Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: http://www.searchnu.com/413 Trojaner

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 01.03.2013, 21:40   #1
charliee
 
http://www.searchnu.com/413 Trojaner - Standard

http://www.searchnu.com/413 Trojaner



Hallo und einen schönen Freitagabend,
ich habe mir heute Nachmittag den FVL Player bei chip.de runtergeladen und plötzlich hatte ich die oben genannte Seite im System.
Kaspersky hat nicht angeschlagen, nur, dass macht mir gerade ganz schön sorge.
Spybot ist schon durchgelaufen und hat anscheinend auch einiges gefunden, doch alles, was er beseitigt hat, hatte anscheinend nichts mit dem Virus zu tun, denn der ist immer noch da.
Nun habe ich wie vorgeschrieben MBAM durchlaufen lassen.
Das ist das Ergebnis:



Malwarebytes Anti-Malware (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.03.01.09

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16484
Cara ***:: CARAS-PC [Administrator]

Schutz: Aktiviert

01.03.2013 21:35:51
mbam-log-2013-03-01 (21-35-51).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 229295
Laufzeit: 2 Minute(n), 27 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Danke schon mal im voraus.

Alt 01.03.2013, 21:45   #2
markusg
/// Malware-holic
 
http://www.searchnu.com/413 Trojaner - Standard

http://www.searchnu.com/413 Trojaner



Hi,

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________

Alt 01.03.2013, 22:24   #3
charliee
 
http://www.searchnu.com/413 Trojaner - Standard

http://www.searchnu.com/413 Trojaner



OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 01.03.2013 22:07:25 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Cara ***\Downloads
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16484)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,87 Gb Total Physical Memory | 2,20 Gb Available Physical Memory | 56,83% Memory free
7,75 Gb Paging File | 5,81 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 869,80 Gb Total Space | 743,03 Gb Free Space | 85,43% Space Free | Partition Type: NTFS
Drive D: | 60,00 Gb Total Space | 43,45 Gb Free Space | 72,42% Space Free | Partition Type: NTFS
Drive F: | 5,56 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: CARAS-PC | User Name: Cara *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Cara ***\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\ArcSoft\ArcSoft TV 5.0\TMTV5Monitor.exe (ArcSoft, Inc.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe (Microsoft Corporation.)
PRC - C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (CyberLink)
PRC - C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe (CyberLink)
PRC - C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe (CyberLink)
PRC - C:\Program Files (x86)\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe (ODSoft multimedia)
PRC - C:\Program Files (x86)\Sceneo\AbsolutTV\Services\PVR\PVRService.exe (Buhl Data Service GmbH)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\0247de206c1c48ac4f8b55df16468405\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\a7811936e59aaee26b1d9d467174d6d4\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\374a0cc6603f58864831897ef723bd4a\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\500a5dd33bb40326f8ca43e385513ec2\System.IdentityModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorDataMcfeeca6f#\25163a2014b376f1d6921d5554b5bf4a\IAStorDataMgrSvcInterfaces.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorCommon\5230e7b23985eaebadc20f295c04e412\IAStorCommon.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorUtil\7ac60dc1a979ea56ce302cb6c033be16\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\9a4fc56833542881e7e451a099562655\System.ServiceModel.Internals.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\89cc9825811c2121acd4e2e12c0ef044\SMDiagnostics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\e1ec8b9a6d4f9af9d6065c4187fb1b5f\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\f641b786d36d1cc5a5531a746c96ce1b\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\9c95779cc3d65cda80695cabc367476b\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\115fb9d1fa2cbda89742b1c2a0631396\System.ServiceModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\cf7db4fae047127374f220b4f59bea45\System.Runtime.Serialization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\38638a559066bf7f2325a53ed53629bc\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\05cc6faa6704d01e78700561b22937e3\System.Configuration.ni.dll ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll ()
MOD - C:\Windows\SysWOW64\msjetoledb40.dll ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll ()
MOD - C:\Program Files (x86)\ArcSoft\ArcSoft TV 5.0\uTVMUIEngine.dll ()
MOD - C:\Program Files (x86)\ArcSoft\ArcSoft TV 5.0\uPiApi.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (wlidsvc) -- C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)
SRV:64bit: - (netprofm) -- C:\Windows\SysNative\netprofmsvc.dll (Microsoft Corporation)
SRV:64bit: - (LSM) -- C:\Windows\SysNative\lsm.dll (Microsoft Corporation)
SRV:64bit: - (TimeBroker) -- C:\Windows\SysNative\TimeBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (SystemEventsBroker) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (PrintNotify) -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV:64bit: - (AudioEndpointBuilder) -- C:\Windows\SysNative\AudioEndpointBuilder.dll (Microsoft Corporation)
SRV:64bit: - (WSService) -- C:\Windows\SysNative\WSService.dll (Microsoft Corporation)
SRV:64bit: - (fhsvc) -- C:\Windows\SysNative\fhsvc.dll (Microsoft Corporation)
SRV:64bit: - (BrokerInfrastructure) -- C:\Windows\SysNative\bisrv.dll (Microsoft Corporation)
SRV:64bit: - (WiaRpc) -- C:\Windows\SysNative\wiarpc.dll (Microsoft Corporation)
SRV:64bit: - (Wcmsvc) -- C:\Windows\SysNative\wcmsvc.dll (Microsoft Corporation)
SRV:64bit: - (VaultSvc) -- C:\Windows\SysNative\vaultsvc.dll (Microsoft Corporation)
SRV:64bit: - (svsvc) -- C:\Windows\SysNative\svsvc.dll (Microsoft Corporation)
SRV:64bit: - (Netlogon) -- C:\Windows\SysNative\netlogon.dll (Microsoft Corporation)
SRV:64bit: - (NcaSvc) -- C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)
SRV:64bit: - (NcdAutoSetup) -- C:\Windows\SysNative\NcdAutoSetup.dll (Microsoft Corporation)
SRV:64bit: - (KeyIso) -- C:\Windows\SysNative\keyiso.dll (Microsoft Corporation)
SRV:64bit: - (EFS) -- C:\Windows\SysNative\efssvc.dll (Microsoft Corporation)
SRV:64bit: - (DsmSvc) -- C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)
SRV:64bit: - (DeviceAssociationService) -- C:\Windows\SysNative\das.dll (Microsoft Corporation)
SRV:64bit: - (AllUserInstallAgent) -- C:\Windows\SysNative\AUInstallAgent.dll (Microsoft Corporation)
SRV:64bit: - (vmicvss) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmictimesync) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicshutdown) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicrdv) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmickvpexchange) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicheartbeat) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (EpsonScanSvc) -- C:\Windows\SysNative\escsvc64.exe (Seiko Epson Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (PrintNotify) -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (StorSvc) -- C:\Windows\SysWOW64\StorSvc.dll (Microsoft Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe (Microsoft Corporation.)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe (Microsoft Corporation.)
SRV - (Intel(R) -- C:\Programme\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation)
SRV - (EPSON_PM_RPCV4_04) -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE (SEIKO EPSON CORPORATION)
SRV - (CyberLink PowerDVD 10 MS Service) -- C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe (CyberLink)
SRV - (CyberLink PowerDVD 10 MS Monitor Service) -- C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe (CyberLink)
SRV - (RichVideo64) -- C:\Programme\CyberLink\Shared files\RichVideo64.exe ()
SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (srvcPVR) -- C:\Program Files (x86)\Sceneo\AbsolutTV\Services\PVR\PVRService.exe (Buhl Data Service GmbH)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\Drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (klwfp) -- C:\Windows\SysNative\Drivers\klwfp.sys (Kaspersky Lab ZAO)
DRV:64bit: - (msgpiowin32) -- C:\Windows\SysNative\Drivers\msgpiowin32.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\Drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\Drivers\klmouflt.sys (Kaspersky Lab)
DRV:64bit: - (KLIF) -- C:\Windows\SysNative\Drivers\klif.sys (Kaspersky Lab)
DRV:64bit: - (klkbdflt) -- C:\Windows\SysNative\Drivers\klkbdflt.sys (Kaspersky Lab)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\Drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (BthAvrcpTg) -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys (Microsoft Corporation)
DRV:64bit: - (bthhfhid) -- C:\Windows\SysNative\Drivers\BthhfHid.sys (Microsoft Corporation)
DRV:64bit: - (hidi2c) -- C:\Windows\SysNative\Drivers\hidi2c.sys (Microsoft Corporation)
DRV:64bit: - (USBHUB3) -- C:\Windows\SysNative\Drivers\USBHUB3.SYS (Microsoft Corporation)
DRV:64bit: - (pdc) -- C:\Windows\SysNative\Drivers\pdc.sys (Microsoft Corporation)
DRV:64bit: - (FxPPM) -- C:\Windows\SysNative\Drivers\fxppm.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (sdstor) -- C:\Windows\SysNative\Drivers\sdstor.sys (Microsoft Corporation)
DRV:64bit: - (dam) -- C:\Windows\SysNative\Drivers\dam.sys (Microsoft Corporation)
DRV:64bit: - (WSDScan) -- C:\Windows\SysNative\Drivers\WSDScan.sys (Microsoft Corporation)
DRV:64bit: - (IT9135BDA) -- C:\Windows\SysNative\Drivers\IT9135BDA.sys (ITE                      )
DRV:64bit: - (USBXHCI) -- C:\Windows\SysNative\Drivers\USBXHCI.SYS (Microsoft Corporation)
DRV:64bit: - (UCX01000) -- C:\Windows\SysNative\Drivers\UCX01000.SYS (Microsoft Corporation)
DRV:64bit: - (GPIOClx0101) -- C:\Windows\SysNative\Drivers\msgpioclx.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\Drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\Drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\Drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\Drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\Drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (iaStorA) -- C:\Windows\SysNative\Drivers\iaStorA.sys (Intel Corporation)
DRV:64bit: - (kneps) -- C:\Windows\SysNative\Drivers\kneps.sys (Kaspersky Lab)
DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\Drivers\klim6.sys (Kaspersky Lab ZAO)
DRV:64bit: - (RTL8168) -- C:\Windows\SysNative\Drivers\Rt630x64.sys (Realtek                                            )
DRV:64bit: - (klelam) -- C:\Windows\SysNative\Drivers\klelam.sys (Kaspersky Lab)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (condrv) -- C:\Windows\SysNative\Drivers\condrv.sys (Microsoft Corporation)
DRV:64bit: - (VSTXRAID) -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS (VIA Corporation)
DRV:64bit: - (VerifierExt) -- C:\Windows\SysNative\Drivers\VerifierExt.sys (Microsoft Corporation)
DRV:64bit: - (UASPStor) -- C:\Windows\SysNative\Drivers\uaspstor.sys (Microsoft Corporation)
DRV:64bit: - (acpiex) -- C:\Windows\SysNative\Drivers\acpiex.sys (Microsoft Corporation)
DRV:64bit: - (spaceport) -- C:\Windows\SysNative\Drivers\spaceport.sys (Microsoft Corporation)
DRV:64bit: - (storahci) -- C:\Windows\SysNative\Drivers\storahci.sys (Microsoft Corporation)
DRV:64bit: - (mvumis) -- C:\Windows\SysNative\Drivers\mvumis.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\Drivers\stexstor.sys (Promise Technology, Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\Drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (LSI_SSS) -- C:\Windows\SysNative\Drivers\lsi_sss.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\Drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (EhStorTcgDrv) -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys (Microsoft Corporation)
DRV:64bit: - (EhStorClass) -- C:\Windows\SysNative\Drivers\EhStorClass.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\Drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (3ware) -- C:\Windows\SysNative\Drivers\3ware.sys (LSI)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\Drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\Drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (CLFS) -- C:\Windows\SysNative\Drivers\clfs.sys (Microsoft Corporation)
DRV:64bit: - (WFPLWFS) -- C:\Windows\SysNative\Drivers\wfplwfs.sys (Microsoft Corporation)
DRV:64bit: - (vpci) -- C:\Windows\SysNative\Drivers\vpci.sys (Microsoft Corporation)
DRV:64bit: - (WdFilter) -- C:\Windows\SysNative\Drivers\WdFilter.sys (Microsoft Corporation)
DRV:64bit: - (WdBoot) -- C:\Windows\SysNative\Drivers\WdBoot.sys (Microsoft Corporation)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\Drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (usbser) -- C:\Windows\SysNative\Drivers\usbser.sys (Microsoft Corporation)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\Drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (mshidumdf) -- C:\Windows\SysNative\Drivers\mshidumdf.sys (Microsoft Corporation)
DRV:64bit: - (BasicDisplay) -- C:\Windows\SysNative\Drivers\BasicDisplay.sys (Microsoft Corporation)
DRV:64bit: - (HyperVideo) -- C:\Windows\SysNative\Drivers\HyperVideo.sys (Microsoft Corporation)
DRV:64bit: - (BasicRender) -- C:\Windows\SysNative\Drivers\BasicRender.sys (Microsoft Corporation)
DRV:64bit: - (gencounter) -- C:\Windows\SysNative\Drivers\vmgencounter.sys (Microsoft Corporation)
DRV:64bit: - (kdnic) -- C:\Windows\SysNative\Drivers\kdnic.sys (Microsoft Corporation)
DRV:64bit: - (acpitime) -- C:\Windows\SysNative\Drivers\acpitime.sys (Microsoft Corporation)
DRV:64bit: - (npsvctrig) -- C:\Windows\SysNative\Drivers\npsvctrig.sys (Microsoft Corporation)
DRV:64bit: - (WpdUpFltr) -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys (Microsoft Corporation)
DRV:64bit: - (acpipagr) -- C:\Windows\SysNative\Drivers\acpipagr.sys (Microsoft Corporation)
DRV:64bit: - (hyperkbd) -- C:\Windows\SysNative\Drivers\hyperkbd.sys (Microsoft Corporation)
DRV:64bit: - (SerCx) -- C:\Windows\SysNative\Drivers\SerCx.sys (Microsoft Corporation)
DRV:64bit: - (SpbCx) -- C:\Windows\SysNative\Drivers\SpbCx.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\Drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (BthHFEnum) -- C:\Windows\SysNative\Drivers\bthhfenum.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\Drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (wpcfltr) -- C:\Windows\SysNative\Drivers\wpcfltr.sys (Microsoft Corporation)
DRV:64bit: - (NdisImPlatform) -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys (Microsoft Corporation)
DRV:64bit: - (MsLldp) -- C:\Windows\SysNative\Drivers\mslldp.sys (Microsoft Corporation)
DRV:64bit: - (Ndu) -- C:\Windows\SysNative\Drivers\Ndu.sys (Microsoft Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\Drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AmUStor) -- C:\Windows\SysNative\Drivers\AmUStor.sys (Alcor Micro, Corp.)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\Drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (netr28x) -- C:\Windows\SysNative\Drivers\netr28x.sys (Ralink Technology, Corp.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\Drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (CLVirtualDrive) -- C:\Windows\SysNative\Drivers\CLVirtualDrive.sys (CyberLink)
DRV:64bit: - (kl1) -- C:\Windows\SysNative\Drivers\kl1.sys (Kaspersky Lab ZAO)
DRV:64bit: - (FintekCIR) -- C:\Windows\SysNative\Drivers\FintekCIR.sys (Fintek)
DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\Drivers\usbser_lowerfltjx64.sys (Nokia)
DRV:64bit: - (upperdev) -- C:\Windows\SysNative\Drivers\usbser_lowerfltx64.sys (Nokia)
DRV:64bit: - (nmwcdc) -- C:\Windows\SysNative\Drivers\ccdcmbox64.sys (Nokia)
DRV:64bit: - (nmwcd) -- C:\Windows\SysNative\Drivers\ccdcmbx64.sys (Nokia)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=0&systemid=413&apn_dtid=BND413&apn_ptnrs=AGA&o=APN10649&apn_uid=1495511273934085&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=0&systemid=413&apn_dtid=BND413&apn_ptnrs=AGA&o=APN10649&apn_uid=1495511273934085&q={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.searchnu.com/413
IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=0&systemid=413&apn_dtid=BND413&apn_ptnrs=AGA&o=APN10649&apn_uid=1495511273934085&q={searchTerms}
IE - HKCU\..\SearchScopes\{E66F85F5-4B00-443F-9385-A1ECFE585F29}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7BE6C1199F-E687-42da-8C24-E7770CC3AE66%7D:1.8.0
FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.10
FF - prefs.js..extensions.enabledAddons: flvmoviesdownloader%40rzll:1.43
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0
FF - prefs.js..browser.search.selectedEngine: "Search Results"
FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..keyword.URL: "hxxp://dts.search-results.com/sr?src=ffb&gct=ds&appid=0&systemid=413&apn_dtid=BND413&apn_ptnrs=AGA&apn_uid=1495511273934085&o=APN10649&q="
FF - prefs.js..browser.startup.homepage: "hxxp://www.searchnu.com/413"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Windows\system32\C2MP\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2012.12.30 19:21:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2012.12.30 19:21:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2012.12.30 19:21:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2012.12.30 19:21:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2012.12.30 19:21:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ [2013.01.29 20:20:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.14 17:55:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2013.03.01 21:57:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cara ***\AppData\Roaming\mozilla\Extensions
[2013.03.01 21:56:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cara ***\AppData\Roaming\mozilla\Firefox\Profiles\ks1e1b7l.default\extensions
[2013.03.01 16:06:03 | 000,014,838 | ---- | M] () (No name found) -- C:\Users\Cara ***\AppData\Roaming\mozilla\firefox\profiles\ks1e1b7l.default\extensions\flvmoviesdownloader@rzll.xpi
[2013.01.14 17:58:26 | 000,014,714 | ---- | M] () (No name found) -- C:\Users\Cara ***\AppData\Roaming\mozilla\firefox\profiles\ks1e1b7l.default\extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi
[2013.03.01 16:10:51 | 000,002,683 | ---- | M] () -- C:\Users\Cara ***\AppData\Roaming\mozilla\firefox\profiles\ks1e1b7l.default\searchplugins\Search_Results.xml
[2013.03.01 21:57:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.01.29 20:20:49 | 000,000,000 | ---D | M] ("DVDVideoSoft YouTube MP3 and Video Download") -- C:\PROGRAM FILES (X86)\COMMON FILES\DVDVIDEOSOFT\PLUGINS\FF
File not found (No name found) -- C:\PROGRAM FILES (X86)\SEARCHQU TOOLBAR\DATAMNGR\FIREFOXEXTENSION
[2013.01.05 04:44:54 | 000,262,704 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013.01.05 16:11:17 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.01.05 16:11:17 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.01.05 16:11:17 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013.01.05 16:11:17 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.03.01 16:10:51 | 000,002,683 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
[2013.01.05 16:11:17 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.01.05 16:11:17 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Search Results (Enabled)
CHR - default_search_provider: search_url = hxxp://dts.search-results.com/sr?src=crb&gct=ds&appid=0&systemid=413&apn_dtid=BND413&apn_ptnrs=AGA&o=APN10649&apn_uid=1495511273934085&q={searchTerms}
CHR - default_search_provider: suggest_url = 
CHR - homepage: hxxp://www.searchnu.com/413
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Cara ***\AppData\Local\Google\Chrome\User Data\PepperFlash\11.6.602.167\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.97\pdf.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Cara ***\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0\plugin/online_banking_npapi.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Cara ***\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\plugin/npUrlAdvisor.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Cara ***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0\plugin/npABPlugin.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Cara ***\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4190_0\plugin/npVKPlugin.dll
CHR - plugin: Free Studio (Enabled) = C:\Users\Cara ***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.2_0\np_dvs_plugin.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: Java(TM) Platform SE 7 U11 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll
CHR - plugin: Java Deployment Toolkit 7.0.110.21 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Windows\system32\C2MP\npdivx32.dll
CHR - Extension: Modul zur Link-Untersuchung = C:\Users\Cara ***\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\
CHR - Extension: Sicherer Zahlungsverkehr = C:\Users\Cara ***\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0\
CHR - Extension: Virtuelle Tastatur = C:\Users\Cara ***\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4190_0\
CHR - Extension: DVDVideoSoft Browser Extension = C:\Users\Cara ***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.2_0\
CHR - Extension: Anti-Banner = C:\Users\Cara ***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0\
 
