Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Infizierte Registrierungschlüssel (Pup.funmoods) - Firefox läßt sich nicht mehr öffnen

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 19.02.2013, 18:48   #1
HeJo
 
Infizierte Registrierungschlüssel (Pup.funmoods) - Firefox läßt sich nicht mehr öffnen - Icon17

Infizierte Registrierungschlüssel (Pup.funmoods) - Firefox läßt sich nicht mehr öffnen



Ausgangspunkt meines Problems war die Installation des Firefox. Dieser funktionierte auch einige Zeit einwandfrei bis ich schließlich aufgefordert wurde ein update des Firefox einzuspielen. Dieses habe ich dann auch eingespielt einschließlich der damit verbundenen Add ons und dem Hinweis während der Installation, eine App (Name habe ich leider überlesen) sei nicht kompatibel. Wie sich bereits kurze Zeit später herausstellte, war das updaten des firefox ein Fehler. Ich kam über den firefox nicht mehr ins Internet. Daraufhin habe ich den Firefox neu installiert. Der Zugang zum Internet funktionierte nach der Neuinstallation einmal, danach war er wieder blockiert. Ich habe GData Antivirus 2013 laufen lassen, ohne Ergebnis. Was mir zudem auffiel war, daß sich die Startseite im Internet Explorer (www.searchnu.com/406) nicht verändern ließ.

Ich habe dann nach Hilfe im Internet gesucht und bin auf Euer Board gestoßen. Ich habe Malewarebytes Anti Malware laufen lassen. Die Software hat direkt einige infizierte Registrierungsschlüssel gefunden. Stichwort: "pup.funmoods". Mit dem Löschen der Schlüssel scheint es nicht getan zu sein. Ich hoffe nun, Ihr könnt mir helfen. Vielen Dank schon einmal vorab, Eure Hilfe überhaupt in Anspruch nehmen zu dürfen. Ich bin ein echtes "Greenhorn", was IT betrifft...

Viele Grüße Hejo

Anbei nun meine 3 logfiles ... jeweils editiert, da mein Name erschien (**********):OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 19.02.2013 17:30:04 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\**********\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,92 Gb Total Physical Memory | 2,19 Gb Available Physical Memory | 55,91% Memory free
7,83 Gb Paging File | 5,57 Gb Available in Paging File | 71,18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 177,00 Gb Total Space | 127,30 Gb Free Space | 71,92% Space Free | Partition Type: NTFS
Drive D: | 265,59 Gb Total Space | 248,66 Gb Free Space | 93,63% Space Free | Partition Type: NTFS
 
Computer Name: **********-PC | User Name: ********** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.02.19 17:27:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\**********\Desktop\OTL.exe
PRC - [2013.02.05 16:48:44 | 000,272,248 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
PRC - [2013.01.28 18:16:20 | 001,644,680 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2013.01.09 13:01:22 | 001,035,216 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe
PRC - [2012.12.26 23:33:06 | 001,683,608 | ---- | M] (Bandoo Media Inc) -- C:\Program Files (x86)\Search Results Toolbar\Datamngr\datamngrUI.exe
PRC - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.12.14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.11.29 04:49:49 | 001,548,312 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
PRC - [2012.11.29 04:47:08 | 000,469,016 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKService.exe
PRC - [2012.07.16 15:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012.03.29 03:42:27 | 000,470,008 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
PRC - [2012.03.16 17:46:34 | 002,805,328 | ---- | M] (SAMSUNG ELECTRONICS CO., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exe
PRC - [2011.09.28 00:23:10 | 005,458,312 | ---- | M] (Samsung Electronics) -- C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe
PRC - [2011.09.06 09:36:42 | 002,275,408 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe
PRC - [2011.09.06 09:35:54 | 001,087,056 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe
PRC - [2011.08.19 05:36:46 | 000,784,976 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe
PRC - [2011.08.17 08:19:18 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2011.07.29 23:47:22 | 003,395,664 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files (x86)\Samsung\Easy Support Center\SSCKbdHk.exe
PRC - [2011.06.24 09:52:30 | 004,403,280 | ---- | M] (SEC) -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
PRC - [2011.06.05 00:22:00 | 001,997,416 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.05.05 13:44:54 | 002,656,536 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011.05.05 13:44:52 | 000,326,424 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2011.03.30 13:42:34 | 001,001,808 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
PRC - [2011.03.30 13:42:32 | 001,321,296 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
PRC - [2011.03.30 13:42:30 | 000,923,984 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
PRC - [2011.03.30 13:42:28 | 000,985,424 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
PRC - [2011.02.18 17:37:56 | 000,494,192 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe
PRC - [2010.09.30 13:00:28 | 000,253,264 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe
PRC - [2010.09.20 04:24:42 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe
PRC - [2009.11.02 06:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.12.20 12:36:18 | 000,078,336 | ---- | M] () -- C:\ProgramData\Wincert\win32prop.dll
MOD - [2012.12.20 12:36:18 | 000,007,168 | ---- | M] () -- C:\ProgramData\Wincert\win32cert.dll
MOD - [2011.02.16 17:03:20 | 000,203,776 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Settings\WinCRT.dll
MOD - [2010.05.07 15:22:18 | 001,636,864 | ---- | M] () -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll
MOD - [2009.11.02 06:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009.11.02 06:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2006.08.12 04:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Settings\HookDllPS2.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2011.04.21 08:34:16 | 001,136,640 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV:64bit: - [2011.04.21 07:42:50 | 000,134,928 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV:64bit: - [2011.02.18 17:41:20 | 001,120,368 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware View\Client\bin\wsnm_usbctrl.exe -- (wsnm_usbctrl)
SRV:64bit: - [2011.02.18 17:37:56 | 000,494,192 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe -- (wsnm)
SRV:64bit: - [2010.09.22 10:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2013.02.05 16:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService)
SRV - [2013.01.16 21:09:27 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.11.29 05:08:54 | 002,012,592 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKWCtlX64.exe -- (AVKWCtl)
SRV - [2012.11.29 04:49:49 | 001,548,312 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe -- (AVKProxy)
SRV - [2012.11.29 04:47:08 | 000,469,016 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKService.exe -- (AVKService)
SRV - [2012.07.16 15:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.03.29 03:42:27 | 000,470,008 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe -- (GDScan)
SRV - [2011.06.05 00:22:00 | 001,997,416 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.05.05 13:44:54 | 002,656,536 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011.05.05 13:44:52 | 000,326,424 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2011.03.30 13:42:34 | 001,001,808 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2011.03.30 13:42:32 | 001,321,296 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
SRV - [2011.03.30 13:42:30 | 000,923,984 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2010.09.30 13:00:28 | 000,253,264 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe -- (UI Assistant Service)
SRV - [2010.06.01 07:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.01.28 18:47:46 | 000,106,648 | ---- | M] (G Data Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\GRD.sys -- (GRD)
DRV:64bit: - [2013.01.25 18:27:55 | 000,062,368 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PktIcpt.sys -- (GDPkIcpt)
DRV:64bit: - [2013.01.25 18:27:54 | 000,064,416 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\HookCentre.sys -- (HookCentre)
DRV:64bit: - [2013.01.25 18:27:35 | 000,126,880 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\MiniIcpt.sys -- (GDMnIcpt)
DRV:64bit: - [2013.01.25 18:27:35 | 000,054,176 | ---- | M] (G Data Software AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\GDBehave.sys -- (GDBehave)
DRV:64bit: - [2013.01.25 18:27:34 | 000,065,008 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\gdwfpcd64.sys -- (gdwfpcd)
DRV:64bit: - [2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.12.09 18:45:00 | 000,060,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex)
DRV:64bit: - [2011.11.15 00:13:00 | 000,327,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf)
DRV:64bit: - [2011.08.17 08:19:38 | 000,031,216 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2011.07.29 23:47:20 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SABI.sys -- (SABI)
DRV:64bit: - [2011.06.17 04:40:40 | 000,186,152 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2011.06.05 00:22:00 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2011.05.01 06:33:06 | 008,593,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2011.04.22 11:17:04 | 000,471,144 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.04.21 08:09:26 | 000,294,912 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP)
DRV:64bit: - [2011.04.21 08:09:26 | 000,294,912 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2011.04.11 11:55:24 | 000,007,680 | ---- | M] (Phoenix Technologies Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SGDrv64.sys -- (SGDrv)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.08 13:44:08 | 000,051,712 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux)
DRV:64bit: - [2011.02.18 17:41:20 | 000,047,664 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmwvusb.sys -- (vmwvusb)
DRV:64bit: - [2011.02.18 00:11:54 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.12.16 11:39:08 | 012,256,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.10.20 17:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.10.14 18:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2009.10.29 18:28:24 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV:64bit: - [2009.10.29 18:28:24 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV:64bit: - [2009.10.29 18:28:24 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV:64bit: - [2009.10.29 18:28:24 | 000,011,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2012.01.12 00:34:52 | 000,015,144 | ---- | M] (Windows (R) 2003 DDK 3790 provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\rtport.sys -- (rtport)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.searchnu.com/406
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=514&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=2322430982424624&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.searchnu.com/406
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=514&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=2322430982424624&q={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.finviz.com/
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=514&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=2322430982424624&q={searchTerms}
IE - HKCU\..\SearchScopes\{CA8BA569-7EB7-4B42-BF83-6A06C72A19B5}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=&apn_ptnrs=^U3&apn_dtid=^YYYYYY^YY^DE&apn_uid=E1F6231E-48EB-4B05-BA99-15F8EFDE43EF&apn_sauid=AC47B5EF-8127-467B-B6AF-62DF734899A7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.searchnu.com/406"
FF - prefs.js..extensions.enabledAddons: canitbecheaper%40trafficbroker.co.uk:3.8.28
FF - prefs.js..extensions.enabledAddons: dendzones%40captaincaveman.nl:1.5.4.3
FF - prefs.js..extensions.enabledAddons: firefox%40ghostery.com:2.8.4
FF - prefs.js..extensions.enabledAddons: %7B1acd747e-8470-11db-96a9-00e08161165f%7D:6.3.7.117
FF - prefs.js..extensions.enabledAddons: %7B1FD91A9C-410C-4090-BBCC-55D3450EF433%7D:1.0
FF - prefs.js..extensions.enabledAddons: %7Bf34c9277-6577-4dff-b2d7-7d58092f272f%7D:1.0.0.12
FF - prefs.js..extensions.enabledAddons: %7B906305f7-aafc-45e9-8bbd-941950a84dad%7D:1.1.11215.1124
FF - prefs.js..extensions.enabledAddons: toolbar%40ask.com:3.15.15.100013
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
FF - prefs.js..network.proxy.type: 0
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.04 17:49:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2013.01.10 18:58:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\**********\AppData\Roaming\mozilla\Extensions
[2013.02.04 17:42:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\**********\AppData\Roaming\mozilla\Firefox\Profiles\zyxdb7we.default\extensions
[2013.01.20 16:38:19 | 000,000,000 | ---D | M] (Tradesignal Online Chart) -- C:\Users\**********\AppData\Roaming\mozilla\Firefox\Profiles\zyxdb7we.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}
[2013.01.10 18:58:46 | 000,000,000 | ---D | M] (Search-Results Toolbar) -- C:\Users\**********\AppData\Roaming\mozilla\Firefox\Profiles\zyxdb7we.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}
[2013.01.10 18:58:59 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\**********\AppData\Roaming\mozilla\Firefox\Profiles\zyxdb7we.default\extensions\firefox@ghostery.com
[2013.02.07 15:40:46 | 000,000,000 | ---D | M] ("Ask Toolbar") -- C:\Users\**********\AppData\Roaming\mozilla\Firefox\Profiles\zyxdb7we.default\extensions\toolbar@ask.com
[2012.12.12 18:50:21 | 000,093,072 | ---- | M] () (No name found) -- C:\Users\**********\AppData\Roaming\mozilla\firefox\profiles\zyxdb7we.default\extensions\canitbecheaper@trafficbroker.co.uk.xpi
[2012.12.03 18:22:31 | 000,083,310 | ---- | M] () (No name found) -- C:\Users\**********\AppData\Roaming\mozilla\firefox\profiles\zyxdb7we.default\extensions\dendzones@captaincaveman.nl.xpi
[2013.02.15 16:31:17 | 000,002,412 | ---- | M] () -- C:\Users\**********\AppData\Roaming\mozilla\firefox\profiles\zyxdb7we.default\searchplugins\askcom.xml
[2013.01.10 18:58:41 | 000,002,687 | ---- | M] () -- C:\Users\**********\AppData\Roaming\mozilla\firefox\profiles\zyxdb7we.default\searchplugins\Search_Results.xml
[2013.02.04 17:49:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.01.25 18:27:34 | 000,000,000 | ---D | M] (G Data BankGuard) -- C:\Program Files (x86)\mozilla firefox\extensions\{906305f7-aafc-45e9-8bbd-941950a84dad}
[2013.01.16 21:10:14 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013.01.17 01:11:04 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.01.17 01:11:04 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.01.17 01:11:04 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013.01.17 01:11:04 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.01.10 18:58:41 | 000,002,687 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
[2013.01.17 01:11:04 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.01.17 01:11:04 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (DataMngr) - {C1ED9DA0-AFD0-4b90-AC6A-D3874F591014} - C:\PROGRA~2\SEARCH~1\Datamngr\x64\BROWSE~1.DLL (Bandoo Media Inc)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (G Data BankGuard) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Program Files (x86)\Common Files\G DATA\AVKProxy\BanksafeBHO.dll (G Data Software AG)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DATAMNGR] C:\PROGRA~2\SEARCH~1\Datamngr\DATAMN~1.EXE (Bandoo Media Inc)
O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Program Files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe (G Data Software AG)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UIExec] C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe ()
O4 - HKCU..\Run: [BrowserChoice] "C:\Windows\System32\browserchoice.exe" /run File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 217.0.43.17 217.0.43.49
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3A9C25AC-30C1-4408-9A5E-D0AD46F95E8E}: DhcpNameServer = 217.0.43.17 217.0.43.49
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~3\Wincert\WIN64C~1.DLL) - C:\ProgramData\Wincert\win64cert.dll ()
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll) - C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll (Bandoo Media Inc)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll) - C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll (Bandoo Media Inc)
O20:64bit: - AppInit_DLLs: (C:\windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~3\Wincert\WIN32C~1.DLL) - C:\ProgramData\Wincert\win32cert.dll ()
O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll) - C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll (Bandoo Media Inc)
O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll) - C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll (Bandoo Media Inc)
O20 - AppInit_DLLs: (C:\windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30:64bit: - LSA: Security Packages - (wsauth) - C:\windows\SysNative\wsauth.dll (VMware, Inc.)
O30 - LSA: Security Packages - (wsauth) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.19 17:27:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\**********\Desktop\OTL.exe
[2013.02.15 17:14:16 | 000,000,000 | ---D | C] -- C:\Users\**********\AppData\Roaming\Malwarebytes
[2013.02.15 17:14:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.02.15 17:14:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.02.15 17:13:59 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2013.02.15 17:13:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.02.15 17:11:10 | 000,000,000 | ---D | C] -- C:\Users\**********\AppData\Local\Programs
[2013.02.14 18:11:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DT
[2013.02.14 18:11:50 | 000,572,928 | ---- | C] (Concept Software, Inc.) -- C:\windows\SysWow64\SKCL.dll
[2013.02.14 18:11:48 | 000,605,184 | ---- | C] (Concept Software, Inc.) -- C:\windows\SysWow64\KEYLIB32.dll
[2013.02.14 18:11:48 | 000,401,465 | ---- | C] (eSignal, a division of Interactive Data Corporation) -- C:\windows\SysWow64\dbcapi.dll
[2013.02.14 18:11:47 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\DT
[2013.02.14 18:11:46 | 000,067,312 | ---- | C] (Just Great Software) -- C:\windows\UnDeployV.exe
[2013.02.14 18:11:46 | 000,062,976 | ---- | C] (Dynamic Trader Group, Incorporated) -- C:\windows\SysWow64\DTTS.dll
[2013.02.14 18:11:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DT
[2013.02.14 18:10:37 | 000,000,000 | ---D | C] -- C:\dttsdata
[2013.02.14 16:19:51 | 000,016,504 | ---- | C] (G Data Software) -- C:\windows\SysNative\drivers\GdPhyMem.sys
[2013.02.14 16:13:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2013.02.07 14:49:12 | 000,000,000 | ---D | C] -- C:\Users\**********\AppData\Local\APN
[2013.02.04 17:49:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013.02.04 17:42:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com
[2013.02.04 17:32:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Ask
[2013.02.04 15:25:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DataTool 2.5
[2013.02.04 15:25:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DataTool
[2013.02.04 15:00:40 | 000,000,000 | ---D | C] -- C:\MSData
[2013.02.02 18:50:13 | 000,000,000 | ---D | C] -- C:\Users\**********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bulls Eye Broker 4
[2013.02.02 18:50:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bulls Eye Broker 4
[2013.02.02 18:50:09 | 001,056,768 | ---- | C] (eHelp Corporation.) -- C:\windows\SysWow64\Roboex32.dll
[2013.02.02 18:50:09 | 001,009,264 | ---- | C] (FarPoint Technologies, Inc.) -- C:\windows\SysWow64\SPR32X30.ocx
[2013.02.02 18:50:09 | 000,675,840 | ---- | C] (Smaller Animals Software, Inc.) -- C:\windows\SysWow64\_ISource2.dll
[2013.02.02 18:50:09 | 000,115,200 | ---- | C] (Desaware Inc.) -- C:\windows\SysWow64\dwsbc36.ocx
[2013.02.02 18:50:09 | 000,049,152 | ---- | C] (Blue Sky Software Corporation.) -- C:\windows\SysWow64\INETWH32.dll
[2013.02.02 18:50:08 | 000,389,120 | ---- | C] (Designer Controls, Inc.) -- C:\windows\SysWow64\ImgX4.dll
[2013.02.02 18:50:08 | 000,345,008 | ---- | C] (VideoSoft) -- C:\windows\SysWow64\VSPRINT7.ocx
[2013.02.02 18:50:07 | 000,229,376 | ---- | C] (Inner Media, Inc.) -- C:\windows\SysWow64\duzactx.dll
[2013.02.02 18:50:07 | 000,140,800 | ---- | C] (Desaware Inc.) -- C:\windows\SysWow64\Dwshk36.ocx
[2013.02.02 18:50:07 | 000,075,776 | ---- | C] (Desaware Inc.) -- C:\windows\SysWow64\Dwspy36.dll
[2013.02.02 18:50:04 | 000,188,518 | ---- | C] (Equis International, Inc.) -- C:\windows\SysWow64\msfl80.dll
[2013.02.02 18:50:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BEBrokerV40
[2013.02.01 17:42:32 | 000,000,000 | ---D | C] -- C:\Users\**********\Documents\TEST
[2013.01.28 18:47:46 | 000,106,648 | ---- | C] (G Data Software) -- C:\windows\SysNative\drivers\GRD.sys
[2013.01.28 18:46:49 | 000,000,000 | ---D | C] -- C:\Users\**********\AppData\Local\Google
[2013.01.28 18:46:49 | 000,000,000 | ---D | C] -- C:\Users\**********\AppData\Roaming\Funmoods
[2013.01.28 18:45:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2013.01.28 18:19:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bulls Eye Broker 5
[2013.01.26 19:24:39 | 000,000,000 | ---D | C] -- C:\Users\**********\AppData\Local\Pointandfigure
[2013.01.26 19:23:00 | 000,000,000 | ---D | C] -- C:\Program Files\Bulls Eye Broker 5
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.19 17:27:41 | 000,050,477 | ---- | M] () -- C:\Users\**********\Desktop\Defogger.exe
[2013.02.19 17:27:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\**********\Desktop\OTL.exe
[2013.02.19 17:23:46 | 000,000,000 | ---- | M] () -- C:\Users\**********\defogger_reenable
[2013.02.19 16:34:45 | 000,020,992 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.19 16:34:45 | 000,020,992 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.19 16:33:24 | 001,612,484 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013.02.19 16:33:24 | 000,696,870 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2013.02.19 16:33:24 | 000,652,148 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013.02.19 16:33:24 | 000,148,134 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2013.02.19 16:33:24 | 000,121,080 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013.02.19 16:33:17 | 000,983,126 | ---- | M] () -- C:\windows\SysWow64\sig.bin
[2013.02.19 16:33:17 | 000,052,145 | ---- | M] () -- C:\windows\SysWow64\nmp.map
[2013.02.19 16:27:04 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013.02.19 16:26:59 | 4204,314,624 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.15 17:14:02 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.02.15 10:09:52 | 000,428,616 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013.02.14 18:27:59 | 000,000,043 | ---- | M] () -- C:\windows\WALLSTRT.INI
[2013.02.14 18:11:53 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\DT6.lnk
[2013.02.14 16:19:51 | 000,016,504 | ---- | M] (G Data Software) -- C:\windows\SysNative\drivers\GdPhyMem.sys
[2013.02.14 16:13:19 | 000,002,052 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2013.02.14 16:13:19 | 000,002,052 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2013.02.04 17:49:43 | 000,001,153 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.02.02 18:50:19 | 000,000,006 | ---- | M] () -- C:\windows\SysWow64\BReg9824.dat
[2013.02.01 17:42:33 | 000,000,981 | ---- | M] () -- C:\Users\**********\Documents\TEST.htm
[2013.02.01 17:42:32 | 000,001,796 | ---- | M] () -- C:\Users\**********\Documents\TEST.hur
[2013.01.28 18:47:46 | 000,106,648 | ---- | M] (G Data Software) -- C:\windows\SysNative\drivers\GRD.sys
[2013.01.28 18:45:53 | 000,077,671 | ---- | M] () -- C:\Users\**********\AppData\Local\funmoods_2.0.1.crx
[2013.01.25 18:27:55 | 000,062,368 | ---- | M] (G Data Software AG) -- C:\windows\SysNative\drivers\PktIcpt.sys
[2013.01.25 18:27:54 | 000,064,416 | ---- | M] (G Data Software AG) -- C:\windows\SysNative\drivers\HookCentre.sys
[2013.01.25 18:27:35 | 000,126,880 | ---- | M] (G Data Software AG) -- C:\windows\SysNative\drivers\MiniIcpt.sys
[2013.01.25 18:27:35 | 000,054,176 | ---- | M] (G Data Software AG) -- C:\windows\SysNative\drivers\GDBehave.sys
[2013.01.25 18:27:34 | 000,065,008 | ---- | M] (G Data Software AG) -- C:\windows\SysNative\drivers\gdwfpcd64.sys
 
