
12:57:09.0519 0076  fdPHost - ok
12:57:09.0566 0076  [ 872506AAB591E8908DF4461475AF92DF ] FDResPub        C:\Windows\system32\fdrespub.dll
12:57:09.0582 0076  FDResPub - ok
12:57:09.0613 0076  [ 0588950D93A426F97C7AAADB1A9B0458 ] fhsvc           C:\Windows\system32\fhsvc.dll
12:57:09.0629 0076  fhsvc - ok
12:57:09.0644 0076  [ 88A9EBACD1058ABB237A6B4E96E7F397 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
12:57:09.0660 0076  FileInfo - ok
12:57:09.0676 0076  [ 9E4EE3A0B00FF7D5F42A4AF9744CBA02 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
12:57:09.0707 0076  Filetrace - ok
12:57:09.0738 0076  [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
12:57:09.0769 0076  FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
12:57:09.0769 0076  FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
12:57:09.0769 0076  [ B1D4C168FF7B8579E3745888658FFB1D ] flpydisk        C:\Windows\System32\drivers\flpydisk.sys
12:57:09.0785 0076  flpydisk - ok
12:57:09.0801 0076  [ B33EC133AE4E6C1881D2302D93D2467D ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
12:57:09.0816 0076  FltMgr - ok
12:57:09.0848 0076  [ 0BCDC0FF11B984162B0CF0FF6E9E0146 ] FontCache       C:\Windows\system32\FntCache.dll
12:57:09.0879 0076  FontCache - ok
12:57:09.0941 0076  [ 0B56259F5611787222A04A8F254E51D4 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:57:09.0941 0076  FontCache3.0.0.0 - ok
12:57:09.0957 0076  [ A5F7873A39E4E9FAAAE59B7E9E36B705 ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
12:57:09.0973 0076  FsDepends - ok
12:57:09.0973 0076  [ A6DD7D491F587F4BC13FB972977DC8E8 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
12:57:09.0988 0076  Fs_Rec - ok
12:57:10.0004 0076  [ FA228F4BB10DC7ED7E7D131C034E2331 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
12:57:10.0019 0076  fvevol - ok
12:57:10.0035 0076  [ A969D92973DFA895E7776B4BFE36DBB2 ] FxPPM           C:\Windows\System32\drivers\fxppm.sys
12:57:10.0051 0076  FxPPM - ok
12:57:10.0082 0076  [ 52BC441E07A827EBAB70CDC7EAEDB28D ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
12:57:10.0082 0076  gagp30kx - ok
12:57:10.0098 0076  [ 721F8EEF5E9747F32670DEFF7FB92541 ] gencounter      C:\Windows\System32\drivers\vmgencounter.sys
12:57:10.0129 0076  gencounter - ok
12:57:10.0144 0076  [ CA18ECFCFFDD638ECE80799A9056B238 ] GPIOClx0101     C:\Windows\system32\Drivers\msgpioclx.sys
12:57:10.0176 0076  GPIOClx0101 - ok
12:57:10.0191 0076  [ 5358678C6370F2ADC5291849F6503262 ] gpsvc           C:\Windows\System32\gpsvc.dll
12:57:10.0238 0076  gpsvc - ok
12:57:10.0254 0076  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:57:10.0269 0076  gupdate - ok
12:57:10.0269 0076  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:57:10.0285 0076  gupdatem - ok
12:57:10.0301 0076  [ 9FC1F11D4D19F61DFE5CC878B4557D3A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:57:10.0348 0076  HdAudAddService - ok
12:57:10.0363 0076  [ 7D87B5B6C7188D553E11B59DC7F0B111 ] HDAudBus        C:\Windows\System32\drivers\HDAudBus.sys
12:57:10.0379 0076  HDAudBus - ok
12:57:10.0394 0076  [ 3F76BBA53D65E85A7F53E7A71082082C ] HidBatt         C:\Windows\System32\drivers\HidBatt.sys
12:57:10.0426 0076  HidBatt - ok
12:57:10.0426 0076  [ A25BAE8C1F2830C8E5625EC7E4E968BE ] HidBth          C:\Windows\System32\drivers\hidbth.sys
12:57:10.0457 0076  HidBth - ok
12:57:10.0457 0076  [ CC4A07E51D89575CAB6F4EB590D87CD4 ] hidi2c          C:\Windows\System32\drivers\hidi2c.sys
12:57:10.0473 0076  hidi2c - ok
12:57:10.0488 0076  [ DC96F7DACB777CDEAEF9958A50BFDA06 ] HidIr           C:\Windows\System32\drivers\hidir.sys
12:57:10.0535 0076  HidIr - ok
12:57:10.0535 0076  [ FAC37D7B3D6354A5A5E19A45B50B4008 ] hidserv         C:\Windows\system32\hidserv.dll
12:57:10.0551 0076  hidserv - ok
12:57:10.0566 0076  [ 590B6F71BCDA4368B4BF7D8DF22B60F7 ] HidUsb          C:\Windows\System32\drivers\hidusb.sys
12:57:10.0582 0076  HidUsb - ok
12:57:10.0613 0076  [ 43F884B61A24377567CD0FEB35236334 ] hkmsvc          C:\Windows\system32\kmsvc.dll
12:57:10.0629 0076  hkmsvc - ok
12:57:10.0660 0076  [ 33DFC14DFDCCFA7AA10E392F6A8EC1CF ] HomeGroupListener C:\Windows\system32\ListSvc.dll
12:57:10.0691 0076  HomeGroupListener - ok
12:57:10.0707 0076  [ E0D9F6FE18FA7F53ADD29AF719CE2B7E ] HomeGroupProvider C:\Windows\system32\provsvc.dll
12:57:10.0754 0076  HomeGroupProvider - ok
12:57:10.0754 0076  [ 64DB7A8D97CA53DCCF93D0A1E08342CF ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
12:57:10.0769 0076  HpSAMD - ok
12:57:10.0801 0076  [ 29CB98187BB5711F7759540976D295FC ] H**P            C:\Windows\system32\drivers\H**P.sys
12:57:10.0832 0076  H**P - ok
12:57:10.0848 0076  [ 2A98301068801700906C06649860FE94 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
12:57:10.0863 0076  hwpolicy - ok
12:57:10.0863 0076  [ DC76901D82097C9E297F20C287CB9A27 ] hyperkbd        C:\Windows\System32\drivers\hyperkbd.sys
12:57:10.0879 0076  hyperkbd - ok
12:57:10.0894 0076  [ 716413AB3CA12DE0A7222D28C1C9352C ] HyperVideo      C:\Windows\system32\DRIVERS\HyperVideo.sys
12:57:10.0910 0076  HyperVideo - ok
12:57:10.0957 0076  [ C9E9CBF73AFFBFE3E801EFB516787BA3 ] i8042prt        C:\Windows\System32\drivers\i8042prt.sys
12:57:10.0988 0076  i8042prt - ok
12:57:11.0019 0076  [ 6C024B3AE192D72B216166802AF345DD ] iaStorA         C:\Windows\system32\drivers\iaStorA.sys
12:57:11.0035 0076  iaStorA - ok
12:57:11.0066 0076  [ 7F7A03D03FA18A0DB2DAC37A8D620E7F ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
12:57:11.0082 0076  IAStorDataMgrSvc ( UnsignedFile.Multi.Generic ) - warning
12:57:11.0082 0076  IAStorDataMgrSvc - detected UnsignedFile.Multi.Generic (1)
12:57:11.0113 0076  [ 5E394EBD26FD68AA9300332C46BEDD62 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
12:57:11.0129 0076  iaStorV - ok
12:57:11.0285 0076  [ E5272DDF2C9043411809171715B4633D ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
12:57:11.0520 0076  igfx - ok
12:57:11.0535 0076  [ 24847A06B84339FEEDE5CABF3D27D320 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
12:57:11.0535 0076  iirsp - ok
12:57:11.0566 0076  [ 531B5A98145DA689741A0AC18F14EA94 ] IKEEXT          C:\Windows\System32\ikeext.dll
12:57:11.0613 0076  IKEEXT - ok
12:57:11.0676 0076  [ DC052337C24A87AA1ACC8FCE4F2D5C7F ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
12:57:11.0754 0076  IntcAzAudAddService - ok
12:57:11.0801 0076  [ B353F1834FCD36D77BE3F74992C147D4 ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
12:57:11.0816 0076  Intel(R) Capability Licensing Service Interface - ok
12:57:11.0848 0076  [ 4F37726CF764CA18A8A84F85EF3A7F24 ] intelide        C:\Windows\system32\drivers\intelide.sys
12:57:11.0848 0076  intelide - ok
12:57:11.0879 0076  [ E15CDF68DD73423F15D4AC404793AF0D ] intelppm        C:\Windows\System32\drivers\intelppm.sys
12:57:11.0910 0076  intelppm - ok
12:57:11.0926 0076  [ 8FCA66234A0933D796BB780B7953BAB9 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:57:11.0957 0076  IpFilterDriver - ok
12:57:11.0988 0076  [ CAC5202757EF68C4849B0DFFA75F6D3C ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
12:57:12.0035 0076  iphlpsvc - ok
12:57:12.0051 0076  [ 6E98A046A12AA113F8898AA5D612BD6E ] IPMIDRV         C:\Windows\System32\drivers\IPMIDrv.sys
12:57:12.0082 0076  IPMIDRV - ok
12:57:12.0082 0076  [ 3969B9C218DD3FAA9F4ED2FFC3651C02 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
12:57:12.0113 0076  IPNAT - ok
12:57:12.0129 0076  [ 25CD7C4BB2863FFC2B0B311F0AEBF77C ] IRENUM          C:\Windows\system32\drivers\irenum.sys
12:57:12.0160 0076  IRENUM - ok
12:57:12.0176 0076  [ D940C5BB9DC92E588533C19ABCC3D2C2 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
12:57:12.0192 0076  isapnp - ok
12:57:12.0207 0076  [ 69C8BF0BC2B0EA10F130F4D3104DC2EF ] iScsiPrt        C:\Windows\System32\drivers\msiscsi.sys
12:57:12.0223 0076  iScsiPrt - ok