O1 HOSTS File: ([2012.07.26 06:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ApplyEsf-eDocPrintPro] C:\Program Files (x86)\Common Files\MAYComputer\eDocPrintPro\ApplyEsf.exe (May Software)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\runner_avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [CLMLServer_For_P2G8] C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (CyberLink)
O4 - HKLM..\Run: [CLVirtualDrive] C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe (CyberLink Corp.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [TVBroadcast] C:\Program Files (x86)\Sceneo\AbsolutTV\SERVICES\ODSBC\ODSBCApp.exe (ODSoft multimedia)
O4 - HKLM..\Run: [YouCam Service] C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe (CyberLink Corp.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent File not found
O4 - HKCU..\Run: [GoogleChromeAutoLaunch_306AC820B1CCA873832B2C520C15C53B] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKCU..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [removeSearchqudatamngr] cmd.exe /c RD /S /Q "C:\Program Files (x86)\Searchqu Toolbar" File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ConfirmFileDelete = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm ()
O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm ()
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-154514-44482-15/4 File not found
O9:64bit: - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-154514-44482-15/4 File not found
O9:64bit: - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
O9:64bit: - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
O9 - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O9 - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O9 - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2AAC3010-30EC-4401-B95F-B1E7EEE33FF2}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2009.04.30 03:57:32 | 000,054,544 | R--- | M] (Electronic Arts) - F:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2008.10.22 00:48:37 | 000,000,045 | R--- | M] () - F:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{4552bed9-7f87-11e2-beba-eca86b233bcc}\Shell - "" = AutoRun
O33 - MountPoints2\{4552bed9-7f87-11e2-beba-eca86b233bcc}\Shell\AutoRun\command - "" = F:\Autorun.exe -- [2009.04.30 03:57:32 | 000,054,544 | R--- | M] (Electronic Arts)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs:64bit: wlidsvc - C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)
NetSvcs:64bit: DsmSvc - C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)
NetSvcs:64bit: NcaSvc - C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)
NetSvcs:64bit: SystemEventsBroker - C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation)
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.01 20:53:22 | 000,000,000 | ---D | C] -- C:\Users\Cara ***\AppData\Roaming\Malwarebytes
[2013.03.01 20:53:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.03.01 20:53:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.03.01 20:53:11 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.03.01 20:53:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.03.01 16:54:50 | 000,000,000 | ---D | C] -- C:\Users\Cara ***\AppData\Roaming\Media Player Classic
[2013.03.01 16:31:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013.03.01 16:30:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013.03.01 16:30:50 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2013.03.01 16:30:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2013.03.01 16:30:26 | 000,000,000 | ---D | C] -- C:\Users\Cara ***\AppData\Local\Programs
[2013.03.01 16:19:05 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013.03.01 16:11:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free FLV Converter
[2013.03.01 16:11:26 | 000,397,312 | ---- | C] (Koyote Soft) -- C:\Windows\SysWow64\TubeFinder.exe
[2013.03.01 16:11:25 | 000,000,000 | ---D | C] -- C:\Users\Cara ***\AppData\Roaming\FreeFLVConverter
[2013.03.01 16:10:53 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2013.03.01 16:10:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Searchqu Toolbar
[2013.03.01 16:09:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free FLV Converter
[2013.03.01 16:01:16 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\DAEMON Tools Images
[2013.03.01 15:56:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2013.03.01 15:56:02 | 000,283,200 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2013.03.01 15:55:58 | 000,000,000 | ---D | C] -- C:\Users\Cara ***\AppData\Roaming\DAEMON Tools Lite
[2013.03.01 15:55:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2013.03.01 15:52:30 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2013.03.01 14:51:28 | 000,000,000 | ---D | C] -- C:\Users\Cara ***\Documents\DVDVideoSoft
[2013.02.24 22:06:47 | 000,000,000 | ---D | C] -- C:\Users\Cara ***\AppData\Roaming\HandBrake
[2013.02.24 22:05:33 | 000,000,000 | ---D | C] -- C:\Users\Cara ***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Handbrake
[2013.02.24 22:05:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Handbrake
[2013.02.24 22:05:31 | 000,000,000 | ---D | C] -- C:\Program Files\Handbrake
[2013.02.23 20:20:31 | 000,000,000 | -HSD | C] -- C:\found.003
[2013.02.23 20:11:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MAYComputer
[2013.02.23 20:11:04 | 000,000,000 | ---D | C] -- C:\ProgramData\eDocPrintPro
[2013.02.23 20:09:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\gs
[2013.02.23 19:03:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013.02.23 15:36:34 | 000,000,000 | ---D | C] -- C:\Users\Cara ***\Documents\CyberLink
[2013.02.23 12:59:45 | 000,000,000 | -HSD | C] -- C:\found.002
[2013.02.20 18:10:09 | 000,000,000 | ---D | C] -- C:\Users\Cara ***\Documents\Youcam
[2013.02.20 18:00:04 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CyberLink
[2013.02.20 16:19:21 | 000,000,000 | ---D | C] -- C:\Users\Cara ***\Documents\Schule
[2013.02.19 17:55:19 | 000,000,000 | -HSD | C] -- C:\found.001
[2013.02.19 17:55:19 | 000,000,000 | -HSD | C] -- C:\found.000
[2013.02.16 21:10:48 | 000,000,000 | ---D | C] -- C:\Users\Cara ***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2013.02.10 21:24:37 | 000,000,000 | ---D | C] -- C:\Users\Cara ***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MP3Gain
[2013.02.10 21:24:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP3Gain
[2013.02.10 21:24:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MP3Gain
[2013.02.03 17:49:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
[2013.02.03 17:49:18 | 000,217,088 | ---- | C] (www.helixcommunity.org) -- C:\Windows\SysWow64\yv12vfw.dll
[2013.02.03 17:49:18 | 000,118,784 | ---- | C] (fccHandler) -- C:\Windows\SysWow64\ac3acm.acm
[2013.02.03 17:49:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\K-Lite Codec Pack
[2013.02.03 17:47:08 | 000,000,000 | ---D | C] -- C:\videodvdmaker
[2013.02.03 17:47:08 | 000,000,000 | ---D | C] -- C:\Users\Cara ***\AppData\Roaming\Video DVD Maker FREE
[2013.02.03 17:46:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video DVD Maker
[2013.02.03 17:46:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Video DVD Maker
[2013.02.02 10:20:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\epson
[2013.02.02 10:09:41 | 000,000,000 | ---D | C] -- C:\Users\Cara ***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Epson Software
[2013.02.02 10:09:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EPSON Software
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.01 21:10:04 | 000,001,140 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.03.01 21:09:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.01 20:53:12 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.03.01 20:45:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.01 17:33:59 | 001,748,838 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.03.01 17:33:59 | 000,752,930 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.03.01 17:33:59 | 000,711,084 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.03.01 17:33:59 | 000,156,156 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.03.01 17:33:59 | 000,132,952 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.03.01 17:27:25 | 000,001,136 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.03.01 17:26:58 | 3328,278,528 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.01 17:26:58 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013.03.01 17:24:58 | 000,000,154 | ---- | M] () -- C:\Windows\wininit.ini
[2013.03.01 17:24:40 | 000,000,187 | ---- | M] () -- C:\Quarantine.lst
[2013.03.01 16:30:55 | 000,002,181 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013.03.01 16:19:06 | 000,000,826 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.03.01 16:11:27 | 000,001,125 | ---- | M] () -- C:\Users\Cara ***\Desktop\Free FLV Converter.lnk
[2013.03.01 15:56:10 | 000,001,958 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2013.03.01 15:56:02 | 000,283,200 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2013.02.28 16:49:45 | 000,050,088 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klwfp.sys
[2013.02.25 21:02:57 | 000,000,997 | ---- | M] () -- C:\Users\Cara ***\Desktop\Handbrake.lnk
[2013.02.21 12:20:19 | 000,003,391 | ---- | M] () -- C:\Users\Cara ***\AppData\Local\recently-used.xbel
[2013.02.18 18:38:45 | 000,446,952 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.02.16 16:19:19 | 000,004,096 | -H-- | M] () -- C:\Users\Cara ***\Desktop\photothumb.db
[2013.02.16 16:19:14 | 000,003,072 | -H-- | M] () -- C:\Users\Cara ***\photothumb.db
[2013.02.03 17:47:34 | 000,003,584 | ---- | M] () -- C:\Users\Cara ***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.02.02 10:20:15 | 000,000,938 | ---- | M] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.03.01 21:57:56 | 000,000,187 | ---- | C] () -- C:\Quarantine.lst
[2013.03.01 20:53:12 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.03.01 16:30:55 | 000,002,193 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013.03.01 16:30:55 | 000,002,181 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013.03.01 16:19:06 | 000,000,826 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.03.01 16:12:33 | 000,001,183 | ---- | C] () -- C:\Users\Cara ***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free FLV Converter.lnk
[2013.03.01 16:11:27 | 000,001,125 | ---- | C] () -- C:\Users\Cara ***\Desktop\Free FLV Converter.lnk
[2013.03.01 16:11:25 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\PropertyGrid.ocx
[2013.03.01 16:11:25 | 000,208,500 | ---- | C] () -- C:\Windows\SysWow64\ReyXpBasics.tlb
[2013.03.01 16:11:25 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\ControlSubX.ocx
[2013.03.01 15:56:10 | 000,001,958 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2013.02.24 22:05:33 | 000,000,997 | ---- | C] () -- C:\Users\Cara ***\Desktop\Handbrake.lnk
[2013.02.21 12:20:19 | 000,003,391 | ---- | C] () -- C:\Users\Cara ***\AppData\Local\recently-used.xbel
[2013.02.17 19:46:47 | 000,446,952 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.02.16 21:19:59 | 000,386,577 | ---- | C] () -- C:\Windows\SysNative\ApnDatabase.xml
[2013.02.03 17:49:19 | 000,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2013.02.03 17:49:19 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2013.02.03 17:47:34 | 000,003,584 | ---- | C] () -- C:\Users\Cara ***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.02.02 10:20:15 | 000,000,938 | ---- | C] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2013.01.22 21:00:26 | 000,003,072 | -H-- | C] () -- C:\Users\Cara ***\photothumb.db
[2013.01.09 20:18:10 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2013.01.06 14:50:22 | 000,299,008 | ---- | C] () -- C:\Windows\SysWow64\midas.dll
[2013.01.06 14:50:22 | 000,120,320 | ---- | C] () -- C:\Windows\SysWow64\UnzDll.dll
[2013.01.05 00:39:57 | 000,374,792 | ---- | C] () -- C:\Users\Cara ***\Unbenannt.png
[2012.12.31 15:40:55 | 000,000,154 | ---- | C] () -- C:\Windows\wininit.ini
[2012.09.19 20:38:17 | 000,014,119 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2012.09.19 20:25:55 | 012,432,018 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.09.19 19:45:02 | 000,598,780 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin
[2012.09.19 19:45:01 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.09.19 19:45:00 | 000,755,048 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin
[2012.09.18 22:12:14 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.07.26 09:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2012.07.26 09:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2012.07.26 08:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2012.07.26 02:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2012.07.25 21:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2012.07.25 21:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012.06.02 15:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2012.04.20 21:59:44 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
 
========== ZeroAccess Check ==========
 
[2013.01.06 14:39:28 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.01.10 00:23:07 | 019,791,360 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.01.10 00:26:23 | 017,560,576 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.07.26 04:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012.07.26 04:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.07.26 04:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.03.01 17:35:03 | 000,000,000 | ---D | M] -- C:\Users\Cara ***\AppData\Roaming\DAEMON Tools Lite
[2013.01.06 14:30:13 | 000,000,000 | ---D | M] -- C:\Users\Cara ***\AppData\Roaming\DBC2F6FD-3140-41E0-A2A1-D6BAB77D5E21__F893F7CA-8278-41DF-A76F-CAF0437A90CD__
[2013.02.03 16:18:13 | 000,000,000 | ---D | M] -- C:\Users\Cara ***\AppData\Roaming\DVDVideoSoft
[2013.01.04 17:37:29 | 000,000,000 | ---D | M] -- C:\Users\Cara ***\AppData\Roaming\DVDVideoSoftIEHelpers
[2013.03.01 16:12:38 | 000,000,000 | ---D | M] -- C:\Users\Cara ***\AppData\Roaming\FreeFLVConverter
[2013.02.24 22:15:51 | 000,000,000 | ---D | M] -- C:\Users\Cara ***\AppData\Roaming\HandBrake
[2013.01.01 16:31:08 | 000,000,000 | ---D | M] -- C:\Users\Cara ***\AppData\Roaming\Origin
[2013.01.27 11:28:27 | 000,000,000 | ---D | M] -- C:\Users\Cara ***\AppData\Roaming\PhotoScape
[2013.01.02 15:05:13 | 000,000,000 | ---D | M] -- C:\Users\Cara ***\AppData\Roaming\Publish Providers
[2013.01.04 14:23:30 | 000,000,000 | ---D | M] -- C:\Users\Cara ***\AppData\Roaming\Sony
[2013.01.06 14:33:43 | 000,000,000 | ---D | M] -- C:\Users\Cara ***\AppData\Roaming\TV-Browser
[2013.02.03 17:47:08 | 000,000,000 | ---D | M] -- C:\Users\Cara ***\AppData\Roaming\Video DVD Maker FREE
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< ctivex >
[2012.07.26 08:22:10 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2012.12.30 19:00:52 | 000,001,136 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2012.12.30 19:00:53 | 000,001,140 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2013.01.02 08:56:08 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
 
< %SYSTEMDRIVE%\*. >
[2013.01.11 14:28:30 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2012.07.26 08:22:08 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2012.12.30 18:55:21 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2013.02.19 17:55:19 | 000,000,000 | -HSD | M] -- C:\found.000
[2013.02.19 17:55:19 | 000,000,000 | -HSD | M] -- C:\found.001
[2013.02.23 12:59:45 | 000,000,000 | -HSD | M] -- C:\found.002
[2013.02.23 20:20:31 | 000,000,000 | -HSD | M] -- C:\found.003
[2012.09.19 20:19:34 | 000,000,000 | ---D | M] -- C:\Intel
[2012.12.31 10:56:35 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2013.01.27 11:34:29 | 000,000,000 | ---D | M] -- C:\output
[2012.07.26 08:33:46 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2013.03.01 16:19:05 | 000,000,000 | R--D | M] -- C:\Program Files
[2013.03.01 20:53:11 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2013.03.01 21:56:49 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2012.12.30 18:55:21 | 000,000,000 | -HSD | M] -- C:\Programme
[2012.09.16 18:40:32 | 000,000,000 | ---D | M] -- C:\sources
[2013.03.01 17:55:14 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.12.30 18:57:45 | 000,000,000 | R--D | M] -- C:\Users
[2013.02.03 17:47:08 | 000,000,000 | ---D | M] -- C:\videodvdmaker
[2013.03.01 17:46:35 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2012.07.26 04:21:04 | 000,031,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2012.09.20 06:55:30 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2012.09.20 06:55:30 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2012.07.26 04:21:04 | 000,084,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2012.07.26 04:21:04 | 000,276,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
 