========== Files Created - No Company Name ==========
 
[2013.02.19 17:27:41 | 000,050,477 | ---- | C] () -- C:\Users\**********\Desktop\Defogger.exe
[2013.02.19 17:23:46 | 000,000,000 | ---- | C] () -- C:\Users\**********\defogger_reenable
[2013.02.15 17:14:02 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.02.14 18:11:53 | 000,001,085 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DT6.lnk
[2013.02.14 18:11:53 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\DT6.lnk
[2013.02.14 18:11:52 | 000,139,264 | ---- | C] () -- C:\windows\ShareBarData.dll
[2013.02.04 17:49:43 | 000,001,165 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013.02.04 17:49:43 | 000,001,153 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.02.02 18:50:19 | 000,000,006 | ---- | C] () -- C:\windows\SysWow64\BReg9824.dat
[2013.02.02 18:50:09 | 000,147,800 | ---- | C] () -- C:\windows\SysWow64\Vspdf.ocx
[2013.02.02 18:50:08 | 000,202,752 | ---- | C] () -- C:\windows\SysWow64\Vsview3.ocx
[2013.02.01 17:42:33 | 000,000,981 | ---- | C] () -- C:\Users\**********\Documents\TEST.htm
[2013.02.01 17:42:28 | 000,001,796 | ---- | C] () -- C:\Users\**********\Documents\TEST.hur
[2013.01.28 18:46:49 | 000,077,671 | ---- | C] () -- C:\Users\**********\AppData\Local\funmoods_2.0.1.crx
[2013.01.07 14:41:56 | 000,000,320 | ---- | C] () -- C:\Users\**********\AppData\Roaming\SEC541129.trad
[2013.01.07 14:41:43 | 000,000,043 | ---- | C] () -- C:\windows\WALLSTRT.INI
[2013.01.07 14:34:16 | 001,589,650 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012.12.20 12:26:39 | 000,000,680 | RHS- | C] () -- C:\Users\**********\ntuser.pol
[2012.12.07 18:18:37 | 000,000,111 | ---- | C] () -- C:\windows\Updata.ini
[2012.12.07 18:14:18 | 000,000,119 | ---- | C] () -- C:\windows\director.ini
[2012.12.07 18:14:18 | 000,000,030 | ---- | C] () -- C:\windows\tradernet.ini
[2012.12.07 18:14:18 | 000,000,016 | ---- | C] () -- C:\windows\temp.ini
[2012.09.14 13:02:51 | 000,060,304 | ---- | C] () -- C:\Users\**********\g2mdlhlpx.exe
[2012.07.31 11:57:22 | 000,000,192 | ---- | C] () -- C:\Users\**********\1190.png
[2012.06.25 10:38:01 | 000,983,126 | ---- | C] () -- C:\windows\SysWow64\sig.bin
[2011.10.11 03:28:02 | 000,307,200 | ---- | C] () -- C:\windows\SetDisplayResolution.exe
[2011.10.11 02:27:55 | 000,001,156 | ---- | C] () -- C:\windows\HotFixList.ini
[2011.07.21 06:51:15 | 000,960,940 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin
[2011.07.21 06:51:14 | 000,207,376 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin
[2011.07.21 06:51:12 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.10.03 16:21:33 | 000,000,000 | ---D | M] -- C:\Users\**********\AppData\Roaming\FileZilla
[2013.01.28 18:46:49 | 000,000,000 | ---D | M] -- C:\Users\**********\AppData\Roaming\Funmoods
[2012.09.22 12:45:58 | 000,000,000 | ---D | M] -- C:\Users\**********\AppData\Roaming\MetaQuotes
[2013.01.07 14:31:45 | 000,000,000 | ---D | M] -- C:\Users\**********\AppData\Roaming\TradeStation Technologies
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 19.02.2013 17:30:04 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\**********\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,92 Gb Total Physical Memory | 2,19 Gb Available Physical Memory | 55,91% Memory free
7,83 Gb Paging File | 5,57 Gb Available in Paging File | 71,18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 177,00 Gb Total Space | 127,30 Gb Free Space | 71,92% Space Free | Partition Type: NTFS
Drive D: | 265,59 Gb Total Space | 248,66 Gb Free Space | 93,63% Space Free | Partition Type: NTFS
 