12:57:12.0223 0076  [ 5B7DE9D87B9D2713BDD6A53678DC2A49 ] jhi_service     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
12:57:12.0238 0076  jhi_service - ok
12:57:12.0238 0076  [ 8FBD94B69D6423E20ABCD59D86368B21 ] kbdclass        C:\Windows\System32\drivers\kbdclass.sys
12:57:12.0254 0076  kbdclass - ok
12:57:12.0254 0076  [ E88C932ABDF8185A62C8F2FC7B051FB6 ] kbdhid          C:\Windows\System32\drivers\kbdhid.sys
12:57:12.0270 0076  kbdhid - ok
12:57:12.0270 0076  [ FB6C185092E18011EF49989425C2AA87 ] kdnic           C:\Windows\system32\DRIVERS\kdnic.sys
12:57:12.0301 0076  kdnic - ok
12:57:12.0317 0076  [ F702AB6181513303AB0FC8D59E52708B ] KeyIso          C:\Windows\system32\lsass.exe
12:57:12.0332 0076  KeyIso - ok
12:57:12.0348 0076  [ 8B5219318DF5895ABD230C373F2DF18A ] kl1             C:\Windows\system32\DRIVERS\kl1.sys
12:57:12.0348 0076  kl1 - ok
12:57:12.0363 0076  [ F2EB9202FCCC81E0902D3C5A70037A44 ] klelam          C:\Windows\system32\DRIVERS\klelam.sys
12:57:12.0363 0076  klelam - ok
12:57:12.0395 0076  [ 5D0104D068AA740A4CD75158652EA986 ] KLIF            C:\Windows\system32\DRIVERS\klif.sys
12:57:12.0395 0076  KLIF - ok
12:57:12.0442 0076  [ 1B5B924D27399F41DECD1CC6D706429F ] KLIM6           C:\Windows\system32\DRIVERS\klim6.sys
12:57:12.0442 0076  KLIM6 - ok
12:57:12.0442 0076  [ A0B1AE842D7C7F2FDF530A7049CB988D ] klkbdflt        C:\Windows\system32\DRIVERS\klkbdflt.sys
12:57:12.0457 0076  klkbdflt - ok
12:57:12.0457 0076  [ A8FFD74947077D8BD9A80936EC24514D ] klmouflt        C:\Windows\system32\DRIVERS\klmouflt.sys
12:57:12.0457 0076  klmouflt - ok
12:57:12.0473 0076  [ 07124B89A614CB25D993B81DE041E595 ] klwfp           C:\Windows\system32\DRIVERS\klwfp.sys
12:57:12.0473 0076  klwfp - ok
12:57:12.0488 0076  [ 185D21CB8F10CFB351FF65DA88C18BC9 ] kneps           C:\Windows\system32\DRIVERS\kneps.sys
12:57:12.0488 0076  kneps - ok
12:57:12.0520 0076  [ DFA480F6DED551464F3A5B959F437800 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
12:57:12.0520 0076  KSecDD - ok
12:57:12.0551 0076  [ 127FB0AAD232BAAD2C9BBACD374F4FC5 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
12:57:12.0551 0076  KSecPkg - ok
12:57:12.0567 0076  [ 81492FEEBF2F26455B00EE8DBAE8A1B0 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
12:57:12.0582 0076  ksthunk - ok
12:57:12.0613 0076  [ 5825DBACEDC3812B5CF8D40B997BF210 ] KtmRm           C:\Windows\system32\msdtckrm.dll
12:57:12.0629 0076  KtmRm - ok
12:57:12.0645 0076  [ 256EE31588257E8A555DBFAA13F1908E ] LanmanServer    C:\Windows\system32\srvsvc.dll
12:57:12.0660 0076  LanmanServer - ok
12:57:12.0676 0076  [ 16650912BE5A94B40E0B3B4C39652B56 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:57:12.0692 0076  LanmanWorkstation - ok
12:57:12.0707 0076  [ CEEFD29FC551F289810B0B9381B321DC ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
12:57:12.0723 0076  lltdio - ok
12:57:12.0738 0076  [ BCF53485E0A94722CDE3C4A93CD8EB8C ] lltdsvc         C:\Windows\System32\lltdsvc.dll
12:57:12.0754 0076  lltdsvc - ok
12:57:12.0770 0076  [ 5A2F7F1CBC2E631A497DAD16164E06D2 ] lmhosts         C:\Windows\System32\lmhsvc.dll
12:57:12.0785 0076  lmhosts - ok
12:57:12.0801 0076  [ E70FD0D2C95F559A17321D831875593D ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
12:57:12.0817 0076  LMS - ok
12:57:12.0863 0076  [ 022CDD12161B063D7852B1075BF3FFF2 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
12:57:12.0863 0076  LSI_SAS - ok
12:57:12.0863 0076  [ 07AD59D669B996F29F91817F0ECFA34F ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
12:57:12.0879 0076  LSI_SAS2 - ok
12:57:12.0895 0076  [ 216FB796AA4E252ACCE93B1BCB80B5EC ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
12:57:12.0910 0076  LSI_SCSI - ok
12:57:12.0910 0076  [ 5E80530AF37102488EE980B4A92AF99F ] LSI_SSS         C:\Windows\system32\drivers\lsi_sss.sys
12:57:12.0926 0076  LSI_SSS - ok
12:57:12.0942 0076  [ 8FEFDCEE40B75FD23B4BC60DA6576113 ] LSM             C:\Windows\System32\lsm.dll
12:57:12.0957 0076  LSM - ok
12:57:12.0973 0076  [ 2BDC5D711FA61307CE6190D47C956368 ] luafv           C:\Windows\system32\drivers\luafv.sys
12:57:12.0988 0076  luafv - ok
12:57:13.0051 0076  [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
12:57:13.0067 0076  MBAMProtector - ok
12:57:13.0098 0076  [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
12:57:13.0113 0076  MBAMScheduler - ok
12:57:13.0129 0076  [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
12:57:13.0145 0076  MBAMService - ok
12:57:13.0160 0076  [ 9B0D829C3BE4E7472DB9DD2B79908E3C ] megasas         C:\Windows\system32\drivers\megasas.sys
12:57:13.0176 0076  megasas - ok
12:57:13.0176 0076  [ ECC3F54C7AFC318271C4F0B4606D8DB0 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
12:57:13.0192 0076  MegaSR - ok
12:57:13.0207 0076  [ 772A1DEEDFDBC244183B5C805D1B7D85 ] MEIx64          C:\Windows\System32\drivers\HECIx64.sys
12:57:13.0207 0076  MEIx64 - ok
12:57:13.0223 0076  [ EEE908BE7143FCA48CF0CB87214E2AB8 ] MMCSS           C:\Windows\system32\mmcss.dll
12:57:13.0254 0076  MMCSS - ok
12:57:13.0254 0076  [ 780098AD5DA8A4822E2563984C85EF7B ] Modem           C:\Windows\system32\drivers\modem.sys
12:57:13.0270 0076  Modem - ok
12:57:13.0285 0076  [ 83EB0BF7E6EBD5B1AAC97F9DBD5EB935 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
12:57:13.0317 0076  monitor - ok
12:57:13.0332 0076  [ 618446B98C79776654340CE27C73485E ] mouclass        C:\Windows\System32\drivers\mouclass.sys
12:57:13.0348 0076  mouclass - ok
12:57:13.0363 0076  [ CB2527B8B87D83E56FBF3944BBB6F606 ] mouhid          C:\Windows\System32\drivers\mouhid.sys
12:57:13.0379 0076  mouhid - ok
12:57:13.0395 0076  [ 89D263DBF08119CE16273991C120D6DD ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
12:57:13.0410 0076  mountmgr - ok
12:57:13.0442 0076  [ 9C3758018DED02F4AE53CCA1C5F084A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
12:57:13.0457 0076  MozillaMaintenance - ok
12:57:13.0473 0076  [ 0D1609DD82C7440F5D5BF21A9D4D5C0C ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
12:57:13.0489 0076  mpsdrv - ok
12:57:13.0520 0076  [ 3031573A739DBEE8923851929D0AF423 ] MpsSvc          C:\Windows\system32\mpssvc.dll
12:57:13.0551 0076  MpsSvc - ok
12:57:13.0551 0076  [ 3D70147F55F1EC84EB9139ED7FFE48BC ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
12:57:13.0567 0076  MRxDAV - ok
12:57:13.0598 0076  [ 877D60D6E4156EC4A2E0B6871D41BED9 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
12:57:13.0629 0076  mrxsmb - ok
12:57:13.0660 0076  [ 06D5F2FA3C61E8EA91648EA8E9F99FD3 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:57:13.0676 0076  mrxsmb10 - ok
12:57:13.0692 0076  [ E078446D4B8622AA6030C7B8A1A08962 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:57:13.0723 0076  mrxsmb20 - ok
12:57:13.0754 0076  [ 98487487D6B3797CA927E9D7B030AE13 ] MsBridge        C:\Windows\system32\DRIVERS\bridge.sys
12:57:13.0801 0076  MsBridge - ok
12:57:13.0817 0076  [ 4A07458EB4F17573BD39F22029A991C1 ] MSDTC           C:\Windows\System32\msdtc.exe
12:57:13.0817 0076  MSDTC - ok
12:57:13.0832 0076  [ 3886F1F2A4D2900ABAA7E4486BEEE6A2 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
12:57:13.0864 0076  Msfs - ok
12:57:13.0864 0076  [ C9BFB0353099B071E70299549C18C8AE ] msgpiowin32     C:\Windows\System32\drivers\msgpiowin32.sys
12:57:13.0879 0076  msgpiowin32 - ok
12:57:13.0879 0076  [ D3857A767B91A061B408CCAB02DA4F40 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
12:57:13.0895 0076  mshidkmdf - ok
12:57:13.0910 0076  [ 839B48910FB1E887635C48F3EC11A05E ] mshidumdf       C:\Windows\System32\drivers\mshidumdf.sys
12:57:13.0942 0076  mshidumdf - ok
12:57:13.0942 0076  [ 55C0DB741E3AB7463242B185B1C2997C ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
12:57:13.0957 0076  msisadrv - ok
12:57:13.0989 0076  [ 216C6B035A4BA5560E1255BD8E5BB89F ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
12:57:14.0020 0076  MSiSCSI - ok