< MD5 for: AGP440.SYS  >
[2012.07.26 06:00:49 | 000,063,216 | ---- | M] (Microsoft Corporation) MD5=01590377A5AB19E792528C628A2A68F9 -- C:\Windows\SysNative\drivers\AGP440.sys
[2012.07.26 06:00:49 | 000,063,216 | ---- | M] (Microsoft Corporation) MD5=01590377A5AB19E792528C628A2A68F9 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_81a4c6c9cc9d86a0\AGP440.sys
[2012.07.26 06:00:49 | 000,063,216 | ---- | M] (Microsoft Corporation) MD5=01590377A5AB19E792528C628A2A68F9 -- C:\Windows\WinSxS\amd64_machine.inf_31bf3856ad364e35_6.2.9200.16384_none_12dc94a048750f71\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2012.07.26 06:00:48 | 000,025,840 | ---- | M] (Microsoft Corporation) MD5=A721FF570C2387E383BDDEA9632863C9 -- C:\Windows\SysNative\drivers\atapi.sys
[2012.07.26 06:00:48 | 000,025,840 | ---- | M] (Microsoft Corporation) MD5=A721FF570C2387E383BDDEA9632863C9 -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_69660e2be041f47b\atapi.sys
[2012.07.26 06:00:48 | 000,025,840 | ---- | M] (Microsoft Corporation) MD5=A721FF570C2387E383BDDEA9632863C9 -- C:\Windows\WinSxS\amd64_mshdc.inf_31bf3856ad364e35_6.2.9200.16384_none_3601cf7eab4e0493\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2010.03.13 07:47:22 | 000,006,440 | ---- | M] () MD5=ACD301711FC165ED77A8D364D407BAF9 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll
 
< MD5 for: EXPLORER.EXE  >
[2012.10.11 06:53:24 | 002,115,952 | ---- | M] (Microsoft Corporation) MD5=0AD19A3CA61271BA872AD90771BA47DC -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.20534_none_b592a71650d677ed\explorer.exe
[2012.10.11 09:09:58 | 002,380,944 | ---- | M] (Microsoft Corporation) MD5=0DDFEAA2AA18D4295EF220EB666B2312 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.20534_none_ab3dfcc41c75b5f2\explorer.exe
[2012.07.26 04:50:01 | 002,114,936 | ---- | M] (Microsoft Corporation) MD5=5B6ED1B57DBFF18D405A0260559B571E -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16384_none_b4d2f8c937e166b1\explorer.exe
[2012.07.26 05:49:13 | 002,380,440 | ---- | M] (Microsoft Corporation) MD5=928791755FDDEA721B053535EF84FA17 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16384_none_aa7e4e770380a4b6\explorer.exe
[2012.10.11 06:56:41 | 002,115,952 | ---- | M] (Microsoft Corporation) MD5=953ADECFF08202A01EFC6110214FDE02 -- C:\Windows\SysWOW64\explorer.exe
[2012.10.11 06:56:41 | 002,115,952 | ---- | M] (Microsoft Corporation) MD5=953ADECFF08202A01EFC6110214FDE02 -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16433_none_b5080a0137b9becc\explorer.exe
[2012.10.11 08:35:16 | 002,380,944 | ---- | M] (Microsoft Corporation) MD5=E13A31D5254C25406A7946BDD9B06364 -- C:\Windows\explorer.exe
[2012.10.11 08:35:16 | 002,380,944 | ---- | M] (Microsoft Corporation) MD5=E13A31D5254C25406A7946BDD9B06364 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16433_none_aab35faf0358fcd1\explorer.exe
[2012.11.13 14:07:52 | 003,906,584 | ---- | M] (Safer-Networking Ltd.) MD5=E4A0900CF535888DDD85B10040CA3E34 -- C:\Program Files (x86)\Spybot - Search & Destroy 2\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2012.07.26 06:00:52 | 000,411,888 | ---- | M] (Intel Corporation) MD5=5E394EBD26FD68AA9300332C46BEDD62 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2012.07.26 06:00:52 | 000,411,888 | ---- | M] (Intel Corporation) MD5=5E394EBD26FD68AA9300332C46BEDD62 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_819876bbe5c3b25f\iaStorV.sys
[2012.07.26 06:00:52 | 000,411,888 | ---- | M] (Intel Corporation) MD5=5E394EBD26FD68AA9300332C46BEDD62 -- C:\Windows\WinSxS\amd64_iastorv.inf_31bf3856ad364e35_6.2.9200.16384_none_07daf9dd118c3086\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2012.07.26 04:19:22 | 000,634,368 | ---- | M] (Microsoft Corporation) MD5=EEF9DA64D7B1DD51FB8AB9EFCC560E3E -- C:\Windows\SysWOW64\netlogon.dll
[2012.07.26 04:19:22 | 000,634,368 | ---- | M] (Microsoft Corporation) MD5=EEF9DA64D7B1DD51FB8AB9EFCC560E3E -- C:\Windows\WinSxS\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.2.9200.16384_none_60d608f9f61ee049\netlogon.dll
[2012.07.26 04:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) MD5=FDC70965F0FC9DFEBC919627DED5DDFF -- C:\Windows\SysNative\netlogon.dll
[2012.07.26 04:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) MD5=FDC70965F0FC9DFEBC919627DED5DDFF -- C:\Windows\WinSxS\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.2.9200.16384_none_56815ea7c1be1e4e\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2012.07.26 06:00:55 | 000,168,176 | ---- | M] (NVIDIA Corporation) MD5=27AFC428D1D32ABD04A86763A4EDDEA9 -- C:\Windows\SysNative\drivers\nvstor.sys
[2012.07.26 06:00:55 | 000,168,176 | ---- | M] (NVIDIA Corporation) MD5=27AFC428D1D32ABD04A86763A4EDDEA9 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_7ba65ba4b222e751\nvstor.sys
[2012.07.26 06:00:55 | 000,168,176 | ---- | M] (NVIDIA Corporation) MD5=27AFC428D1D32ABD04A86763A4EDDEA9 -- C:\Windows\WinSxS\amd64_nvraid.inf_31bf3856ad364e35_6.2.9200.16384_none_92a46a8c48c2da5e\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2012.07.26 04:07:07 | 000,224,768 | ---- | M] (Microsoft Corporation) MD5=4F6E1CA672370A9BCAC049CE3AB7F666 -- C:\Windows\SysNative\scecli.dll
[2012.07.26 04:07:07 | 000,224,768 | ---- | M] (Microsoft Corporation) MD5=4F6E1CA672370A9BCAC049CE3AB7F666 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.2.9200.16384_none_90d789c062dfa509\scecli.dll
[2012.07.26 04:19:52 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=B95DC83FF580DD92F487C2F4D0854B6A -- C:\Windows\SysWOW64\scecli.dll
[2012.07.26 04:19:52 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=B95DC83FF580DD92F487C2F4D0854B6A -- C:\Windows\WinSxS\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.2.9200.16384_none_9b2c341297406704\scecli.dll
 
< MD5 for: USER32.DLL  >
[2012.07.26 04:07:39 | 001,342,464 | ---- | M] (Microsoft Corporation) MD5=1D08594400EE1B500B93256795FE30AE -- C:\Windows\WinSxS\amd64_microsoft-windows-user32_31bf3856ad364e35_6.2.9200.16384_none_260213a5f720b529\user32.dll
[2012.09.20 05:09:35 | 001,126,912 | ---- | M] (Microsoft Corporation) MD5=7A4FD11444ABFA9C5D3E17123ABBD8A4 -- C:\Windows\WinSxS\wow64_microsoft-windows-user32_31bf3856ad364e35_6.2.9200.20521_none_311e3b534471206a\user32.dll
[2012.07.26 01:02:48 | 001,126,912 | ---- | M] (Microsoft Corporation) MD5=8A93F57772FD24959F76A65FF79D282D -- C:\Windows\WinSxS\wow64_microsoft-windows-user32_31bf3856ad364e35_6.2.9200.16384_none_3056bdf82b817724\user32.dll
[2012.09.20 07:33:05 | 001,342,464 | ---- | M] (Microsoft Corporation) MD5=A99AD14F26BDA7D7F27F76BC91B7EED7 -- C:\Windows\SysNative\user32.dll
[2012.09.20 07:33:05 | 001,342,464 | ---- | M] (Microsoft Corporation) MD5=A99AD14F26BDA7D7F27F76BC91B7EED7 -- C:\Windows\WinSxS\amd64_microsoft-windows-user32_31bf3856ad364e35_6.2.9200.16420_none_263ef3ebf6f3a54e\user32.dll
[2012.09.20 07:32:34 | 001,342,464 | ---- | M] (Microsoft Corporation) MD5=AC192A41414561DA0CABD0D36F54FB22 -- C:\Windows\WinSxS\amd64_microsoft-windows-user32_31bf3856ad364e35_6.2.9200.20521_none_26c9910110105e6f\user32.dll
[2012.09.20 05:10:09 | 001,126,912 | ---- | M] (Microsoft Corporation) MD5=BA1C3ACD929A71E88B49C2B6E38F92B3 -- C:\Windows\SysWOW64\user32.dll
[2012.09.20 05:10:09 | 001,126,912 | ---- | M] (Microsoft Corporation) MD5=BA1C3ACD929A71E88B49C2B6E38F92B3 -- C:\Windows\WinSxS\wow64_microsoft-windows-user32_31bf3856ad364e35_6.2.9200.16420_none_30939e3e2b546749\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2012.07.26 04:08:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E925F7BA032920D58DD284B6181A247 -- C:\Windows\SysNative\userinit.exe
[2012.07.26 04:08:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E925F7BA032920D58DD284B6181A247 -- C:\Windows\WinSxS\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.2.9200.16384_none_34f2617a5b742e02\userinit.exe
[2012.07.26 04:21:00 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=9F6289D194A04A09671FEED4B6CB6EF7 -- C:\Windows\SysWOW64\userinit.exe
[2012.07.26 04:21:00 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=9F6289D194A04A09671FEED4B6CB6EF7 -- C:\Windows\WinSxS\x86_microsoft-windows-userinit_31bf3856ad364e35_6.2.9200.16384_none_d8d3c5f6a316bccc\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.09.20 07:33:55 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=1F84B5F8DBDFFD36DF143C61CE25F12A -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.16420_none_c8c988c15e88a211\winlogon.exe
[2012.12.14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2012.09.20 07:33:17 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=6522E98C94A2A81AE11EB66D2AF5743A -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.20521_none_c95425d677a55b32\winlogon.exe
[2012.07.26 04:08:50 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=93AB226C07A9789B2EC7B41F73602F76 -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.16384_none_c88ca87b5eb5b1ec\winlogon.exe
[2012.10.11 06:46:58 | 000,517,120 | ---- | M] (Microsoft Corporation) MD5=BCF2036A0DD579E47C008C133550283E -- C:\Windows\SysNative\winlogon.exe
[2012.10.11 06:46:58 | 000,517,120 | ---- | M] (Microsoft Corporation) MD5=BCF2036A0DD579E47C008C133550283E -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.16433_none_c8c1b9b35e8e0a07\winlogon.exe
[2012.10.11 06:45:27 | 000,517,120 | ---- | M] (Microsoft Corporation) MD5=CBFD56B4EC07CB056A6ABD55DD33671F -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.20534_none_c94c56c877aac328\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2012.07.26 03:29:29 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=58D492F986EC519ECDD54D93618758F8 -- C:\Windows\WinSxS\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.2.9200.16384_none_a85048395191dc38\ws2ifsl.sys
[2012.09.20 07:09:50 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=BC8B5CB336E63BB25EAD1CE8EDD34B81 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2012.09.20 07:09:50 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=BC8B5CB336E63BB25EAD1CE8EDD34B81 -- C:\Windows\WinSxS\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.2.9200.16420_none_a88d287f5164cc5d\ws2ifsl.sys
[2012.09.20 07:08:25 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=FC56FEC8FB233ABC32D110D031CBC8B0 -- C:\Windows\WinSxS\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.2.9200.20521_none_a917c5946a81857e\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2013.01.03 21:10:37 | 000,014,609 | ---- | M] () -- C:\Users\Cara ***\Ich wurde gezüchtet.docx
[2013.02.28 21:49:46 | 002,097,152 | -HS- | M] () -- C:\Users\Cara ***\NTUSER.DAT
[2012.12.30 18:57:45 | 001,101,824 | -HS- | M] () -- C:\Users\Cara ***\ntuser.dat.LOG1
[2012.12.30 18:57:45 | 000,000,000 | -HS- | M] () -- C:\Users\Cara ***\ntuser.dat.LOG2
[2012.12.30 23:20:55 | 000,065,536 | -HS- | M] () -- C:\Users\Cara ***\NTUSER.DAT{ef2bc4c2-d686-11e1-aed0-782bcb39b999}.TM.blf
[2012.12.30 23:20:55 | 000,524,288 | -HS- | M] () -- C:\Users\Cara ***\NTUSER.DAT{ef2bc4c2-d686-11e1-aed0-782bcb39b999}.TMContainer00000000000000000001.regtrans-ms
[2012.12.30 23:20:55 | 000,524,288 | -HS- | M] () -- C:\Users\Cara ***\NTUSER.DAT{ef2bc4c2-d686-11e1-aed0-782bcb39b999}.TMContainer00000000000000000002.regtrans-ms
[2012.12.30 18:57:45 | 000,000,020 | -HS- | M] () -- C:\Users\Cara ***\ntuser.ini
[2013.02.16 16:19:14 | 000,003,072 | -H-- | M] () -- C:\Users\Cara ***\photothumb.db
[2013.03.01 21:34:37 | 000,087,040 | -HS- | M] () -- C:\Users\Cara ***\Thumbs.db
[2013.01.05 14:11:00 | 000,374,792 | ---- | M] () -- C:\Users\Cara ***\Unbenannt.png
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
<           >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 971 bytes -> C:\ProgramData:$SS_DESCRIPTOR_LBP6VPVFLVGVVFB84LTSUTB92PFNPC7BPV4XFJDMNGTFB5V5NBJ5TBBJMT9Y0N96GMP3V0GRUEF39X8XHH0TCFUL44FTBX4MLSWPBXRTF6VEKLFEJK35PNX0WHNGT9LSVEVF1VTVVTVXVVD