Computer Name: **********-PC | User Name: ********** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{77D300E9-D978-4F57-BC07-AAF08F5A53E4}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{952188CC-E441-4006-9C3F-BA2B2DF736F5}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{BB53985F-C22F-41AF-A5EC-9E6F272EE5DF}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01E54344-76EA-49F9-8ED7-DCEBC59241C9}" = protocol=17 | dir=in | app=c:\program files\vmware\vmware view\client\bin\wswc.exe | 
"{0982071D-A6F6-4034-B51C-6A2619A03C10}" = protocol=6 | dir=in | app=c:\program files (x86)\search results toolbar\datamngr\srtool~1\dtuser.exe | 
"{17B57711-027D-42B4-AF3C-D787C94B2F42}" = protocol=6 | dir=in | app=c:\program files\vmware\vmware view\client\bin\vmware-remotemks.exe | 
"{180B5219-CCAF-4C39-B2F5-F689138CBAAD}" = protocol=6 | dir=in | app=c:\program files\vmware\vmware view\client\bin\wswc.exe | 
"{239AF855-B24E-4BBE-A94A-ABF16D4D88A6}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{26B8C6A3-57BE-4197-8DFF-96ED18FD6E15}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{322E0717-DF5A-4E13-8C74-5D5BE0258BEA}" = protocol=6 | dir=in | app=c:\program files\vmware\vmware view\client\bin\vmware-remotemks.exe | 
"{40641DBF-9C10-4AD5-86A4-759136F41AD2}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"{41A3386C-D20C-45A5-8928-1CB54F5D3746}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{4CB4D7AC-12FE-4C75-A3AF-2E2516FDB9E3}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{4FB4D578-8285-4C92-B72C-A7F5B215159A}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{58C155CD-8B27-48D6-8985-75C0F6B502C0}" = protocol=6 | dir=in | app=c:\program files\vmware\vmware view\client\bin\wswc.exe | 
"{75916B70-2A2E-4324-AF9F-78A2A14CE89C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{78A5AC17-5097-44D2-8F2E-F03FE873764C}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{78CE22EB-77D6-4151-B4C2-46DF6360643D}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{7B744EFA-96A5-4E77-BC55-BF44AC6D38ED}" = protocol=17 | dir=in | app=c:\program files\vmware\vmware view\client\bin\vmware-remotemks.exe | 
"{8EECCDA8-6629-4B50-A8DE-60006A36F34B}" = protocol=17 | dir=in | app=c:\program files\vmware\vmware view\client\bin\wswc.exe | 
"{A2AF4A49-2C67-44BD-9247-61D5BE3C38F6}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{A3F1A998-726C-4C79-848E-AC22CDD96773}" = protocol=17 | dir=in | app=c:\program files\vmware\vmware view\client\bin\vmware-remotemks.exe | 
"{A4FCD1B2-23C5-4E94-A906-E1F6D948DFFA}" = protocol=17 | dir=in | app=c:\program files\vmware\vmware view\client\bin\vmware-remotemks.exe | 
"{C1B438FC-BB26-4B6E-AFD4-0685F2B97DCE}" = protocol=17 | dir=in | app=c:\program files (x86)\search results toolbar\datamngr\srtool~1\dtuser.exe | 
"{CF2579B0-4FFF-4861-A426-12C425B4F082}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"{D247F0B8-FA9D-4A31-809B-E1AC7587AFA5}" = protocol=17 | dir=in | app=c:\program files\vmware\vmware view\client\bin\wswc.exe | 
"{E40980E9-846C-4AEA-83FB-0A8EECC610D2}" = protocol=6 | dir=in | app=c:\program files\vmware\vmware view\client\bin\vmware-remotemks.exe | 
"{E57F24A1-F9BE-4658-BF44-52F77A183060}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{E6A96630-35ED-4F43-90E4-F5270AD823F0}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr8.exe | 
"{FA0EFB10-C9F5-45D6-B568-FFFF75A7C0F6}" = dir=in | app=c:\program files (x86)\cyberlink\media+player10\media+player10.exe | 
"{FC8A2F6B-0E4C-4303-900D-C03AFA2480D3}" = protocol=6 | dir=in | app=c:\program files\vmware\vmware view\client\bin\wswc.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{006B5C65-3938-4246-B182-994A7E415EDE}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
"{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1685AE50-97ED-485B-80F6-145071EE14B0}" = Windows Live Remote Service Resources
"{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{206BD2C5-DE08-4577-A0D7-D441A79D5A3A}" = Windows Live Remote Client Resources
"{22AB5CFD-B3DB-414E-9F99-4D024CCF1DA6}" = Windows Live Remote Client Resources
"{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources
"{27F3F8DE-AC95-4E10-90A6-EBA999DDBCAF}" = Windows Live Remote Service Resources
"{29CFD07F-4971-41B0-B14D-621ACCC264AC}" = Windows Live Remote Service Resources
"{2C1A6191-9804-4FDC-AB01-6F9183C91A13}" = Windows Live Remote Client Resources
"{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources
"{34384A2A-2CA2-4446-AB0E-1F360BA2AAC5}" = Windows Live Remote Service Resources
"{350FD0E7-175A-4F86-84EF-05B77FCD7161}" = Windows Live Remote Service Resources
"{3921492E-82D2-4180-8124-E347AD2F2DB4}" = Windows Live Remote Client Resources
"{3C41721F-AF0F-4086-AA1C-4C7F29076228}" = Intel(R) PROSet/Wireless WiFi Software
"{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources
"{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4C2E49C0-9276-4324-841D-774CCCE5DB48}" = Windows Live Remote Client Resources
"{4C9845D5-9FAD-4C52-B389-CAEF0F216215}" = Windows Live Remote Client Resources
"{5141AA6E-5FAC-4473-BFFB-BEE69DDC7F2B}" = Windows Live Remote Service Resources
"{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources
"{57F2BD1C-14A3-4785-8E48-2075B96EB2DF}" = Windows Live Remote Service Resources
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5F44A3A1-5D24-4708-8776-66B42B174C64}" = Windows Live Remote Client Resources
"{5FCD6EFE-C2E7-4D77-8212-4BA223D8DF8E}" = Windows Live Remote Client Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{61407251-7F7D-4303-810D-226A04D5CFF3}" = Windows Live Remote Service Resources
"{641B32DB-8226-4250-86C9-34671162F5D5}" = Windows Live Remote Client Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6A2482BC-733A-404A-939A-2D5BC636E6F9}" = Windows Live Remote Service Resources
"{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{70C29540-5625-443D-BC4F-6D0C763F44C8}" = VMware View Client
"{78654366-5889-4A70-90D9-04B00709EEE0}" = Windows Live Remote Client Resources
"{7AEC844D-448A-455E-A34E-E1032196BBCD}" = Windows Live Remote Service Resources
"{811D5159-D798-491F-B9C6-9BDBF6B02D06}" = Windows Live Remote Service Resources
"{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97A295A7-8840-4B35-BB61-27A8F4512CA3}" = Windows Live Remote Service Resources
"{9E9C960F-7F47-46D5-A95D-950B354DE2B8}" = Windows Live Remote Service Resources
"{A060182D-CDBE-4AD6-B9B4-860B435D6CBD}" = Windows Live Remote Client Resources
"{A0E106D2-4815-4B7A-BAA7-7E21B530CFB4}" = Intel(R) PROSet/Wireless for Bluetooth(R) 3.0 + High Speed
"{A508D5A2-3AC1-4594-A718-A663D6D3CF11}" = Windows Live Remote Service Resources
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{AE91E0F3-C49A-4EF4-8B98-A07BD409EB90}" = Windows Live Remote Service Resources
"{B0BF8602-EA52-4B0A-A2BD-EDABB0977030}" = Windows Live Remote Client Resources
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Display Control Panel
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 268.83
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.0.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B680A663-1A15-47A5-A07C-7DF9A97558B7}" = Windows Live Remote Client Resources
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{CFF3C688-2198-4BC3-A399-598226949C39}" = Windows Live Remote Client Resources
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources
"{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{ED421F97-E1C3-4E78-9F54-A53888215D58}" = Windows Live Remote Client Resources
"{EFB20CF5-1A6D-41F3-8895-223346CE6291}" = Windows Live Remote Service Resources
"{F0793412-6407-4870-9A8C-6FE198A4EB12}" = Windows Live Remote Client Resources
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources
"{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources
"{FAD0EC0B-753B-4A97-AD34-32AC1EC8DB69}" = Windows Live Remote Client Resources
"Elantech" = ETDWare PS/2-X64 10.0.7.2_WHQL
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000F2A10-9CDF-47BF-9CF2-9AC87567B433}" = Windows Live Photo Common
"{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh
"{0119B342-476F-4F5A-B712-144B5CFA781F}" = Windows Live Movie Maker
"{0125DB4D-98A0-4DBF-B68A-23BF08FFA6A3}" = Windows Live Messenger
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{03241D8D-2217-42F7-9FCB-6A68D141C14D}" = Windows Live 软件包
"{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
"{073F306D-9851-4969-B828-7B6444D07D55}" = Windows Live Photo Common
"{0785A0B6-07DF-43CF-B147-E1EB4CEA0345}" = Windows Live Messenger
"{07E15DDE-CAD9-434D-B24D-35708E3BEA09}" = Windows Live 필수 패키지
"{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack
"{0A4C4B29-5A9D-4910-A13C-B920D5758744}" = بريد Windows Live
"{0A9256E0-C924-46DE-921B-F6C4548A1C64}" = Windows Live Messenger
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack
"{0C975FCC-A06E-4CB6-8F54-A9B52CF37781}" = Windows Liven sähköposti
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
"{110668B7-54C6-47C9-BAC4-1CE77F156AF5}" = Windows Live Mesh
"{11417707-1F72-4279-95A3-01E0B898BBF5}" = Windows Live Mesh
"{11778DA1-0495-4ED9-972F-F9E0B0367CD5}" = Windows Live Writer
"{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar
"{128133D3-037A-4C62-B1B7-55666A10587A}" = Windows Live UX Platform Language Pack
"{133D9D67-D475-4407-AC3C-D558087B2453}" = Windows Live Movie Maker
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 5
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Settings
"{17835B63-8308-427F-8CF5-D76E0D5FE457}" = Windows Live Essentials
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19ADD3BF-C42B-47DC-81C6-5E9731B668C4}" = „Windows Live Essentials“
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A72337E-D126-4BAF-AC89-E6122DB71866}" = Windows Liven valokuvavalikoima
"{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer
"{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer
"{1DA6D447-C54D-4833-84D4-3EA31CAECE9B}" = Windows Live UX Platform Language Pack
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite
"{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21B49B4A-BBC3-4A09-9C68-6C3CC0B1EA01}" = Windows Live Messenger
"{220C7F8C-929D-4F71-9DC7-F7A6823B38E4}" = Windows Live UX Platform Language Pack
"{249EE21B-8EDD-4F36-8A23-E580E9DBE80A}" = Windows Live Mail
"{24DF33E0-F924-4D0D-9B96-11F28F0D602D}" = Windows Live UX Platform Language Pack
"{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{25CD4B12-8CC5-433E-B723-C9CB41FA8C5A}" = Windows Live Writer
"{26513CE5-7A51-478D-93BD-AC1D38103463}" = Windows Live Messenger
"{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13
"{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources
"{2720009D-9566-45A7-A370-0E6DAC313F3F}" = „Windows Live Mail“
"{28B9D2D8-4304-483F-AD71-51890A063A74}" = Windows Live Photo Common
"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2AD2DD70-27F7-4343-BB4E-DE50A32D854B}" = Windows Live Messenger
"{2BA5FD10-653F-4CAF-9CCD-F685082A1DC1}" = Windows Live Writer
"{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}" = Windows Live UX Platform Language Pack
"{2C7E8AA1-9C03-4606-BF34-5D99D07964DA}" = Windows Live Messenger
"{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh
"{2CC0789D-D31B-445F-8970-6E058BE39754}" = Windows Live UX Platform Language Pack
"{2D3E034E-F76B-410A-A169-55755D2637BB}" = Windows Live Mesh
"{2E50E321-4747-4EB5-9ECB-BBC6C3AC0F31}" = Windows Live Writer Resources
"{303143DD-1F6D-4BC5-9342-FFC2E19B2DBD}" = Windows Live Messenger
"{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources
"{317D56AC-0DB3-48F5-929A-42032DAC9AD7}" = Windows Live Writer
"{331ECF61-69AF-4F57-AC35-AFED610231C3}" = Multimedia POP
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34AB675C-1965-44B5-B5A7-B02EE6196AD3}" = Windows Live Messenger
"{34C4F5AF-D757-4E6A-ABCA-65AB5A50A1A8}" = Windows Live Messenger
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{34FBC7C4-CD31-4D93-A428-0E524EAC4586}" = CyberLink Media+ Player10
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{368BEC2C-B7A2-4762-9213-2D8465D533CA}" = Windows Live UX Platform Language Pack
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39BDD209-5704-480C-9F4A-B69D0370DDBB}" = Windows Live Messenger
"{39F95B0B-A0B7-4FA7-BB6C-197DA2546468}" = Windows Live Mesh
"{3B72C1E0-26A1-40F6-8516-D50C651DFB3C}" = Windows Live Essentials
"{3B8F240C-B75E-4A1E-BDCC-6C7F033078A3}" = Windows Live UX Platform Language Pack
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3D0C22FA-96D7-4789-BC5B-991A5A99BFFA}" = Windows Live Messenger
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials
"{4264C020-850B-4F08-ACBE-98205D9C336C}" = Windows Live Writer
"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
"{43B43577-2514-4CE0-B14A-7E85C17C0453}" = Windows Live Essentials
"{442032CB-900C-49C7-B4B4-2B76525DD403}" = Windows Live Photo Common
"{4444F27C-B1A8-464E-9486-4C37BAB39A09}" = Фотогалерия на Windows Live
"{458F399F-62AC-4747-99F5-499BBF073D29}" = Windows Live Writer Resources
"{4664ED39-C80A-48F7-93CD-EBDCAFAB6CC5}" = Windows Live Writer Resources
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A04DB63-8F81-4EF4-9D09-61A2057EF419}" = Windows Live Essentials
"{4A275FD1-2F24-4274-8C01-813F5AD1A92D}" = Windows Live Messenger
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4C378B16-46B7-4DA1-A2CE-2EE676F74680}" = Windows Live UX Platform Language Pack
"{4D141929-141B-4605-95D6-2B8650C1C6DA}" = Windows Live UX Platform Language Pack
"{4D83F339-5A5C-4B21-8FD3-5D407B981E72}" = Windows Live Photo Common
"{4F35DF91-F834-41F7-A287-0E377D55C486}" = Windows Live Photo Common
"{50300123-F8FC-4B50-B449-E847D04F1BA2}" = Windows Live Messenger
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{517EAAB9-C35E-4949-B8C2-20C241162BBB}" = Windows Live Pošta
"{51FFAC89-B6B0-4E6E-B76F-6D4E2E83086A}" = Windows Live 메일
"{523DF2BB-3A85-4047-9898-29DC8AEB7E69}" = Windows Live UX Platform Language Pack
"{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources
"{539A0CEA-17E4-4FE4-A5E8-EC5D40610A79}" = „Windows Live Messenger“
"{545192D4-E817-4EAA-834D-623EA50CF268}" = Windows Live UX Platform Language Pack
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{588CE0C0-860B-49A8-AFCF-3C69465B345F}" = Windows Live Mesh
"{5C2F5C1B-9732-4F81-8FBF-6711627DC508}" = Windows Live Fotogalleri
"{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh
"{5D163056-96B7-440F-A836-89BA5D3CFF2F}" = Windows Live Photo Common
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{5D2E7BD7-4B6F-4086-BA8A-E88484750624}" = Windows Live Writer Resources
"{5D90ABE5-8A35-4947-8269-6F40BCE47A95}" = Windows Live Messenger
"{5DA7D148-D2D2-4C67-8444-2F0F9BD88A06}" = Windows Live Writer
"{5E627606-53B9-42D1-97E1-D03F6229E248}" = Windows Live UX Platform Language Pack
"{5F6E678A-7E61-448A-86CB-BC2AD1E04138}" = Windows Live Messenger
"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
"{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker
"{61506B53-EE02-46CE-8464-3F806947978F}" = Windows Live Mesh
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{63AE67AA-1AB1-4565-B4EF-ABBC5C841E8D}" = Windows Live Messenger
"{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail
"{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker
"{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live
"{644063FA-ABA3-42AC-A8AC-3EDC0706018B}" = Windows Live Mesh
"{6491AB99-A11E-41FD-A5E7-32DE8A097B8E}" = Windows Live Essentials
"{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}" = Windows Live Movie Maker
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{6986737B-F286-40D1-87AF-938339DCF6AB}" = Windows Live Messenger
"{69C9C672-400A-43A0-B2DE-9DB38C371282}" = Windows Live Writer
"{69CAC24D-B1DC-4B97-A1BE-FE21843108FE}" = Windows Live Writer Resources
"{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack
"{6A563426-3474-41C6-B847-42B39F1485B2}" = Windows Live Messenger
"{6A9F65FF-5FF0-4914-9941-E58004829535}" = WHS FutureStation Nano
"{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh
"{6B3BAE39-4ED1-4EEB-9769-A3AA0AA58CB4}" = Windows Live Movie Maker
"{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common
"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
"{6D30E864-46AE-435B-8230-8B5D42B4AE37}" = Windows Live Messenger
"{6DCE9C3E-3DB7-4C3C-8B80-BC55781BB7B6}" = Windows Live Writer Resources
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6EE9F44A-B8C7-4CDB-B2A9-441AF2AE315A}" = Windows Live Messenger
"{6EF2BE2C-3121-48B7-B7A6-C56046B3A588}" = Windows Live Movie Maker
"{6F37D92B-41AA-44B7-80D2-457ABDE11896}" = Windows Live Photo Common
"{709E38A9-7F80-4598-96CC-44B0D553FECE}" = Windows Live Messenger
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7115EEBC-DA7B-434C-B81C-EA5B26EA9A94}" = Windows Live Writer Resources
"{71684DFF-CDED-450C-AF0C-4A1A6438A1A5}" = Windows Live Essentials
"{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer
"{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh
"{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár
"{7327080F-6673-421F-BBD9-B618F357EEB3}" = Windows Live UX Platform Language Pack
"{734104DE-C2BF-412F-BB97-FCCE1EC94229}" = Windows Live Writer Resources
"{7373E17D-18E0-44A7-AC3A-6A3BFB85D3B3}" = Windows Live Movie Maker
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{753F0A72-59C3-41CE-A36A-F2DF2079275C}" = Windows Live Mail
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{7780682A-47C9-480D-90BE-247539342595}" = Windows Live UX Platform Language Pack
"{77BC9EAF-14C7-4338-9B1C-D5A3E142C0B8}" = Windows Live Photo Common
"{77DAF553-291A-4471-988C-5677D90DB57E}" = Windows Live Writer Resources
"{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live
"{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
"{7ADFA72D-2A9F-4DEC-80A5-2FAA27E23F0F}" = Windows Live Photo Common
"{7AF8E500-B349-4A77-8265-9854E9A47925}" = Windows Live Movie Maker
"{7B982EBD-D017-4527-BF1A-FC489EC6B100}" = Windows Live 照片库
"{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live
"{7C2A3479-A5A0-412B-B0E6-6D64CBB9B251}" = Windows Live Photo Common
"{7CB529B2-6C74-4878-9C3F-C29C3C3BBDC6}" = Windows Live Writer Resources
"{7D0DE76C-874E-4BDE-A204-F4240160693E}" = Windows Live Photo Common
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources
"{7F6021AE-E688-4D03-843A-C2260482BA0D}" = Windows Live Messenger
"{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources
"{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{80E8C65A-8F70-4585-88A2-ABC54BABD576}" = Windows Live Mesh
"{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
"{82803FF3-563F-414F-A403-8D4C167D4120}" = Windows Live Mail
"{829CDAAD-5AF1-482F-978B-591C16A34ACC}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common
"{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials
"{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{861B1145-7762-4794-B40C-3FF0A389DFE6}" = Windows Live Photo Gallery
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{86E6D3A7-3ADC-44C0-B94E-85D2A9DD36B0}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{885F1BCD-C344-4758-85BD-09640CF449A5}" = Windows Live Photo Gallery
"{8909CFA8-97BF-4077-AC0F-6925243FFE08}" = Windows Liven asennustyökalu
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CF5D47D-27B7-49D6-A14F-10550B92749D}" = Windows Live UX Platform Language Pack
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{903EDF14-4E28-4463-AA5E-4AEE71C0263B}" = Windows Live Movie Maker
"{924B4D82-1B97-48EB-8F1E-55C4353C22DB}" = Windows Live Mail
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95BB7324-77D3-4BF3-8CF6-29F0857AC175}" = Easy File Share
"{97F77D62-5110-4FA3-A2D3-410B92D31199}" = Windows Live Fotogaléria
"{99BE7F5D-AB52-4404-9E03-4240FFAA7DE9}" = Windows Live Mesh
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DA3F03B-2CEE-4344-838E-117861E61FAF}" = Windows Live Mail
"{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker
"{9E771D5B-C429-4CBC-8730-3EBD9EC99E4C}" = Windows Live Movie Maker
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker
"{A1668729-C4D2-49AE-877B-FB608362FFF1}" = Windows Live Essentials
"{A199DB88-E22D-4CE7-90AC-B8BE396D7BF4}" = Windows Live Movie Maker
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = 1&1 Surf-Stick
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB0B2113-5B96-4B95-8AD1-44613384911F}" = Windows Live Mesh
"{AB78C965-5C67-409B-8433-D7B5BDB12073}" = Windows Live Writer Resources
"{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials
"{ABE2F2AA-7ADC-4717-9573-BF3F83C696AC}" = Windows Live Mail
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AD001A69-88CC-4766-B2DB-3C1DFAB9AC72}" = Windows Live Mesh
"{AD86049C-3D9C-43E1-BE73-643F57D83D50}" = Easy Migration
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{AF01B90A-D25C-4F60-AECD-6EEDF509DC11}" = Windows Live Mesh
"{B0AD205F-60D0-4084-AFB8-34D9A706D9A8}" = Windows Live Essentials
"{B0F08ACB-6BBA-49A8-8BE9-BBB4C2D8B574}" = G Data AntiVirus 2013
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common
"{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common
"{B3BE54A4-8DFE-4593-8E66-56AB7133B812}" = Windows Live Writer
"{B4712CB7-27D7-4F61-8805-BCF9BE1CFC4A}" = Windows Live Writer Resources
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live
"{B750B5C2-CC17-4967-905B-29F4EB986131}" = Software Launcher
"{B7B67AA5-12DA-4F01-918D-B1BF66779D8A}" = Windows Live Writer Resources
"{B81722D3-0A95-4BDE-AA1A-A2A5D12FCDB2}" = Windows Live Foto-galerija
"{B948B39D-214F-486E-BCD9-8AB691F8762A}" = TradeStation 9.1
"{B9B66F77-9D00-4CA4-BDF1-BBA8236B4DB6}" = Windows Live Writer
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{BD4EBDB5-EB14-4120-BB04-BE0A26C7FB3E}" = Windows Live Photo Common
"{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C01FCACE-CC3D-49A2-ADC2-583A49857C58}" = Windows Live Essentials
"{C08D5964-C42F-48EE-A893-2396F9562A7C}" = Windows Live Mesh
"{C1C9D199-B4DD-4895-92DD-9A726A2FE341}" = Windows Live Writer
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C454280F-3C3E-4929-B60E-9E6CED5717E7}" = Windows Live Mail
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail
"{C877E454-FA36-409A-A00E-1240CEC61BBD}" = „Windows Live“ fotogalerija
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{C8A2793D-EFF2-4069-95BF-A28192E39DEB}" = Windows Live Writer
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
"{CB66242D-12B1-4494-82D2-6F53A7E024A3}" = Galerie foto Windows Live
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CD442136-9115-4236-9C14-278F6A9DCB3F}" = Windows Live Movie Maker
"{CD7CB1E6-267A-408F-877D-B532AD2C882E}" = Windows Live Photo Common
"{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer
"{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
"{CF936193-C584-458C-B793-15FA945621AF}" = Windows Live fotoattēlu galerija
"{CF9DEFAA-12CD-4D04-AA45-F9F667D21E2E}" = Windows Live Movie Maker
"{D06F10C5-3EDD-4B29-A3B5-16BBB9A047F8}" = Windows Live Mesh
"{D07B1FDA-876B-4914-9E9A-309732B6D44F}" = Windows Live Mail
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D27DF849-C8C7-4892-A7F1-E0B381A1BD01}" = Windows Live Writer
"{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack
"{D31169F2-CD71-4337-B783-3E53F29F4CAD}" = Windows Live Mail
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D54A52A8-DF24-4CE8-850B-074CA47DFA74}" = Windows Live Messenger
"{D57D43BF-699A-429F-AF8C-AF1867222800}" = Windows Live 사진 갤러리
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6CBB3B2-F510-483D-AE0D-1CF3F43CF1EE}" = Windows Live Writer Resources
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{D987098B-3AD4-4E88-B80E-CF27A32D1955}" = Windows Live Writer Resources
"{DA29F644-2420-4448-8128-1331BE588999}" = Windows Live Writer
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
"{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail
"{DCAB6BA7-6533-44BF-9235-E5BF33B7431C}" = Windows Live Writer
"{DDC1E1BD-7615-4186-89E1-F5F43F9B6491}" = Windows Live Movie Maker
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE256D8B-D971-456D-BC02-CB64DA24F115}" = Easy Software Manager
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{DF71ABBB-B834-41C0-BB58-80B0545D754C}" = Windows Live UX Platform Language Pack
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5377D46-83C5-445A-A1F1-830336B42A10}" = Windows Live Galerija fotografija
"{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer
"{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live
"{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack
"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E7688C7D-DE09-4D43-9785-534EDE9BC18E}" = Windows Live Messenger
"{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live
"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
"{EA777812-4905-4C08-8F6E-13BDCC734609}" = Windows Live UX Platform Language Pack
"{EAB1BDF2-734A-4D44-9169-7615D185C974}" = Windows Live Mesh
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EC20FB81-9B5E-4B97-92A2-8DC52548EFCE}" = Windows Live Mesh
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EE492B20-FB15-4A98-883C-3054354A11F8}" = Windows Live Messenger
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F0F9505B-3ACF-4158-9311-D0285136AA00}" = Windows Live Essentials
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4BEA6C1-AAC3-4810-AAEA-588E26E0F237}" = Windows Live UX Platform Language Pack
"{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources
"{F66430D8-08E6-4C96-B9B7-90E66E27D58C}" = Windows Live Mail
"{F687E657-F636-44DF-8125-9FEEA2C362F5}" = Easy Support Center 1.0
"{F694D1F7-1F12-4550-9B7A-C871273ABAD5}" = Windows Live Messenger
"{F7A46527-DF1F-4B0F-9637-98547E189442}" = Windows Live Galeria de Fotos
"{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh
"{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA6CF94F-DACF-4FE7-959D-55C421B91B17}" = Windows Live Mail
"{FB3D07AE-73D0-47A9-AC12-6F50BF8B6202}" = Windows Live Movie Maker
"{FB79FDB7-4DE1-453D-99FE-9A880F57380E}" = Windows Live Fotogalerie
"{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}" = معرض صور Windows Live
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}" = Windows Live Essentials
"{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials
"{FF105207-8423-4E13-B0B1-50753170B245}" = Windows Live Movie Maker
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FF737490-5A2D-4269-9D82-97DB2F7C0B09}" = Windows Live Movie Maker
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Bull's-Eye Broker" = Bull's-Eye Broker
"DT6" = Dynamic Traders Group, Inc.  DT6 2
"FileZilla Client" = FileZilla Client 3.5.3
"Game Console - WildGames" = WildTangent ORB Game Console
"ilividtoolbarguid" = Search-Results Toolbar
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite
"InstallShield_{34FBC7C4-CD31-4D93-A428-0E524EAC4586}" = CyberLink Media+ Player10
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"McAfee Security Scan" = McAfee Security Scan Plus
"MetaTrader - ActivTrades" = MetaTrader - ActivTrades
"MetaTrader 4 at FOREX.com" = MetaTrader 4 at FOREX.com
"MetaTrader 4 by ThinkForex" = MetaTrader 4 by ThinkForex
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Mozilla Firefox 18.0.1 (x86 de)" = Mozilla Firefox 18.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"ProInst" = Intel PROSet Wireless
"ST6UNST #1" = DataTool 2.5
"TeamViewer 7" = TeamViewer 7
"TraderPro" = TraderPro
"VLC media player" = VLC media player 2.0.3
"WildTangent wildgames Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live 程式集
"WT085559" = Diner Dash 2 Restaurant Rescue
"WT085567" = Chuzzle Deluxe
"WT085580" = John Deere Drive Green
"WT085581" = Penguins!
"WT085583" = Polar Golfer
"WT085587" = Agatha Christie - Death on the Nile
"WT085597" = Build-a-lot
"WT085618" = Farm Frenzy
"WT085622" = Insaniquarium Deluxe
"WT085663" = Peggle
"WT085669" = Plants vs. Zombies
"WT089285" = Zuma Deluxe
"WT089286" = Bejeweled 2 Deluxe
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"GoToMeeting" = GoToMeeting 5.1.0.880
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 14.12.2012 09:32:34 | Computer Name = **********-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 17.12.2012 05:20:45 | Computer Name = **********-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: UIExec.exe, Version: 0.0.0.0, Zeitstempel:
 0x4ca41bb3  Name des fehlerhaften Moduls: UIExec.exe, Version: 0.0.0.0, Zeitstempel:
 0x4ca41bb3  Ausnahmecode: 0xc0000417  Fehleroffset: 0x00002b58  ID des fehlerhaften Prozesses:
 0xc4c  Startzeit der fehlerhaften Anwendung: 0x01cddc37cae82ced  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe  Pfad des fehlerhaften
 Moduls: C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe  Berichtskennung: 08bb8951-482b-11e2-88ee-dca971bfdc26
 
Error - 17.12.2012 05:20:58 | Computer Name = **********-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 17.12.2012 05:30:42 | Computer Name = **********-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 19.12.2012 07:15:02 | Computer Name = **********-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: UIExec.exe, Version: 0.0.0.0, Zeitstempel:
 0x4ca41bb3  Name des fehlerhaften Moduls: UIExec.exe, Version: 0.0.0.0, Zeitstempel:
 0x4ca41bb3  Ausnahmecode: 0xc0000417  Fehleroffset: 0x00002b58  ID des fehlerhaften Prozesses:
 0xc88  Startzeit der fehlerhaften Anwendung: 0x01cdddda0d2efda2  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe  Pfad des fehlerhaften
 Moduls: C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe  Berichtskennung: 54b2b3ed-49cd-11e2-858f-dca971bfdc26
 
Error - 19.12.2012 07:15:58 | Computer Name = **********-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 19.12.2012 07:59:26 | Computer Name = **********-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 19.12.2012 12:49:53 | Computer Name = **********-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: UIExec.exe, Version: 0.0.0.0, Zeitstempel:
 0x4ca41bb3  Name des fehlerhaften Moduls: UIExec.exe, Version: 0.0.0.0, Zeitstempel:
 0x4ca41bb3  Ausnahmecode: 0xc0000417  Fehleroffset: 0x00002b58  ID des fehlerhaften Prozesses:
 0xce0  Startzeit der fehlerhaften Anwendung: 0x01cdde08dc4dd22a  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe  Pfad des fehlerhaften
 Moduls: C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe  Berichtskennung: 1bdbafff-49fc-11e2-8cf3-dca971bfdc26
 
Error - 19.12.2012 12:51:11 | Computer Name = **********-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 20.12.2012 06:25:31 | Computer Name = **********-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: UIExec.exe, Version: 0.0.0.0, Zeitstempel:
 0x4ca41bb3  Name des fehlerhaften Moduls: UIExec.exe, Version: 0.0.0.0, Zeitstempel:
 0x4ca41bb3  Ausnahmecode: 0xc0000417  Fehleroffset: 0x00002b58  ID des fehlerhaften Prozesses:
 0xdd0  Startzeit der fehlerhaften Anwendung: 0x01cdde9c5042cf91  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe  Pfad des fehlerhaften
 Moduls: C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe  Berichtskennung: 9473ff12-4a8f-11e2-8c33-dca971bfdc26
 
[ System Events ]
Error - 18.11.2012 08:38:00 | Computer Name = **********-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte
 Systeme (KB2727528)
 
Error - 18.11.2012 08:38:00 | Computer Name = **********-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Update für Windows 7 für x64-Systeme (KB2761217)
 
Error - 14.12.2012 12:59:00 | Computer Name = **********-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst lmhosts erreicht.
 
Error - 17.12.2012 07:48:10 | Computer Name = **********-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst lmhosts erreicht.
 
Error - 19.12.2012 12:57:07 | Computer Name = **********-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070103 fehlgeschlagen: Intel - Other hardware - Intel(R) Centrino(R)
 Wireless Bluetooth(R) 3.0 + High Speed Adapter
 
Error - 19.12.2012 12:57:44 | Computer Name = **********-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070103 fehlgeschlagen: Intel - Other hardware - Intel(R) Centrino(R)
 Wireless Bluetooth(R) 3.0 + High Speed Adapter
 
Error - 18.01.2013 13:47:16 | Computer Name = **********-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Norton Online Backup erreicht.
 
Error - 18.01.2013 13:47:16 | Computer Name = **********-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Norton Online Backup" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
Error - 22.01.2013 13:42:49 | Computer Name = **********-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High 
Speed Security Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen.
 Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Neustart
 des Diensts.
 