12:57:14.0035 0076  msiserver - ok
12:57:14.0035 0076  [ 509809566E49F4411055864EA8D437CD ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
12:57:14.0067 0076  MSKSSRV - ok
12:57:14.0067 0076  [ 63145201D6458E4958E572E7D6FC2604 ] MsLldp          C:\Windows\system32\DRIVERS\mslldp.sys
12:57:14.0098 0076  MsLldp - ok
12:57:14.0114 0076  [ 99D526E803DB6D7FF290FD98B6204641 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
12:57:14.0129 0076  MSPCLOCK - ok
12:57:14.0129 0076  [ 06FA77C3E2A491ADCD704C5E73006269 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
12:57:14.0145 0076  MSPQM - ok
12:57:14.0160 0076  [ E134EC4DE11CF78CB01432D180710D84 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
12:57:14.0176 0076  MsRPC - ok
12:57:14.0192 0076  [ B5AECF12F09DEE97C9FCAA5BA016CE1E ] mssmbios        C:\Windows\System32\drivers\mssmbios.sys
12:57:14.0207 0076  mssmbios - ok
12:57:14.0207 0076  [ 72D66A05E0F99F2528F6C6204FD22AA1 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
12:57:14.0223 0076  MSTEE - ok
12:57:14.0223 0076  [ 8AAAE399FC255FA105D4158CBA289001 ] MTConfig        C:\Windows\System32\drivers\MTConfig.sys
12:57:14.0254 0076  MTConfig - ok
12:57:14.0270 0076  [ 3BCB702F3E6CC622DCAFCAA45D7CDE0A ] Mup             C:\Windows\system32\Drivers\mup.sys
12:57:14.0270 0076  Mup - ok
12:57:14.0286 0076  [ 3A1E095277BBD406CEA8EA6B76950664 ] mvumis          C:\Windows\system32\drivers\mvumis.sys
12:57:14.0301 0076  mvumis - ok
12:57:14.0332 0076  [ 4B18840511D720BA118D3017E8165875 ] napagent        C:\Windows\system32\qagentRT.dll
12:57:14.0364 0076  napagent - ok
12:57:14.0379 0076  [ 43D7388A90A4C6EA346A4D6FF0377479 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
12:57:14.0410 0076  NativeWifiP - ok
12:57:14.0457 0076  [ E0E4A1F81A7D69C595A8A9DDAD084C19 ] NAUpdate        C:\Program Files (x86)\Nero\Update\NASvc.exe
12:57:14.0457 0076  NAUpdate - ok
12:57:14.0489 0076  [ 6A0C3996DA7DAE6D6939676D786EEEC4 ] NcaSvc          C:\Windows\System32\ncasvc.dll
12:57:14.0504 0076  NcaSvc - ok
12:57:14.0535 0076  [ C982FE4CC91DECE2259F494FCEB4030F ] NcdAutoSetup    C:\Windows\System32\NcdAutoSetup.dll
12:57:14.0567 0076  NcdAutoSetup - ok
12:57:14.0614 0076  [ 0F89AE618DBA5D8AB7A2DFCC375F4159 ] NDIS            C:\Windows\system32\drivers\ndis.sys
12:57:14.0629 0076  NDIS - ok
12:57:14.0645 0076  [ 39C8A1D9D46F5E83A016BCAB72455284 ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
12:57:14.0661 0076  NdisCap - ok
12:57:14.0676 0076  [ 762941932B7E4C588E48A577BA9D6440 ] NdisImPlatform  C:\Windows\system32\DRIVERS\NdisImPlatform.sys
12:57:14.0692 0076  NdisImPlatform - ok
12:57:14.0707 0076  [ 7A6F8A6D0E01432EBA294EF29CDD0FA7 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
12:57:14.0739 0076  NdisTapi - ok
12:57:14.0754 0076  [ 79AB68BB3FFF974AD4F41FA559F4EC67 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
12:57:14.0786 0076  Ndisuio - ok
12:57:14.0786 0076  [ 62C7DBF4F9301F76CF87D4B9D8F57BF8 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
12:57:14.0801 0076  NdisWan - ok
12:57:14.0801 0076  [ 62C7DBF4F9301F76CF87D4B9D8F57BF8 ] NDISWANLEGACY   C:\Windows\system32\DRIVERS\ndiswan.sys
12:57:14.0817 0076  NDISWANLEGACY - ok
12:57:14.0832 0076  [ CE6EBC0AD38CC6482D8FBB744FF15CE2 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
12:57:14.0848 0076  NDProxy - ok
12:57:14.0864 0076  [ D3F60A4345FCA9C1BE68AD7D0D6DE770 ] Ndu             C:\Windows\system32\drivers\Ndu.sys
12:57:14.0879 0076  Ndu - ok
12:57:14.0895 0076  [ 7C203A76394F9AE68F69EEE5F9612C4A ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
12:57:14.0911 0076  NetBIOS - ok
12:57:14.0926 0076  [ 7CEC25C682D319D484630B3952C31A11 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
12:57:14.0957 0076  NetBT - ok
12:57:14.0973 0076  [ F702AB6181513303AB0FC8D59E52708B ] Netlogon        C:\Windows\system32\lsass.exe
12:57:14.0973 0076  Netlogon - ok
12:57:14.0989 0076  [ 89519D29CBEC2121CA65CC29C4D345E0 ] Netman          C:\Windows\System32\netman.dll
12:57:15.0020 0076  Netman - ok
12:57:15.0020 0076  [ 20F6FD63E6D456114BC8056D62792786 ] netprofm        C:\Windows\System32\netprofmsvc.dll
12:57:15.0052 0076  netprofm - ok
12:57:15.0099 0076  [ 5243CFC2E7161C91C2B355240035B9E4 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:57:15.0114 0076  NetTcpPortSharing - ok
12:57:15.0130 0076  [ 12DD2800E4EEA37DC9AE256AD62423B4 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
12:57:15.0130 0076  nfrd960 - ok
12:57:15.0192 0076  [ 80ABCD4C2DE9FD832477303AE0CA3BE5 ] NlaSvc          C:\Windows\System32\nlasvc.dll
12:57:15.0224 0076  NlaSvc - ok
12:57:15.0224 0076  [ 17E19A742FB30C002F8B43575451DBE1 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
12:57:15.0239 0076  Npfs - ok
12:57:15.0255 0076  [ 8ED299C30792544264E558BEA79F0947 ] npsvctrig       C:\Windows\System32\drivers\npsvctrig.sys
12:57:15.0271 0076  npsvctrig - ok
12:57:15.0302 0076  [ 832B5FDF0B5577713FD7F2465FCD0ACE ] nsi             C:\Windows\system32\nsisvc.dll
12:57:15.0317 0076  nsi - ok
12:57:15.0333 0076  [ 689B3B1E95C70ABF7AFF29F9406EF1E0 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
12:57:15.0349 0076  nsiproxy - ok
12:57:15.0380 0076  [ 4A7EEA9C4AD5CBFDA3C0E5B821C99CAD ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
12:57:15.0427 0076  Ntfs - ok
12:57:15.0427 0076  [ 4163ADE07DB51843AE31F65B94F5398D ] Null            C:\Windows\system32\drivers\Null.sys
12:57:15.0442 0076  Null - ok
12:57:15.0458 0076  [ 1F07B814C0BB5AABA703ABFF1F31F2E8 ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys
12:57:15.0474 0076  NVHDA - ok
12:57:15.0599 0076  [ FE2909F7DFB12B9A20AD207FE23B7E96 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
12:57:15.0786 0076  nvlddmkm - ok
12:57:15.0802 0076  [ D6D34118263412D3AAA8348A9572B7F2 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
12:57:15.0818 0076  nvraid - ok
12:57:15.0818 0076  [ 27AFC428D1D32ABD04A86763A4EDDEA9 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
12:57:15.0818 0076  nvstor - ok
12:57:15.0849 0076  [ 3341D2C91989BC87C3C0BAA97C27253B ] nvsvc           C:\Windows\system32\nvvsvc.exe
12:57:15.0864 0076  nvsvc - ok
12:57:15.0896 0076  [ 551CE34DAD2DFF0A480781E68B286E4D ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
12:57:15.0927 0076  nvUpdatusService - ok
12:57:15.0927 0076  [ 051CFB5107BAAE510419BDC41F8C4036 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
12:57:15.0943 0076  nv_agp - ok
12:57:16.0036 0076  [ 4E5989A0033E9805BC626A3B660362F6 ] OfficeSvc       C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
12:57:16.0083 0076  OfficeSvc - ok
12:57:16.0115 0076  [ 30B5F9FB0C35AE6B4A0851D24CE2EE8B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:57:16.0130 0076  ose - ok
12:57:16.0224 0076  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
12:57:16.0302 0076  osppsvc - ok
12:57:16.0318 0076  [ AB76700D764A342D7475FB8F47CAB18C ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
12:57:16.0349 0076  p2pimsvc - ok
12:57:16.0365 0076  [ 4319FD931DCD796435ECB5DB4A04FBA5 ] p2psvc          C:\Windows\system32\p2psvc.dll
12:57:16.0380 0076  p2psvc - ok
12:57:16.0380 0076  [ 4563DAF8C6A740AD7F501E219BD10766 ] Parport         C:\Windows\System32\drivers\parport.sys
12:57:16.0412 0076  Parport - ok
12:57:16.0412 0076  [ C1D7BA7F0DE487DFEEB51BF8D3EC5562 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
12:57:16.0427 0076  partmgr - ok
12:57:16.0459 0076  [ 4811D9EC53649105A5A8BEA661B0F936 ] PcaSvc          C:\Windows\System32\pcasvc.dll
12:57:16.0490 0076  PcaSvc - ok
12:57:16.0490 0076  [ 4A003E8F718C1E6A2050CA98CD53E3E2 ] pci             C:\Windows\system32\drivers\pci.sys
12:57:16.0505 0076  pci - ok
12:57:16.0537 0076  [ F9908D274D458220F91E89B54D78D837 ] pciide          C:\Windows\system32\drivers\pciide.sys
12:57:16.0553 0076  pciide - ok