< End of report >
         
--- --- ---
__________________

Alt 01.03.2013, 22:25   #4
charliee
 
http://www.searchnu.com/413 Trojaner - Standard

http://www.searchnu.com/413 Trojaner



OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 01.03.2013 22:07:25 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Cara ***\Downloads
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16484)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,87 Gb Total Physical Memory | 2,20 Gb Available Physical Memory | 56,83% Memory free
7,75 Gb Paging File | 5,81 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 869,80 Gb Total Space | 743,03 Gb Free Space | 85,43% Space Free | Partition Type: NTFS
Drive D: | 60,00 Gb Total Space | 43,45 Gb Free Space | 72,42% Space Free | Partition Type: NTFS
Drive F: | 5,56 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: CARAS-PC | User Name: Cara *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04B68E4C-A5A4-44CF-BCAC-56EC347915F4}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{08CCA7B2-DDFE-4162-B7CC-A47902E4A755}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{22253DD2-6AE1-4F70-9F69-AAE9A2E91770}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{29539F34-D694-4CB4-A2F9-4F5CE478D6CE}" = rport=445 | protocol=6 | dir=out | app=system | 
"{2AAB4B23-C9D5-45BC-B604-89BE6D2EEB25}" = lport=138 | protocol=17 | dir=in | app=system | 
"{3E02AD80-4120-4549-A06E-4C4F90C5F328}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{433DDB45-22BF-41AE-9CEA-430BFA91801F}" = rport=138 | protocol=17 | dir=out | app=system | 
"{43C65A05-3749-4D95-871F-83E56DAD4F01}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{5051AF33-6E8D-4F96-A3B0-7C60C73FBB4A}" = lport=139 | protocol=6 | dir=in | app=system | 
"{7156EC06-8F3D-4B6C-B061-728F604055B3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{77CB7A88-9433-409C-A515-7DF069EB4A04}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{87852060-0C45-447B-BF98-FEE670DAFCEC}" = lport=445 | protocol=6 | dir=in | app=system | 
"{884E804A-DA3D-4472-A527-D7C52CABECD0}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{9659E4BB-584B-4890-8D17-9BC3C876AF9F}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{A572E85A-8514-4AA7-8A5B-903647D2115D}" = lport=137 | protocol=17 | dir=in | app=system | 
"{AD11B4DD-5517-42F8-89E4-53B8CBFD654E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{AEF6312B-00C4-4764-A61D-36C0665C6E07}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{B57A2703-1254-4E94-AFD3-4E7369347B14}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{BD384C81-8CA3-4487-8D98-F616C8CA7BEE}" = rport=137 | protocol=17 | dir=out | app=system | 
"{C2ACBD46-9764-4B4F-9950-9D5FC1433EBA}" = rport=139 | protocol=6 | dir=out | app=system | 
"{CA85FFCB-C72D-4085-9D2F-A51EAE9F22FF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D46018CA-2265-4036-8EC3-EE1EEC077902}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{EDD16FF1-68F5-4865-97F0-BEF48E27CE2B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{F7B55738-5557-42F5-A9AC-AE58552793E9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00655923-5BB7-4785-A85B-BBDEAEDD3972}" = dir=out | name=youcam for medion | 
"{02F4B44E-A5B9-407D-8483-E5AB5629736F}" = dir=out | name=ebay | 
"{08CCB34F-4B1A-4D26-BAC6-2BD8E009FFC6}" = dir=out | name=meinestadt.de | 
"{0F9157C9-91CC-4B34-92DD-CE4D8F8CE79C}" = dir=out | name=@{microsoft.zunevideo_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} | 
"{13AD6058-62CA-4C9D-9DF1-F022671A796E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{18A8E11A-1663-4A94-8514-A705CF7CD211}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"{18F30C86-A20E-4F03-827A-7CC9C48D84BA}" = dir=out | name=microsoft minesweeper | 
"{1A1B52C9-F888-4445-8374-33D8C7DCFD4A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{1E6E1177-4F17-4039-8488-6B0845A556FE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{206712B1-385A-44D6-BC33-1E5A2F486E01}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{21908C60-D0C1-4B1C-A1F5-B37CC796F470}" = dir=out | name=windows_ie_ac_001 | 
"{223A8DF4-59FA-4606-B75F-62ACD1DA6456}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{23131043-431D-49E0-988E-D2799B9799D6}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\pdvd10serv.exe | 
"{244F30BD-C2D8-4DF3-91EB-ACFAF505F643}" = dir=out | name=fresh paint | 
"{26F18540-1EFA-4B64-8A13-7B63DC43FEA6}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"{42739A05-414D-46AD-A8D9-BC57BF8BD6A0}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{464EBF79-D8E3-4EC5-8938-8C5B54A9BB21}" = dir=in | name=@{microsoft.reader_6.2.9200.20523_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{4845EAE7-53EE-4020-A15C-144E197403F1}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | 
"{49239942-B970-464A-8D0D-7FC421669186}" = dir=out | name=@{microsoft.zunemusic_1.1.144.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} | 
"{4FF9DC6D-90B4-44D3-AAA7-54AFFAACF6F3}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{50A79994-D4E8-49FC-A770-4A648BB8A342}" = dir=out | name=accuweather for windows 8 | 
"{54746EC3-C44B-4621-83BA-BB2DF0102BE0}" = protocol=6 | dir=out | app=system | 
"{57DC203B-657F-4C49-B5E4-4AB9337CA046}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd cinema\powerdvdcinema10.exe | 
"{59688FD3-B8E2-447A-8240-7BC19B739AE3}" = dir=out | name=pinball fx2 | 
"{5DD85958-5A3A-4921-8829-7C84B4E85191}" = dir=out | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
"{6066D880-FDD8-4695-A512-4BFF78F46FFB}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{609A9BE2-2A08-4CDF-A8CE-90F53943D354}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe | 
"{64D81E86-A92E-469A-814F-506768C95F67}" = dir=out | name=@{microsoft.reader_6.2.9200.20523_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{6685F5CD-AB3C-4849-9F13-0A95F45C52BC}" = dir=out | name=@{microsoft.bingfinance_1.7.0.38_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} | 
"{78B79C5A-BA9E-45B0-BCCA-B0836DEDF8FC}" = dir=out | name=@{microsoft.bingmaps_1.5.1.240_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | 
"{7B6FA823-208E-4DD6-96AD-44E0A40BB180}" = dir=out | name=taptiles | 
"{7B7FD5F5-9171-4D9E-874D-93BC9775D6D8}" = dir=out | name=powerdvd for medion | 
"{7E3B01EA-80A5-40B7-BAB6-A3092BCB287B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{86F290B2-9BEE-4FC3-96EC-4C47D9318D75}" = dir=out | name=@{microsoft.bingsports_1.8.0.51_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} | 
"{87BCDC32-57CC-4FD8-BA70-691F76EF33F2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{885A02E7-BBA8-40B5-A691-37CBE1C85695}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{8CC4C253-7D8A-4F06-9B97-5952F83A31EC}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe | 
"{8E7E0221-2FCF-4549-8B2A-8786E9D2DA4B}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{939D7A78-9F62-47F6-AFA0-24176FB6A52F}" = dir=out | name=microsoft solitaire collection | 
"{960AF0F5-1F4C-4736-8A3B-74064D23827B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{991E972C-AAF9-4AAE-AB90-18BB5D28F355}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{9C702839-9A66-4B66-850D-16B28F324385}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | 
"{9DDEA699-D324-4368-A7BF-39B4E4C5A7C4}" = dir=in | name=meinestadt.de | 
"{A687B228-C1D1-4730-A75F-DED8F2EFDA85}" = dir=out | name=wordament | 
"{A7551765-2F72-49A7-8949-405E08F7D92A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{A7BAF8BF-3127-468F-BF65-11623902459C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{A82F5FAF-B504-47A1-B3BF-1D6D27A811E3}" = dir=in | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
"{ABE6E34C-914D-4A57-B1E2-F031A8F7F96C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{B70D0818-68E4-4D34-B22C-9A3989447BAC}" = dir=in | name=pinball fx2 | 
"{B7936BC3-681B-4E7E-B012-5047A24949F9}" = dir=out | name=adera | 
"{B794CF27-B5FD-4683-807E-6C987686FC52}" = dir=in | name=music maker jam | 
"{B8B27B44-B160-409C-A352-53BAB4F0A351}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} | 
"{BB2F6AFD-A9B1-4150-A3B5-EF9CB9CFE6AD}" = dir=out | name=@{microsoft.bingweather_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | 
"{BE0C00C7-49C6-4E00-8C96-DA829012B3D5}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{BFF873B4-0DB9-4642-9095-C03D3B162536}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C26D4732-6D30-4129-9944-25259DCADAE2}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\device\mediaserver\clmsserver.exe | 
"{C3D6FA28-042C-4506-84B8-303967556702}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C4FB41D9-BF1B-45A9-B52C-15708DB80D8A}" = dir=out | name=music maker jam | 
"{CACF030E-2393-4F7D-A537-651AAB75FA29}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{CCF89E1C-EB01-4622-91E3-FF4939F6159B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D00D53B4-E3A5-4A0D-AF40-E4AD759CBA1D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{D3A67A2D-4AD0-4CD1-B6D8-D5408B4045EC}" = dir=out | name=@{microsoft.bingtravel_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} | 
"{DB119970-3913-485C-8C68-8F21CAAEB6DA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{E8E111ED-7E25-4D5F-9851-B260C723E28E}" = dir=out | name=@{microsoft.bingnews_1.7.0.31_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} | 
"{EAE813AB-0CDE-45CB-84FB-AFA11C0FF5F0}" = dir=in | name=ebay | 
"{EC7806DA-EE22-4F01-91BE-355F65C16427}" = dir=out | name=@{microsoft.bing_1.5.1.259_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | 
"{ED7E0B58-6BB3-4B6C-A2A6-8C5E7FCFDB98}" = dir=out | name=@{microsoft.xboxlivegames_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | 
"{ED97B709-EB5C-47F5-91AD-747605F67DA0}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe | 
"{F9EC4D89-E789-4544-A073-E70004684786}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{FC75407D-4666-4303-B3CE-FB7441C6A087}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{FD9A749C-52A0-4764-8E9F-5E8853C86B83}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr9.exe | 
"{FEB4EEA7-DAB5-44C9-97CF-B21B337FD877}" = dir=out | name=microsoft mahjong | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0922-000001000000}" = 7-Zip 9.22 (x64 edition)
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = CyberLink PowerRecover
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8858A840-1D35-11E2-A8C7-F04DA23A5C58}" = Vegas Pro 12.0 (64-bit)
"{8AAA8780-1D35-11E2-A3A6-F04DA23A5C58}" = MSVCRT Redists
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}" = Intel® Trusted Connect Service Client
"CCleaner" = CCleaner
"EPSON XP-205 207 Series" = Druckerdeinstallation für EPSON XP-205 207 Series
"GIMP-2_is1" = GIMP 2.8.2
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam 5
"{034BEE25-A986-455F-BA79-48CF3A47B221}" = Windows Live UX Platform Language Pack
"{03CC9D58-B132-4CC0-A521-4F3660AA43C7}" = Movie Maker
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{058EDEC8-1873-4B49-9A08-54ADE9CC129B}" = Movie Maker
"{061FF8F3-5226-4278-8AAB-282C1B024F58}" = Photo Common
"{0BFF2188-2D8E-4BE2-95D0-B3CCD4C6A0C9}" = Photo Common
"{0DF95460-2887-4011-9344-1959CDF18ADC}" = Photo Common
"{0E1BB4B4-00FF-45B1-914B-AB8D8B9862B3}" = Windows Live UX Platform Language Pack
"{13F3CEA5-9E2C-4C4E-9F0F-D0DB389CF4A9}" = Movie Maker
"{18272881-CFC0-434D-A975-E5BE44206AA0}" = Windows Live UX Platform Language Pack
"{1A3E23D7-7A1E-43EC-B35D-EB2A31BED943}" = Video DVD Maker v3.32.0.80
"{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}" = Bing Bar
"{1F0C818D-4A41-4E40-BAFB-BB940C82A518}" = Fotogalerija
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema 10
"{1FEE19BC-6F0C-42E4-82FF-FB597F6141DF}" = Windows Live Essentials
"{26A24AE4-039D-4CA4-87B4-2F83217015FF}" = Java 7 Update 15
"{2A078A2B-E2C8-43A3-862C-DC57090AB7C2}" = Movie Maker
"{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8
"{2AC4C6D7-512D-4B78-A85B-2C16E748AB8E}" = Movie Maker
"{306C7AEF-16C7-428D-93AA-99D4A4090243}" = Movie Maker
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{36BEC461-B58A-414D-993E-E2BDD1F1A14B}" = Movie Maker
"{39337565-330E-4ab6-A9AE-AC81E0720B10}" = CyberLink PhotoDirector 3
"{3C63F944-803E-49A7-B3A2-B8AB3313E883}" = Windows Live UX Platform Language Pack
"{3CBD94C1-BA15-488C-888B-D8DD296CC6DC}" = Fotogalerie
"{3D4F3F4C-E364-4E46-BFB1-A00BF9777422}" = Windows Live UX Platform Language Pack
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{446CC8CE-0E90-44F7-ADD0-774B243EF090}" = Galerie de photos
"{49110532-D289-4BFF-807C-45B782E66A7C}" = Photo Common
"{49F068F2-4323-417B-AFC8-1E43F479D46C}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AA2A466-8031-403A-8236-5301B4E391FB}" = Windows Live UX Platform Language Pack
"{4AF53C99-315D-4536-873F-029D2D274AE2}" = Photo Common
"{4C73B683-B15D-4B94-AC7A-520B70C4FFE9}" = Sceneo AbsolutTV
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{5078CEC3-A56F-4080-8CD4-ED7BCBE5686B}" = Photo Common
"{537B16E0-A39F-47CB-9C1E-50978862B108}" = Windows Live UX Platform Language Pack
"{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"{5A30E103-9FA6-4A23-A107-E1F5F174BB62}" = Windows Live Temel Parçalar
"{5BABDA39-61CF-41EE-992D-4054B6649A9B}" = Movie Maker
"{62BBCDDC-4979-4E59-9D97-5B8E874C3191}" = Movie Maker
"{62FF5AAC-013B-42EB-9A06-81914AB132D5}" = Photo Common
"{63824BC0-B747-43F3-9863-1066D64AD919}" = Photo Gallery
"{63B1E33F-F243-4656-A600-125D6963B43A}" = Movie Maker
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{6B8F13E2-F02B-445C-9A31-3C0E5D547CBA}" = Photo Common
"{6CEA775F-E70A-4D72-A3B4-1EB3A5AD4B5C}" = Windows Live Essentials
"{701FE1BC-834A-4857-AF62-6EBA50CFBC78}" = Movie Maker
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{715F9B21-2817-402A-9BF0-BDA764D21F09}" = Windows Live Essentials
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{743FD554-A73F-4FE8-BE7B-C283D16297F9}" = Photo Common
"{751EB657-3F22-4150-8CE4-D79A262F1D92}" = Movie Maker
"{7595CAD2-87D0-4D01-AC02-3FDD3A891BB8}" = Galeria fotografii
"{797DC296-ADC5-4A08-8CBC-AEB0D6F4B249}" = Windows Live Essentials
"{7A21C722-F259-4976-B7AA-6658E5FDEDAF}" = Google Drive
"{7B732519-F534-4CD1-B0D3-FB2C70781444}" = Fintek_CIR
"{7E63F102-A9E9-4F4C-8004-BC62974736BF}" = Movie Maker
"{7E9A63B3-8572-4A4B-9F87-3C2A873BBC55}" = Windows Live UX Platform Language Pack
"{8063EB67-E777-4A56-9C1E-FAD75C2F5EC2}" = Photo Common
"{857BC375-BCFB-474E-9BD9-7EBB18EC55E0}" = Windows Live Essentials
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{88809C3E-8C92-4454-AEB7-B26166E3D6CD}" = Windows Live UX Platform Language Pack
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8D813AFF-D91D-4EE0-821F-B901FC2E89FA}" = Windows Live
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8E6E8CBB-8E58-493C-943F-4664F5F2FEDB}" = Movie Maker
"{8F7FECEC-088F-431D-A5FB-2B59E1E69943}" = Galería de fotos
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT2860 Wireless LAN Card
"{90140000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (German) 14
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90993BD9-C7D9-4C2F-B56C-2F7AFEBD4CD0}" = Windows Live UX Platform Language Pack
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{94ED52E0-24A0-4AD8-9BFD-0560CA680A80}" = ArcSoft TV 5.0
"{989889A7-D13D-4DA4-B059-B250784DFABC}" = Photo Common
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B4D3AFE-8679-4704-AA4C-BAB0E41870EF}" = Windows Live Essentials
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C60D080-84E7-43A5-8ECA-28253D253BD7}" = Windows Live Essentials
"{9F470E17-4FC3-4091-A508-D5347A16A2B9}" = Fotogalleriet
"{A035950F-15BA-41C0-9D8F-165FC0536012}" = Movie Maker
"{A17946CA-18E5-4CF0-8D55-A56D804718F8}" = Movie Maker
"{A19A8C25-272A-4CD6-8BA8-3772321A021B}" = Συλλογή φωτογραφιών
"{A1FBD2B3-6768-472D-BA46-C00EACBCE16C}" = Fotogalerie
"{A37F2060-813A-4325-9456-272B10EE75EF}" = Windows Live Essentials
"{A3D995FA-C9A0-4E7D-B430-3F7A6731B4D5}" = Windows Live UX Platform Language Pack
"{A407FC22-36BF-4C82-A516-59D94BC505A9}" = System Requirements Lab Detection
"{A47EA9D4-BB87-415E-9239-28860434E5A0}" = Movie Maker
"{A7E73DE5-E5FD-4923-9D88-E09ECD1F3545}" = Podstawowe programy Windows Live
"{A802F1E3-34C8-4C84-9948-C1C4E37D0FA9}" = QuickLaunch
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA82E5EF-70C2-41CB-8432-309078304CBB}" = Photo Common
"{ACE848B7-145C-4230-9B95-BA9C98A51AA6}" = Fotogalerii
"{ADE1F206-1365-4B14-9A24-4B1A7DD58BAC}" = Windows Live UX Platform Language Pack
"{AE8044B5-FCA3-4EBE-AC78-0FB3A6E8DC76}" = Movie Maker
"{B096A0E4-26A1-4E9F-8548-577964B9434B}" = Windows Live Essentials
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B693A4C3-B708-4F25-978E-56CA2517914C}" = Windows Live UX Platform Language Pack
"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack
"{B7F31B9C-8775-4500-8E9D-6ABE9AE17CF4}" = Windows Live Essentials
"{C034A6F9-6569-491B-B3BF-F5D15221A708}" = Windows Live Essentials
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint 2.5
"{C7929038-EDFB-416D-A2C9-CC65416DA0DF}" = Photo Common
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{CE542E0D-E056-4426-9F98-084C13E18641}" = Windows Live UX Platform Language Pack
"{D0353B68-A142-4F89-A46E-1C9A7745D636}" = Download Navigator
"{D04EBB49-C985-4A38-8695-62000861293A}" = Raccolta foto
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{D888F114-7537-4D48-AF03-5DA9C82D7540}" = Photo Common
"{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}" = Epson Connect Printer Setup
"{DB7B6508-2AAB-4F26-99D4-74559A2F5E42}" = Fotoğraf Galerisi
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0E0FB88-D570-463E-A98E-733B7B656867}" = Photo Gallery
"{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common
"{E18F981B-401C-4D90-BC57-D8903564D558}" = Windows Live UX Platform Language Pack
"{E2A88871-27CB-4643-AF5B-123F897D5C67}" = Alcor Micro USB Card Reader Driver 
"{E354D495-5DA4-4CCF-AB39-080F6A4141BE}" = Fotogalleri
"{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso 6.5
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy 1.5
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E50E3DBC-46AA-4827-B2A6-F995D81DF526}" = Fotótár
"{E630D30A-79EE-407A-8F51-9D57D1F45230}" = gs_x86
"{EB91007A-0110-42A6-B869-2709955A9B2A}" = Photo Common
"{EC33D375-5164-4374-9061-43F5C6073219}" = Photo Common
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{EFFED0C0-5299-422E-AFE6-8B8066D18A2A}" = Mediathek
"{F09DD76B-D3D3-4558-B5BC-F1EEA6E00162}" = Windows Live UX Platform Language Pack
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1CA7DAE-F998-499C-8CA5-FC58CA2416EC}" = Windows Live Essentials
"{F21F0424-B2FF-40BF-A984-9E0D7FB4C97E}" = Windows Live UX Platform Language Pack
"{F5212949-60B3-43FC-A178-4A7B0BEDAD69}" = eDocPrintPro v3.17.0
"{F54030F3-14B6-432D-9361-78DCB1473920}" = Photo Common
"{F5E338CE-E1C6-4F7D-8300-44DBD05B9F14}" = Galeria de Fotografias
"{F67CA22C-C11F-4573-8406-57F75BA06B51}" = Photo Gallery
"{FC6C7107-7D72-41A1-A031-3CE751159BAB}" = Photo Gallery
"{FC78A8EE-2C7F-44A7-A2D8-9676577F9CE2}" = Windows Live Essentials
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) SDK for OpenCL - CPU Only Runtime Package
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Ashampoo AppLauncher (Medion)_is1" = Ashampoo AppLauncher (Medion) v.1.0.0
"DAEMON Tools Lite" = DAEMON Tools Lite
"D-i-v-X - AVI Codec Pack Pro" = D-i-v-X AVI Codec Pack Pro 2.4.0
"DVBViewer Pro Demo_is1" = DVBViewer Pro DEMO
"EPSON Scanner" = EPSON Scan
"Free Audio CD Burner_is1" = Free Audio CD Burner version 2.0.22.1212
"Free FLV Converter_is1" = Free FLV Converter V 7.5.0
"Free MP4 Video Converter_is1" = Free MP4 Video Converter version 5.0.22.128
"Free Studio_is1" = Free Studio version 2013
"Free YouTube Download_is1" = Free YouTube Download version 3.1.42.1212
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.37.1212
"Google Chrome" = Google Chrome
"HandBrake" = HandBrake 0.9.8
"InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}" = CyberLink PhotoDirector 3
"InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = CyberLink PowerRecover
"InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}" = Medion Home Cinema 10
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"InstallShield_{E2A88871-27CB-4643-AF5B-123F897D5C67}" = Alcor Micro USB Card Reader Driver 
"InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"IT9130 DriverInstaller_12.2.3.1" = IT9130 Driver v12.2.3.1
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.2.0 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mozilla Firefox 18.0 (x86 de)" = Mozilla Firefox 18.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Origin" = Origin
"PhotoScape" = PhotoScape
"Picasa 3" = Picasa 3
"tvbrowser" = TV-Browser 3.2.1
"VLC media player" = VLC media player 2.0.5
"WinLiveSuite" = Windows Live Essentials
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 02.02.2013 04:59:54 | Computer Name = Caras-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.2.9200.16433,
 Zeitstempel: 0x50763312  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16420,
 Zeitstempel: 0x505ab405  Ausnahmecode: 0xc0000374  Fehleroffset: 0x00000000000ea485
ID
 des fehlerhaften Prozesses: 0x2148  Startzeit der fehlerhaften Anwendung: 0x01ce012390d26cda
Pfad
 der fehlerhaften Anwendung: C:\Windows\Explorer.EXE  Pfad des fehlerhaften Moduls:
 C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: e8a3b48f-6d16-11e2-beaa-eca86b233bcc
Vollständiger
 Name des fehlerhaften Pakets:   Anwendungs-ID, die relativ zum fehlerhaften Paket
 ist: 
 