Error - 25.01.2013 12:12:42 | Computer Name = **********-PC | Source = DCOM | ID = 10010
Description = 
 
 
< End of report >
         
--- --- ---

GMER Logfile:
Code:
ATTFilter
GMER 2.1.18952 - hxxp://www.gmer.net
Rootkit scan 2013-02-19 18:14:10
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST500LM0 rev.2AR1 465,76GB
Running: GMER_2.1.18952.exe; Driver: C:\Users\SCHNIE~1\AppData\Local\Temp\axlyifoc.sys


---- User code sections - GMER 2.1 ----

.text   C:\Program Files (x86)\Ask.com\Updater\Updater.exe[2792] C:\windows\SysWOW64\ntdll.dll!NtSetInformationFile                          000000007767fc18 5 bytes JMP 00000001727e1780
.text   C:\Program Files (x86)\Ask.com\Updater\Updater.exe[2792] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess                            000000007767fc90 5 bytes JMP 00000001727e2ad0
.text   C:\Program Files (x86)\Ask.com\Updater\Updater.exe[2792] C:\windows\SysWOW64\ntdll.dll!NtOpenFile                                    000000007767fd44 5 bytes JMP 00000001727e16b0
.text   C:\Program Files (x86)\Ask.com\Updater\Updater.exe[2792] C:\windows\SysWOW64\ntdll.dll!NtCreateFile                                  0000000077680094 5 bytes JMP 00000001727e1600
.text   C:\Program Files (x86)\Ask.com\Updater\Updater.exe[2792] C:\windows\SysWOW64\ntdll.dll!NtOpenDirectoryObject                         00000000776800dc 5 bytes JMP 00000001727e1740
.text   C:\Program Files (x86)\Ask.com\Updater\Updater.exe[2792] C:\windows\SysWOW64\ntdll.dll!NtCreateDirectoryObject                       00000000776806a4 5 bytes JMP 00000001727e1700
.text   C:\Program Files (x86)\Ask.com\Updater\Updater.exe[2792] C:\windows\SysWOW64\ntdll.dll!NtDeleteFile                                  00000000776809c4 5 bytes JMP 00000001727e1680
.text   C:\Program Files (x86)\Ask.com\Updater\Updater.exe[2792] C:\windows\syswow64\ADVAPI32.dll!RegDeleteKeyTransactedW                    00000000766fa8ea 5 bytes JMP 00000001727e3af0
.text   C:\Program Files (x86)\Ask.com\Updater\Updater.exe[2792] C:\windows\syswow64\ADVAPI32.dll!RegDeleteKeyExW                            00000000766fa9c5 5 bytes JMP 00000001727e3ab0
.text   C:\Program Files (x86)\Ask.com\Updater\Updater.exe[2792] C:\windows\syswow64\ADVAPI32.dll!RegDeleteValueW                            00000000766fcf31 5 bytes JMP 00000001727e3a10
.text   C:\Program Files (x86)\Ask.com\Updater\Updater.exe[2792] C:\windows\syswow64\ADVAPI32.dll!RegDeleteKeyW                              0000000076701272 7 bytes JMP 00000001727e3a70
.text   C:\Program Files (x86)\Ask.com\Updater\Updater.exe[2792] C:\windows\syswow64\ADVAPI32.dll!RegSetValueExW                             00000000767014d6 5 bytes JMP 00000001727e34b0
.text   C:\Program Files (x86)\Ask.com\Updater\Updater.exe[2792] C:\windows\syswow64\ADVAPI32.dll!RegSetKeyValueW                            0000000076717180 5 bytes JMP 00000001727e37f0
.text   C:\Program Files (x86)\Ask.com\Updater\Updater.exe[2792] C:\windows\syswow64\ADVAPI32.dll!RegSetValueW                               000000007671a68a 5 bytes JMP 00000001727e3660
.text   C:\Program Files (x86)\Ask.com\Updater\Updater.exe[2792] C:\windows\syswow64\ADVAPI32.dll!RegDeleteTreeW                             00000000767334a3 5 bytes JMP 00000001727e3b40
.text   C:\Program Files (x86)\Ask.com\Updater\Updater.exe[2792] C:\windows\syswow64\ADVAPI32.dll!RegDeleteKeyValueW                         000000007674f84b 5 bytes JMP 00000001727e39a0
.text   C:\Program Files (x86)\Ask.com\Updater\Updater.exe[2792] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                     0000000077631465 2 bytes [63, 77]
.text   C:\Program Files (x86)\Ask.com\Updater\Updater.exe[2792] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                    00000000776314bb 2 bytes [63, 77]
.text   ...                                                                                                                                  * 2
.text   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2748] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69      0000000077631465 2 bytes [63, 77]
.text   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2748] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155     00000000776314bb 2 bytes [63, 77]
.text   ...                                                                                                                                  * 2
.text   C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[3936] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                    0000000077631465 2 bytes [63, 77]
.text   C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[3936] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                   00000000776314bb 2 bytes [63, 77]
.text   ...                                                                                                                                  * 2
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5920] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   0000000077631465 2 bytes [63, 77]
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5920] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  00000000776314bb 2 bytes [63, 77]
.text   ...                                                                                                                                  * 2

---- Threads - GMER 2.1 ----

Thread  C:\windows\System32\svchost.exe [3040:5960]                                                                                          000007fef34a9688

---- Registry - GMER 2.1 ----

Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\88532e003e75                                                          
Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\b4749f59338f                                                          
Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\dca97107b376                                                          
Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\dca971bfdc26                                                          
Reg     HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\88532e003e75 (not active ControlSet)                                      
Reg     HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\b4749f59338f (not active ControlSet)                                      
Reg     HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\dca97107b376 (not active ControlSet)                                      
Reg     HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\dca971bfdc26 (not active ControlSet)                                      

---- Disk sectors - GMER 2.1 ----

Disk    \Device\Harddisk0\DR0                                                                                                                unknown MBR code

---- EOF - GMER 2.1 ----
         
--- --- ---

Geändert von HeJo (19.02.2013 um 19:04 Uhr)

Alt 19.02.2013, 19:02   #2
markusg
/// Malware-holic
 
Infizierte Registrierungschlüssel (Pup.funmoods) - Firefox läßt sich nicht mehr öffnen - Standard

Infizierte Registrierungschlüssel (Pup.funmoods) - Firefox läßt sich nicht mehr öffnen



hi,
Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________

__________________

Alt 20.02.2013, 18:59   #3
HeJo
 
Infizierte Registrierungschlüssel (Pup.funmoods) - Firefox läßt sich nicht mehr öffnen - Standard

Infizierte Registrierungschlüssel (Pup.funmoods) - Firefox läßt sich nicht mehr öffnen



Hallo Markusg,

danke für Deine schnelle Kontaktaufnahme. Anbei nun der Logfile. Ich habe meinen Namen editiert. (**********).