12:57:16.0568 0076  [ 84D19CB6102627932DCB5DFDF89FE269 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
12:57:16.0584 0076  pcmcia - ok
12:57:16.0600 0076  [ CEBBAD5391C2644560C55628A40BFD27 ] pcw             C:\Windows\system32\drivers\pcw.sys
12:57:16.0615 0076  pcw - ok
12:57:16.0631 0076  [ EF9B4F3136B4C45F421ADE6871659FB6 ] pdc             C:\Windows\system32\drivers\pdc.sys
12:57:16.0631 0076  pdc - ok
12:57:16.0646 0076  [ 70DBB6A8B52B3830922F1C5789E1BEEB ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
12:57:16.0678 0076  PEAUTH - ok
12:57:16.0725 0076  [ EB88FA19F0EA05DD04BE9C5FFEEFFE1A ] PerfHost        C:\Windows\SysWow64\perfhost.exe
12:57:16.0756 0076  PerfHost - ok
12:57:16.0803 0076  [ 6E84BFF58F7643499277F29DFA2F8C8D ] pla             C:\Windows\system32\pla.dll
12:57:16.0850 0076  pla - ok
12:57:16.0865 0076  [ 799BE46D45D486704CE0F37CA5385262 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
12:57:16.0881 0076  PlugPlay - ok
12:57:16.0881 0076  [ 8E2414E818C26C4A9C70CB2B8567F04F ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
12:57:16.0896 0076  PNRPAutoReg - ok
12:57:16.0912 0076  [ AB76700D764A342D7475FB8F47CAB18C ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
12:57:16.0912 0076  PNRPsvc - ok
12:57:16.0928 0076  [ 5BC4D480DD527EB0CF33A67A090A130E ] Point64         C:\Windows\System32\drivers\point64.sys
12:57:16.0943 0076  Point64 - ok
12:57:16.0959 0076  [ 0108C8E5176D590F242701EF5A62CC26 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
12:57:16.0975 0076  PolicyAgent - ok
12:57:17.0006 0076  [ F1E067F56373F11EA4B785CAE823740A ] Power           C:\Windows\system32\umpo.dll
12:57:17.0006 0076  Power - ok
12:57:17.0022 0076  [ 362D47E5B4D67270DE4B8606036F4ADD ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
12:57:17.0053 0076  PptpMiniport - ok
12:57:17.0115 0076  [ C2D3B3D0060619D5E03E696BD56FF59F ] PrintNotify     C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll
12:57:17.0194 0076  PrintNotify - ok
12:57:17.0209 0076  [ DD979EB6A7212F60E4AFBE96EDC7AE6D ] Processor       C:\Windows\System32\drivers\processr.sys
12:57:17.0225 0076  Processor - ok
12:57:17.0240 0076  [ 429E8502AD2227CF88F8840FC5BD590D ] ProfSvc         C:\Windows\system32\profsvc.dll
12:57:17.0256 0076  ProfSvc - ok
12:57:17.0272 0076  [ EB8034147D4820CD31BFCB11A2A652DF ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
12:57:17.0287 0076  Psched - ok
12:57:17.0287 0076  [ 0AFBF333B6F87A2F598EAB379AF100B8 ] QWAVE           C:\Windows\system32\qwave.dll
12:57:17.0319 0076  QWAVE - ok
12:57:17.0334 0076  [ 13D47BB0CCA2FC51BD15F8E85C6A078E ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
12:57:17.0365 0076  QWAVEdrv - ok
12:57:17.0381 0076  [ 873C60F8178100557740A832FCE10B5F ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
12:57:17.0397 0076  RasAcd - ok
12:57:17.0412 0076  [ 69B93F623B130976243ECA3D84CC99CA ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
12:57:17.0444 0076  RasAgileVpn - ok
12:57:17.0444 0076  [ 005F6E54C4A2DA4EBF68FB0392CE8BB0 ] RasAuto         C:\Windows\System32\rasauto.dll
12:57:17.0459 0076  RasAuto - ok
12:57:17.0475 0076  [ A14D625C5AEE5FFE0F47D1A1D419FAAE ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
12:57:17.0490 0076  Rasl2tp - ok
12:57:17.0506 0076  [ C923C785A2DE0B396AD6D13ACAFF2DE9 ] RasMan          C:\Windows\System32\rasmans.dll
12:57:17.0522 0076  RasMan - ok
12:57:17.0537 0076  [ 00695B9C2DB6111064499C529E90C042 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
12:57:17.0553 0076  RasPppoe - ok
12:57:17.0584 0076  [ A7F24D8CD1956B0A1FDCB86CC5114DE4 ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
12:57:17.0600 0076  RasSstp - ok
12:57:17.0615 0076  [ B72C33DBD5326B3864CF2091AF8B906B ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
12:57:17.0631 0076  rdbss - ok
12:57:17.0647 0076  [ CA7DF5EC95D8DE0DD24BE7FF97369F68 ] rdpbus          C:\Windows\System32\drivers\rdpbus.sys
12:57:17.0678 0076  rdpbus - ok
12:57:17.0678 0076  [ B2A3AD74FF2E2FFA73AF2567108231B3 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
12:57:17.0709 0076  RDPDR - ok
12:57:17.0740 0076  [ 57F4787E4602A3FCA719C0A33137C6DA ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
12:57:17.0756 0076  RdpVideoMiniport - ok
12:57:17.0772 0076  [ B3CB0721E81E30419CE7D837EF4EA151 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
12:57:17.0803 0076  RDPWD - ok
12:57:17.0834 0076  [ 62C1F8A0685FE07E998AA296C4F697C4 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
12:57:17.0850 0076  rdyboost - ok
12:57:17.0865 0076  [ 3663CCF243EE0C04E9F6F91ED1737273 ] RemoteAccess    C:\Windows\System32\mprdim.dll
12:57:17.0881 0076  RemoteAccess - ok
12:57:17.0912 0076  [ E80DD61E52EDFFF9DA1ED7260A68855B ] RemoteRegistry  C:\Windows\system32\regsvc.dll
12:57:17.0928 0076  RemoteRegistry - ok
12:57:17.0959 0076  [ 73F2E030B5C24E4E41401B5F0D59E6FD ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
12:57:17.0975 0076  RpcEptMapper - ok
12:57:17.0990 0076  [ 10B21284B3D964AB3DC45490E57D422E ] RpcLocator      C:\Windows\system32\locator.exe
12:57:18.0006 0076  RpcLocator - ok
12:57:18.0037 0076  [ 1EC6E533C954BDDF2A37E7851A7E58FD ] RpcSs           C:\Windows\system32\rpcss.dll
12:57:18.0053 0076  RpcSs - ok
12:57:18.0084 0076  [ E04E770DD198B9399640717145E79EBF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
12:57:18.0084 0076  rspndr - ok
12:57:18.0115 0076  [ 34DA0D14F5C3F1883A331AFB975AB434 ] RTL8168         C:\Windows\system32\DRIVERS\Rt630x64.sys
12:57:18.0115 0076  RTL8168 - ok
12:57:18.0147 0076  [ 3326E37583FBA1B00ECE8DAEBEFC291D ] RTL8192cu       C:\Windows\system32\DRIVERS\rtwlanu.sys
12:57:18.0178 0076  RTL8192cu - ok
12:57:18.0209 0076  [ 3326E37583FBA1B00ECE8DAEBEFC291D ] RtlWlanu        C:\Windows\system32\DRIVERS\rtwlanu.sys
12:57:18.0225 0076  RtlWlanu - ok
12:57:18.0287 0076  [ 752EC7DCD2F96871A3857EEE6AFE965A ] s3cap           C:\Windows\System32\drivers\vms3cap.sys
12:57:18.0287 0076  s3cap - ok
12:57:18.0303 0076  [ F702AB6181513303AB0FC8D59E52708B ] SamSs           C:\Windows\system32\lsass.exe
12:57:18.0319 0076  SamSs - ok
12:57:18.0334 0076  [ B30E88BDF6A336FAB852C977B8A1EA78 ] Samsung Network Fax Server C:\Windows\system32\spool\drivers\x64\3\NetFaxServer64.exe
12:57:18.0350 0076  Samsung Network Fax Server ( UnsignedFile.Multi.Generic ) - warning
12:57:18.0350 0076  Samsung Network Fax Server - detected UnsignedFile.Multi.Generic (1)
12:57:18.0365 0076  [ 9C7B28CE0D136DB226E24DB3BC817F92 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
12:57:18.0381 0076  sbp2port - ok
12:57:18.0397 0076  [ 14316954FCE79C9DE5A0AFF9D42C83AA ] SCardSvr        C:\Windows\System32\SCardSvr.dll
12:57:18.0428 0076  SCardSvr - ok
12:57:18.0444 0076  [ 5D7733A12756B267FCA021672B26BC9E ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
12:57:18.0459 0076  scfilter - ok
12:57:18.0475 0076  [ EDCDF4DB82EF825B94B190D544C8C58B ] Schedule        C:\Windows\system32\schedsvc.dll
12:57:18.0506 0076  Schedule - ok
12:57:18.0537 0076  [ BAF8F0F55BC300E5F882E521F054E345 ] SCPolicySvc     C:\Windows\System32\certprop.dll
12:57:18.0537 0076  SCPolicySvc - ok
12:57:18.0569 0076  [ 66E29CADF9FF6C8325C356BDD617F7EA ] sdbus           C:\Windows\System32\drivers\sdbus.sys
12:57:18.0569 0076  sdbus - ok
12:57:18.0600 0076  [ 92968277ED491E4B3DDA361E3952361E ] SDRSVC          C:\Windows\System32\SDRSVC.dll
12:57:18.0631 0076  SDRSVC - ok
12:57:18.0678 0076  [ BB107AA9980B0DA4E19A3A90C3BD4460 ] sdstor          C:\Windows\System32\drivers\sdstor.sys
12:57:18.0678 0076  sdstor - ok
12:57:18.0694 0076  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
12:57:18.0725 0076  secdrv - ok
12:57:18.0740 0076  [ CD282626738B6BC92B6E7CD0AAE95B63 ] seclogon        C:\Windows\system32\seclogon.dll
12:57:18.0756 0076  seclogon - ok