Error - 02.02.2013 05:09:34 | Computer Name = Caras-PC | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Cara
 ***\AppData\Local\Temp\SoftwareUpdate_Temp\EPSONDC4A38 (XP-205 207 Series)\Download
 Navigator\Download_Navigator_Installer\Setup.exe". Fehler in Manifest- oder Richtliniendatei
 "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
 mit einer anderen, bereits aktiven Komponentenversion.  In Konflikt stehende Komponenten:.
Komponente
 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_893961408605e985.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifest.
 
Error - 02.02.2013 05:09:36 | Computer Name = Caras-PC | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Cara
 ***\AppData\Local\Temp\SoftwareUpdate_Temp\EPSONDC4A38 (XP-205 207 Series)\Download
 Navigator\Download_Navigator_Installer\Setup.exe". Fehler in Manifest- oder Richtliniendatei
 "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
 mit einer anderen, bereits aktiven Komponentenversion.  In Konflikt stehende Komponenten:.
Komponente
 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_893961408605e985.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifest.
 
Error - 02.02.2013 05:09:36 | Computer Name = Caras-PC | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Cara
 ***\AppData\Local\Temp\SoftwareUpdate_Temp\EPSONDC4A38 (XP-205 207 Series)\Download
 Navigator\Download_Navigator_Installer\Setup.exe". Fehler in Manifest- oder Richtliniendatei
 "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
 mit einer anderen, bereits aktiven Komponentenversion.  In Konflikt stehende Komponenten:.
Komponente
 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_893961408605e985.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifest.
 
Error - 03.02.2013 03:45:49 | Computer Name = Caras-PC | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Cara
 ***\AppData\Local\Temp\SoftwareUpdate_Temp\EPSONDC4A38 (XP-205 207 Series)\Download
 Navigator\Download_Navigator_Installer\Setup.exe". Fehler in Manifest- oder Richtliniendatei
 "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
 mit einer anderen, bereits aktiven Komponentenversion.  In Konflikt stehende Komponenten:.
Komponente
 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_893961408605e985.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifest.
 
Error - 03.02.2013 13:42:08 | Computer Name = Caras-PC | Source = Application Hang | ID = 1002
Description = Programm dvd.exe, Version 3.32.0.80 kann nicht mehr unter Windows 
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 28c    Startzeit: 
01ce022e18055016    Endzeit: 31    Anwendungspfad: C:\Program Files (x86)\Video DVD Maker\dvd.exe

Berichts-ID:
 04860f8d-6e29-11e2-bead-eca86b233bcc    Vollständiger Name des fehlerhaften Pakets:
     Anwendungs-ID, die relativ zum fehlerhaften Paket ist:   
 
Error - 08.02.2013 16:36:56 | Computer Name = Caras-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.2.9200.16433,
 Zeitstempel: 0x50763312  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16420,
 Zeitstempel: 0x505ab405  Ausnahmecode: 0xc0000374  Fehleroffset: 0x00000000000ea485
ID
 des fehlerhaften Prozesses: 0x34c  Startzeit der fehlerhaften Anwendung: 0x01ce0549928c1b98
Pfad
 der fehlerhaften Anwendung: C:\Windows\Explorer.EXE  Pfad des fehlerhaften Moduls:
 C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: 4722f988-722f-11e2-beaf-eca86b233bcc
Vollständiger
 Name des fehlerhaften Pakets:   Anwendungs-ID, die relativ zum fehlerhaften Paket
 ist: 
 
Error - 10.02.2013 06:47:21 | Computer Name = Caras-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 16.02.2013 03:12:44 | Computer Name = Caras-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: CLMSServer.exe, Version: 2.0.0.8731,
 Zeitstempel: 0x4d9440c5  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000020  ID des fehlerhaften
 Prozesses: 0x6a0  Startzeit der fehlerhaften Anwendung: 0x01ce04a5f242e3ec  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe
Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: 41e2b6a3-7808-11e2-beaf-eca86b233bcc
Vollständiger
 Name des fehlerhaften Pakets:   Anwendungs-ID, die relativ zum fehlerhaften Paket
 ist: 
 
Error - 16.02.2013 08:01:31 | Computer Name = Caras-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.2.9200.16433,
 Zeitstempel: 0x50763312  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16420,
 Zeitstempel: 0x505ab405  Ausnahmecode: 0xc0000374  Fehleroffset: 0x00000000000ea485
ID
 des fehlerhaften Prozesses: 0xc88  Startzeit der fehlerhaften Anwendung: 0x01ce09f7580422be
Pfad
 der fehlerhaften Anwendung: C:\Windows\Explorer.EXE  Pfad des fehlerhaften Moduls:
 C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: 9964b110-7830-11e2-beaf-eca86b233bcc
Vollständiger
 Name des fehlerhaften Pakets:   Anwendungs-ID, die relativ zum fehlerhaften Paket
 ist: 
 
[ Spybot - Search and Destroy Events ]
Error - 01.03.2013 12:24:58 | Computer Name = Caras-PC | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
 
[ System Events ]
Error - 20.02.2013 13:05:11 | Computer Name = Caras-PC | Source = Ntfs | ID = 131
Description = Die Dateisystemstruktur auf Volume "C:" kann nicht korrigiert werden.
Führen
 Sie das Hilfsprogramm CHKDSK auf Volume "C:" aus.
 
Error - 20.02.2013 13:08:26 | Computer Name = Caras-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?20.?02.?2013 um 17:25:46 unerwartet heruntergefahren.
 
Error - 20.02.2013 13:09:04 | Computer Name = Caras-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows Search" wurde mit dem folgenden dienstspezifischen
 Fehler beendet:   %%2147749126
 
Error - 20.02.2013 13:09:04 | Computer Name = Caras-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
 Neustart des Diensts.
 
Error - 20.02.2013 13:09:28 | Computer Name = Caras-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Windows Search erreicht.
 
Error - 20.02.2013 13:09:28 | Computer Name = Caras-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%1053
 
Error - 20.02.2013 13:09:28 | Computer Name = Caras-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 20.02.2013 13:13:14 | Computer Name = Caras-PC | Source = Ntfs | ID = 55
Description = In der Dateisystemstruktur auf Volume "C:" wurde eine Beschädigung
 erkannt.    Die Masterdateitabelle (MFT) beinhaltet einen beschädigten Dateidatensatz.
 Die Dateireferenznummer ist 0x200000002ff73. Der Name der Datei ist "\Users\Cara
 ***\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Settings\settings.dat.LOG1".

 
Error - 21.02.2013 06:05:01 | Computer Name = Caras-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst Spooler erreicht.
 
Error - 21.02.2013 06:05:34 | Computer Name = Caras-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst Spooler erreicht.
 
 
< End of report >
         
--- --- ---

Alt 01.03.2013, 23:33   #5
markusg
/// Malware-holic
 
http://www.searchnu.com/413 Trojaner - Standard

http://www.searchnu.com/413 Trojaner



Hi,


otl fix

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:
ATTFilter
:OTL
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKCU..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent File not found
:files
:Commands
[emptytemp]
         
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread

__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 02.03.2013, 09:02   #6
charliee
 
http://www.searchnu.com/413 Trojaner - Standard

http://www.searchnu.com/413 Trojaner



Ich habe nur meinen Nachnamen unkenntlich gemacht, mein Vorname steht in den Log Files noch.
Muss ich jetzt noch irgendwo was eintragen?

All processes killed
========== OTL ==========
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\EA Core deleted successfully.
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Cara
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Cara ***
->Temp folder emptied: 1522978 bytes
->Temporary Internet Files folder emptied: 130 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 4892561 bytes
->Google Chrome cache emptied: 202351181 bytes
->Flash cache emptied: 711 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 30517 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 267051 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 199,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 03022013_121921

Files\Folders moved on Reboot...
C:\Users\Cara ***\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\CLDigitalHome\CLMS_AGENT_LOG1.txt scheduled to be moved on reboot.
File\Folder C:\Windows\temp\JET78BA.tmp not found!
C:\Windows\temp\winstore.log moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Alt 03.03.2013, 19:05   #7
markusg
/// Malware-holic
 
http://www.searchnu.com/413 Trojaner - Standard

http://www.searchnu.com/413 Trojaner



Hi,
Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 03.03.2013, 20:59   #8
charliee
 