Grüße Hejo

18:46:00.0534 3016 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
18:46:00.0877 3016 ============================================================
18:46:00.0877 3016 Current date / time: 2013/02/20 18:46:00.0877
18:46:00.0877 3016 SystemInfo:
18:46:00.0877 3016
18:46:00.0877 3016 OS Version: 6.1.7601 ServicePack: 1.0
18:46:00.0877 3016 Product type: Workstation
18:46:00.0877 3016 ComputerName: **********-PC
18:46:00.0877 3016 UserName: **********
18:46:00.0877 3016 Windows directory: C:\windows
18:46:00.0877 3016 System windows directory: C:\windows
18:46:00.0877 3016 Running under WOW64
18:46:00.0877 3016 Processor architecture: Intel x64
18:46:00.0877 3016 Number of processors: 4
18:46:00.0877 3016 Page size: 0x1000
18:46:00.0877 3016 Boot type: Normal boot
18:46:00.0877 3016 ============================================================
18:46:02.0858 3016 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:46:02.0874 3016 ============================================================
18:46:02.0874 3016 \Device\Harddisk0\DR0:
18:46:02.0874 3016 MBR partitions:
18:46:02.0874 3016 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
18:46:02.0874 3016 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x16200000
18:46:02.0889 3016 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x16233000, BlocksNum 0x2132F000
18:46:02.0889 3016 ============================================================
18:46:02.0983 3016 C: <-> \Device\Harddisk0\DR0\Partition2
18:46:03.0045 3016 D: <-> \Device\Harddisk0\DR0\Partition3
18:46:03.0045 3016 ============================================================
18:46:03.0045 3016 Initialize success
18:46:03.0045 3016 ============================================================
18:47:35.0585 1212 ============================================================
18:47:35.0585 1212 Scan started
18:47:35.0585 1212 Mode: Manual; SigCheck; TDLFS;
18:47:35.0585 1212 ============================================================
18:47:35.0865 1212 ================ Scan system memory ========================
18:47:35.0865 1212 System memory - ok
18:47:35.0865 1212 ================ Scan services =============================
18:47:36.0068 1212 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
18:47:36.0240 1212 1394ohci - ok
18:47:36.0365 1212 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys
18:47:36.0427 1212 ACPI - ok
18:47:36.0458 1212 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
18:47:36.0505 1212 AcpiPmi - ok
18:47:36.0599 1212 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:47:36.0630 1212 AdobeARMservice - ok
18:47:36.0708 1212 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\drivers\adp94xx.sys
18:47:36.0755 1212 adp94xx - ok
18:47:36.0770 1212 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\drivers\adpahci.sys
18:47:36.0786 1212 adpahci - ok
18:47:36.0801 1212 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\drivers\adpu320.sys
18:47:36.0817 1212 adpu320 - ok
18:47:36.0864 1212 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
18:47:36.0957 1212 AeLookupSvc - ok
18:47:37.0082 1212 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys
18:47:37.0145 1212 AFD - ok
18:47:37.0191 1212 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys
18:47:37.0223 1212 agp440 - ok
18:47:37.0254 1212 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe
18:47:37.0316 1212 ALG - ok
18:47:37.0347 1212 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys
18:47:37.0379 1212 aliide - ok
18:47:37.0379 1212 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys
18:47:37.0394 1212 amdide - ok
18:47:37.0410 1212 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\drivers\amdk8.sys
18:47:37.0441 1212 AmdK8 - ok
18:47:37.0441 1212 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\drivers\amdppm.sys
18:47:37.0472 1212 AmdPPM - ok
18:47:37.0535 1212 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys
18:47:37.0566 1212 amdsata - ok
18:47:37.0597 1212 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\drivers\amdsbs.sys
18:47:37.0613 1212 amdsbs - ok
18:47:37.0628 1212 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys
18:47:37.0675 1212 amdxata - ok
18:47:37.0722 1212 [ 9921E78BC29634235F4BF5809E7E8CDE ] AMPPAL C:\windows\system32\DRIVERS\AMPPAL.sys
18:47:37.0753 1212 AMPPAL - ok
18:47:37.0769 1212 [ 9921E78BC29634235F4BF5809E7E8CDE ] AMPPALP C:\windows\system32\DRIVERS\amppal.sys
18:47:37.0784 1212 AMPPALP - ok
18:47:38.0081 1212 [ 83A0E7BA4AE616D3654E700D9C5FF9DB ] AMPPALR3 C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
18:47:38.0127 1212 AMPPALR3 - ok
18:47:38.0190 1212 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys
18:47:38.0252 1212 AppID - ok
18:47:38.0283 1212 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll
18:47:38.0330 1212 AppIDSvc - ok
18:47:38.0346 1212 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll
18:47:38.0424 1212 Appinfo - ok
18:47:38.0455 1212 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\drivers\arc.sys
18:47:38.0471 1212 arc - ok
18:47:38.0471 1212 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\drivers\arcsas.sys
18:47:38.0486 1212 arcsas - ok
18:47:38.0627 1212 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
18:47:38.0658 1212 aspnet_state - ok
18:47:38.0689 1212 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
18:47:38.0736 1212 AsyncMac - ok
18:47:38.0767 1212 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys
18:47:38.0783 1212 atapi - ok
18:47:38.0861 1212 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
18:47:38.0939 1212 AudioEndpointBuilder - ok
18:47:38.0970 1212 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll
18:47:39.0001 1212 AudioSrv - ok
18:47:39.0219 1212 [ A1ADE0E06E057E3E7C3C931413AD9665 ] AVKProxy C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
18:47:39.0282 1212 AVKProxy - ok
18:47:39.0344 1212 [ 68F93849B4197243E8454E704B063F9B ] AVKService C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKService.exe
18:47:39.0391 1212 AVKService - ok
18:47:39.0422 1212 [ B278D782732166A55AB270406E89F7A0 ] AVKWCtl C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKWCtlX64.exe
18:47:39.0485 1212 AVKWCtl - ok
18:47:39.0516 1212 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll
18:47:39.0578 1212 AxInstSV - ok
18:47:39.0641 1212 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\drivers\bxvbda.sys
18:47:39.0703 1212 b06bdrv - ok
18:47:39.0734 1212 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
18:47:39.0765 1212 b57nd60a - ok
18:47:39.0797 1212 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll
18:47:39.0828 1212 BDESVC - ok
18:47:39.0843 1212 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys
18:47:39.0875 1212 Beep - ok
18:47:39.0921 1212 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll
18:47:39.0968 1212 BFE - ok
18:47:40.0015 1212 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\System32\qmgr.dll
18:47:40.0093 1212 BITS - ok
18:47:40.0109 1212 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
18:47:40.0140 1212 blbdrive - ok
18:47:40.0249 1212 [ 55B0C8441DE7D91A819A39D0351154A2 ] Bluetooth Device Monitor C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
18:47:40.0296 1212 Bluetooth Device Monitor - ok
18:47:40.0343 1212 [ 7E262330DF0C4BE4ECE853B59B9CBE4C ] Bluetooth Media Service C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
18:47:40.0374 1212 Bluetooth Media Service - ok
18:47:40.0452 1212 [ 8BF4B9956E13871A88A3810074E2E110 ] Bluetooth OBEX Service C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
18:47:40.0483 1212 Bluetooth OBEX Service - ok
18:47:40.0530 1212 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys
18:47:40.0577 1212 bowser - ok
18:47:40.0623 1212 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\drivers\BrFiltLo.sys
18:47:40.0686 1212 BrFiltLo - ok
18:47:40.0701 1212 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\drivers\BrFiltUp.sys
18:47:40.0748 1212 BrFiltUp - ok
18:47:40.0779 1212 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\windows\System32\browser.dll
18:47:40.0811 1212 Browser - ok
18:47:40.0826 1212 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys
18:47:40.0857 1212 Brserid - ok
18:47:40.0873 1212 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
18:47:40.0904 1212 BrSerWdm - ok
18:47:40.0920 1212 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
18:47:40.0951 1212 BrUsbMdm - ok
18:47:40.0951 1212 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
18:47:40.0998 1212 BrUsbSer - ok
18:47:41.0045 1212 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\windows\system32\drivers\BthEnum.sys
18:47:41.0076 1212 BthEnum - ok
18:47:41.0123 1212 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\drivers\bthmodem.sys
18:47:41.0154 1212 BTHMODEM - ok
18:47:41.0201 1212 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\windows\system32\DRIVERS\bthpan.sys
18:47:41.0232 1212 BthPan - ok
18:47:41.0310 1212 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\windows\System32\Drivers\BTHport.sys
18:47:41.0372 1212 BTHPORT - ok
18:47:41.0403 1212 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll
18:47:41.0481 1212 bthserv - ok
18:47:41.0497 1212 [ A5B3E8B2B78C7B3DA56A0DE490E6718C ] BTHSSecurityMgr C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
18:47:41.0513 1212 BTHSSecurityMgr - ok
18:47:41.0528 1212 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\windows\System32\Drivers\BTHUSB.sys
18:47:41.0544 1212 BTHUSB - ok
18:47:41.0591 1212 [ 270FBA230E78E25726D065A924589A72 ] btmaux C:\windows\system32\DRIVERS\btmaux.sys
18:47:41.0637 1212 btmaux - ok
18:47:41.0684 1212 [ 40C6FEC49D1CC4D112368A2BCD2BCBB7 ] btmhsf C:\windows\system32\DRIVERS\btmhsf.sys
18:47:41.0731 1212 btmhsf - ok
18:47:41.0762 1212 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
18:47:41.0825 1212 cdfs - ok
18:47:41.0856 1212 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
18:47:41.0903 1212 cdrom - ok
18:47:41.0934 1212 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll
18:47:41.0996 1212 CertPropSvc - ok
18:47:42.0027 1212 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\drivers\circlass.sys
18:47:42.0043 1212 circlass - ok
18:47:42.0090 1212 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys
18:47:42.0137 1212 CLFS - ok
18:47:42.0183 1212 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:47:42.0215 1212 clr_optimization_v2.0.50727_32 - ok
18:47:42.0261 1212 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:47:42.0277 1212 clr_optimization_v2.0.50727_64 - ok
18:47:42.0433 1212 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:47:42.0464 1212 clr_optimization_v4.0.30319_32 - ok
18:47:42.0495 1212 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:47:42.0511 1212 clr_optimization_v4.0.30319_64 - ok
18:47:42.0542 1212 [ E13A438F9E51DD034730678E33B73290 ] clwvd C:\windows\system32\DRIVERS\clwvd.sys
18:47:42.0573 1212 clwvd - ok
18:47:42.0620 1212 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
18:47:42.0651 1212 CmBatt - ok
18:47:42.0683 1212 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys
18:47:42.0698 1212 cmdide - ok
18:47:42.0745 1212 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\windows\system32\Drivers\cng.sys
18:47:42.0792 1212 CNG - ok
18:47:42.0823 1212 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys
18:47:42.0839 1212 Compbatt - ok
18:47:42.0870 1212 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\DRIVERS\CompositeBus.sys
18:47:42.0917 1212 CompositeBus - ok
18:47:42.0932 1212 COMSysApp - ok
18:47:42.0948 1212 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\drivers\crcdisk.sys
18:47:42.0963 1212 crcdisk - ok
18:47:43.0026 1212 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\windows\system32\cryptsvc.dll
18:47:43.0041 1212 CryptSvc - ok
18:47:43.0166 1212 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll
18:47:43.0291 1212 DcomLaunch - ok
18:47:43.0322 1212 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll
18:47:43.0369 1212 defragsvc - ok
18:47:43.0416 1212 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys
18:47:43.0494 1212 DfsC - ok
18:47:43.0525 1212 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll
18:47:43.0556 1212 Dhcp - ok
18:47:43.0572 1212 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys
18:47:43.0665 1212 discache - ok
18:47:43.0728 1212 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\drivers\disk.sys
18:47:43.0759 1212 Disk - ok
18:47:43.0806 1212 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll
18:47:43.0853 1212 Dnscache - ok
18:47:43.0915 1212 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll
18:47:44.0009 1212 dot3svc - ok
18:47:44.0024 1212 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll
18:47:44.0071 1212 DPS - ok
18:47:44.0118 1212 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
18:47:44.0165 1212 drmkaud - ok
18:47:44.0180 1212 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
18:47:44.0227 1212 DXGKrnl - ok
18:47:44.0258 1212 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll
18:47:44.0305 1212 EapHost - ok
18:47:44.0617 1212 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\drivers\evbda.sys
18:47:44.0773 1212 ebdrv - ok
18:47:44.0804 1212 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe
18:47:44.0835 1212 EFS - ok
18:47:44.0898 1212 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe
18:47:44.0945 1212 ehRecvr - ok
18:47:44.0960 1212 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe
18:47:45.0007 1212 ehSched - ok
18:47:45.0069 1212 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\drivers\elxstor.sys
18:47:45.0085 1212 elxstor - ok
18:47:45.0101 1212 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys
18:47:45.0132 1212 ErrDev - ok
18:47:45.0163 1212 [ 98B103D1D5C426A10219437E36E03FE8 ] ETD C:\windows\system32\DRIVERS\ETD.sys
18:47:45.0179 1212 ETD - ok
18:47:45.0225 1212 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll
18:47:45.0272 1212 EventSystem - ok
18:47:45.0303 1212 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys
18:47:45.0350 1212 exfat - ok
18:47:45.0381 1212 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys
18:47:45.0459 1212 fastfat - ok
18:47:45.0522 1212 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe
18:47:45.0569 1212 Fax - ok
18:47:45.0600 1212 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\drivers\fdc.sys
18:47:45.0615 1212 fdc - ok
18:47:45.0678 1212 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll
18:47:45.0771 1212 fdPHost - ok
18:47:45.0787 1212 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll
18:47:45.0834 1212 FDResPub - ok
18:47:45.0849 1212 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
18:47:45.0865 1212 FileInfo - ok
18:47:45.0881 1212 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys
18:47:45.0927 1212 Filetrace - ok
18:47:45.0943 1212 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\drivers\flpydisk.sys
18:47:45.0959 1212 flpydisk - ok
18:47:45.0974 1212 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
18:47:45.0990 1212 FltMgr - ok
18:47:46.0037 1212 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\windows\system32\FntCache.dll
18:47:46.0099 1212 FontCache - ok
18:47:46.0130 1212 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:47:46.0161 1212 FontCache3.0.0.0 - ok
18:47:46.0177 1212 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys
18:47:46.0208 1212 FsDepends - ok
18:47:46.0239 1212 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
18:47:46.0271 1212 Fs_Rec - ok
18:47:46.0317 1212 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
18:47:46.0349 1212 fvevol - ok
18:47:46.0380 1212 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\drivers\gagp30kx.sys
18:47:46.0395 1212 gagp30kx - ok
18:47:46.0442 1212 [ 521A469CAF61F00E1DE081CC2099C1D6 ] GameConsoleService C:\Program Files (x86)\WildGames\Game Console - WildGames\GameConsoleService.exe
18:47:46.0489 1212 GameConsoleService - ok
18:47:46.0551 1212 [ DEC2DEB0025548EE434C2DBA68B771BC ] GDBehave C:\windows\system32\drivers\GDBehave.sys
18:47:46.0567 1212 GDBehave - ok
18:47:46.0614 1212 [ C91D9D7338AD7E6D0CC707828E90203F ] GDMnIcpt C:\windows\system32\drivers\MiniIcpt.sys
18:47:46.0645 1212 GDMnIcpt - ok
18:47:46.0676 1212 [ B6F4C60CF97E823F2874FF9FEF4CC89B ] GDPkIcpt C:\windows\system32\drivers\PktIcpt.sys
18:47:46.0692 1212 GDPkIcpt - ok
18:47:46.0739 1212 [ 110C6DC36EA9F5DA664A584756B1B297 ] GDScan C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
18:47:46.0770 1212 GDScan - ok
18:47:46.0785 1212 [ 080B1C7B27BD44877DA04F6EC3D16CF3 ] gdwfpcd C:\windows\system32\drivers\gdwfpcd64.sys
18:47:46.0801 1212 gdwfpcd - ok
18:47:46.0863 1212 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll
18:47:46.0926 1212 gpsvc - ok
18:47:46.0988 1212 [ 9580CBF03D2EE08BD1C0D701AAE4092A ] GRD C:\windows\system32\drivers\GRD.sys
18:47:47.0019 1212 GRD - ok
18:47:47.0051 1212 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
18:47:47.0082 1212 hcw85cir - ok
18:47:47.0113 1212 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
18:47:47.0144 1212 HdAudAddService - ok
18:47:47.0160 1212 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys
18:47:47.0191 1212 HDAudBus - ok
18:47:47.0238 1212 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\drivers\HidBatt.sys
18:47:47.0269 1212 HidBatt - ok
18:47:47.0269 1212 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\drivers\hidbth.sys
18:47:47.0300 1212 HidBth - ok
18:47:47.0316 1212 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\drivers\hidir.sys
18:47:47.0331 1212 HidIr - ok
18:47:47.0378 1212 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\system32\hidserv.dll
18:47:47.0425 1212 hidserv - ok
18:47:47.0456 1212 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
18:47:47.0472 1212 HidUsb - ok
18:47:47.0519 1212 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll
18:47:47.0612 1212 hkmsvc - ok
18:47:47.0628 1212 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
18:47:47.0659 1212 HomeGroupListener - ok
18:47:47.0690 1212 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
18:47:47.0706 1212 HomeGroupProvider - ok
18:47:47.0721 1212 [ 907C238D9F85BE868817740C0FD8D315 ] HookCentre C:\windows\system32\drivers\HookCentre.sys
18:47:47.0737 1212 HookCentre - ok
18:47:47.0784 1212 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
18:47:47.0815 1212 HpSAMD - ok
18:47:47.0862 1212 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys
18:47:47.0940 1212 HTTP - ok
18:47:47.0955 1212 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
18:47:47.0971 1212 hwpolicy - ok
18:47:48.0002 1212 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys
18:47:48.0018 1212 i8042prt - ok
18:47:48.0065 1212 [ 53CC5BF8B5A219119953C7ABB19A7705 ] iaStor C:\windows\system32\DRIVERS\iaStor.sys
18:47:48.0080 1212 iaStor - ok
18:47:48.0143 1212 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
18:47:48.0174 1212 iaStorV - ok
18:47:48.0189 1212 [ FC47F5CF561BF0FD897EFD1A9604DCCF ] iBtFltCoex C:\windows\system32\DRIVERS\iBtFltCoex.sys
18:47:48.0205 1212 iBtFltCoex - ok
18:47:48.0267 1212 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:47:48.0314 1212 idsvc - ok
18:47:49.0157 1212 [ 8CB8667F5A3B5515F2585F3254F3AAF7 ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys
18:47:49.0547 1212 igfx - ok
18:47:49.0625 1212 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\drivers\iirsp.sys
18:47:49.0656 1212 iirsp - ok
18:47:49.0921 1212 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll
18:47:49.0999 1212 IKEEXT - ok
18:47:50.0217 1212 [ 8E05ADB4B809B478B2EC65A1A1633DEB ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys
18:47:50.0295 1212 IntcAzAudAddService - ok
18:47:50.0342 1212 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\windows\system32\DRIVERS\IntcDAud.sys
18:47:50.0405 1212 IntcDAud - ok
18:47:50.0436 1212 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys
18:47:50.0451 1212 intelide - ok
18:47:50.0498 1212 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
18:47:50.0545 1212 intelppm - ok
18:47:50.0607 1212 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll
18:47:50.0685 1212 IPBusEnum - ok
18:47:50.0701 1212 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
18:47:50.0795 1212 IpFilterDriver - ok
18:47:50.0841 1212 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\windows\System32\iphlpsvc.dll
18:47:50.0857 1212 iphlpsvc - ok
18:47:50.0873 1212 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
18:47:50.0919 1212 IPMIDRV - ok
18:47:50.0919 1212 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys
18:47:50.0982 1212 IPNAT - ok
18:47:51.0013 1212 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys
18:47:51.0029 1212 IRENUM - ok
18:47:51.0044 1212 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys
18:47:51.0060 1212 isapnp - ok
18:47:51.0091 1212 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
18:47:51.0122 1212 iScsiPrt - ok
18:47:51.0138 1212 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
18:47:51.0153 1212 kbdclass - ok
18:47:51.0169 1212 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\DRIVERS\kbdhid.sys
18:47:51.0200 1212 kbdhid - ok
18:47:51.0216 1212 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe
18:47:51.0231 1212 KeyIso - ok
18:47:51.0278 1212 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
18:47:51.0278 1212 KSecDD - ok
18:47:51.0309 1212 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
18:47:51.0325 1212 KSecPkg - ok
18:47:51.0325 1212 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
18:47:51.0372 1212 ksthunk - ok
18:47:51.0403 1212 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll
18:47:51.0465 1212 KtmRm - ok
18:47:51.0512 1212 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\system32\srvsvc.dll
18:47:51.0606 1212 LanmanServer - ok
18:47:51.0637 1212 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
18:47:51.0699 1212 LanmanWorkstation - ok
18:47:51.0731 1212 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
18:47:51.0793 1212 lltdio - ok
18:47:51.0824 1212 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll
18:47:51.0887 1212 lltdsvc - ok
18:47:51.0902 1212 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll
18:47:51.0980 1212 lmhosts - ok
18:47:52.0027 1212 [ F4A17DCAB576267C85663E64F3ACE5A4 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
18:47:52.0058 1212 LMS - ok
18:47:52.0089 1212 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\drivers\lsi_fc.sys
18:47:52.0105 1212 LSI_FC - ok
18:47:52.0121 1212 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\drivers\lsi_sas.sys
18:47:52.0136 1212 LSI_SAS - ok
18:47:52.0136 1212 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\drivers\lsi_sas2.sys
18:47:52.0152 1212 LSI_SAS2 - ok
18:47:52.0167 1212 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\drivers\lsi_scsi.sys
18:47:52.0183 1212 LSI_SCSI - ok
18:47:52.0199 1212 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys
18:47:52.0245 1212 luafv - ok
18:47:52.0292 1212 [ 23488767CB18FC3FF39E3AF1DB3FB02C ] massfilter C:\windows\system32\drivers\massfilter.sys
18:47:52.0339 1212 massfilter - ok
18:47:52.0401 1212 [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector C:\windows\system32\drivers\mbam.sys
18:47:52.0417 1212 MBAMProtector - ok
18:47:52.0479 1212 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
18:47:52.0511 1212 MBAMScheduler - ok
18:47:52.0542 1212 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
18:47:52.0589 1212 MBAMService - ok
18:47:52.0682 1212 [ DDCC236009C707761D60E5C76D639176 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe
18:47:52.0713 1212 McComponentHostService - ok
18:47:52.0729 1212 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
18:47:52.0760 1212 Mcx2Svc - ok
18:47:52.0791 1212 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\drivers\megasas.sys
18:47:52.0807 1212 megasas - ok
18:47:52.0838 1212 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\drivers\MegaSR.sys
18:47:52.0854 1212 MegaSR - ok
18:47:52.0885 1212 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\windows\system32\DRIVERS\HECIx64.sys
18:47:52.0901 1212 MEIx64 - ok
18:47:52.0932 1212 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll
18:47:52.0963 1212 MMCSS - ok
18:47:52.0979 1212 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys
18:47:53.0041 1212 Modem - ok
18:47:53.0072 1212 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys
18:47:53.0103 1212 monitor - ok
18:47:53.0119 1212 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
18:47:53.0135 1212 mouclass - ok
18:47:53.0166 1212 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
18:47:53.0181 1212 mouhid - ok
18:47:53.0213 1212 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys
18:47:53.0228 1212 mountmgr - ok
18:47:53.0322 1212 [ 9C3758018DED02F4AE53CCA1C5F084A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:47:53.0369 1212 MozillaMaintenance - ok
18:47:53.0384 1212 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys
18:47:53.0431 1212 mpio - ok
18:47:53.0447 1212 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
18:47:53.0478 1212 mpsdrv - ok
18:47:53.0525 1212 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\windows\system32\mpssvc.dll
18:47:53.0603 1212 MpsSvc - ok
18:47:53.0603 1212 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
18:47:53.0649 1212 MRxDAV - ok
18:47:53.0681 1212 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
18:47:53.0712 1212 mrxsmb - ok
18:47:53.0743 1212 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
18:47:53.0759 1212 mrxsmb10 - ok
18:47:53.0774 1212 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
18:47:53.0790 1212 mrxsmb20 - ok
18:47:53.0821 1212 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\drivers\msahci.sys
18:47:53.0837 1212 msahci - ok
18:47:53.0852 1212 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys
18:47:53.0868 1212 msdsm - ok
18:47:53.0883 1212 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe
18:47:53.0915 1212 MSDTC - ok
18:47:53.0930 1212 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys
18:47:53.0993 1212 Msfs - ok
18:47:54.0008 1212 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
18:47:54.0039 1212 mshidkmdf - ok
18:47:54.0071 1212 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys
18:47:54.0102 1212 msisadrv - ok
18:47:54.0149 1212 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll
18:47:54.0211 1212 MSiSCSI - ok
18:47:54.0211 1212 msiserver - ok
18:47:54.0227 1212 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
18:47:54.0289 1212 MSKSSRV - ok
18:47:54.0305 1212 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
18:47:54.0351 1212 MSPCLOCK - ok
18:47:54.0367 1212 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
18:47:54.0414 1212 MSPQM - ok
18:47:54.0429 1212 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys
18:47:54.0445 1212 MsRPC - ok
18:47:54.0476 1212 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys
18:47:54.0476 1212 mssmbios - ok
18:47:54.0507 1212 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
18:47:54.0554 1212 MSTEE - ok
18:47:54.0570 1212 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\drivers\MTConfig.sys
18:47:54.0601 1212 MTConfig - ok
18:47:54.0632 1212 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys
18:47:54.0648 1212 Mup - ok
18:47:54.0695 1212 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll
18:47:54.0757 1212 napagent - ok
18:47:54.0788 1212 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
18:47:54.0866 1212 NativeWifiP - ok
18:47:54.0913 1212 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\windows\system32\drivers\ndis.sys
18:47:54.0960 1212 NDIS - ok
18:47:54.0991 1212 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
18:47:55.0069 1212 NdisCap - ok
18:47:55.0116 1212 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
18:47:55.0194 1212 NdisTapi - ok
18:47:55.0225 1212 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
18:47:55.0319 1212 Ndisuio - ok
18:47:55.0334 1212 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
18:47:55.0397 1212 NdisWan - ok
18:47:55.0412 1212 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
18:47:55.0490 1212 NDProxy - ok
18:47:55.0521 1212 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
18:47:55.0568 1212 NetBIOS - ok
18:47:55.0584 1212 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
18:47:55.0631 1212 NetBT - ok
18:47:55.0662 1212 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe
18:47:55.0677 1212 Netlogon - ok
18:47:55.0880 1212 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll
18:47:56.0021 1212 Netman - ok
18:47:56.0145 1212 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:47:56.0192 1212 NetMsmqActivator - ok
18:47:56.0208 1212 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:47:56.0239 1212 NetPipeActivator - ok
18:47:56.0270 1212 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll
18:47:56.0348 1212 netprofm - ok
18:47:56.0348 1212 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:47:56.0364 1212 NetTcpActivator - ok
18:47:56.0379 1212 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:47:56.0395 1212 NetTcpPortSharing - ok
18:47:56.0894 1212 [ AC69618DE5BCCE8747C9AB0AAE1003C1 ] NETwNs64 C:\windows\system32\DRIVERS\NETwNs64.sys
18:47:57.0175 1212 NETwNs64 - ok
18:47:57.0237 1212 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\drivers\nfrd960.sys
18:47:57.0253 1212 nfrd960 - ok
18:47:57.0331 1212 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\windows\System32\nlasvc.dll
18:47:57.0393 1212 NlaSvc - ok
18:47:57.0534 1212 [ 5839A8027D6D324A7CD494051A96628C ] NOBU C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
18:47:57.0581 1212 NOBU - ok
18:47:57.0612 1212 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys
18:47:57.0643 1212 Npfs - ok
18:47:57.0690 1212 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll
18:47:57.0737 1212 nsi - ok
18:47:57.0783 1212 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
18:47:57.0846 1212 nsiproxy - ok
18:47:58.0142 1212 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
18:47:58.0205 1212 Ntfs - ok
18:47:58.0267 1212 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys
18:47:58.0329 1212 Null - ok
18:47:58.0751 1212 [ 70E89A21827B2669AF906B703C7C48B5 ] nvlddmkm C:\windows\system32\DRIVERS\nvlddmkm.sys
18:47:59.0172 1212 nvlddmkm - ok
18:47:59.0203 1212 [ 4B9C0C2BF78289513101EB0D44834701 ] nvpciflt C:\windows\system32\DRIVERS\nvpciflt.sys
18:47:59.0219 1212 nvpciflt - ok
18:47:59.0250 1212 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys
18:47:59.0265 1212 nvraid - ok
18:47:59.0297 1212 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys
18:47:59.0343 1212 nvstor - ok
18:47:59.0562 1212 [ E04FCE1D149CF05C3449E3171F9C3E41 ] NVSvc C:\windows\system32\nvvsvc.exe
18:47:59.0609 1212 NVSvc - ok
18:47:59.0702 1212 [ D96DDEA6C699A99832E0186057801971 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
18:47:59.0749 1212 nvUpdatusService - ok
18:47:59.0780 1212 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys
18:47:59.0796 1212 nv_agp - ok
18:47:59.0796 1212 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
18:47:59.0811 1212 ohci1394 - ok
18:47:59.0889 1212 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:47:59.0905 1212 ose - ok
18:48:00.0077 1212 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:48:00.0248 1212 osppsvc - ok
18:48:00.0279 1212 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll
18:48:00.0295 1212 p2pimsvc - ok
18:48:00.0326 1212 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll
18:48:00.0373 1212 p2psvc - ok
18:48:00.0404 1212 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\drivers\parport.sys
18:48:00.0451 1212 Parport - ok
18:48:00.0482 1212 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys
18:48:00.0498 1212 partmgr - ok
18:48:00.0545 1212 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll
18:48:00.0607 1212 PcaSvc - ok
18:48:00.0638 1212 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys
18:48:00.0654 1212 pci - ok
18:48:00.0669 1212 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\drivers\pciide.sys
18:48:00.0685 1212 pciide - ok
18:48:00.0701 1212 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\drivers\pcmcia.sys
18:48:00.0716 1212 pcmcia - ok
18:48:00.0732 1212 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys
18:48:00.0747 1212 pcw - ok
18:48:00.0763 1212 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys
18:48:00.0825 1212 PEAUTH - ok
18:48:00.0888 1212 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe
18:48:00.0935 1212 PerfHost - ok
18:48:01.0013 1212 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll
18:48:01.0091 1212 pla - ok
18:48:01.0122 1212 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll
18:48:01.0153 1212 PlugPlay - ok
18:48:01.0184 1212 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
18:48:01.0200 1212 PNRPAutoReg - ok
18:48:01.0231 1212 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll
18:48:01.0247 1212 PNRPsvc - ok
18:48:01.0309 1212 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
18:48:01.0387 1212 PolicyAgent - ok
18:48:01.0418 1212 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll
18:48:01.0481 1212 Power - ok
18:48:01.0527 1212 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
18:48:01.0559 1212 PptpMiniport - ok
18:48:01.0574 1212 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\drivers\processr.sys
18:48:01.0637 1212 Processor - ok
18:48:01.0683 1212 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll
18:48:01.0730 1212 ProfSvc - ok
18:48:01.0761 1212 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
18:48:01.0777 1212 ProtectedStorage - ok
18:48:01.0808 1212 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys
18:48:01.0871 1212 Psched - ok
18:48:01.0949 1212 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\drivers\ql2300.sys
18:48:02.0011 1212 ql2300 - ok
18:48:02.0027 1212 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\drivers\ql40xx.sys
18:48:02.0042 1212 ql40xx - ok
18:48:02.0058 1212 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll
18:48:02.0073 1212 QWAVE - ok
18:48:02.0089 1212 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
18:48:02.0120 1212 QWAVEdrv - ok
18:48:02.0136 1212 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
18:48:02.0183 1212 RasAcd - ok
18:48:02.0214 1212 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
18:48:02.0261 1212 RasAgileVpn - ok
18:48:02.0276 1212 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll
18:48:02.0323 1212 RasAuto - ok
18:48:02.0339 1212 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
18:48:02.0385 1212 Rasl2tp - ok
18:48:02.0417 1212 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll
18:48:02.0495 1212 RasMan - ok
18:48:02.0510 1212 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
18:48:02.0557 1212 RasPppoe - ok
18:48:02.0604 1212 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
18:48:02.0666 1212 RasSstp - ok
18:48:02.0682 1212 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
18:48:02.0729 1212 rdbss - ok
18:48:02.0744 1212 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\drivers\rdpbus.sys
18:48:02.0760 1212 rdpbus - ok
18:48:02.0775 1212 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
18:48:02.0822 1212 RDPCDD - ok
18:48:02.0838 1212 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
18:48:02.0885 1212 RDPENCDD - ok
18:48:02.0900 1212 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
18:48:02.0947 1212 RDPREFMP - ok
18:48:02.0978 1212 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys
18:48:03.0025 1212 RDPWD - ok
18:48:03.0056 1212 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
18:48:03.0072 1212 rdyboost - ok
18:48:03.0103 1212 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll
18:48:03.0134 1212 RemoteAccess - ok
18:48:03.0243 1212 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll
18:48:03.0321 1212 RemoteRegistry - ok
18:48:03.0399 1212 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\windows\system32\DRIVERS\rfcomm.sys
18:48:03.0446 1212 RFCOMM - ok
18:48:03.0602 1212 [ F12A68ED55053940CADD59CA5E3468DD ] RichVideo C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
18:48:03.0633 1212 RichVideo ( UnsignedFile.Multi.Generic ) - warning
18:48:03.0633 1212 RichVideo - detected UnsignedFile.Multi.Generic (1)
18:48:03.0680 1212 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
18:48:03.0727 1212 RpcEptMapper - ok
18:48:03.0743 1212 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe
18:48:03.0758 1212 RpcLocator - ok
18:48:03.0789 1212 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\system32\rpcss.dll
18:48:03.0836 1212 RpcSs - ok
18:48:03.0883 1212 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
18:48:03.0961 1212 rspndr - ok
18:48:04.0008 1212 [ F4C374B1C46DE294B573BB43723AC3F6 ] RTL8167 C:\windows\system32\DRIVERS\Rt64win7.sys
18:48:04.0055 1212 RTL8167 - ok
18:48:04.0133 1212 [ 4CA0DBA9E224473D664C25E411F5A3BD ] rtport C:\windows\SysWOW64\drivers\rtport.sys
18:48:04.0148 1212 rtport - ok
18:48:04.0179 1212 [ 62DB6CC4B0818F1B5F3441241B098F12 ] SABI C:\windows\system32\Drivers\SABI.sys
18:48:04.0226 1212 SABI - ok
18:48:04.0226 1212 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe
18:48:04.0257 1212 SamSs - ok
18:48:04.0304 1212 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys
18:48:04.0351 1212 sbp2port - ok
18:48:04.0382 1212 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll
18:48:04.0429 1212 SCardSvr - ok
18:48:04.0460 1212 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
18:48:04.0507 1212 scfilter - ok
18:48:04.0601 1212 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll
18:48:04.0710 1212 Schedule - ok
18:48:04.0725 1212 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll
18:48:04.0757 1212 SCPolicySvc - ok
18:48:04.0788 1212 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll
18:48:04.0850 1212 SDRSVC - ok
18:48:04.0897 1212 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys
18:48:04.0959 1212 secdrv - ok
18:48:04.0991 1212 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll
18:48:05.0100 1212 seclogon - ok
18:48:05.0115 1212 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\System32\sens.dll
18:48:05.0162 1212 SENS - ok
18:48:05.0209 1212 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll
18:48:05.0240 1212 SensrSvc - ok
18:48:05.0256 1212 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\drivers\serenum.sys
18:48:05.0287 1212 Serenum - ok
18:48:05.0303 1212 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\drivers\serial.sys
18:48:05.0334 1212 Serial - ok
18:48:05.0365 1212 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\drivers\sermouse.sys
18:48:05.0396 1212 sermouse - ok
18:48:05.0427 1212 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll
18:48:05.0459 1212 SessionEnv - ok
18:48:05.0474 1212 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys
18:48:05.0490 1212 sffdisk - ok
18:48:05.0505 1212 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
18:48:05.0537 1212 sffp_mmc - ok
18:48:05.0568 1212 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
18:48:05.0630 1212 sffp_sd - ok
18:48:05.0661 1212 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\drivers\sfloppy.sys
18:48:05.0693 1212 sfloppy - ok
18:48:05.0739 1212 [ 2FE1CD3AA602414841DB10AD96C95A5E ] SGDrv C:\windows\system32\DRIVERS\SGdrv64.sys
18:48:05.0771 1212 SGDrv - ok
18:48:05.0864 1212 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll
18:48:05.0973 1212 SharedAccess - ok
18:48:06.0020 1212 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
18:48:06.0067 1212 ShellHWDetection - ok
18:48:06.0098 1212 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\drivers\SiSRaid2.sys
18:48:06.0145 1212 SiSRaid2 - ok
18:48:06.0176 1212 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\drivers\sisraid4.sys
18:48:06.0207 1212 SiSRaid4 - ok
18:48:06.0270 1212 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
18:48:06.0285 1212 SkypeUpdate - ok
18:48:06.0301 1212 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys
18:48:06.0363 1212 Smb - ok
18:48:06.0410 1212 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe
18:48:06.0441 1212 SNMPTRAP - ok
18:48:06.0473 1212 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys
18:48:06.0519 1212 spldr - ok
18:48:06.0566 1212 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\windows\System32\spoolsv.exe
18:48:06.0613 1212 Spooler - ok
18:48:06.0878 1212 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe
18:48:06.0956 1212 sppsvc - ok
18:48:06.0972 1212 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll
18:48:07.0034 1212 sppuinotify - ok
18:48:07.0065 1212 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys
18:48:07.0143 1212 srv - ok
18:48:07.0159 1212 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
18:48:07.0206 1212 srv2 - ok
18:48:07.0237 1212 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
18:48:07.0268 1212 srvnet - ok
18:48:07.0315 1212 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
18:48:07.0393 1212 SSDPSRV - ok
18:48:07.0409 1212 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll
18:48:07.0455 1212 SstpSvc - ok
18:48:07.0487 1212 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\drivers\stexstor.sys
18:48:07.0487 1212 stexstor - ok
18:48:07.0549 1212 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll
18:48:07.0643 1212 stisvc - ok
18:48:07.0658 1212 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\DRIVERS\swenum.sys
18:48:07.0674 1212 swenum - ok
18:48:07.0705 1212 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll
18:48:07.0752 1212 swprv - ok
18:48:07.0814 1212 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll
18:48:07.0892 1212 SysMain - ok
18:48:07.0923 1212 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
18:48:07.0970 1212 TabletInputService - ok
18:48:07.0986 1212 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll
18:48:08.0048 1212 TapiSrv - ok
18:48:08.0064 1212 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll
18:48:08.0111 1212 TBS - ok
18:48:08.0189 1212 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\windows\system32\drivers\tcpip.sys
18:48:08.0251 1212 Tcpip - ok
18:48:08.0267 1212 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
18:48:08.0313 1212 TCPIP6 - ok
18:48:08.0345 1212 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
18:48:08.0360 1212 tcpipreg - ok
18:48:08.0391 1212 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
18:48:08.0423 1212 TDPIPE - ok
18:48:08.0438 1212 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
18:48:08.0454 1212 TDTCP - ok
18:48:08.0469 1212 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys
18:48:08.0532 1212 tdx - ok
18:48:08.0672 1212 [ 2BBB318EA9F34FDC508CEA4AAB98D770 ] TeamViewer7 C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
18:48:08.0735 1212 TeamViewer7 - ok
18:48:08.0750 1212 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\DRIVERS\termdd.sys
18:48:08.0766 1212 TermDD - ok
18:48:08.0797 1212 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll
18:48:08.0844 1212 TermService - ok
18:48:08.0859 1212 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll
18:48:08.0906 1212 Themes - ok
18:48:08.0937 1212 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll
18:48:08.0969 1212 THREADORDER - ok
18:48:08.0984 1212 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll
18:48:09.0031 1212 TrkWks - ok
18:48:09.0078 1212 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
18:48:09.0125 1212 TrustedInstaller - ok
18:48:09.0140 1212 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
18:48:09.0171 1212 tssecsrv - ok
18:48:09.0171 1212 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
18:48:09.0203 1212 TsUsbFlt - ok
18:48:09.0218 1212 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\windows\system32\drivers\TsUsbGD.sys
18:48:09.0234 1212 TsUsbGD - ok
18:48:09.0281 1212 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
18:48:09.0327 1212 tunnel - ok
18:48:09.0327 1212 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\drivers\uagp35.sys
18:48:09.0343 1212 uagp35 - ok
18:48:09.0359 1212 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys
18:48:09.0437 1212 udfs - ok
18:48:09.0499 1212 [ 13BFF97E926BF8D9C1230CECC371A0C0 ] UI Assistant Service C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe
18:48:09.0546 1212 UI Assistant Service - ok
18:48:09.0608 1212 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe
18:48:09.0655 1212 UI0Detect - ok
18:48:09.0686 1212 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
18:48:09.0702 1212 uliagpkx - ok
18:48:09.0733 1212 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\DRIVERS\umbus.sys
18:48:09.0780 1212 umbus - ok
18:48:09.0795 1212 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\drivers\umpass.sys
18:48:09.0827 1212 UmPass - ok
18:48:10.0310 1212 [ DB641944F7E4B14C13C3FEFC89843F69 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
18:48:10.0388 1212 UNS - ok
18:48:10.0419 1212 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll
18:48:10.0497 1212 upnphost - ok
18:48:10.0544 1212 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
18:48:10.0575 1212 usbccgp - ok
18:48:10.0638 1212 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys
18:48:10.0685 1212 usbcir - ok
18:48:10.0700 1212 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\drivers\usbehci.sys
18:48:10.0731 1212 usbehci - ok
18:48:10.0778 1212 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
18:48:10.0825 1212 usbhub - ok
18:48:10.0856 1212 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\drivers\usbohci.sys
18:48:10.0872 1212 usbohci - ok
18:48:10.0887 1212 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
18:48:10.0919 1212 usbprint - ok
18:48:10.0950 1212 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\windows\system32\DRIVERS\usbscan.sys
18:48:10.0965 1212 usbscan - ok
18:48:10.0981 1212 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
18:48:11.0012 1212 USBSTOR - ok
18:48:11.0028 1212 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\drivers\usbuhci.sys
18:48:11.0043 1212 usbuhci - ok
18:48:11.0075 1212 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\system32\Drivers\usbvideo.sys
18:48:11.0137 1212 usbvideo - ok
18:48:11.0168 1212 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll
18:48:11.0215 1212 UxSms - ok
18:48:11.0231 1212 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe
18:48:11.0246 1212 VaultSvc - ok
18:48:11.0277 1212 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
18:48:11.0293 1212 vdrvroot - ok
18:48:11.0324 1212 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe
18:48:11.0387 1212 vds - ok
18:48:11.0433 1212 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys
18:48:11.0449 1212 vga - ok
18:48:11.0465 1212 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys
18:48:11.0511 1212 VgaSave - ok
18:48:11.0511 1212 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys
18:48:11.0527 1212 vhdmp - ok
18:48:11.0558 1212 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys
18:48:11.0574 1212 viaide - ok
18:48:11.0621 1212 [ 1C1111810F0FCD958A6DFE3F869AD80D ] vmwvusb C:\windows\system32\Drivers\vmwvusb.sys
18:48:11.0652 1212 vmwvusb - ok
18:48:11.0667 1212 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys
18:48:11.0683 1212 volmgr - ok
18:48:11.0714 1212 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys
18:48:11.0730 1212 volmgrx - ok
18:48:11.0761 1212 [ DF8126BD41180351A093A3AD2FC8903B ] volsnap C:\windows\system32\drivers\volsnap.sys
18:48:11.0792 1212 volsnap - ok
18:48:11.0823 1212 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\drivers\vsmraid.sys
18:48:11.0839 1212 vsmraid - ok
18:48:11.0901 1212 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe
18:48:11.0995 1212 VSS - ok
18:48:12.0011 1212 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
18:48:12.0042 1212 vwifibus - ok
18:48:12.0104 1212 [ 13A0DECD1794DE60A8427862C8669D27 ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
18:48:12.0135 1212 vwififlt - ok
18:48:12.0167 1212 [ 49003B357D101CDC474937437ECF5ABC ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys
18:48:12.0198 1212 vwifimp - ok
18:48:12.0245 1212 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll
18:48:12.0307 1212 W32Time - ok
18:48:12.0338 1212 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\drivers\wacompen.sys
18:48:12.0354 1212 WacomPen - ok
18:48:12.0401 1212 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
18:48:12.0447 1212 WANARP - ok
18:48:12.0463 1212 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
18:48:12.0494 1212 Wanarpv6 - ok
18:48:12.0525 1212 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe
18:48:12.0588 1212 wbengine - ok
18:48:12.0619 1212 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
18:48:12.0650 1212 WbioSrvc - ok
18:48:12.0681 1212 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll
18:48:12.0713 1212 wcncsvc - ok
18:48:12.0728 1212 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
18:48:12.0759 1212 WcsPlugInService - ok
18:48:12.0791 1212 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\drivers\wd.sys
18:48:12.0791 1212 Wd - ok
18:48:12.0837 1212 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
18:48:12.0915 1212 Wdf01000 - ok
18:48:12.0931 1212 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll
18:48:12.0978 1212 WdiServiceHost - ok
18:48:12.0978 1212 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll
18:48:13.0009 1212 WdiSystemHost - ok
18:48:13.0040 1212 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll
18:48:13.0118 1212 WebClient - ok
18:48:13.0149 1212 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll
18:48:13.0196 1212 Wecsvc - ok
18:48:13.0212 1212 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll
18:48:13.0259 1212 wercplsupport - ok
18:48:13.0274 1212 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll
18:48:13.0383 1212 WerSvc - ok
18:48:13.0430 1212 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
18:48:13.0477 1212 WfpLwf - ok
18:48:13.0508 1212 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys
18:48:13.0539 1212 WIMMount - ok
18:48:13.0617 1212 WinDefend - ok
18:48:13.0649 1212 WinHttpAutoProxySvc - ok
18:48:13.0773 1212 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
18:48:13.0836 1212 Winmgmt - ok
18:48:13.0992 1212 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll
18:48:14.0070 1212 WinRM - ok
18:48:14.0226 1212 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll
18:48:14.0288 1212 Wlansvc - ok
18:48:14.0335 1212 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
18:48:14.0366 1212 wlcrasvc - ok
18:48:14.0507 1212 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:48:14.0553 1212 wlidsvc - ok
18:48:14.0585 1212 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys
18:48:14.0585 1212 WmiAcpi - ok
18:48:14.0631 1212 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
18:48:14.0678 1212 wmiApSrv - ok
18:48:14.0709 1212 WMPNetworkSvc - ok
18:48:14.0741 1212 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll
18:48:14.0756 1212 WPCSvc - ok
18:48:14.0772 1212 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
18:48:14.0787 1212 WPDBusEnum - ok
18:48:14.0834 1212 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
18:48:14.0865 1212 ws2ifsl - ok
18:48:14.0897 1212 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\windows\System32\wscsvc.dll
18:48:14.0928 1212 wscsvc - ok
18:48:14.0928 1212 WSearch - ok
18:48:15.0021 1212 [ 3CF81F104137457A7F32C274709635BE ] wsnm C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe
18:48:15.0068 1212 wsnm - ok
18:48:15.0115 1212 [ AFD194F6C3FAF4D29493AD2DF28B46BF ] wsnm_usbctrl C:\Program Files\VMware\VMware View\Client\bin\wsnm_usbctrl.exe
18:48:15.0146 1212 wsnm_usbctrl - ok
18:48:15.0240 1212 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll
18:48:15.0302 1212 wuauserv - ok
18:48:15.0349 1212 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\windows\system32\drivers\WudfPf.sys
18:48:15.0380 1212 WudfPf - ok
18:48:15.0427 1212 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
18:48:15.0474 1212 WUDFRd - ok
18:48:15.0489 1212 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\windows\System32\WUDFSvc.dll
18:48:15.0521 1212 wudfsvc - ok
18:48:15.0536 1212 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\windows\System32\wwansvc.dll
18:48:15.0567 1212 WwanSvc - ok
18:48:15.0630 1212 [ FF5A03A65B68DB7E02A12880399D40D4 ] ZTEusbmdm6k C:\windows\system32\DRIVERS\ZTEusbmdm6k.sys
18:48:15.0677 1212 ZTEusbmdm6k - ok
18:48:15.0692 1212 [ FF5A03A65B68DB7E02A12880399D40D4 ] ZTEusbnmea C:\windows\system32\DRIVERS\ZTEusbnmea.sys
18:48:15.0708 1212 ZTEusbnmea - ok
18:48:15.0755 1212 [ FF5A03A65B68DB7E02A12880399D40D4 ] ZTEusbser6k C:\windows\system32\DRIVERS\ZTEusbser6k.sys
18:48:15.0786 1212 ZTEusbser6k - ok
18:48:15.0801 1212 ================ Scan global ===============================
18:48:15.0833 1212 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
18:48:15.0848 1212 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\windows\system32\winsrv.dll
18:48:15.0864 1212 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\windows\system32\winsrv.dll
18:48:15.0895 1212 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
18:48:15.0926 1212 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
18:48:15.0926 1212 [Global] - ok
18:48:15.0926 1212 ================ Scan MBR ==================================
18:48:15.0926 1212 [ 2E5DEBB2116B3417023E0D6562D7ED07 ] \Device\Harddisk0\DR0
18:48:16.0285 1212 \Device\Harddisk0\DR0 - ok
18:48:16.0285 1212 ================ Scan VBR ==================================
18:48:16.0285 1212 [ C0074F5509A90A8A9316377AC0729464 ] \Device\Harddisk0\DR0\Partition1
18:48:16.0285 1212 \Device\Harddisk0\DR0\Partition1 - ok
18:48:16.0332 1212 [ D7089683512038A43C27EB302E6A85A4 ] \Device\Harddisk0\DR0\Partition2
18:48:16.0332 1212 \Device\Harddisk0\DR0\Partition2 - ok
18:48:16.0347 1212 [ 963413C90315B314DA8F187CC30F66D8 ] \Device\Harddisk0\DR0\Partition3
18:48:16.0363 1212 \Device\Harddisk0\DR0\Partition3 - ok
18:48:16.0363 1212 ============================================================
18:48:16.0363 1212 Scan finished
18:48:16.0363 1212 ============================================================
18:48:16.0363 3248 Detected object count: 1
18:48:16.0363 3248 Actual detected object count: 1
18:51:45.0684 3248 RichVideo ( UnsignedFile.Multi.Generic ) - skipped by user
18:51:45.0684 3248 RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip
__________________