12:57:18.0772 0076  [ 9C51620998F0763039DFA6BF68E475ED ] SENS            C:\Windows\System32\sens.dll
12:57:18.0787 0076  SENS - ok
12:57:18.0803 0076  [ 0D50B4B860DAB65241628D04CD33ACAE ] SensrSvc        C:\Windows\system32\sensrsvc.dll
12:57:18.0819 0076  SensrSvc - ok
12:57:18.0834 0076  [ 87C46B239A7EEF30FDFDD5E9BD46130C ] SerCx           C:\Windows\system32\drivers\SerCx.sys
12:57:18.0850 0076  SerCx - ok
12:57:18.0865 0076  [ 7A1F9347C85FD55E39B8A76B3A25C5AD ] Serenum         C:\Windows\System32\drivers\serenum.sys
12:57:18.0881 0076  Serenum - ok
12:57:18.0912 0076  [ F640A0A218BBF857F1D04A15D7D939F6 ] Serial          C:\Windows\System32\drivers\serial.sys
12:57:18.0928 0076  Serial - ok
12:57:18.0944 0076  [ F1A5F56B2620B862CC28FF96A0A6DAAB ] sermouse        C:\Windows\System32\drivers\sermouse.sys
12:57:18.0959 0076  sermouse - ok
12:57:18.0975 0076  [ CB60A60340788C8D6DE2A269D28086AB ] SessionEnv      C:\Windows\system32\sessenv.dll
12:57:19.0006 0076  SessionEnv - ok
12:57:19.0006 0076  [ 7EE65419B29302C795714FF8073969A1 ] sfloppy         C:\Windows\System32\drivers\sfloppy.sys
12:57:19.0022 0076  sfloppy - ok
12:57:19.0053 0076  [ 090AE16F79C8EAD04E6031F863DA85F3 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
12:57:19.0069 0076  SharedAccess - ok
12:57:19.0100 0076  [ A77F3ABE13FCC698511E5DEC7ACEBD5F ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:57:19.0178 0076  ShellHWDetection - ok
12:57:19.0194 0076  [ 2560721D6F16D5B611C36A3A9D28C1B2 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
12:57:19.0209 0076  SiSRaid2 - ok
12:57:19.0225 0076  [ 3AA8FDE1DBF65BB8B88B053529554A0D ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
12:57:19.0240 0076  SiSRaid4 - ok
12:57:19.0256 0076  [ E660156A4588A84305CB772FD2C0DB21 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
12:57:19.0287 0076  SNMPTRAP - ok
12:57:19.0303 0076  [ 465F3C355CE5ED2779B8F460F14C5A78 ] spaceport       C:\Windows\system32\drivers\spaceport.sys
12:57:19.0319 0076  spaceport - ok
12:57:19.0334 0076  [ 3D8679C8DF52EB26EB7583A4E0A29202 ] SpbCx           C:\Windows\system32\drivers\SpbCx.sys
12:57:19.0350 0076  SpbCx - ok
12:57:19.0365 0076  [ 3F215BF2D4D8D6756298B25B579772C2 ] Spooler         C:\Windows\System32\spoolsv.exe
12:57:19.0397 0076  Spooler - ok
12:57:19.0444 0076  [ EC84D961501054F87A6878EC5D53388F ] sppsvc          C:\Windows\system32\sppsvc.exe
12:57:19.0537 0076  sppsvc - ok
12:57:19.0553 0076  [ 0F1FCD575A03ABDE13FCA9D0ADE4DDA6 ] srv             C:\Windows\system32\DRIVERS\srv.sys
12:57:19.0569 0076  srv - ok
12:57:19.0584 0076  [ C2106BB710AA34A046126AED7BCA6964 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
12:57:19.0631 0076  srv2 - ok
12:57:19.0662 0076  [ 9400C71F5A1A380B494B6922F007D485 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
12:57:19.0678 0076  srvnet - ok
12:57:19.0694 0076  [ 7A20882D76D4A78240A5AC9F2C2EBA21 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
12:57:19.0725 0076  SSDPSRV - ok
12:57:19.0741 0076  [ 0211AB46B73A2623B86C1CFCB30579AB ] SSPORT          C:\Windows\system32\Drivers\SSPORT.sys
12:57:19.0741 0076  SSPORT - ok
12:57:19.0756 0076  [ D233B16999A8E626F6004BD7814C57EC ] SstpSvc         C:\Windows\system32\sstpsvc.dll
12:57:19.0787 0076  SstpSvc - ok
12:57:19.0850 0076  [ 0632004181860960CF6E10DE8DDEF78B ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
12:57:19.0866 0076  Stereo Service - ok
12:57:19.0881 0076  [ 4E85355B94CFCB67C135F6521A4895A7 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
12:57:19.0897 0076  stexstor - ok
12:57:19.0912 0076  [ BAC8A721736AECC55A4F71523AEAB65F ] stisvc          C:\Windows\System32\wiaservc.dll
12:57:19.0944 0076  stisvc - ok
12:57:19.0944 0076  [ C588BBD37B432CE3204E5765B459E6B2 ] storahci        C:\Windows\system32\drivers\storahci.sys
12:57:19.0959 0076  storahci - ok
12:57:19.0975 0076  [ F74DBC95A57B1EE866D3732EB5F79BE2 ] storflt         C:\Windows\system32\DRIVERS\vmstorfl.sys
12:57:19.0975 0076  storflt - ok
12:57:19.0991 0076  [ 5337E138B49ED1F44CCBA4073BC35C20 ] StorSvc         C:\Windows\system32\storsvc.dll
12:57:20.0022 0076  StorSvc - ok
12:57:20.0038 0076  [ 543CD3CC0E05B8D8815E0D4F040B6F59 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
12:57:20.0038 0076  storvsc - ok
12:57:20.0053 0076  [ 8BC1C1ED6EF9C985A3FAA6A72F41679A ] svsvc           C:\Windows\system32\svsvc.dll
12:57:20.0069 0076  svsvc - ok
12:57:20.0069 0076  [ 4AFD66AAE74FFB5986BC240744DC5FC9 ] swenum          C:\Windows\System32\drivers\swenum.sys
12:57:20.0069 0076  swenum - ok
12:57:20.0085 0076  [ 502F9488540051F3E6C39889ECFA76BB ] swprv           C:\Windows\System32\swprv.dll
12:57:20.0116 0076  swprv - ok
12:57:20.0147 0076  [ DC21E1F06343773D7E24362DCEF7944B ] SysMain         C:\Windows\system32\sysmain.dll
12:57:20.0178 0076  SysMain - ok
12:57:20.0194 0076  [ E219BF7BCCFE4881B0C053C7E0B47ECC ] SystemEventsBroker C:\Windows\System32\SystemEventsBrokerServer.dll
12:57:20.0225 0076  SystemEventsBroker - ok
12:57:20.0225 0076  [ A6C06C45C44AD06C70AF8899AEC15BDC ] TabletInputService C:\Windows\System32\TabSvc.dll
12:57:20.0256 0076  TabletInputService - ok
12:57:20.0272 0076  [ 88B7721AB551C4325036B25A34A2BF7B ] TapiSrv         C:\Windows\System32\tapisrv.dll
12:57:20.0288 0076  TapiSrv - ok
12:57:20.0335 0076  [ 1D644E2D0FC395A055AB1C23C3B43631 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
12:57:20.0381 0076  Tcpip - ok
12:57:20.0428 0076  [ 1D644E2D0FC395A055AB1C23C3B43631 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
12:57:20.0475 0076  TCPIP6 - ok
12:57:20.0491 0076  [ 8F2A13A5DF99D72FDDE87F502A66F989 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
12:57:20.0506 0076  tcpipreg - ok
12:57:20.0522 0076  [ 73DC722CE5DF26D7638CE2446F2655C7 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
12:57:20.0538 0076  tdx - ok
12:57:20.0538 0076  [ F7C8AB5D8AFFAA318D6A21093D139BF4 ] terminpt        C:\Windows\System32\drivers\terminpt.sys
12:57:20.0553 0076  terminpt - ok
12:57:20.0569 0076  [ 541EE228D0DEF392F7B2DFD885DD021B ] TermService     C:\Windows\System32\termsrv.dll
12:57:20.0600 0076  TermService - ok
12:57:20.0600 0076  [ 519A6F672FFF56B7D8EE8C730CEC8ECD ] Themes          C:\Windows\system32\themeservice.dll
12:57:20.0616 0076  Themes - ok
12:57:20.0631 0076  [ EEE908BE7143FCA48CF0CB87214E2AB8 ] THREADORDER     C:\Windows\system32\mmcss.dll
12:57:20.0631 0076  THREADORDER - ok
12:57:20.0647 0076  [ FF4135424A79DCC2998276D8E39C9B4D ] TimeBroker      C:\Windows\System32\TimeBrokerServer.dll
12:57:20.0663 0076  TimeBroker - ok
12:57:20.0678 0076  [ B44EFE254C0B3719E4037088D24FE4B5 ] TPM             C:\Windows\system32\drivers\tpm.sys
12:57:20.0678 0076  TPM - ok
12:57:20.0694 0076  [ 8C8CF3041B27E7657ADD0EE17F6DBFCA ] TrkWks          C:\Windows\System32\trkwks.dll
12:57:20.0710 0076  TrkWks - ok
12:57:20.0741 0076  [ 8D516AEF3C1DF980664CF17BB1FF6093 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:57:20.0772 0076  TrustedInstaller - ok
12:57:20.0788 0076  [ 4E7C5FB10A50435523DE0CAA37DE2BD3 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
12:57:20.0803 0076  TsUsbFlt - ok
12:57:20.0819 0076  [ 16D684A820872EE54F6370703AC0B513 ] TsUsbGD         C:\Windows\System32\drivers\TsUsbGD.sys
12:57:20.0850 0076  TsUsbGD - ok
12:57:20.0850 0076  [ 78C9EE193AC2B4CBDBC48B620314D740 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
12:57:20.0882 0076  tunnel - ok
12:57:20.0913 0076  [ 6D4F67CA56ACA2085DFA2CD89EAFBC1A ] uagp35          C:\Windows\system32\drivers\uagp35.sys
12:57:20.0913 0076  uagp35 - ok
12:57:20.0928 0076  [ 6FD6D03B7752C78712E5CFF29A305026 ] UASPStor        C:\Windows\System32\drivers\uaspstor.sys
12:57:20.0928 0076  UASPStor - ok
12:57:20.0960 0076  [ 1ED222DFE6C13DA50FE081ABF90CAFE1 ] UCX01000        C:\Windows\System32\drivers\ucx01000.sys
12:57:20.0975 0076  UCX01000 - ok