http://www.searchnu.com/413 Trojaner - Standard

http://www.searchnu.com/413 Trojaner



20:56:24.0425 1664 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
20:56:24.0425 1664 UEFI system
20:56:24.0684 1664 ============================================================
20:56:24.0684 1664 Current date / time: 2013/03/03 20:56:24.0684
20:56:24.0684 1664 SystemInfo:
20:56:24.0685 1664
20:56:24.0685 1664 OS Version: 6.2.9200 ServicePack: 0.0
20:56:24.0685 1664 Product type: Workstation
20:56:24.0685 1664 ComputerName: CARAS-PC
20:56:24.0685 1664 UserName: Cara ***
20:56:24.0685 1664 Windows directory: C:\Windows
20:56:24.0685 1664 System windows directory: C:\Windows
20:56:24.0685 1664 Running under WOW64
20:56:24.0685 1664 Processor architecture: Intel x64
20:56:24.0685 1664 Number of processors: 4
20:56:24.0685 1664 Page size: 0x1000
20:56:24.0685 1664 Boot type: Normal boot
20:56:24.0685 1664 ============================================================
20:56:26.0019 1664 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:56:26.0026 1664 ============================================================
20:56:26.0026 1664 \Device\Harddisk0\DR0:
20:56:26.0026 1664 GPT partitions:
20:56:26.0026 1664 \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {E8DC0810-8C35-47FC-BD45-40058A12B232}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0xF9800
20:56:26.0026 1664 \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {92981727-7F96-4B1A-BDE0-A9052C4DF3FB}, Name: EFI system partition, StartLBA 0xFA000, BlocksNum 0x32000
20:56:26.0026 1664 \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {E86DF529-7F37-44AA-B12E-9F3FC077E4A8}, Name: Microsoft reserved partition, StartLBA 0x12C000, BlocksNum 0x40000
20:56:26.0026 1664 \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {8D7F0CC6-879E-47F6-A767-0ED8FD3B0659}, UniqueGUID: {16A5EBBD-2180-449F-A8A9-4C7B9F66B248}, Name: Basic data partition, StartLBA 0x16C000, BlocksNum 0x200000
20:56:26.0026 1664 \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {7E7B1267-E59D-42F4-8C33-AF6E337CB23C}, Name: Basic data partition, StartLBA 0x36C000, BlocksNum 0x6CB9A000
20:56:26.0026 1664 \Device\Harddisk0\DR0\Partition6: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {AB3FA474-4F8A-48AE-A473-C5A89893B3AD}, Name: Basic data partition, StartLBA 0x6CF06000, BlocksNum 0x7800D8F
20:56:26.0026 1664 MBR partitions:
20:56:26.0026 1664 ============================================================
20:56:26.0045 1664 C: <-> \Device\Harddisk0\DR0\Partition5
20:56:26.0206 1664 D: <-> \Device\Harddisk0\DR0\Partition6
20:56:26.0206 1664 ============================================================
20:56:26.0206 1664 Initialize success
20:56:26.0206 1664 ============================================================
20:56:53.0779 4452 ============================================================
20:56:53.0779 4452 Scan started
20:56:53.0779 4452 Mode: Manual; SigCheck; TDLFS;
20:56:53.0779 4452 ============================================================
20:56:55.0904 4452 ================ Scan system memory ========================
20:56:55.0904 4452 System memory - ok
20:56:55.0904 4452 ================ Scan services =============================
20:56:56.0091 4452 [ E890C46E4754F0DF51BAFCC8D2E07498 ] 1394ohci C:\Windows\System32\drivers\1394ohci.sys
20:56:56.0310 4452 1394ohci - ok
20:56:56.0310 4452 [ 4F18D4C7EA14F11A7211F60D553C03DB ] 3ware C:\Windows\system32\drivers\3ware.sys
20:56:56.0310 4452 3ware - ok
20:56:56.0341 4452 [ 975AABEB243B800C23626D6B652C5A9C ] ACPI C:\Windows\system32\drivers\ACPI.sys
20:56:56.0357 4452 ACPI - ok
20:56:56.0373 4452 [ DC968C37822117E576B933F34A2D130C ] acpiex C:\Windows\system32\Drivers\acpiex.sys
20:56:56.0388 4452 acpiex - ok
20:56:56.0404 4452 [ 0CA9F7C3A78227C21A0A7854E245CFB2 ] acpipagr C:\Windows\System32\drivers\acpipagr.sys
20:56:56.0451 4452 acpipagr - ok
20:56:56.0466 4452 [ 8EB8DA03B142D3DD1EB9ED8107A76C43 ] AcpiPmi C:\Windows\System32\drivers\acpipmi.sys
20:56:56.0482 4452 AcpiPmi - ok
20:56:56.0498 4452 [ CBCE725C5D86ABA7D2604E22951AA9B8 ] acpitime C:\Windows\System32\drivers\acpitime.sys
20:56:56.0529 4452 acpitime - ok
20:56:56.0638 4452 [ 9942DC4CC265CDA00486504444EF521D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:56:56.0654 4452 AdobeFlashPlayerUpdateSvc - ok
20:56:56.0685 4452 [ 93C6388592B99925C1D1576E465BC80F ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
20:56:56.0701 4452 adp94xx - ok
20:56:56.0701 4452 [ D27763E0247292654E7F7D16444C7C72 ] adpahci C:\Windows\system32\drivers\adpahci.sys
20:56:56.0716 4452 adpahci - ok
20:56:56.0716 4452 [ 67B90070FF48F794AF19F9FCF0080D75 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
20:56:56.0732 4452 adpu320 - ok
20:56:56.0748 4452 [ 974AE60BF5B90E31412D93596C968E5B ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
20:56:56.0779 4452 AeLookupSvc - ok
20:56:56.0810 4452 [ 0D0E5281784C2C526BA43C2ECD374288 ] Afc C:\Windows\syswow64\drivers\Afc.sys
20:56:56.0841 4452 Afc - ok
20:56:56.0873 4452 [ 36D6A3201721558A8AFBCC09C2DA4C2C ] AFD C:\Windows\system32\drivers\afd.sys
20:56:56.0919 4452 AFD - ok
20:56:56.0935 4452 [ 01590377A5AB19E792528C628A2A68F9 ] agp440 C:\Windows\system32\drivers\agp440.sys
20:56:56.0951 4452 agp440 - ok
20:56:56.0966 4452 [ D1BE8E6E5B3AF23A4393AF1BF867977A ] ALG C:\Windows\System32\alg.exe
20:56:57.0013 4452 ALG - ok
20:56:57.0044 4452 [ 025E8C755BE293E50854D26D1BBE5133 ] AllUserInstallAgent C:\Windows\system32\AUInstallAgent.dll
20:56:57.0091 4452 AllUserInstallAgent - ok
20:56:57.0123 4452 [ 5A81054B824004B1ECC04F0034A1CDF9 ] AmdK8 C:\Windows\System32\drivers\amdk8.sys
20:56:57.0138 4452 AmdK8 - ok
20:56:57.0294 4452 [ 8DC532B5BF820E48194C6AFC8862FCBC ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
20:56:57.0560 4452 amdkmdag - ok
20:56:57.0576 4452 [ AA48FEABA50C2DED9C485DFDBA044E40 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
20:56:57.0607 4452 amdkmdap - ok
20:56:57.0623 4452 [ B849D453E644FAB9BC8EF6DC8CA9C4C6 ] AmdPPM C:\Windows\System32\drivers\amdppm.sys
20:56:57.0654 4452 AmdPPM - ok
20:56:57.0685 4452 [ 35A0EB5AECB0FA3C41A2FB514A562304 ] amdsata C:\Windows\system32\drivers\amdsata.sys
20:56:57.0685 4452 amdsata - ok
20:56:57.0701 4452 [ 00452671904F5EE94B50BF0219C97164 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
20:56:57.0716 4452 amdsbs - ok
20:56:57.0716 4452 [ EA3FFE53E92E59C87E3ECA9BEB20D9B7 ] amdxata C:\Windows\system32\drivers\amdxata.sys
20:56:57.0732 4452 amdxata - ok
20:56:57.0748 4452 [ 582AF0A7617E5FFB1D8AB4E2DD074937 ] AmUStor C:\Windows\system32\drivers\AmUStor.SYS
20:56:57.0748 4452 AmUStor - ok
20:56:57.0748 4452 [ 83B3682CE922FB0F415734B26D9D6233 ] AppID C:\Windows\system32\drivers\appid.sys
20:56:57.0826 4452 AppID - ok
20:56:57.0841 4452 [ CE2BEAD7F31816FF0AC490D048C969F9 ] AppIDSvc C:\Windows\System32\appidsvc.dll
20:56:57.0873 4452 AppIDSvc - ok
20:56:57.0888 4452 [ D64C4AFEE8277F35EF729A2B924666B0 ] Appinfo C:\Windows\System32\appinfo.dll
20:56:57.0935 4452 Appinfo - ok
20:56:57.0935 4452 [ E933401B392387F4BE34DE8BAF1722A7 ] arc C:\Windows\system32\drivers\arc.sys
20:56:57.0951 4452 arc - ok
20:56:57.0982 4452 [ 07CA323EF2E8247A568AB0F3662AD644 ] arcsas C:\Windows\system32\drivers\arcsas.sys
20:56:57.0982 4452 arcsas - ok
20:56:57.0982 4452 [ 74DBAEC35366C4EE7670428808715A6A ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
20:56:58.0029 4452 AsyncMac - ok
20:56:58.0060 4452 [ A721FF570C2387E383BDDEA9632863C9 ] atapi C:\Windows\system32\drivers\atapi.sys
20:56:58.0076 4452 atapi - ok
20:56:58.0138 4452 [ 810ED88782952228AF9C0985FB7D259E ] AudioEndpointBuilder C:\Windows\System32\AudioEndpointBuilder.dll
20:56:58.0154 4452 AudioEndpointBuilder - ok
20:56:58.0185 4452 [ 25CA8B87479A374919563B3EE7136F32 ] Audiosrv C:\Windows\System32\Audiosrv.dll
20:56:58.0232 4452 Audiosrv - ok
20:56:58.0326 4452 [ 587EFD6A3A30A35A27904D21AE1FB882 ] AVP C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
20:56:58.0341 4452 AVP - ok
20:56:58.0357 4452 [ 89491EF71D5EA011127832C588002853 ] AxInstSV C:\Windows\System32\AxInstSV.dll
20:56:58.0404 4452 AxInstSV - ok
20:56:58.0435 4452 [ 87AB5BB072A3F128541D5B815F82FFDD ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
20:56:58.0466 4452 b06bdrv - ok
20:56:58.0482 4452 [ 81703BC5D68DEDBB086C2368FBE7B334 ] BasicDisplay C:\Windows\System32\drivers\BasicDisplay.sys
20:56:58.0513 4452 BasicDisplay - ok
20:56:58.0529 4452 [ 5EC68164E14D25675C98BBB5F09E8606 ] BasicRender C:\Windows\System32\drivers\BasicRender.sys
20:56:58.0560 4452 BasicRender - ok
20:56:58.0607 4452 [ F48FEB7DA35821DA15E0B006DCB9A169 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe
20:56:58.0623 4452 BBSvc - ok
20:56:58.0638 4452 [ 8E16F7A85441986FD2B9CE6C879524E4 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
20:56:58.0638 4452 BBUpdate - ok
20:56:58.0669 4452 [ 89143A7BA7850F5C7E61B43BB44B6418 ] BDESVC C:\Windows\System32\bdesvc.dll
20:56:58.0701 4452 BDESVC - ok
20:56:58.0732 4452 [ 9E7AEA59776D904607985AFFE7E5E183 ] Beep C:\Windows\system32\drivers\Beep.sys
20:56:58.0779 4452 Beep - ok
20:56:58.0810 4452 [ 9E6A544F465C582AB42444A217CF04DC ] BFE C:\Windows\System32\bfe.dll
20:56:58.0841 4452 BFE - ok
20:56:58.0873 4452 [ D598C44A7072D3108D8D8102EC5E07F7 ] BITS C:\Windows\System32\qmgr.dll
20:56:59.0279 4452 BITS - ok
20:56:59.0310 4452 [ B17AC10B47C7FCB44D22A1F06415840E ] bowser C:\Windows\system32\DRIVERS\bowser.sys
20:56:59.0341 4452 bowser - ok
20:56:59.0373 4452 [ 975398A3D2C1FEA73FC93931978DF354 ] BrokerInfrastructure C:\Windows\System32\bisrv.dll
20:56:59.0404 4452 BrokerInfrastructure - ok
20:56:59.0420 4452 [ 310068BDA80B1D55C36580FD8A873FAF ] Browser C:\Windows\System32\browser.dll
20:56:59.0451 4452 Browser - ok
20:56:59.0466 4452 [ 3AA4309EBD9491E516F13FE3DC752FEE ] BthAvrcpTg C:\Windows\System32\drivers\BthAvrcpTg.sys
20:56:59.0498 4452 BthAvrcpTg - ok
20:56:59.0513 4452 [ 616EB8748C988AEE98D93DA141C3D3B4 ] BthHFEnum C:\Windows\System32\drivers\bthhfenum.sys
20:56:59.0545 4452 BthHFEnum - ok
20:56:59.0545 4452 [ DCB4EBD928A6FB368BE6CAE522412DE1 ] bthhfhid C:\Windows\System32\drivers\BthHFHid.sys
20:56:59.0576 4452 bthhfhid - ok
20:56:59.0576 4452 [ 033916CE8784A848B9A3D686B7F66D97 ] BTHMODEM C:\Windows\System32\drivers\bthmodem.sys
20:56:59.0623 4452 BTHMODEM - ok
20:56:59.0638 4452 [ A4387C3D271959313E2577DB7BE8BA7A ] bthserv C:\Windows\system32\bthserv.dll
20:56:59.0654 4452 bthserv - ok
20:56:59.0685 4452 [ 990B1BABE6E81FB18E65A87EBEFB1772 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
20:56:59.0716 4452 cdfs - ok
20:56:59.0716 4452 [ 339BFF85D788268752DA8C9644B188EE ] cdrom C:\Windows\System32\drivers\cdrom.sys
20:56:59.0779 4452 cdrom - ok
20:56:59.0810 4452 [ BAF8F0F55BC300E5F882E521F054E345 ] CertPropSvc C:\Windows\System32\certprop.dll
20:56:59.0857 4452 CertPropSvc - ok
20:56:59.0873 4452 [ F64B7D1A37CC1D5F421D5359EEC81E2E ] circlass C:\Windows\System32\drivers\circlass.sys
20:56:59.0904 4452 circlass - ok
20:56:59.0904 4452 [ 9905168708DB68849B879B5548F68AB3 ] CLFS C:\Windows\system32\drivers\CLFS.sys
20:56:59.0920 4452 CLFS - ok
20:56:59.0951 4452 [ 075CCE75090786F124573A788C8656E6 ] CLVirtualDrive C:\Windows\system32\DRIVERS\CLVirtualDrive.sys
20:56:59.0951 4452 CLVirtualDrive - ok
20:56:59.0966 4452 [ 2DC8538A2260647484A6C921CA837313 ] CmBatt C:\Windows\System32\drivers\CmBatt.sys
20:56:59.0998 4452 CmBatt - ok
20:57:00.0060 4452 [ E708BFF0473EC6B271EA46B65B16CA56 ] CNG C:\Windows\system32\Drivers\cng.sys
20:57:00.0076 4452 CNG - ok
20:57:00.0107 4452 [ 0E5B1E9E7122EDAAF1F6CE047965CA92 ] CompositeBus C:\Windows\System32\drivers\CompositeBus.sys
20:57:00.0138 4452 CompositeBus - ok
20:57:00.0138 4452 COMSysApp - ok
20:57:00.0170 4452 [ D9CB0782AF819548072AA45B70F8B22D ] condrv C:\Windows\system32\drivers\condrv.sys
20:57:00.0185 4452 condrv - ok
20:57:00.0248 4452 [ 812F0775A29FD72B86742B9279BBD355 ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe
20:57:00.0279 4452 cphs - ok
20:57:00.0310 4452 [ F0E78B119D12BA81F163D48C0FF30B9A ] CryptSvc C:\Windows\system32\cryptsvc.dll
20:57:00.0341 4452 CryptSvc - ok
20:57:00.0388 4452 [ 7F5CD87CA5BDB4D83F992D8C77201483 ] CyberLink PowerDVD 10 MS Monitor Service C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe
20:57:00.0404 4452 CyberLink PowerDVD 10 MS Monitor Service - ok
20:57:00.0404 4452 [ 9FAF58E876A3B1DB3030A0A5805F2D86 ] CyberLink PowerDVD 10 MS Service C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe
20:57:00.0420 4452 CyberLink PowerDVD 10 MS Service - ok
20:57:00.0451 4452 [ C4D01BD86D6B207275FC143EEA951D75 ] dam C:\Windows\system32\drivers\dam.sys
20:57:00.0466 4452 dam - ok
20:57:00.0513 4452 [ 1EC6E533C954BDDF2A37E7851A7E58FD ] DcomLaunch C:\Windows\system32\rpcss.dll
20:57:00.0560 4452 DcomLaunch - ok
20:57:00.0591 4452 [ C8650D1F61149AA546BDBC99172EBBC1 ] defragsvc C:\Windows\System32\defragsvc.dll
20:57:00.0654 4452 defragsvc - ok
20:57:00.0685 4452 [ 5EAEF67AE2AF4D2DC664B649DB7B2E16 ] DeviceAssociationService C:\Windows\system32\das.dll
20:57:00.0716 4452 DeviceAssociationService - ok
20:57:00.0748 4452 [ 799BE46D45D486704CE0F37CA5385262 ] DeviceInstall C:\Windows\system32\umpnpmgr.dll
20:57:00.0779 4452 DeviceInstall - ok
20:57:00.0795 4452 [ 09D9EB9E7898F8E6561473A20CC808B9 ] Dfsc C:\Windows\system32\Drivers\dfsc.sys
20:57:00.0826 4452 Dfsc - ok
20:57:00.0857 4452 [ 9E0E72222264745ADEB0E5AC680B0ED6 ] Dhcp C:\Windows\system32\dhcpcore.dll
20:57:00.0888 4452 Dhcp - ok
20:57:00.0888 4452 [ 3C736FAE17BA6F91BA37594AAB139CD0 ] discache C:\Windows\system32\drivers\discache.sys
20:57:00.0904 4452 discache - ok
20:57:00.0904 4452 [ 560495FF4CA22E1D9B1972FA18F43B6F ] disk C:\Windows\system32\drivers\disk.sys
20:57:00.0920 4452 disk - ok
20:57:00.0920 4452 [ 82A7C72593793FE1EADA7A305BD1567A ] dmvsc C:\Windows\System32\drivers\dmvsc.sys
20:57:00.0951 4452 dmvsc - ok
20:57:00.0966 4452 [ 066B9710B36AB550E01EEFCA52155968 ] Dnscache C:\Windows\System32\dnsrslvr.dll
20:57:00.0998 4452 Dnscache - ok