Alt 20.02.2013, 19:52   #4
markusg
/// Malware-holic
 
Infizierte Registrierungschlüssel (Pup.funmoods) - Firefox läßt sich nicht mehr öffnen - Standard

Infizierte Registrierungschlüssel (Pup.funmoods) - Firefox läßt sich nicht mehr öffnen



Hi,
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 21.02.2013, 19:27   #5
HeJo
 
Infizierte Registrierungschlüssel (Pup.funmoods) - Firefox läßt sich nicht mehr öffnen - Standard

Infizierte Registrierungschlüssel (Pup.funmoods) - Firefox läßt sich nicht mehr öffnen



Hallo markusg,

ich habe combofix.exe gespeichert und als administrator laufen lassen. Zuvor habe ich Malware und GData Virenschutz ausgeschaltet.

Combofix wird ausgeführt. Ich bekomme aber folgende Meldungen von GData:
1) Combofix.exe ist ein vermeintlich bösartiges Programm /Herausgeber: Unbekannt, Gestartet von svchost.exe
Während diese Meldung auf meinem Bildschirm aufpoppt, scheint das Programm combofix nicht weiterzukommen. Es bleibt bei 38% stehen... Erst der Klick auf "Erlauben" von GData läßt combofix weiterlaufen. Ich bekomme aber keine combofix.txt Datei als Ergebnis.
Hierauf erscheinen dann weitere folgende Meldungen von GData
2) per.3exe ist ein vermeintlich bösartiges Programm / Herausgeber: Unbekannt, Gestartet von : cmd.3xe Das Programm stellt GData in Quarantäne... Dann die nächste Meldung:
3) regedit.exe ist ein vermeintlich bösartiges Programm / Herausgeber: Microsoft Windows, Gestartet von cmd.exe Das Programm stellt GDate in Quarantäne... Dann die nächste Meldung:
4) Der Rechner muß neu gestartet werden, um die schädliche Software zu entfernen. Taste ok gedrückt Nun folgende Meldung
5) cmd.exe ist ein vermeintlich bösartiges Programm / Herausgeber: unbekannt ; gestartet von hidec.3xe

Wie gesagt, ich bekomme keine combofix.txt - Datei, die ich hier posten könnte. Auf C habe ich gesucht und keine gefunden. Nach dem ich anfänglich noch auf den Windows Explorer zugreifen konnte, stelle ich nun fest, daß ich den Windows Explorer nicht mehr öffnen kann und ich auf kein Programm mehr zugreifen kann. Dies bleibt auch so, wenn ich den Computer neu gestartet habe. Das macht mir jetzt echt Angst... irgendetwas habe ich wahrscheinlich nicht richtig gemacht.. Ich bekomme bei dem Versuch auf den Windows Explorer oder auf Programme zuzugreifen Meldungen, die so oder ähnlich lauten: "C:/Windows/system 32/icacls.exe: Der Datei ist kein Programm zum Ausführen dieser Aktion zugeordnet. Installieren Sie ein entsprechendes Programm, oder erstellen Sie in der Systemsteuerung unter "standardprogramme" eine Zuordnung, wenn bereits ein Programm installiert ist.".