12:57:20.0991 0076  [ DC5A461591C71AF7F19DC048A81E3F88 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
12:57:21.0038 0076  udfs - ok
12:57:21.0053 0076  [ FB3475FEA1CCB0DAEA1EBE44D0E3BB7D ] UI0Detect       C:\Windows\system32\UI0Detect.exe
12:57:21.0085 0076  UI0Detect - ok
12:57:21.0085 0076  [ 07FEBCDF24FABA0D47B635D85A0FFB7A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
12:57:21.0100 0076  uliagpkx - ok
12:57:21.0116 0076  [ 02CEB3FE6152668A7BA420B93B664860 ] umbus           C:\Windows\System32\drivers\umbus.sys
12:57:21.0132 0076  umbus - ok
12:57:21.0132 0076  [ 991EE6B5FC41EAEF99C8AF5B92F2CA09 ] UmPass          C:\Windows\System32\drivers\umpass.sys
12:57:21.0147 0076  UmPass - ok
12:57:21.0163 0076  [ 43FEFB040A0CC30F795FBF544169594D ] UmRdpService    C:\Windows\System32\umrdp.dll
12:57:21.0178 0076  UmRdpService - ok
12:57:21.0225 0076  [ C485FB802F6C4A306B8F89BA087E5CA2 ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
12:57:21.0241 0076  UNS - ok
12:57:21.0257 0076  [ 14D22C411854AA2560AFC94CD2D5E61F ] upnphost        C:\Windows\System32\upnphost.dll
12:57:21.0272 0076  upnphost - ok
12:57:21.0288 0076  [ 2AF9F0E16D75B8F783A1ACE74EF51C9B ] usbccgp         C:\Windows\System32\drivers\usbccgp.sys
12:57:21.0304 0076  usbccgp - ok
12:57:21.0319 0076  [ B395B62B62F28106218FA6FB17F4C797 ] usbcir          C:\Windows\System32\drivers\usbcir.sys
12:57:21.0335 0076  usbcir - ok
12:57:21.0350 0076  [ 52F267AEE8CA5AA5CEB88C6A71EE1E86 ] usbehci         C:\Windows\System32\drivers\usbehci.sys
12:57:21.0366 0076  usbehci - ok
12:57:21.0366 0076  [ FBB6794E3BBAD92D66D59D206C1F849F ] usbhub          C:\Windows\System32\drivers\usbhub.sys
12:57:21.0382 0076  usbhub - ok
12:57:21.0397 0076  [ B7A948501424805571BF562BB0BFE31D ] USBHUB3         C:\Windows\System32\drivers\UsbHub3.sys
12:57:21.0413 0076  USBHUB3 - ok
12:57:21.0429 0076  [ 325F6179009B5A7F6118951A5BA422AB ] usbohci         C:\Windows\System32\drivers\usbohci.sys
12:57:21.0429 0076  usbohci - ok
12:57:21.0444 0076  [ BA3ABE0CD1C14B3295BAD0F076B84CAC ] usbprint        C:\Windows\System32\drivers\usbprint.sys
12:57:21.0475 0076  usbprint - ok
12:57:21.0491 0076  [ A9858597B6DB695F78A37F6755A6FF98 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
12:57:21.0507 0076  usbscan - ok
12:57:21.0522 0076  [ F77177F6C95B2116EE7AD23B5EF57007 ] USBSTOR         C:\Windows\System32\drivers\USBSTOR.SYS
12:57:21.0538 0076  USBSTOR - ok
12:57:21.0538 0076  [ D25EF4A6EC244C5DE85D88A05B7C149D ] usbuhci         C:\Windows\System32\drivers\usbuhci.sys
12:57:21.0554 0076  usbuhci - ok
12:57:21.0569 0076  [ 9CD4259AD15F84DE27B94A956C978D6C ] USBXHCI         C:\Windows\System32\drivers\USBXHCI.SYS
12:57:21.0585 0076  USBXHCI - ok
12:57:21.0585 0076  [ F702AB6181513303AB0FC8D59E52708B ] VaultSvc        C:\Windows\system32\lsass.exe
12:57:21.0600 0076  VaultSvc - ok
12:57:21.0600 0076  [ BACECBFF9C97F7627A60B0E0F1FE7EE8 ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
12:57:21.0616 0076  vdrvroot - ok
12:57:21.0632 0076  [ 8A8CDA9E3CF2E0B4C6CC19FBC6FB9A71 ] vds             C:\Windows\System32\vds.exe
12:57:21.0663 0076  vds - ok
12:57:21.0679 0076  [ 74FA2D4368DE6F6CE14393EDF1F342BE ] VerifierExt     C:\Windows\system32\drivers\VerifierExt.sys
12:57:21.0679 0076  VerifierExt - ok
12:57:21.0694 0076  [ 8628FA679F0EC4B709CCD1F6B6A3233B ] vhdmp           C:\Windows\System32\drivers\vhdmp.sys
12:57:21.0710 0076  vhdmp - ok
12:57:21.0725 0076  [ F5B4A14B00E89250C50982AC762DDD1D ] viaide          C:\Windows\system32\drivers\viaide.sys
12:57:21.0725 0076  viaide - ok
12:57:21.0757 0076  [ 78DB50F7329F6D1311658DABFFFC8BE0 ] vmbus           C:\Windows\system32\drivers\vmbus.sys
12:57:21.0772 0076  vmbus - ok
12:57:21.0788 0076  [ ECFEE2F2BA3932C7880D1A8F67D68F91 ] VMBusHID        C:\Windows\System32\drivers\VMBusHID.sys
12:57:21.0804 0076  VMBusHID - ok
12:57:21.0819 0076  [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicheartbeat   C:\Windows\System32\ICSvc.dll
12:57:21.0850 0076  vmicheartbeat - ok
12:57:21.0850 0076  [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmickvpexchange C:\Windows\System32\ICSvc.dll
12:57:21.0866 0076  vmickvpexchange - ok
12:57:21.0882 0076  [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicrdv         C:\Windows\System32\ICSvc.dll
12:57:21.0882 0076  vmicrdv - ok
12:57:21.0897 0076  [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicshutdown    C:\Windows\System32\ICSvc.dll
12:57:21.0897 0076  vmicshutdown - ok
12:57:21.0897 0076  [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmictimesync    C:\Windows\System32\ICSvc.dll
12:57:21.0913 0076  vmictimesync - ok
12:57:21.0929 0076  [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicvss         C:\Windows\System32\ICSvc.dll
12:57:21.0944 0076  vmicvss - ok
12:57:21.0960 0076  [ CB60FAAED8B49B812EBBF77EB87D9B18 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
12:57:21.0960 0076  volmgr - ok
12:57:21.0975 0076  [ A74101DA9809251BCD0E5A26BAE0F824 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
12:57:21.0991 0076  volmgrx - ok
12:57:21.0991 0076  [ 2FB3CDFD5EAF4CD9D4AFAF96877D13AE ] volsnap         C:\Windows\system32\drivers\volsnap.sys
12:57:22.0007 0076  volsnap - ok
12:57:22.0007 0076  [ A8DA1C1B52ECEA3726DEBED4FF1B700D ] vpci            C:\Windows\System32\drivers\vpci.sys
12:57:22.0022 0076  vpci - ok
12:57:22.0022 0076  [ 38A60CD9C009C55C6D3B5586F8E6A353 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
12:57:22.0038 0076  vsmraid - ok
12:57:22.0054 0076  [ EA658570314042C914964FC72AB50E6B ] VSS             C:\Windows\system32\vssvc.exe
12:57:22.0100 0076  VSS - ok
12:57:22.0116 0076  [ A0F6FE0FC2F647C22BBFD6BD4249DBCC ] VSTXRAID        C:\Windows\system32\drivers\vstxraid.sys
12:57:22.0132 0076  VSTXRAID - ok
12:57:22.0147 0076  [ 62460A45435A26A334907E3F2EA45611 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
12:57:22.0163 0076  vwifibus - ok
12:57:22.0179 0076  [ 095E943D27025E4D588AF0A72CC2318F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
12:57:22.0194 0076  vwififlt - ok
12:57:22.0194 0076  [ 73FA1A41A97A5C34ADC03B3577FF1A86 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
12:57:22.0210 0076  vwifimp - ok
12:57:22.0225 0076  [ F690B6EEAA94576727B24376D7ED3601 ] W32Time         C:\Windows\system32\w32time.dll
12:57:22.0241 0076  W32Time - ok
12:57:22.0257 0076  [ 6B806E893714019969E2B50D7EF6A4D9 ] WacomPen        C:\Windows\System32\drivers\wacompen.sys
12:57:22.0272 0076  WacomPen - ok
12:57:22.0288 0076  [ 6081CEC9EF9EB145D8B46655C7708D51 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
12:57:22.0304 0076  Wanarp - ok
12:57:22.0304 0076  [ 6081CEC9EF9EB145D8B46655C7708D51 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
12:57:22.0319 0076  Wanarpv6 - ok
12:57:22.0350 0076  [ 42DF22F8C448E7CD219F6D63743505E2 ] wbengine        C:\Windows\system32\wbengine.exe
12:57:22.0397 0076  wbengine - ok
12:57:22.0397 0076  [ 31D37B2F6069C631EF0557D322924812 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
12:57:22.0429 0076  WbioSrvc - ok
12:57:22.0444 0076  [ D9C1E82651BF19C6FF69CEC6FD400124 ] Wcmsvc          C:\Windows\System32\wcmsvc.dll
12:57:22.0444 0076  Wcmsvc - ok
12:57:22.0475 0076  [ 5B5FEAB51172F5513C2CF7B39CFA6A01 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
12:57:22.0491 0076  wcncsvc - ok
12:57:22.0507 0076  [ E19556D414332E2BEBA1F368229006B4 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:57:22.0522 0076  WcsPlugInService - ok
12:57:22.0522 0076  [ B3A4D918DAB90505B6BC7B70632913CB ] Wd              C:\Windows\system32\drivers\wd.sys
12:57:22.0538 0076  Wd - ok
12:57:22.0538 0076  [ 260F8DFC4D5748F4CCB9B19CFB0E58EA ] WdBoot          C:\Windows\system32\drivers\WdBoot.sys
12:57:22.0554 0076  WdBoot - ok
12:57:22.0569 0076  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
12:57:22.0585 0076  Wdf01000 - ok