20:57:01.0013 4452 [ 9949AD2ABA168A618D46C799D6CC898C ] dot3svc C:\Windows\System32\dot3svc.dll
20:57:01.0045 4452 dot3svc - ok
20:57:01.0060 4452 [ 109FC3F80BF4F4DC5A071058074F13C1 ] DPS C:\Windows\system32\dps.dll
20:57:01.0091 4452 DPS - ok
20:57:01.0107 4452 [ 9C7C183F937951AE17C5B8B3259CF3FF ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
20:57:01.0138 4452 drmkaud - ok
20:57:01.0170 4452 [ BF48F32EE248C3D371DA5DC93BBEADA7 ] DsmSvc C:\Windows\System32\DeviceSetupManager.dll
20:57:01.0185 4452 DsmSvc - ok
20:57:01.0217 4452 [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01 C:\Windows\System32\drivers\dtsoftbus01.sys
20:57:01.0217 4452 dtsoftbus01 - ok
20:57:01.0263 4452 [ ED120AA770A78B5079F8C7BB5AF8A035 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
20:57:01.0310 4452 DXGKrnl - ok
20:57:01.0342 4452 [ 58BA473DD88F5FC1932282BA683AA03E ] Eaphost C:\Windows\System32\eapsvc.dll
20:57:01.0357 4452 Eaphost - ok
20:57:01.0420 4452 [ 5AB97B3282D7D6114949D1EB5C8598E4 ] ebdrv C:\Windows\system32\drivers\evbda.sys
20:57:01.0482 4452 ebdrv - ok
20:57:01.0498 4452 [ F702AB6181513303AB0FC8D59E52708B ] EFS C:\Windows\System32\lsass.exe
20:57:01.0529 4452 EFS - ok
20:57:01.0545 4452 [ 66D60BD9A4C05616ABECA2A901475098 ] EhStorClass C:\Windows\system32\drivers\EhStorClass.sys
20:57:01.0560 4452 EhStorClass - ok
20:57:01.0560 4452 [ A61D0F543024E458C0FE32352E1978E2 ] EhStorTcgDrv C:\Windows\system32\drivers\EhStorTcgDrv.sys
20:57:01.0576 4452 EhStorTcgDrv - ok
20:57:01.0592 4452 [ 20ECD0A490A121CB34F553FAD1DBBD39 ] EpsonScanSvc C:\Windows\system32\EscSvc64.exe
20:57:01.0607 4452 EpsonScanSvc - ok
20:57:01.0638 4452 [ 194E8100D57FC13BEF88129BAAD07E46 ] EPSON_PM_RPCV4_04 C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
20:57:01.0654 4452 EPSON_PM_RPCV4_04 - ok
20:57:01.0670 4452 [ D790D058D67582DB9C84C2D33695FE6B ] ErrDev C:\Windows\System32\drivers\errdev.sys
20:57:01.0701 4452 ErrDev - ok
20:57:01.0732 4452 [ F9E01C2D9F8BC049E04CF5DC24A5F638 ] EventSystem C:\Windows\system32\es.dll
20:57:01.0779 4452 EventSystem - ok
20:57:01.0779 4452 [ 7A4D6FEB8C52B3FE855E4DCDF9107E03 ] exfat C:\Windows\system32\drivers\exfat.sys
20:57:01.0810 4452 exfat - ok
20:57:01.0826 4452 [ 60996602A7111FD2D086E803F33E4282 ] fastfat C:\Windows\system32\drivers\fastfat.sys
20:57:01.0842 4452 fastfat - ok
20:57:01.0857 4452 [ F0E7F8382ED5E138B0DFA4CB5058BCFE ] Fax C:\Windows\system32\fxssvc.exe
20:57:01.0888 4452 Fax - ok
20:57:01.0888 4452 [ 73B2D11DF0B6E03A0CB0323218ACB3E4 ] fdc C:\Windows\System32\drivers\fdc.sys
20:57:01.0920 4452 fdc - ok
20:57:01.0935 4452 [ 0828E3E7BD77C89149EAD3232BFD38DB ] fdPHost C:\Windows\system32\fdPHost.dll
20:57:01.0982 4452 fdPHost - ok
20:57:01.0982 4452 [ 872506AAB591E8908DF4461475AF92DF ] FDResPub C:\Windows\system32\fdrespub.dll
20:57:02.0013 4452 FDResPub - ok
20:57:02.0045 4452 [ 0588950D93A426F97C7AAADB1A9B0458 ] fhsvc C:\Windows\system32\fhsvc.dll
20:57:02.0060 4452 fhsvc - ok
20:57:02.0092 4452 [ 88A9EBACD1058ABB237A6B4E96E7F397 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
20:57:02.0107 4452 FileInfo - ok
20:57:02.0123 4452 [ 9E4EE3A0B00FF7D5F42A4AF9744CBA02 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
20:57:02.0154 4452 Filetrace - ok
20:57:02.0170 4452 [ B2BFF2B5FAE0460C29BD96B369FE6720 ] FintekCIR C:\Windows\system32\DRIVERS\FintekCIR.sys
20:57:02.0170 4452 FintekCIR - ok
20:57:02.0185 4452 [ B1D4C168FF7B8579E3745888658FFB1D ] flpydisk C:\Windows\System32\drivers\flpydisk.sys
20:57:02.0217 4452 flpydisk - ok
20:57:02.0217 4452 [ B33EC133AE4E6C1881D2302D93D2467D ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
20:57:02.0232 4452 FltMgr - ok
20:57:02.0279 4452 [ 0BCDC0FF11B984162B0CF0FF6E9E0146 ] FontCache C:\Windows\system32\FntCache.dll
20:57:02.0326 4452 FontCache - ok
20:57:02.0388 4452 [ 0B56259F5611787222A04A8F254E51D4 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:57:02.0388 4452 FontCache3.0.0.0 - ok
20:57:02.0404 4452 [ A5F7873A39E4E9FAAAE59B7E9E36B705 ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
20:57:02.0420 4452 FsDepends - ok
20:57:02.0451 4452 [ A6DD7D491F587F4BC13FB972977DC8E8 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
20:57:02.0467 4452 Fs_Rec - ok
20:57:02.0498 4452 [ FA228F4BB10DC7ED7E7D131C034E2331 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
20:57:02.0529 4452 fvevol - ok
20:57:02.0545 4452 [ A969D92973DFA895E7776B4BFE36DBB2 ] FxPPM C:\Windows\System32\drivers\fxppm.sys
20:57:02.0560 4452 FxPPM - ok
20:57:02.0576 4452 [ 52BC441E07A827EBAB70CDC7EAEDB28D ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
20:57:02.0592 4452 gagp30kx - ok
20:57:02.0607 4452 [ 721F8EEF5E9747F32670DEFF7FB92541 ] gencounter C:\Windows\System32\drivers\vmgencounter.sys
20:57:02.0638 4452 gencounter - ok
20:57:02.0654 4452 [ CA18ECFCFFDD638ECE80799A9056B238 ] GPIOClx0101 C:\Windows\system32\Drivers\msgpioclx.sys
20:57:02.0670 4452 GPIOClx0101 - ok
20:57:02.0701 4452 [ 5358678C6370F2ADC5291849F6503262 ] gpsvc C:\Windows\System32\gpsvc.dll
20:57:02.0732 4452 gpsvc - ok
20:57:02.0779 4452 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:57:02.0795 4452 gupdate - ok
20:57:02.0795 4452 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:57:02.0810 4452 gupdatem - ok
20:57:02.0826 4452 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
20:57:02.0842 4452 gusvc - ok
20:57:02.0857 4452 [ C2504AA983B5D411F7D31402E8B57725 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:57:02.0888 4452 HdAudAddService - ok
20:57:02.0920 4452 [ 7D87B5B6C7188D553E11B59DC7F0B111 ] HDAudBus C:\Windows\System32\drivers\HDAudBus.sys
20:57:02.0951 4452 HDAudBus - ok
20:57:02.0982 4452 [ 3F76BBA53D65E85A7F53E7A71082082C ] HidBatt C:\Windows\System32\drivers\HidBatt.sys
20:57:03.0013 4452 HidBatt - ok
20:57:03.0013 4452 [ A25BAE8C1F2830C8E5625EC7E4E968BE ] HidBth C:\Windows\System32\drivers\hidbth.sys
20:57:03.0045 4452 HidBth - ok
20:57:03.0076 4452 [ CC4A07E51D89575CAB6F4EB590D87CD4 ] hidi2c C:\Windows\System32\drivers\hidi2c.sys
20:57:03.0107 4452 hidi2c - ok
20:57:03.0123 4452 [ DC96F7DACB777CDEAEF9958A50BFDA06 ] HidIr C:\Windows\System32\drivers\hidir.sys
20:57:03.0138 4452 HidIr - ok
20:57:03.0170 4452 [ FAC37D7B3D6354A5A5E19A45B50B4008 ] hidserv C:\Windows\system32\hidserv.dll
20:57:03.0185 4452 hidserv - ok
20:57:03.0217 4452 [ 590B6F71BCDA4368B4BF7D8DF22B60F7 ] HidUsb C:\Windows\System32\drivers\hidusb.sys
20:57:03.0248 4452 HidUsb - ok
20:57:03.0263 4452 [ 43F884B61A24377567CD0FEB35236334 ] hkmsvc C:\Windows\system32\kmsvc.dll
20:57:03.0295 4452 hkmsvc - ok
20:57:03.0310 4452 [ 33DFC14DFDCCFA7AA10E392F6A8EC1CF ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:57:03.0326 4452 HomeGroupListener - ok
20:57:03.0357 4452 [ E0D9F6FE18FA7F53ADD29AF719CE2B7E ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:57:03.0373 4452 HomeGroupProvider - ok
20:57:03.0388 4452 [ 64DB7A8D97CA53DCCF93D0A1E08342CF ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
20:57:03.0404 4452 HpSAMD - ok
20:57:03.0435 4452 [ 29CB98187BB5711F7759540976D295FC ] HTTP C:\Windows\system32\drivers\HTTP.sys
20:57:03.0467 4452 HTTP - ok
20:57:03.0498 4452 [ 2A98301068801700906C06649860FE94 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
20:57:03.0513 4452 hwpolicy - ok
20:57:03.0529 4452 [ DC76901D82097C9E297F20C287CB9A27 ] hyperkbd C:\Windows\System32\drivers\hyperkbd.sys
20:57:03.0545 4452 hyperkbd - ok
20:57:03.0560 4452 [ 716413AB3CA12DE0A7222D28C1C9352C ] HyperVideo C:\Windows\system32\DRIVERS\HyperVideo.sys
20:57:03.0576 4452 HyperVideo - ok
20:57:03.0592 4452 [ C9E9CBF73AFFBFE3E801EFB516787BA3 ] i8042prt C:\Windows\System32\drivers\i8042prt.sys
20:57:03.0654 4452 i8042prt - ok
20:57:03.0670 4452 [ 6C024B3AE192D72B216166802AF345DD ] iaStorA C:\Windows\system32\drivers\iaStorA.sys
20:57:03.0701 4452 iaStorA - ok
20:57:03.0732 4452 [ 7F7A03D03FA18A0DB2DAC37A8D620E7F ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
20:57:03.0748 4452 IAStorDataMgrSvc ( UnsignedFile.Multi.Generic ) - warning
20:57:03.0748 4452 IAStorDataMgrSvc - detected UnsignedFile.Multi.Generic (1)
20:57:03.0779 4452 [ 5E394EBD26FD68AA9300332C46BEDD62 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
20:57:03.0779 4452 iaStorV - ok
20:57:03.0920 4452 [ B9857625DF8B539ABCB90E15B5716568 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
20:57:04.0107 4452 igfx - ok
20:57:04.0123 4452 [ 24847A06B84339FEEDE5CABF3D27D320 ] iirsp C:\Windows\system32\drivers\iirsp.sys
20:57:04.0139 4452 iirsp - ok
20:57:04.0185 4452 [ 531B5A98145DA689741A0AC18F14EA94 ] IKEEXT C:\Windows\System32\ikeext.dll
20:57:04.0217 4452 IKEEXT - ok
20:57:04.0295 4452 [ DC052337C24A87AA1ACC8FCE4F2D5C7F ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
20:57:04.0357 4452 IntcAzAudAddService - ok
20:57:04.0389 4452 [ F5495B38BFB9149925F54F65AB40EFBF ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
20:57:04.0435 4452 IntcDAud - ok
20:57:04.0482 4452 [ C99F8E90DE4B8F0C7FE15BB1CBCD29DC ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
20:57:04.0498 4452 Intel(R) Capability Licensing Service Interface - ok
20:57:04.0514 4452 [ 4F37726CF764CA18A8A84F85EF3A7F24 ] intelide C:\Windows\system32\drivers\intelide.sys
20:57:04.0529 4452 intelide - ok
20:57:04.0545 4452 [ E15CDF68DD73423F15D4AC404793AF0D ] intelppm C:\Windows\System32\drivers\intelppm.sys
20:57:04.0576 4452 intelppm - ok
20:57:04.0576 4452 [ 8FCA66234A0933D796BB780B7953BAB9 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:57:04.0623 4452 IpFilterDriver - ok
20:57:04.0654 4452 [ C217B8D2E58C57A319B16125C3D4B69C ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
20:57:04.0685 4452 iphlpsvc - ok
20:57:04.0701 4452 [ 6E98A046A12AA113F8898AA5D612BD6E ] IPMIDRV C:\Windows\System32\drivers\IPMIDrv.sys
20:57:04.0732 4452 IPMIDRV - ok
20:57:04.0732 4452 [ 3969B9C218DD3FAA9F4ED2FFC3651C02 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
20:57:04.0748 4452 IPNAT - ok
20:57:04.0779 4452 [ 25CD7C4BB2863FFC2B0B311F0AEBF77C ] IRENUM C:\Windows\system32\drivers\irenum.sys
20:57:04.0873 4452 IRENUM - ok
20:57:04.0873 4452 [ D940C5BB9DC92E588533C19ABCC3D2C2 ] isapnp C:\Windows\system32\drivers\isapnp.sys
20:57:04.0889 4452 isapnp - ok
20:57:04.0904 4452 [ 69C8BF0BC2B0EA10F130F4D3104DC2EF ] iScsiPrt C:\Windows\System32\drivers\msiscsi.sys
20:57:04.0920 4452 iScsiPrt - ok
20:57:04.0935 4452 [ C432B06321E82DDB5549C60ECCA9CCCA ] IT9135BDA C:\Windows\System32\Drivers\IT9135BDA.sys
20:57:04.0982 4452 IT9135BDA - ok
20:57:05.0014 4452 [ 3C4002D339491AF73D663FFC7F6E5ECB ] jhi_service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
20:57:05.0029 4452 jhi_service - ok
20:57:05.0045 4452 [ 8FBD94B69D6423E20ABCD59D86368B21 ] kbdclass C:\Windows\System32\drivers\kbdclass.sys
20:57:05.0060 4452 kbdclass - ok
20:57:05.0076 4452 [ E88C932ABDF8185A62C8F2FC7B051FB6 ] kbdhid C:\Windows\System32\drivers\kbdhid.sys
20:57:05.0107 4452 kbdhid - ok
20:57:05.0123 4452 [ FB6C185092E18011EF49989425C2AA87 ] kdnic C:\Windows\system32\DRIVERS\kdnic.sys
20:57:05.0154 4452 kdnic - ok
20:57:05.0170 4452 [ F702AB6181513303AB0FC8D59E52708B ] KeyIso C:\Windows\system32\lsass.exe
20:57:05.0185 4452 KeyIso - ok
20:57:05.0201 4452 [ 8B5219318DF5895ABD230C373F2DF18A ] kl1 C:\Windows\system32\DRIVERS\kl1.sys
20:57:05.0217 4452 kl1 - ok
20:57:05.0217 4452 [ F2EB9202FCCC81E0902D3C5A70037A44 ] klelam C:\Windows\system32\DRIVERS\klelam.sys
20:57:05.0217 4452 klelam - ok
20:57:05.0232 4452 [ 5D0104D068AA740A4CD75158652EA986 ] KLIF C:\Windows\system32\DRIVERS\klif.sys
20:57:05.0248 4452 KLIF - ok
20:57:05.0279 4452 [ 1B5B924D27399F41DECD1CC6D706429F ] KLIM6 C:\Windows\system32\DRIVERS\klim6.sys
20:57:05.0295 4452 KLIM6 - ok
20:57:05.0295 4452 [ A0B1AE842D7C7F2FDF530A7049CB988D ] klkbdflt C:\Windows\system32\DRIVERS\klkbdflt.sys
20:57:05.0295 4452 klkbdflt - ok
20:57:05.0295 4452 [ A8FFD74947077D8BD9A80936EC24514D ] klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys
20:57:05.0310 4452 klmouflt - ok
20:57:05.0326 4452 [ FE0F2B2F8B0EA185B572BD3082593600 ] klwfp C:\Windows\system32\DRIVERS\klwfp.sys
20:57:05.0326 4452 klwfp - ok
20:57:05.0326 4452 [ 185D21CB8F10CFB351FF65DA88C18BC9 ] kneps C:\Windows\system32\DRIVERS\kneps.sys
20:57:05.0342 4452 kneps - ok
20:57:05.0357 4452 [ DFA480F6DED551464F3A5B959F437800 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
20:57:05.0373 4452 KSecDD - ok
20:57:05.0404 4452 [ 127FB0AAD232BAAD2C9BBACD374F4FC5 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
20:57:05.0420 4452 KSecPkg - ok
20:57:05.0451 4452 [ 81492FEEBF2F26455B00EE8DBAE8A1B0 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
20:57:05.0467 4452 ksthunk - ok
20:57:05.0498 4452 [ 5825DBACEDC3812B5CF8D40B997BF210 ] KtmRm C:\Windows\system32\msdtckrm.dll
20:57:05.0529 4452 KtmRm - ok
20:57:05.0545 4452 [ 256EE31588257E8A555DBFAA13F1908E ] LanmanServer C:\Windows\system32\srvsvc.dll
20:57:05.0576 4452 LanmanServer - ok
20:57:05.0592 4452 [ 16650912BE5A94B40E0B3B4C39652B56 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:57:05.0623 4452 LanmanWorkstation - ok
20:57:05.0639 4452 [ CEEFD29FC551F289810B0B9381B321DC ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
20:57:05.0654 4452 lltdio - ok
20:57:05.0685 4452 [ BCF53485E0A94722CDE3C4A93CD8EB8C ] lltdsvc C:\Windows\System32\lltdsvc.dll
20:57:05.0732 4452 lltdsvc - ok
20:57:05.0748 4452 [ 5A2F7F1CBC2E631A497DAD16164E06D2 ] lmhosts C:\Windows\System32\lmhsvc.dll
20:57:05.0779 4452 lmhosts - ok
20:57:05.0810 4452 [ 4269D44BB47A6DA5D80B11F4C8536458 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
20:57:05.0810 4452 LMS - ok
20:57:05.0842 4452 [ 022CDD12161B063D7852B1075BF3FFF2 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
20:57:05.0857 4452 LSI_SAS - ok
20:57:05.0857 4452 [ 07AD59D669B996F29F91817F0ECFA34F ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
20:57:05.0857 4452 LSI_SAS2 - ok
20:57:05.0873 4452 [ 216FB796AA4E252ACCE93B1BCB80B5EC ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
20:57:05.0873 4452 LSI_SCSI - ok
20:57:05.0889 4452 [ 5E80530AF37102488EE980B4A92AF99F ] LSI_SSS C:\Windows\system32\drivers\lsi_sss.sys