Ich hoffe, Du kannst mir weiterhelfen...Viele Grüße Hejo


Geändert von HeJo (21.02.2013 um 19:51 Uhr)

Alt 21.02.2013, 19:56   #6
markusg
/// Malware-holic
 
Infizierte Registrierungschlüssel (Pup.funmoods) - Firefox läßt sich nicht mehr öffnen - Standard

Infizierte Registrierungschlüssel (Pup.funmoods) - Firefox läßt sich nicht mehr öffnen



hi
öffne mal gdata und schaue, ob du dort die verhaltensanalyse noch abschalten kannst.
evtl. kann man es auch über rechtsklick im infobereich auf das symbol beenden
__________________
--> Infizierte Registrierungschlüssel (Pup.funmoods) - Firefox läßt sich nicht mehr öffnen

Alt 21.02.2013, 22:39   #7
HeJo
 
Infizierte Registrierungschlüssel (Pup.funmoods) - Firefox läßt sich nicht mehr öffnen - Standard

Infizierte Registrierungschlüssel (Pup.funmoods) - Firefox läßt sich nicht mehr öffnen



Hi markusg,
sorry aber ich weiß nicht genau, was Du meinst.
Das Progamm GData kann ich nicht mehr öffnen.
Durch rechten Mausklick in den Programmpfad komme ich noch auf die Eigenschaften. Dort kann ich Einstellungen vornehmen für "allgemein", "freigabe", "Sicherheit", "vorgängerversionen", "anpassen".
Zudem kann ich über das Wartungscenter den Virenschutz anscheinend wieder aktivieren.
Ich wage mich aber gar nicht mehr, irgendeinen Button zu drücken. Daher frage ich lieber noch einmal nach, was genau Du mit "Verhaltensanalyse abschalten" meinst.
Danke für Deine Hilfe! Viele Grüße Hejo

Alt 25.02.2013, 18:30   #8
markusg
/// Malware-holic
 
Infizierte Registrierungschlüssel (Pup.funmoods) - Firefox läßt sich nicht mehr öffnen - Standard

Infizierte Registrierungschlüssel (Pup.funmoods) - Firefox läßt sich nicht mehr öffnen



ok dann klicke im gdata meldungen auf erlauben wenn bei Combofix scan meldungen erscheinen.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 28.02.2013, 13:15   #9
HeJo
 
Infizierte Registrierungschlüssel (Pup.funmoods) - Firefox läßt sich nicht mehr öffnen - Standard

Infizierte Registrierungschlüssel (Pup.funmoods) - Firefox läßt sich nicht mehr öffnen



Hallo,
sorry war krank...
Habe gestern noch einmal Combofix laufen lassen...Ich habe das Programm als Administrator ausgeführt. Es bestand keine Verbindung zum Internet. Folgende Combofix.txt habe ich im Programmverzeichnis gefunden...

Das dunkelblau gefärbte Administrator Fenster war die ganze Nacht geöffnet mit dem Hinweis, daß ein LogDatei vorbereitet wird und der Anwender kein Programm starten soll bis Combofix abgeschlossen ist. Eine Meldung, das das Programm fertig sei, gab es nicht. Ich habe das Fenster dann heute morgen geschlossen.

Grüße Hejo

ComboFix 13-02-21.02 - ********** 27.02.2013 17:35:52.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4010.2491 [GMT 1:00]
ausgeführt von:: C:\Users\**********\Desktop\ComboFix.exe
AV: G Data AntiVirus 2013 *Disabled/Updated* {39B780B4-63C2-05B0-3B40-8F7A21E4F496}
SP: G Data AntiVirus 2013 *Disabled/Updated* {82D66150-45F8-0A3E-01F0-B4085A63BE2B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

- REDUZIERTER FUNKTIONALITÄTSMODUS -


((((((((((((((((((((((( Dateien erstellt von 2013-01-27 bis 2013-02-27 ))))))))))))))))))))))))))))))


2013-02-27 16:38:49 . 2013-02-27 16:38:49 -------- d-----w- C:\Users\UpdatusUser\AppData\Local\temp
2013-02-27 16:38:49 . 2013-02-27 16:38:49 -------- d-----w- C:\Users\Default\AppData\Local\temp
2013-02-27 16:14:24 . 2013-02-27 16:14:24 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F0D58FD7-C485-4202-84EA-9B3BFD6C3B99}\offreg.dll
2013-02-19 15:32:28 . 2013-01-08 05:32:08 9161176 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F0D58FD7-C485-4202-84EA-9B3BFD6C3B99}\mpengine.dll
2013-02-15 16:14:16 . 2013-02-15 16:14:16 -------- d-----w- C:\Users\**********\AppData\Roaming\Malwarebytes
2013-02-15 16:14:01 . 2013-02-15 16:14:01 -------- d-----w- C:\ProgramData\Malwarebytes
2013-02-15 16:13:59 . 2013-02-15 16:14:03 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-02-15 16:13:59 . 2012-12-14 15:49:28 24176 ----a-w- C:\windows\system32\drivers\mbam.sys
2013-02-15 16:11:10 . 2013-02-15 16:11:10 -------- d-----w- C:\Users\**********\AppData\Local\Programs
2013-02-14 17:47:40 . 2013-01-09 01:10:05 996352 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-14 17:47:40 . 2013-01-08 22:01:00 768000 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-14 17:11:52 . 2007-06-12 13:19:56 139264 ----a-w- C:\windows\ShareBarData.dll
2013-02-14 17:11:52 . 2000-01-24 04:01:00 25600 ----a-w- C:\windows\borlndmm.dll
2013-02-14 17:11:52 . 2000-01-24 04:01:00 248832 ----a-w- C:\windows\SysWow64\vclx50.bpl
2013-02-14 17:11:51 . 2000-01-24 04:01:00 2023424 ----a-w- C:\windows\SysWow64\vcl50.bpl
2013-02-14 17:11:50 . 2010-07-13 10:25:20 572928 ----a-w- C:\windows\SysWow64\SKCL.dll
2013-02-14 17:11:50 . 2000-01-24 04:01:00 264192 ----a-w- C:\windows\SysWow64\midas.dll
2013-02-14 17:11:48 . 2010-07-13 10:24:56 605184 ----a-w- C:\windows\SysWow64\KEYLIB32.dll
2013-02-14 17:11:48 . 2006-03-14 14:04:22 401465 ----a-w- C:\windows\SysWow64\dbcapi.dll
2013-02-14 17:11:46 . 2013-02-14 17:11:52 -------- d-----w- C:\Program Files (x86)\DT
2013-02-14 17:11:46 . 2010-07-01 02:32:00 67312 ----a-w- C:\windows\UnDeployV.exe
2013-02-14 17:11:46 . 2002-07-23 02:53:00 62976 ----a-w- C:\windows\SysWow64\DTTS.dll
2013-02-14 17:10:37 . 2013-02-14 17:38:34 -------- d-----w- C:\dttsdata
2013-02-14 15:25:59 . 2013-01-05 05:53:43 5553512 ----a-w- C:\windows\system32\ntoskrnl.exe
2013-02-14 15:25:59 . 2013-01-05 05:00:15 3967848 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2013-02-14 15:25:58 . 2013-01-05 05:00:11 3913064 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2013-02-14 15:25:55 . 2013-01-04 05:46:09 215040 ----a-w- C:\windows\system32\winsrv.dll
2013-02-14 15:25:55 . 2013-01-04 04:51:16 5120 ----a-w- C:\windows\SysWow64\wow32.dll
2013-02-14 15:25:55 . 2013-01-04 02:47:35 25600 ----a-w- C:\windows\SysWow64\setup16.exe
2013-02-14 15:25:55 . 2013-01-04 02:47:34 7680 ----a-w- C:\windows\SysWow64\instnm.exe
2013-02-14 15:25:55 . 2013-01-04 02:47:34 2048 ----a-w- C:\windows\SysWow64\user.exe
2013-02-14 15:25:55 . 2013-01-04 02:47:33 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll
2013-02-14 15:25:40 . 2013-01-04 03:26:48 3153408 ----a-w- C:\windows\system32\win32k.sys
2013-02-14 15:25:37 . 2013-01-03 06:00:54 1913192 ----a-w- C:\windows\system32\drivers\tcpip.sys
2013-02-14 15:25:37 . 2013-01-03 06:00:42 288088 ----a-w- C:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-14 15:19:51 . 2013-02-14 15:19:51 16504 ----a-w- C:\windows\system32\drivers\GdPhyMem.sys
2013-02-07 13:49:12 . 2013-02-07 13:49:12 -------- d-----w- C:\Users\**********\AppData\Local\APN
2013-02-04 16:42:49 . 2013-02-07 13:49:19 -------- d-----w- C:\Program Files (x86)\Ask.com
2013-02-04 16:32:40 . 2013-02-04 16:32:40 -------- d-----w- C:\ProgramData\Ask
2013-02-04 16:32:13 . 2013-02-04 16:32:09 95648 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-02-04 14:26:59 . 2013-02-04 14:26:59 380445 ----a-w- C:\windows\SysWow64\temp.003
2013-02-04 14:26:59 . 2013-02-04 14:26:59 30749 ----a-w- C:\windows\SysWow64\temp.004
2013-02-04 14:25:38 . 2013-02-15 15:09:55 -------- d-----w- C:\Program Files (x86)\DataTool
2013-02-04 14:21:26 . 2013-02-04 14:25:20 253952 ------w- C:\windows\Setup1.exe
2013-02-04 14:21:23 . 2013-02-04 14:25:20 74752 ----a-w- C:\windows\ST6UNST.EXE
2013-02-04 14:00:40 . 2013-02-15 14:58:40 -------- d-----w- C:\MSData
2013-01-28 17:47:46 . 2013-01-28 17:47:46 106648 ----a-w- C:\windows\system32\drivers\GRD.sys
2013-01-28 17:46:49 . 2013-01-28 17:46:49 -------- d-----w- C:\Users\**********\AppData\Roaming\Funmoods
2013-01-28 17:46:49 . 2013-01-28 17:46:49 -------- d-----w- C:\Users\**********\AppData\Local\Google
2013-01-28 17:45:51 . 2013-01-28 17:55:44 -------- d-----w- C:\ProgramData\Tarma Installer
2013-01-28 17:19:47 . 2013-01-28 17:19:47 -------- d-----w- C:\Program Files (x86)\Bulls Eye Broker 5
.


(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))

2013-02-14 17:50:52 . 2012-06-25 08:42:48 70004024 ----a-w- C:\windows\system32\MRT.exe
2013-02-04 16:32:08 . 2012-08-05 11:13:47 861088 ----a-w- C:\windows\SysWow64\npDeployJava1.dll
2013-02-04 16:32:08 . 2012-08-05 11:13:47 782240 ----a-w- C:\windows\SysWow64\deployJava1.dll
2013-01-25 17:27:55 . 2012-06-25 08:07:54 62368 ----a-w- C:\windows\system32\drivers\PktIcpt.sys
2013-01-25 17:27:54 . 2012-06-25 08:07:20 64416 ----a-w- C:\windows\system32\drivers\HookCentre.sys
2013-01-25 17:27:35 . 2012-06-25 08:07:19 126880 ----a-w- C:\windows\system32\drivers\MiniIcpt.sys
2013-01-25 17:27:35 . 2012-06-25 08:07:18 54176 ----a-w- C:\windows\system32\drivers\GDBehave.sys
2013-01-25 17:27:34 . 2012-06-25 08:07:14 65008 ----a-w- C:\windows\system32\drivers\gdwfpcd64.sys
2013-01-17 00:28:58 . 2010-11-21 03:27:21 273840 ------w- C:\windows\system32\MpSigStub.exe
2013-01-10 13:35:41 . 2012-06-25 08:37:50 11240 ----a-w- C:\windows\SysWow64\GdScrSv.de.dll
2013-01-04 04:43:21 . 2013-02-14 15:25:55 44032 ----a-w- C:\windows\apppatch\acwow64.dll
2012-12-16 17:11:22 . 2012-12-22 11:51:48 46080 ----a-w- C:\windows\system32\atmlib.dll
2012-12-16 14:45:03 . 2012-12-22 11:51:48 367616 ----a-w- C:\windows\system32\atmfd.dll
2012-12-16 14:13:28 . 2012-12-22 11:51:48 295424 ----a-w- C:\windows\SysWow64\atmfd.dll
2012-12-16 14:13:20 . 2012-12-22 11:51:48 34304 ----a-w- C:\windows\SysWow64\atmlib.dll
2012-12-07 13:20:16 . 2013-01-10 10:30:28 441856 ----a-w- C:\windows\system32\Wpc.dll
2012-12-07 13:15:31 . 2013-01-10 10:30:28 2746368 ----a-w- C:\windows\system32\gameux.dll
2012-12-07 12:26:17 . 2013-01-10 10:30:28 308736 ----a-w- C:\windows\SysWow64\Wpc.dll
2012-12-07 12:20:43 . 2013-01-10 10:30:28 2576384 ----a-w- C:\windows\SysWow64\gameux.dll
2012-12-07 11:20:04 . 2013-01-10 10:30:28 30720 ----a-w- C:\windows\system32\usk.rs
2012-12-07 11:20:03 . 2013-01-10 10:30:28 43520 ----a-w- C:\windows\system32\csrr.rs
2012-12-07 11:20:03 . 2013-01-10 10:30:28 23552 ----a-w- C:\windows\system32\oflc.rs
2012-12-07 11:20:01 . 2013-01-10 10:30:28 45568 ----a-w- C:\windows\system32\oflc-nz.rs
2012-12-07 11:20:01 . 2013-01-10 10:30:28 44544 ----a-w- C:\windows\system32\pegibbfc.rs
2012-12-07 11:20:01 . 2013-01-10 10:30:28 20480 ----a-w- C:\windows\system32\pegi-fi.rs
2012-12-07 11:20:00 . 2013-01-10 10:30:28 20480 ----a-w- C:\windows\system32\pegi-pt.rs
2012-12-07 11:19:59 . 2013-01-10 10:30:28 20480 ----a-w- C:\windows\system32\pegi.rs
2012-12-07 11:19:58 . 2013-01-10 10:30:28 46592 ----a-w- C:\windows\system32\fpb.rs
2012-12-07 11:19:57 . 2013-01-10 10:30:28 40960 ----a-w- C:\windows\system32\cob-au.rs
2012-12-07 11:19:57 . 2013-01-10 10:30:28 21504 ----a-w- C:\windows\system32\grb.rs
2012-12-07 11:19:57 . 2013-01-10 10:30:28 15360 ----a-w- C:\windows\system32\djctq.rs
2012-12-07 11:19:56 . 2013-01-10 10:30:28 55296 ----a-w- C:\windows\system32\cero.rs
2012-12-07 11:19:55 . 2013-01-10 10:30:28 51712 ----a-w- C:\windows\system32\esrb.rs
2012-12-07 10:46:42 . 2013-01-10 10:30:28 43520 ----a-w- C:\windows\SysWow64\csrr.rs
2012-12-07 10:46:42 . 2013-01-10 10:30:28 30720 ----a-w- C:\windows\SysWow64\usk.rs
2012-12-07 10:46:41 . 2013-01-10 10:30:28 45568 ----a-w- C:\windows\SysWow64\oflc-nz.rs
2012-12-07 10:46:41 . 2013-01-10 10:30:28 44544 ----a-w- C:\windows\SysWow64\pegibbfc.rs
2012-12-07 10:46:41 . 2013-01-10 10:30:28 23552 ----a-w- C:\windows\SysWow64\oflc.rs
2012-12-07 10:46:41 . 2013-01-10 10:30:28 20480 ----a-w- C:\windows\SysWow64\pegi-pt.rs
2012-12-07 10:46:40 . 2013-01-10 10:30:28 20480 ----a-w- C:\windows\SysWow64\pegi-fi.rs
2012-12-07 10:46:39 . 2013-01-10 10:30:28 46592 ----a-w- C:\windows\SysWow64\fpb.rs
2012-12-07 10:46:39 . 2013-01-10 10:30:28 20480 ----a-w- C:\windows\SysWow64\pegi.rs
2012-12-07 10:46:38 . 2013-01-10 10:30:28 21504 ----a-w- C:\windows\SysWow64\grb.rs
2012-12-07 10:46:37 . 2013-01-10 10:30:28 40960 ----a-w- C:\windows\SysWow64\cob-au.rs
2012-12-07 10:46:37 . 2013-01-10 10:30:28 15360 ----a-w- C:\windows\SysWow64\djctq.rs
2012-12-07 10:46:36 . 2013-01-10 10:30:28 55296 ----a-w- C:\windows\SysWow64\cero.rs
2012-12-07 10:46:36 . 2013-01-10 10:30:28 51712 ----a-w- C:\windows\SysWow64\esrb.rs
2012-11-30 05:45:35 . 2013-01-10 10:30:02 362496 ----a-w- C:\windows\system32\wow64win.dll
2012-11-30 05:45:35 . 2013-01-10 10:30:02 243200 ----a-w- C:\windows\system32\wow64.dll
2012-11-30 05:45:35 . 2013-01-10 10:30:02 13312 ----a-w- C:\windows\system32\wow64cpu.dll
2012-11-30 05:43:12 . 2013-01-10 10:30:02 16384 ----a-w- C:\windows\system32\ntvdm64.dll
2012-11-30 05:41:07 . 2013-01-10 10:30:02 424448 ----a-w- C:\windows\system32\KernelBase.dll
2012-11-30 05:41:07 . 2013-01-10 10:30:02 1161216 ----a-w- C:\windows\system32\kernel32.dll
2012-11-30 05:38:45 . 2013-01-10 10:30:02 6144 ---ha-w- C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-11-30 05:38:45 . 2013-01-10 10:30:02 4608 ---ha-w- C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 05:38:45 . 2013-01-10 10:30:02 4608 ---ha-w- C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-11-30 05:38:45 . 2013-01-10 10:30:02 4096 ---ha-w- C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-11-30 05:38:45 . 2013-01-10 10:30:02 4096 ---ha-w- C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-11-30 05:38:45 . 2013-01-10 10:30:02 3584 ---ha-w- C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-11-30 05:38:45 . 2013-01-10 10:30:02 3584 ---ha-w- C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-11-30 05:38:45 . 2013-01-10 10:30:02 3584 ---ha-w- C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-11-30 05:38:45 . 2013-01-10 10:30:02 3584 ---ha-w- C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-11-30 05:38:45 . 2013-01-10 10:30:02 3072 ---ha-w- C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 05:38:45 . 2013-01-10 10:30:02 3072 ---ha-w- C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-11-30 05:38:45 . 2013-01-10 10:30:02 3072 ---ha-w- C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-11-30 05:38:45 . 2013-01-10 10:30:02 3072 ---ha-w- C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-11-30 05:38:44 . 2013-01-10 10:30:02 5120 ---ha-w- C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-11-30 05:38:44 . 2013-01-10 10:30:02 4096 ---ha-w- C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-11-30 05:38:44 . 2013-01-10 10:30:02 4096 ---ha-w- C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-11-30 05:38:44 . 2013-01-10 10:30:02 3584 ---ha-w- C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-11-30 05:38:44 . 2013-01-10 10:30:02 3584 ---ha-w- C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-11-30 05:38:44 . 2013-01-10 10:30:02 3584 ---ha-w- C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-11-30 05:38:44 . 2013-01-10 10:30:02 3072 ---ha-w- C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-11-30 05:38:44 . 2013-01-10 10:30:02 3072 ---ha-w- C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-11-30 05:38:44 . 2013-01-10 10:30:02 3072 ---ha-w- C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-11-30 05:38:44 . 2013-01-10 10:30:02 3072 ---ha-w- C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-11-30 05:38:44 . 2013-01-10 10:30:02 3072 ---ha-w- C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-11-30 05:38:44 . 2013-01-10 10:30:02 3072 ---ha-w- C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-11-30 05:38:44 . 2013-01-10 10:30:02 3072 ---ha-w- C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-11-30 05:38:44 . 2013-01-10 10:30:02 3072 ---ha-w- C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-11-30 05:38:44 . 2013-01-10 10:30:02 3072 ---ha-w- C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-11-30 04:53:59 . 2013-01-10 10:30:02 274944 ----a-w- C:\windows\SysWow64\KernelBase.dll
2012-11-30 04:45:15 . 2013-01-10 10:30:02 4608 ---ha-w- C:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2012-11-30 04:45:15 . 2013-01-10 10:30:02 4096 ---ha-w- C:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-11-30 04:45:15 . 2013-01-10 10:30:02 4096 ---ha-w- C:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2012-11-30 04:45:15 . 2013-01-10 10:30:02 4096 ---ha-w- C:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2012-11-30 04:45:15 . 2013-01-10 10:30:02 4096 ---ha-w- C:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2012-11-30 04:45:15 . 2013-01-10 10:30:02 4096 ---ha-w- C:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2012-11-30 04:45:15 . 2013-01-10 10:30:02 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-11-30 04:45:15 . 2013-01-10 10:30:02 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-11-30 04:45:15 . 2013-01-10 10:30:02 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2012-11-30 04:45:15 . 2013-01-10 10:30:02 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-11-30 04:45:15 . 2013-01-10 10:30:02 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2012-11-30 04:45:15 . 2013-01-10 10:30:02 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2012-11-30 04:45:15 . 2013-01-10 10:30:02 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2012-11-30 04:45:15 . 2013-01-10 10:30:02 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-11-30 04:45:15 . 2013-01-10 10:30:02 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2012-11-30 04:45:15 . 2013-01-10 10:30:02 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2012-11-30 04:45:14 . 2013-01-10 10:30:02 5120 ---ha-w- C:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2012-11-30 04:45:14 . 2013-01-10 10:30:02 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll


(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))


*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll" [2013-01-28 17:16:16 1520776]

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2013-01-28 17:16:16 1520776 ----a-w- C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll" [2013-01-28 17:16:16 1520776]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Norton Online Backup"="C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 06:33:10 1155928]
"RemoteControl10"="C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe" [2010-09-20 03:24:42 87336]
"CLMLServer"="C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 05:21:26 103720]
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 07:35:28 946352]
"G Data AntiVirus Tray Application"="C:\Program Files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe" [2013-01-09 12:01:22 1035216]
"UIExec"="C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe" [2010-09-30 12:00:28 139088]
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 07:04:54 252848]
"ApnUpdater"="C:\Program Files (x86)\Ask.com\Updater\Updater.exe" [2013-01-28 17:16:20 1644680]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

Alt 28.02.2013, 17:43   #10
markusg
/// Malware-holic
 
Infizierte Registrierungschlüssel (Pup.funmoods) - Firefox läßt sich nicht mehr öffnen - Standard

Infizierte Registrierungschlüssel (Pup.funmoods) - Firefox läßt sich nicht mehr öffnen



hi,

lade den CCleaner standard:
CCleaner - Download - Filepony
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 28.02.2013, 19:44   #11
HeJo
 
Infizierte Registrierungschlüssel (Pup.funmoods) - Firefox läßt sich nicht mehr öffnen - Standard

Infizierte Registrierungschlüssel (Pup.funmoods) - Firefox läßt sich nicht mehr öffnen



Hallo markusg,

ich habe das Programm CC Cleaner als Administrator ausgeführt und habe Deinen Anweisungen folgend hinter jeder der Programme einen Vermerk gemacht. Ich kenne mich mit den Systemkomponenten nicht so gut aus, gehe aber davon aus, daß ich alles was Intel und Microsoft ist, benötige.