12:57:22.0600 0076  [ 880FFFC4D5BBBB4187B6B04AB2E8C32A ] WdFilter        C:\Windows\system32\drivers\WdFilter.sys
12:57:22.0616 0076  WdFilter - ok
12:57:22.0632 0076  [ 240FC332484572227CD1DF82407F33E5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
12:57:22.0647 0076  WdiServiceHost - ok
12:57:22.0663 0076  [ 240FC332484572227CD1DF82407F33E5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
12:57:22.0663 0076  WdiSystemHost - ok
12:57:22.0679 0076  [ F2002DA5E6B78C15B2CD48CFF8F0FBB6 ] WebClient       C:\Windows\System32\webclnt.dll
12:57:22.0694 0076  WebClient - ok
12:57:22.0710 0076  [ 35FD720943D4FCD75C3275BF062FF140 ] Wecsvc          C:\Windows\system32\wecsvc.dll
12:57:22.0725 0076  Wecsvc - ok
12:57:22.0741 0076  [ 4D2612E3C462B68F499D840B1133263E ] wercplsupport   C:\Windows\System32\wercplsupport.dll
12:57:22.0819 0076  wercplsupport - ok
12:57:22.0835 0076  [ 8E2426162ED6749A127B35D235F21E11 ] WerSvc          C:\Windows\System32\WerSvc.dll
12:57:22.0851 0076  WerSvc - ok
12:57:22.0866 0076  [ FE762D3498719C3A23471BBA62F747B4 ] WFPLWFS         C:\Windows\system32\DRIVERS\wfplwfs.sys
12:57:22.0882 0076  WFPLWFS - ok
12:57:22.0897 0076  [ 60E0C220593DA4F7C289CB909D2DBAE0 ] WiaRpc          C:\Windows\System32\wiarpc.dll
12:57:22.0897 0076  WiaRpc - ok
12:57:22.0913 0076  [ A3C7624A42A3447EF5EDD1ED37FE4E60 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
12:57:22.0929 0076  WIMMount - ok
12:57:22.0944 0076  WinDefend - ok
12:57:22.0960 0076  [ 7911470B6018059A880469A63B65700A ] WinH**pAutoProxySvc C:\Windows\system32\winh**p.dll
12:57:22.0991 0076  WinH**pAutoProxySvc - ok
12:57:23.0023 0076  [ 3D6B518B71C75C8FA4115A33615C107A ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
12:57:23.0038 0076  Winmgmt - ok
12:57:23.0085 0076  [ 8E212A627F33F6FC3B5F3BB47212F66E ] WinRM           C:\Windows\system32\WsmSvc.dll
12:57:23.0179 0076  WinRM - ok
12:57:23.0194 0076  [ BB20956C424531003F7FA6CD36F11D5D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
12:57:23.0210 0076  WinUsb - ok
12:57:23.0241 0076  [ 6351724B8FA0255C2DBD970297F00B93 ] WlanSvc         C:\Windows\System32\wlansvc.dll
12:57:23.0273 0076  WlanSvc - ok
12:57:23.0304 0076  [ 08EFA13A2234C8C3B8A99E4B88BE7E9B ] wlidsvc         C:\Windows\system32\wlidsvc.dll
12:57:23.0351 0076  wlidsvc - ok
12:57:23.0366 0076  [ E2A596CACFC6504306CDB7B593B90084 ] WmiAcpi         C:\Windows\System32\drivers\wmiacpi.sys
12:57:23.0382 0076  WmiAcpi - ok
12:57:23.0413 0076  [ D113499052C5E541906B727779F0F959 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
12:57:23.0429 0076  wmiApSrv - ok
12:57:23.0444 0076  WMPNetworkSvc - ok
12:57:23.0460 0076  [ C6FF953D5D6F2EAE3B8883474D5076B3 ] wpcfltr         C:\Windows\system32\DRIVERS\wpcfltr.sys
12:57:23.0476 0076  wpcfltr - ok
12:57:23.0491 0076  [ A6ED163169876BFD2437E872FE2F1509 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
12:57:23.0507 0076  WPCSvc - ok
12:57:23.0523 0076  [ 94AA5150E35B3ABB7191FE641E3C2473 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
12:57:23.0554 0076  WPDBusEnum - ok
12:57:23.0569 0076  [ 0346CAFC181C91C6E2330332EB332ED6 ] WpdUpFltr       C:\Windows\system32\drivers\WpdUpFltr.sys
12:57:23.0569 0076  WpdUpFltr - ok
12:57:23.0601 0076  [ BC8B5CB336E63BB25EAD1CE8EDD34B81 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
12:57:23.0601 0076  ws2ifsl - ok
12:57:23.0616 0076  [ FB0C1B7F94FA08E72F19F6F2CE7210E1 ] wscsvc          C:\Windows\System32\wscsvc.dll
12:57:23.0632 0076  wscsvc - ok
12:57:23.0663 0076  [ 74EFDA0526862C3D8D01A776182798EA ] WSDPrintDevice  C:\Windows\System32\drivers\WSDPrint.sys
12:57:23.0663 0076  WSDPrintDevice - ok
12:57:23.0679 0076  [ FA07DF46070F0826139709EF4D31FB71 ] WSDScan         C:\Windows\system32\DRIVERS\WSDScan.sys
12:57:23.0694 0076  WSDScan - ok
12:57:23.0694 0076  WSearch - ok
12:57:23.0741 0076  [ C10BFFEE7E0D7A1366E84F251796C51D ] WSService       C:\Windows\System32\WSService.dll
12:57:23.0804 0076  WSService - ok
12:57:23.0851 0076  [ A8484C0CB54DB48180FB7CA00F1C3F8F ] wuauserv        C:\Windows\system32\wuaueng.dll
12:57:23.0944 0076  wuauserv - ok
12:57:23.0960 0076  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
12:57:23.0991 0076  WudfPf - ok
12:57:24.0007 0076  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\System32\drivers\WUDFRd.sys
12:57:24.0038 0076  WUDFRd - ok
12:57:24.0038 0076  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFSensorLP    C:\Windows\system32\DRIVERS\WUDFRd.sys
12:57:24.0054 0076  WUDFSensorLP - ok
12:57:24.0054 0076  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
12:57:24.0069 0076  wudfsvc - ok
12:57:24.0069 0076  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFWpdFs       C:\Windows\system32\DRIVERS\WUDFRd.sys
12:57:24.0085 0076  WUDFWpdFs - ok
12:57:24.0085 0076  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFWpdMtp      C:\Windows\system32\DRIVERS\WUDFRd.sys
12:57:24.0101 0076  WUDFWpdMtp - ok
12:57:24.0116 0076  [ F9D8D2E6ECE08B278621D5BF3A7240A6 ] WwanSvc         C:\Windows\System32\wwansvc.dll
12:57:24.0148 0076  WwanSvc - ok
12:57:24.0148 0076  ================ Scan global ===============================
12:57:24.0179 0076  [ DDC1AFBF9DDF880CE9BD3896114D8DED ] C:\Windows\system32\basesrv.dll
12:57:24.0210 0076  [ E9343076AE704D20BB0D01F3AF3EFFEF ] C:\Windows\system32\winsrv.dll
12:57:24.0226 0076  [ BD7C6949984D19AAA609896B675E7357 ] C:\Windows\system32\sxssrv.dll
12:57:24.0241 0076  [ 8F226143046435C75C033B0C52E90FFE ] C:\Windows\system32\services.exe
12:57:24.0241 0076  [Global] - ok
12:57:24.0241 0076  ================ Scan MBR ==================================
12:57:24.0257 0076  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
12:57:24.0319 0076  \Device\Harddisk0\DR0 - ok
12:57:24.0319 0076  ================ Scan VBR ==================================
12:57:24.0351 0076  [ C713EDA3BEA8E99A3CCEAD490417024D ] \Device\Harddisk0\DR0\Partition1
12:57:24.0351 0076  \Device\Harddisk0\DR0\Partition1 - ok
12:57:24.0366 0076  [ 299B9BCAB4B067E44F05C7BB57FB988F ] \Device\Harddisk0\DR0\Partition2
12:57:24.0366 0076  \Device\Harddisk0\DR0\Partition2 - ok
12:57:24.0366 0076  [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk0\DR0\Partition3
12:57:24.0366 0076  \Device\Harddisk0\DR0\Partition3 - ok
12:57:24.0382 0076  [ E4F92E0562E78781C416520712288865 ] \Device\Harddisk0\DR0\Partition4
12:57:24.0382 0076  \Device\Harddisk0\DR0\Partition4 - ok
12:57:24.0382 0076  [ 7C463434516F31613A7FF97808E84C17 ] \Device\Harddisk0\DR0\Partition5
12:57:24.0382 0076  \Device\Harddisk0\DR0\Partition5 - ok
12:57:24.0413 0076  [ 080F0AA57D9F62421DFBC641348F435D ] \Device\Harddisk0\DR0\Partition6
12:57:24.0413 0076  \Device\Harddisk0\DR0\Partition6 - ok
12:57:24.0413 0076  ============================================================
12:57:24.0413 0076  Scan finished
12:57:24.0413 0076  ============================================================
12:57:24.0429 3388  Detected object count: 5
12:57:24.0429 3388  Actual detected object count: 5
15:28:49.0899 3388  Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user
15:28:49.0899 3388  Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:28:49.0899 3388  ClassicShellService ( UnsignedFile.Multi.Generic ) - skipped by user
15:28:49.0899 3388  ClassicShellService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:28:49.0899 3388  FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
15:28:49.0899 3388  FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:28:49.0899 3388  IAStorDataMgrSvc ( UnsignedFile.Multi.Generic ) - skipped by user
15:28:49.0899 3388  IAStorDataMgrSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:28:49.0899 3388  Samsung Network Fax Server ( UnsignedFile.Multi.Generic ) - skipped by user
15:28:49.0899 3388  Samsung Network Fax Server ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