Zu meiner Verwunderung wurde parallel zur Installation des CCleaner folgende Meldung eingeblendet: "Inkompatible Add-ons": Folgendes Add on nicht kompatibel mit dieser Version von FireFox und wurde deaktiviert: "DataMngr 1.0". Ich habe keine Funktion ausführen lassen, lediglich das Fenster habe ich mit einem Klick auf das X in der rechten oberen Ecke geschlossen. Ich sage daß, weil diese Meldung beim letzten update des Firefox auch aufpoppte, danach begann das ganze Maleur...

Danke für Deine Hilfe!

Hier nun die Programmliste:

1&1 Surf-Stick 30.06.2012 1.0.0.2 notwendig
7-Zip 9.20 26.09.2012 notwendig
Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 16.08.2012 6,00MB 11.3.300.271 notwendig
Adobe Flash Player 11 Plugin Adobe Systems Incorporated 09.11.2012 6,00MB 11.5.502.110 notwendig
Adobe Reader X (10.1.5) - Deutsch Adobe Systems Incorporated 15.02.2013 168MB 10.1.5 notwendig
Ask Toolbar Ask.com 07.02.2013 4,95MB 1.15.15.0 unbekannt
Ask Toolbar Updater Ask.com 07.02.2013 1.2.4.36191 unbekannt
Bull's-Eye Broker 02.02.2013 notwendig
CCleaner Piriform 25.02.2013 3.28 notwendig
CyberLink Media Suite CyberLink Corp. 11.10.2011 37,1MB 8.0.2227 unbekannt
CyberLink Media+ Player10 CyberLink Corp. 11.10.2011 103MB 10.0.1110.00 unbekannt
CyberLink MediaShow CyberLink Corp. 11.10.2011 381MB 5.0.1130a unbekannt
CyberLink Power2Go CyberLink Corp. 11.10.2011 108MB 6.1.3802 unbekannt
CyberLink PowerDirector CyberLink Corp. 11.10.2011 287MB 8.0.3306 unbekannt
CyberLink YouCam CyberLink Corp. 11.10.2011 135MB 3.1.4417 unbekannt
DataTool 2.5 04.02.2013 notwendig
Dynamic Traders Group, Inc. DT6 2 Dynamic Traders Group, Inc. 14.02.2013 27,2MB 2 notwendig
Easy File Share Samsung Electronics Co., Ltd. 11.10.2011 31,0MB 1.1.1699 unbekannt
Easy Migration Samsung Electronics Co., Ltd. 11.10.2011 1.0 unbekannt
Easy Settings Samsung Electronics Co., Ltd. 11.10.2011 1.1 unbekannt
Easy Software Manager Samsung Electronics Co., Ltd. 25.06.2012 1.1.44.25 unbekannt
Easy Support Center 1.0 Samsung 11.10.2011 85,1MB 1.1.36 unbekannt
ETDWare PS/2-X64 10.0.7.2_WHQL ELAN Microelectronic Corp. 25.06.2012 10.0.7.2 unbekannt
FileZilla Client 3.5.3 FileZilla Project 23.07.2012 16,5MB 3.5.3 unnötig
G Data AntiVirus 2013 G Data Software AG 25.06.2012 68,1MB 23.0.0.0 notwendig
GoToMeeting 5.1.0.880 CitrixOnline 14.09.2012 5.1.0.880 unbekannt
Intel(R) Management Engine Components Intel Corporation 11.10.2011 7.0.0.1144 notwendig
Intel(R) Processor Graphics Intel Corporation 11.10.2011 74,2MB 8.15.10.2266 notwendig
Intel(R) PROSet/Wireless for Bluetooth(R) 3.0 + High Speed Intel Corporation 25.06.2012 5,82MB 1.1.0.0157 notwendig
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology Intel Corporation 25.06.2012 88,8MB 1.1.0.0537 notwendig
Intel(R) PROSet/Wireless WiFi Software Intel Corporation 11.10.2011 14,3MB 14.01.1000 notwendig
Intel(R) Rapid Storage Technology Intel Corporation 28.02.2013 10.1.5.1001 notwendig
Java 7 Update 13 Oracle 04.02.2013 129MB 7.0.130 notwendig
Malwarebytes Anti-Malware Version 1.70.0.1100 Malwarebytes Corporation 15.02.2013 18,4MB 1.70.0.1100 notwendig
McAfee Security Scan Plus McAfee, Inc. 14.02.2013 10,2MB 3.0.318.3 notwendig
McAfee SiteAdvisor McAfee, Inc. 26.09.2012 3.3.129 notwendig
MetaTrader - ActivTrades MetaQuotes Software Corp. 26.06.2012 4.00 notwendig
MetaTrader 4 at FOREX.com MetaQuotes Software Corp. 26.06.2012 4.00 notwendig
MetaTrader 4 by ThinkForex MetaQuotes Software Corp. 26.06.2012 4.00 notwendig
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 25.06.2012 38,8MB 4.0.30319 notwendig
Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 25.06.2012 2,93MB 4.0.30319 notwendig
Microsoft .NET Framework 4 Extended Microsoft Corporation 07.01.2013 51,9MB 4.0.30319 notwendig
Microsoft Office Home and Student 2010 Microsoft Corporation 05.07.2012 14.0.6029.1000 notwendig
Microsoft Primary Interoperability Assemblies 2005 Microsoft Corporation 07.12.2012 7,71MB 8.0.50727.42 notwendig
Microsoft Silverlight Microsoft Corporation 13.09.2012 50,6MB 5.1.10411.0 notwendig
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 11.10.2011 1,69MB 3.1.0000 notwendig
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 26.06.2012 300KB 8.0.61001 notwendig
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 11.10.2011 788KB 9.0.30729.4148 notwendig
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 26.06.2012 788KB 9.0.30729.6161 notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Corporation 07.12.2012 1,41MB 9.0.21022 notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 11.10.2011 240KB 9.0.30729 notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 11.10.2011 596KB 9.0.30729.4148 notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 26.06.2012 600KB 9.0.30729.6161 notwendig
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 10.12.2012 15,0MB 10.0.40219 notwendig
Microsoft Visual J# 2.0 Redistributable Package Microsoft Corporation 07.12.2012 notwendig
Mozilla Firefox 18.0.2 (x86 de) Mozilla 28.02.2013 43,3MB 18.0.2 notwendig
Mozilla Maintenance Service Mozilla 28.02.2013 330KB 18.0.2 unbekannt
Multimedia POP 11.10.2011 1.0 unbekannt
Norton Online Backup Symantec Corporation 11.10.2011 6,19MB 2.1.17869 notwendig
NVIDIA Graphics Driver 268.83 NVIDIA Corporation 11.10.2011 268.83 unbekannt
Realtek Ethernet Controller Driver Realtek 11.10.2011 7.44.421.2011 unbekannt
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 11.10.2011 6.0.1.6413 unbekannt
Samsung Recovery Solution 5 Samsung 11.10.2011 5.0.1.5 unbekannt
Search-Results Toolbar APN LLC 10.01.2013 1.0.0.12 unbekannt
Skype™ 5.10 Skype Technologies S.A. 12.09.2012 19,4MB 5.10.116 notwendig
Software Launcher Samsung 11.10.2011 7,11MB 1.0.2 unbekannt
TeamViewer 7 TeamViewer 23.07.2012 7.0.13989 notwendig
TraderPro 07.12.2012 notwendig
TradeStation 9.1 TradeStation Technologies 07.01.2013 166MB 9.01.00.12098 notwendig
User Guide 11.10.2011 1.3 unbekannt
VLC media player 2.0.3 VideoLAN 13.09.2012 2.0.3 notwendig
VMware View Client 25.06.2012 39,7MB unbekannt
WHS FutureStation Nano Fipertec 05.09.2012 2.0 notwendig
WildTangent Games WildTangent 11.10.2011 1.0.1.5 unbekannt
Windows Live 程式集 Microsoft Corporation 11.10.2011 15.4.3508.1109 unbekannt

Alt 28.02.2013, 21:32   #12
markusg
/// Malware-holic
 
Infizierte Registrierungschlüssel (Pup.funmoods) - Firefox läßt sich nicht mehr öffnen - Standard

Infizierte Registrierungschlüssel (Pup.funmoods) - Firefox läßt sich nicht mehr öffnen



Hi
danke für den Hinweis.

deinstaliere:
Ask : alle
CyberLink : alle, falls nicht verwendet
FileZilla
GoToMeeting
Java
downloade Java jre:
Java-Downloads für alle Betriebssysteme
klicke:
Download der Java-Software für Windows Offline
laden, und instalieren
deinstaliere:
Search-Results
TeamViewer : würde ich nur bei Bedarf instalieren, wenns drauf bleiben soll, upgrade auf Version 8
VMware
WildTangent
Windows Live

Öffne CCleaner, analysieren, starten, PC neustarten.
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 01.03.2013, 18:28   #13
HeJo
 
Infizierte Registrierungschlüssel (Pup.funmoods) - Firefox läßt sich nicht mehr öffnen - Standard

Infizierte Registrierungschlüssel (Pup.funmoods) - Firefox läßt sich nicht mehr öffnen



Hi Markusg

ich habe Deine Anweisungen befolgt.

Nach dem Download von Java war ich noch mit dem Internet verbunden.
Ich habe dann mit dem Deinstallieren der Programme weitergemacht. Nach dem Deinstallieren von Search Results hat GData einmal gemeckert. "Unbekannte Bedrohung, gestartet von dllhost.exe / Unbek Herausgeber". Ich habe dann die Meldung mit dem X rechts oben in der Ecke geschlossen und mich vom Internet getrennt sowie den Rechner einmal neu gestartet. Danach habe ich mit Deinem Prozedere wie von Dir beschrieben weitermachen können. Als Ergebnis bekomme ich folgende AdwCleaner (S1).txt:
AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v2.113 - Datei am 01/03/2013 um 18:05:30 erstellt
# Aktualisiert am 23/02/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : ********** - **********-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\**********\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Program Files (x86)\Mozilla FireFox\searchplugins\Search_Results.xml
Datei Gelöscht : C:\Users\**********\AppData\Roaming\Mozilla\Firefox\Profiles\zyxdb7we.default\searchplugins\Askcom.xml
Datei Gelöscht : C:\Users\**********\AppData\Roaming\Mozilla\Firefox\Profiles\zyxdb7we.default\searchplugins\Search_Results.xml
Gelöscht mit Neustart : C:\Program Files (x86)\search results toolbar
Gelöscht mit Neustart : C:\Users\**********\AppData\Roaming\Mozilla\Firefox\Profiles\zyxdb7we.default\extensions\{1fd91a9c-410c-4090-bbcc-55d3450ef433}
Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\Users\**********\AppData\Roaming\Funmoods

***** [Registrierungsdatenbank] *****

Daten Gelöscht : [x64] HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll
Daten Gelöscht : [x64] HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll
Daten Gelöscht : HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll
Daten Gelöscht : HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\ilivid
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1ED9DA0-AFD0-4B90-AC6A-D3874F591014}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iLividIEHelper.DNSGuard
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iLividIEHelper.DNSGuard.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{75E8DA27-44AF-40AE-927C-F2EEC99D65B1}
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\iLividSRTB
Schlüssel Gelöscht : HKLM\Software\InstallCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLivid_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLivid_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLividMediaBar_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLividMediaBar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9FF9AE6F-4553-41A7-B645-B0E88850EABF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CE4DB5A3-58E6-41F1-8761-47238DF4F468}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Search Results Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9FF9AE6F-4553-41A7-B645-B0E88850EABF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C1ED9DA0-AFD0-4B90-AC6A-D3874F591014}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CE4DB5A3-58E6-41F1-8761-47238DF4F468}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1ED9DA0-AFD0-4B90-AC6A-D3874F591014}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16464

Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.searchnu.com/406 --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.searchnu.com/406 --> hxxp://www.google.com

-\\ Mozilla Firefox v18.0.2 (de)

Datei : C:\Users\**********\AppData\Roaming\Mozilla\Firefox\Profiles\zyxdb7we.default\prefs.js

C:\Users\**********\AppData\Roaming\Mozilla\Firefox\Profiles\zyxdb7we.default\user.js ... Gelöscht !

Gelöscht : user_pref("browser.search.defaultengine", "Ask.com");
Gelöscht : user_pref("browser.search.defaultenginename", "Ask.com");
Gelöscht : user_pref("browser.search.order.1", "Ask.com");
Gelöscht : user_pref("browser.search.selectedEngine", "Ask.com");
Gelöscht : user_pref("browser.startup.homepage", "hxxp://www.searchnu.com/406");

*************************

AdwCleaner[S1].txt - [7637 octets] - [01/03/2013 18:05:30]

########## EOF - C:\AdwCleaner[S1].txt - [7697 octets] ##########
         
--- --- ---

Alt 03.03.2013, 20:30   #14
markusg
/// Malware-holic
 
Infizierte Registrierungschlüssel (Pup.funmoods) - Firefox läßt sich nicht mehr öffnen - Standard

Infizierte Registrierungschlüssel (Pup.funmoods) - Firefox läßt sich nicht mehr öffnen



Hi
HitmanPro - Download - Filepony
hitmanpro laden, doppelklick, Lizenz, Testlizenz.
Auf Scan nichts löschen.
Log als xml exportieren und posten, bzw packen und anhängen
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 04.03.2013, 17:16   #15
HeJo
 
Infizierte Registrierungschlüssel (Pup.funmoods) - Firefox läßt sich nicht mehr öffnen - Standard

Infizierte Registrierungschlüssel (Pup.funmoods) - Firefox läßt sich nicht mehr öffnen



Hi markusg,

anbei der log-file als log-Datei. Ist nicht so groß.

Danke für Deine Hilfe. Was empfiehlst Du als Software zum Thema Sicherheit? Darf ruhig etwas kosten. Ich mache schon mal ein paar Trades mit einem oder meheren Online Brokern oder auch Online-Banking.

Viele Grüße
Hejo

Code:
ATTFilter
HitmanPro 3.7.2.190
www.hitmanpro.com

   Computer name . . . . : **********-PC
   Windows . . . . . . . : 6.1.1.7601.X64/4
   User name . . . . . . : **********-PC\**********
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2013-03-04 17:01:46
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 3m 53s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 0

   Objects scanned . . . : 1.427.311
   Files scanned . . . . : 12.723
   Remnants scanned  . . : 261.414 files / 1.153.174 keys
         

Antwort

Themen zu Infizierte Registrierungschlüssel (Pup.funmoods) - Firefox läßt sich nicht mehr öffnen
7-zip, antivirus, bandoo, board, diner dash, explorer, firefox, gdata, gesucht, infiziert, infizierte, install.exe, installation, internet explorer, kurze, löschen, malware, neu, neuinstallation, nicht mehr, ntdll.dll, nvidia update, nvpciflt.sys, pup.funmoods, registrierungsschlüssel, search results toolbar, searchnu.com, seite, software, startseite, stichwort, tarma, unknown mbr, update, updaten, verändern, zugang, öffnen



Ähnliche Themen: Infizierte Registrierungschlüssel (Pup.funmoods) - Firefox läßt sich nicht mehr öffnen


  1. Gdata läßt sich nicht öffnen !
    Log-Analyse und Auswertung - 08.09.2014 (21)
  2. Firefox läßt sich nicht mehr öffnen - Der Vorgang wurde aufgrund von Beschränkungen auf dem Computer abgebrochen. Wenden sie sich an den Sys
    Log-Analyse und Auswertung - 05.08.2014 (17)
  3. Firefox ließ sich nicht mehr öffnen - Der Vorgang wurde aufgrund von Beschränkungen auf dem Computer abgebrochen. Wenden sie sich an den Sy
    Lob, Kritik und Wünsche - 05.08.2014 (0)
  4. Firefox läßt sich nicht mehr öffnen - Der Vorgang wurde aufgrund von Beschränkungen auf dem Computer abgebrochen. Wenden sie sich an den Sys
    Alles rund um Windows - 28.07.2014 (2)
  5. Download Protect in Firefox läßt sich nicht dauerhaft entfernen
    Plagegeister aller Art und deren Bekämpfung - 05.05.2014 (27)
  6. Claro-Toolbar läßt sich nicht aus Mozilla Firefox entfernen
    Plagegeister aller Art und deren Bekämpfung - 10.11.2012 (12)
  7. (2x) Nach Systemwiederherstellung öffnen sich einige Programme nicht mehr, wie Mozilla Firefox usw.
    Mülltonne - 19.03.2012 (1)
  8. Mozilla Firefox lässt sich nicht mehr öffnen!
    Log-Analyse und Auswertung - 15.11.2011 (144)
  9. Firefox und Kaspersky lassen sich nicht mehr öffnen
    Log-Analyse und Auswertung - 04.07.2010 (18)
  10. FireFox und Opera öffnen sich nicht mehr...
    Log-Analyse und Auswertung - 08.05.2010 (3)
  11. Firefox + Safari lassen sich nicht mehr öffnen
    Log-Analyse und Auswertung - 16.12.2009 (11)
  12. Alle Browser (Int.Explorer, Firefox), lassen sich nicht mehr öffnen!Nur T-Online Bro.
    Log-Analyse und Auswertung - 29.09.2009 (1)
  13. ie und firefox lassen sich nicht mehr öffnen
    Log-Analyse und Auswertung - 05.09.2009 (1)
  14. PC läßt sich nicht mehr hochfahren-keine Reaktion mehr!
    Plagegeister aller Art und deren Bekämpfung - 23.06.2007 (1)
  15. Internetseiten lassen sich nicht mehr öffnen(firefox,ie)
    Alles rund um Windows - 23.09.2006 (2)
  16. Diskette läßt sich nicht mehr öffnen !
    Alles rund um Windows - 12.11.2004 (3)
  17. Hilfe! So gut wie kein Programm läßt sich mehr öffnen
    Alles rund um Windows - 06.11.2004 (20)

Zum Thema Infizierte Registrierungschlüssel (Pup.funmoods) - Firefox läßt sich nicht mehr öffnen - Ausgangspunkt meines Problems war die Installation des Firefox. Dieser funktionierte auch einige Zeit einwandfrei bis ich schließlich aufgefordert wurde ein update des Firefox einzuspielen. Dieses habe ich dann auch eingespielt - Infizierte Registrierungschlüssel (Pup.funmoods) - Firefox läßt sich nicht mehr öffnen...
Archiv
Du betrachtest: Infizierte Registrierungschlüssel (Pup.funmoods) - Firefox läßt sich nicht mehr öffnen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.