Geändert von cosinus (04.02.2013 um 13:49 Uhr) Grund: CODE-Tags

Alt 03.02.2013, 22:33   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Taskmanager schließt bei Drücken von "mehr Details" - Standard

Taskmanager schließt bei Drücken von "mehr Details"



Soll ich das mit den CODE-Tags nochmal erwähnen?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 04.02.2013, 13:40   #12
Quadpac
 
Taskmanager schließt bei Drücken von "mehr Details" - Standard

Taskmanager schließt bei Drücken von "mehr Details"



uh, wo wir wieder bei meinem 0815-PC-Kenntnissen sind.
Sollte der Code in so einen Rahmen rein?

Alt 04.02.2013, 13:49   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Taskmanager schließt bei Drücken von "mehr Details" - Standard

Taskmanager schließt bei Drücken von "mehr Details"



Ist doch extra dick, fett und ausführlichst beschrieben worden...warte ich korrigiere deinen Beitrag eben

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Geändert von cosinus (04.02.2013 um 13:54 Uhr)

Alt 04.02.2013, 20:36   #14
Quadpac
 
Taskmanager schließt bei Drücken von "mehr Details" - Standard

Taskmanager schließt bei Drücken von "mehr Details"



kann ich leider nicht starten, wird für win8/win2000 nicht unterstützt.

Alt 04.02.2013, 21:43   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Taskmanager schließt bei Drücken von "mehr Details" - Standard

Taskmanager schließt bei Drücken von "mehr Details"



Hm, CF ist noch nicht mit Win8 kompatibel

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu Taskmanager schließt bei Drücken von "mehr Details"
acrobat update, adobe, adobe flash player, applaus, bho, bonjour, computer, defender, ebanking, excel, explorer, firefox, flash player, google, hijack, hijackthis, internet, internet explorer, internet security 2013, kaspersky internet security 2013, logfile, mozilla, nvidia, nvidia update, problem, scan, security, sich automatisch, starten, super, tablet, taskmanager, windows, windows 8 pro, wmp



Ähnliche Themen: Taskmanager schließt bei Drücken von "mehr Details"


  1. Diverse Malware ("CoolSaleCoupon", "ddownlloaditkeep", "omiga-plus", "SaveSense", "SaleItCoupon"); lahmer PC & viel Werbung!
    Plagegeister aller Art und deren Bekämpfung - 11.01.2015 (16)
  2. "plugin container for firefox funktioniert nicht mehr" Firefox schließt sich dann komplett
    Log-Analyse und Auswertung - 30.08.2014 (12)
  3. Über 50 Prozesse namens "conhost.exe" im Taskmanager + Notebook sehr langsam
    Plagegeister aller Art und deren Bekämpfung - 03.02.2014 (19)
  4. "monstermarketplace.com" Infektion und ihre Folgen; "Anti-Virus-Blocker"," unsichtbare Toolbars" + "Browser-Hijacker" von selbst installiert
    Log-Analyse und Auswertung - 16.11.2013 (21)
  5. Tastatur schreibt bei einfachem Drücken Akzente und "^^" doppelt
    Alles rund um Windows - 15.10.2013 (0)
  6. "Skype" und "Minianwendungen" werden nicht mehr ausgeführt (Windows 7)
    Log-Analyse und Auswertung - 21.05.2013 (3)
  7. "Internet Explorer funktioniert nicht mehr" schließt alles bis auf das Internet
    Plagegeister aller Art und deren Bekämpfung - 11.05.2013 (45)
  8. 1000-Thread-Problem: Taskmanager is "aus" (Threads gel.) Schutzprogramme starten nicht
    Log-Analyse und Auswertung - 19.12.2011 (6)
  9. Prozess "System" im Taskmanager Win7 ohne Dateipfad
    Plagegeister aller Art und deren Bekämpfung - 26.04.2011 (2)
  10. Keine Funde - aber Taskmanager und Antivir sind "aus"
    Plagegeister aller Art und deren Bekämpfung - 04.02.2011 (4)
  11. Laptop fährt beim "ALT" drücken runter
    Alles rund um Windows - 08.07.2010 (3)
  12. Opera schließt "extrem kritische" Lücke
    Nachrichten - 30.04.2010 (0)
  13. Opera 10.10 schließt "extrem" kritische Lücke
    Nachrichten - 23.11.2009 (0)
  14. Kann nichts mehr runterladen, auch nicht "HiJack This"! ("Your Computer is infected")
    Plagegeister aller Art und deren Bekämpfung - 21.10.2008 (9)
  15. "Adware.Virtumonde"/"Downloader.MisleadApp"/"TR/VB.agt.4"/"NewDotNet.A.1350"/"Fakerec
    Plagegeister aller Art und deren Bekämpfung - 22.08.2008 (6)
  16. Taskmanager "blockiert" und Internetverbindung lässt sich nicht trennen
    Log-Analyse und Auswertung - 25.02.2008 (4)
  17. Bekomme "http://default.home/" und "ACCESS BLOCKED - VIRUS WARNING" nicht mehr los
    Log-Analyse und Auswertung - 16.01.2005 (5)

Zum Thema Taskmanager schließt bei Drücken von "mehr Details" - Hallo Leutles, habe mich auf eurem Board wirklich totgelesen, super Tipps , aber irgendwie hat es mir nicht weitergeholfen, wahrscheinlich liegts an meinen 0815-PC-Kentnissen. Hier mein Problem (gab es ja - Taskmanager schließt bei Drücken von "mehr Details"...
Archiv
Du betrachtest: Taskmanager schließt bei Drücken von "mehr Details" auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.