20:57:05.0889 4452 LSI_SSS - ok
20:57:05.0920 4452 [ A57BA284F5996FFD32DCDBC41A4657DB ] LSM C:\Windows\System32\lsm.dll
20:57:05.0936 4452 LSM - ok
20:57:05.0967 4452 [ 2BDC5D711FA61307CE6190D47C956368 ] luafv C:\Windows\system32\drivers\luafv.sys
20:57:05.0998 4452 luafv - ok
20:57:06.0014 4452 [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
20:57:06.0014 4452 MBAMProtector - ok
20:57:06.0029 4452 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
20:57:06.0045 4452 MBAMScheduler - ok
20:57:06.0076 4452 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
20:57:06.0092 4452 MBAMService - ok
20:57:06.0092 4452 [ 9B0D829C3BE4E7472DB9DD2B79908E3C ] megasas C:\Windows\system32\drivers\megasas.sys
20:57:06.0107 4452 megasas - ok
20:57:06.0123 4452 [ ECC3F54C7AFC318271C4F0B4606D8DB0 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
20:57:06.0123 4452 MegaSR - ok
20:57:06.0139 4452 [ 772A1DEEDFDBC244183B5C805D1B7D85 ] MEIx64 C:\Windows\System32\drivers\HECIx64.sys
20:57:06.0154 4452 MEIx64 - ok
20:57:06.0201 4452 Microsoft SharePoint Workspace Audit Service - ok
20:57:06.0217 4452 [ EEE908BE7143FCA48CF0CB87214E2AB8 ] MMCSS C:\Windows\system32\mmcss.dll
20:57:06.0232 4452 MMCSS - ok
20:57:06.0264 4452 [ 780098AD5DA8A4822E2563984C85EF7B ] Modem C:\Windows\system32\drivers\modem.sys
20:57:06.0326 4452 Modem - ok
20:57:06.0357 4452 [ 83EB0BF7E6EBD5B1AAC97F9DBD5EB935 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
20:57:06.0389 4452 monitor - ok
20:57:06.0404 4452 [ 618446B98C79776654340CE27C73485E ] mouclass C:\Windows\System32\drivers\mouclass.sys
20:57:06.0420 4452 mouclass - ok
20:57:06.0436 4452 [ CB2527B8B87D83E56FBF3944BBB6F606 ] mouhid C:\Windows\System32\drivers\mouhid.sys
20:57:06.0451 4452 mouhid - ok
20:57:06.0467 4452 [ 89D263DBF08119CE16273991C120D6DD ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
20:57:06.0482 4452 mountmgr - ok
20:57:06.0514 4452 [ 730A519505621DF46BCBF9CDAC9FB6AD ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:57:06.0545 4452 MozillaMaintenance - ok
20:57:06.0545 4452 [ 0D1609DD82C7440F5D5BF21A9D4D5C0C ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
20:57:06.0576 4452 mpsdrv - ok
20:57:06.0623 4452 [ 3031573A739DBEE8923851929D0AF423 ] MpsSvc C:\Windows\system32\mpssvc.dll
20:57:06.0670 4452 MpsSvc - ok
20:57:06.0686 4452 [ 3D70147F55F1EC84EB9139ED7FFE48BC ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
20:57:06.0717 4452 MRxDAV - ok
20:57:06.0748 4452 [ 877D60D6E4156EC4A2E0B6871D41BED9 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
20:57:06.0764 4452 mrxsmb - ok
20:57:06.0779 4452 [ 06D5F2FA3C61E8EA91648EA8E9F99FD3 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:57:06.0795 4452 mrxsmb10 - ok
20:57:06.0795 4452 [ E078446D4B8622AA6030C7B8A1A08962 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:57:06.0826 4452 mrxsmb20 - ok
20:57:06.0857 4452 [ 98487487D6B3797CA927E9D7B030AE13 ] MsBridge C:\Windows\system32\DRIVERS\bridge.sys
20:57:06.0889 4452 MsBridge - ok
20:57:06.0904 4452 [ 4A07458EB4F17573BD39F22029A991C1 ] MSDTC C:\Windows\System32\msdtc.exe
20:57:06.0920 4452 MSDTC - ok
20:57:06.0936 4452 [ 3886F1F2A4D2900ABAA7E4486BEEE6A2 ] Msfs C:\Windows\system32\drivers\Msfs.sys
20:57:06.0998 4452 Msfs - ok
20:57:07.0014 4452 [ C32A7A39B960A42BA9D4FBE47213CA03 ] msgpiowin32 C:\Windows\System32\drivers\msgpiowin32.sys
20:57:07.0029 4452 msgpiowin32 - ok
20:57:07.0061 4452 [ D3857A767B91A061B408CCAB02DA4F40 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
20:57:07.0076 4452 mshidkmdf - ok
20:57:07.0092 4452 [ 839B48910FB1E887635C48F3EC11A05E ] mshidumdf C:\Windows\System32\drivers\mshidumdf.sys
20:57:07.0123 4452 mshidumdf - ok
20:57:07.0139 4452 [ 55C0DB741E3AB7463242B185B1C2997C ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
20:57:07.0154 4452 msisadrv - ok
20:57:07.0201 4452 [ 216C6B035A4BA5560E1255BD8E5BB89F ] MSiSCSI C:\Windows\system32\iscsiexe.dll
20:57:07.0232 4452 MSiSCSI - ok
20:57:07.0232 4452 msiserver - ok
20:57:07.0248 4452 [ 509809566E49F4411055864EA8D437CD ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
20:57:07.0264 4452 MSKSSRV - ok
20:57:07.0279 4452 [ 63145201D6458E4958E572E7D6FC2604 ] MsLldp C:\Windows\system32\DRIVERS\mslldp.sys
20:57:07.0311 4452 MsLldp - ok
20:57:07.0311 4452 [ 99D526E803DB6D7FF290FD98B6204641 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
20:57:07.0342 4452 MSPCLOCK - ok
20:57:07.0357 4452 [ 06FA77C3E2A491ADCD704C5E73006269 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
20:57:07.0373 4452 MSPQM - ok
20:57:07.0389 4452 [ E134EC4DE11CF78CB01432D180710D84 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
20:57:07.0404 4452 MsRPC - ok
20:57:07.0420 4452 [ B5AECF12F09DEE97C9FCAA5BA016CE1E ] mssmbios C:\Windows\System32\drivers\mssmbios.sys
20:57:07.0436 4452 mssmbios - ok
20:57:07.0436 4452 [ 72D66A05E0F99F2528F6C6204FD22AA1 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
20:57:07.0467 4452 MSTEE - ok
20:57:07.0467 4452 [ 8AAAE399FC255FA105D4158CBA289001 ] MTConfig C:\Windows\System32\drivers\MTConfig.sys
20:57:07.0498 4452 MTConfig - ok
20:57:07.0514 4452 [ 3BCB702F3E6CC622DCAFCAA45D7CDE0A ] Mup C:\Windows\system32\Drivers\mup.sys
20:57:07.0529 4452 Mup - ok
20:57:07.0545 4452 [ 3A1E095277BBD406CEA8EA6B76950664 ] mvumis C:\Windows\system32\drivers\mvumis.sys
20:57:07.0561 4452 mvumis - ok
20:57:07.0592 4452 [ 4B18840511D720BA118D3017E8165875 ] napagent C:\Windows\system32\qagentRT.dll
20:57:07.0623 4452 napagent - ok
20:57:07.0639 4452 [ 43D7388A90A4C6EA346A4D6FF0377479 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
20:57:07.0654 4452 NativeWifiP - ok
20:57:07.0686 4452 [ 6A0C3996DA7DAE6D6939676D786EEEC4 ] NcaSvc C:\Windows\System32\ncasvc.dll
20:57:07.0717 4452 NcaSvc - ok
20:57:07.0717 4452 [ C982FE4CC91DECE2259F494FCEB4030F ] NcdAutoSetup C:\Windows\System32\NcdAutoSetup.dll
20:57:07.0748 4452 NcdAutoSetup - ok
20:57:07.0779 4452 [ 0F89AE618DBA5D8AB7A2DFCC375F4159 ] NDIS C:\Windows\system32\drivers\ndis.sys
20:57:07.0811 4452 NDIS - ok
20:57:07.0842 4452 [ 39C8A1D9D46F5E83A016BCAB72455284 ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
20:57:07.0857 4452 NdisCap - ok
20:57:07.0873 4452 [ 762941932B7E4C588E48A577BA9D6440 ] NdisImPlatform C:\Windows\system32\DRIVERS\NdisImPlatform.sys
20:57:07.0904 4452 NdisImPlatform - ok
20:57:07.0936 4452 [ 7A6F8A6D0E01432EBA294EF29CDD0FA7 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
20:57:07.0967 4452 NdisTapi - ok
20:57:07.0998 4452 [ 79AB68BB3FFF974AD4F41FA559F4EC67 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
20:57:08.0029 4452 Ndisuio - ok
20:57:08.0045 4452 [ 62C7DBF4F9301F76CF87D4B9D8F57BF8 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
20:57:08.0061 4452 NdisWan - ok
20:57:08.0061 4452 [ 62C7DBF4F9301F76CF87D4B9D8F57BF8 ] NDISWANLEGACY C:\Windows\system32\DRIVERS\ndiswan.sys
20:57:08.0076 4452 NDISWANLEGACY - ok
20:57:08.0092 4452 [ CE6EBC0AD38CC6482D8FBB744FF15CE2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
20:57:08.0107 4452 NDProxy - ok
20:57:08.0123 4452 [ D3F60A4345FCA9C1BE68AD7D0D6DE770 ] Ndu C:\Windows\system32\drivers\Ndu.sys
20:57:08.0154 4452 Ndu - ok
20:57:08.0154 4452 [ 7C203A76394F9AE68F69EEE5F9612C4A ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
20:57:08.0186 4452 NetBIOS - ok
20:57:08.0186 4452 [ 7CEC25C682D319D484630B3952C31A11 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
20:57:08.0217 4452 NetBT - ok
20:57:08.0232 4452 [ F702AB6181513303AB0FC8D59E52708B ] Netlogon C:\Windows\system32\lsass.exe
20:57:08.0248 4452 Netlogon - ok
20:57:08.0264 4452 [ 89519D29CBEC2121CA65CC29C4D345E0 ] Netman C:\Windows\System32\netman.dll
20:57:08.0279 4452 Netman - ok
20:57:08.0326 4452 [ C166E3CD90AB0781ECDF10EC765B083A ] netprofm C:\Windows\System32\netprofmsvc.dll
20:57:08.0357 4452 netprofm - ok
20:57:08.0389 4452 [ BE0F20C494EBCB1899346FE973AD5EBE ] netr28x C:\Windows\system32\DRIVERS\netr28x.sys
20:57:08.0451 4452 netr28x - ok
20:57:08.0467 4452 [ 5243CFC2E7161C91C2B355240035B9E4 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:57:08.0498 4452 NetTcpPortSharing - ok
20:57:08.0529 4452 [ 12DD2800E4EEA37DC9AE256AD62423B4 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
20:57:08.0529 4452 nfrd960 - ok
20:57:08.0561 4452 [ 80ABCD4C2DE9FD832477303AE0CA3BE5 ] NlaSvc C:\Windows\System32\nlasvc.dll
20:57:08.0592 4452 NlaSvc - ok
20:57:08.0623 4452 [ 907B5E1E4A592E5EDC5E4CCBDE4863C2 ] nmwcd C:\Windows\system32\drivers\ccdcmbx64.sys
20:57:08.0670 4452 nmwcd - ok
20:57:08.0701 4452 [ 41C1AC1F3613435EB32D67BCB80A5FA5 ] nmwcdc C:\Windows\system32\drivers\ccdcmbox64.sys
20:57:08.0733 4452 nmwcdc - ok
20:57:08.0764 4452 [ 17E19A742FB30C002F8B43575451DBE1 ] Npfs C:\Windows\system32\drivers\Npfs.sys
20:57:08.0779 4452 Npfs - ok
20:57:08.0795 4452 [ 8ED299C30792544264E558BEA79F0947 ] npsvctrig C:\Windows\System32\drivers\npsvctrig.sys
20:57:08.0842 4452 npsvctrig - ok
20:57:08.0858 4452 [ 832B5FDF0B5577713FD7F2465FCD0ACE ] nsi C:\Windows\system32\nsisvc.dll
20:57:08.0873 4452 nsi - ok
20:57:08.0889 4452 [ 689B3B1E95C70ABF7AFF29F9406EF1E0 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
20:57:08.0904 4452 nsiproxy - ok
20:57:08.0951 4452 [ 11D7A4A4A1DA60F394F53B413DCDF0DE ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
20:57:08.0998 4452 Ntfs - ok
20:57:09.0014 4452 [ 4163ADE07DB51843AE31F65B94F5398D ] Null C:\Windows\system32\drivers\Null.sys
20:57:09.0029 4452 Null - ok
20:57:09.0029 4452 [ D6D34118263412D3AAA8348A9572B7F2 ] nvraid C:\Windows\system32\drivers\nvraid.sys
20:57:09.0045 4452 nvraid - ok
20:57:09.0045 4452 [ 27AFC428D1D32ABD04A86763A4EDDEA9 ] nvstor C:\Windows\system32\drivers\nvstor.sys
20:57:09.0061 4452 nvstor - ok
20:57:09.0061 4452 [ 051CFB5107BAAE510419BDC41F8C4036 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
20:57:09.0076 4452 nv_agp - ok
20:57:09.0123 4452 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:57:09.0123 4452 ose - ok
20:57:09.0248 4452 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
20:57:09.0358 4452 osppsvc - ok
20:57:09.0389 4452 [ AB76700D764A342D7475FB8F47CAB18C ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
20:57:09.0404 4452 p2pimsvc - ok
20:57:09.0420 4452 [ 4319FD931DCD796435ECB5DB4A04FBA5 ] p2psvc C:\Windows\system32\p2psvc.dll
20:57:09.0451 4452 p2psvc - ok
20:57:09.0483 4452 [ 4563DAF8C6A740AD7F501E219BD10766 ] Parport C:\Windows\System32\drivers\parport.sys
20:57:09.0498 4452 Parport - ok
20:57:09.0514 4452 [ D6ACCF9F2EEEEA711C14EFD976E573F3 ] partmgr C:\Windows\system32\drivers\partmgr.sys
20:57:09.0514 4452 partmgr - ok
20:57:09.0545 4452 [ 4811D9EC53649105A5A8BEA661B0F936 ] PcaSvc C:\Windows\System32\pcasvc.dll
20:57:09.0576 4452 PcaSvc - ok
20:57:09.0592 4452 [ 4A003E8F718C1E6A2050CA98CD53E3E2 ] pci C:\Windows\system32\drivers\pci.sys
20:57:09.0592 4452 pci - ok
20:57:09.0608 4452 [ F9908D274D458220F91E89B54D78D837 ] pciide C:\Windows\system32\drivers\pciide.sys
20:57:09.0623 4452 pciide - ok
20:57:09.0639 4452 [ 84D19CB6102627932DCB5DFDF89FE269 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
20:57:09.0654 4452 pcmcia - ok
20:57:09.0654 4452 [ CEBBAD5391C2644560C55628A40BFD27 ] pcw C:\Windows\system32\drivers\pcw.sys
20:57:09.0670 4452 pcw - ok
20:57:09.0686 4452 [ EF9B4F3136B4C45F421ADE6871659FB6 ] pdc C:\Windows\system32\drivers\pdc.sys
20:57:09.0701 4452 pdc - ok
20:57:09.0701 4452 [ 70DBB6A8B52B3830922F1C5789E1BEEB ] PEAUTH C:\Windows\system32\drivers\peauth.sys
20:57:09.0733 4452 PEAUTH - ok
20:57:09.0779 4452 [ EB88FA19F0EA05DD04BE9C5FFEEFFE1A ] PerfHost C:\Windows\SysWow64\perfhost.exe
20:57:09.0811 4452 PerfHost - ok
20:57:09.0858 4452 [ 6E84BFF58F7643499277F29DFA2F8C8D ] pla C:\Windows\system32\pla.dll
20:57:09.0904 4452 pla - ok
20:57:09.0920 4452 [ 799BE46D45D486704CE0F37CA5385262 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
20:57:09.0936 4452 PlugPlay - ok
20:57:09.0951 4452 [ 8E2414E818C26C4A9C70CB2B8567F04F ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
20:57:09.0967 4452 PNRPAutoReg - ok
20:57:09.0983 4452 [ AB76700D764A342D7475FB8F47CAB18C ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
20:57:09.0998 4452 PNRPsvc - ok
20:57:10.0014 4452 [ 0108C8E5176D590F242701EF5A62CC26 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
20:57:10.0045 4452 PolicyAgent - ok
20:57:10.0076 4452 [ F1E067F56373F11EA4B785CAE823740A ] Power C:\Windows\system32\umpo.dll
20:57:10.0092 4452 Power - ok
20:57:10.0123 4452 [ 362D47E5B4D67270DE4B8606036F4ADD ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
20:57:10.0139 4452 PptpMiniport - ok
20:57:10.0217 4452 [ C2D3B3D0060619D5E03E696BD56FF59F ] PrintNotify C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll
20:57:10.0264 4452 PrintNotify - ok
20:57:10.0295 4452 [ DD979EB6A7212F60E4AFBE96EDC7AE6D ] Processor C:\Windows\System32\drivers\processr.sys
20:57:10.0295 4452 Processor - ok
20:57:10.0326 4452 [ 429E8502AD2227CF88F8840FC5BD590D ] ProfSvc C:\Windows\system32\profsvc.dll
20:57:10.0342 4452 ProfSvc - ok
20:57:10.0373 4452 [ EB8034147D4820CD31BFCB11A2A652DF ] Psched C:\Windows\system32\DRIVERS\pacer.sys
20:57:10.0389 4452 Psched - ok
20:57:10.0420 4452 [ 0AFBF333B6F87A2F598EAB379AF100B8 ] QWAVE C:\Windows\system32\qwave.dll
20:57:10.0436 4452 QWAVE - ok
20:57:10.0451 4452 [ 13D47BB0CCA2FC51BD15F8E85C6A078E ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
20:57:10.0483 4452 QWAVEdrv - ok
20:57:10.0483 4452 [ 873C60F8178100557740A832FCE10B5F ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
20:57:10.0514 4452 RasAcd - ok
20:57:10.0514 4452 [ 69B93F623B130976243ECA3D84CC99CA ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
20:57:10.0545 4452 RasAgileVpn - ok
20:57:10.0561 4452 [ 005F6E54C4A2DA4EBF68FB0392CE8BB0 ] RasAuto C:\Windows\System32\rasauto.dll
20:57:10.0592 4452 RasAuto - ok
20:57:10.0623 4452 [ A14D625C5AEE5FFE0F47D1A1D419FAAE ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
20:57:10.0654 4452 Rasl2tp - ok
20:57:10.0686 4452 [ C923C785A2DE0B396AD6D13ACAFF2DE9 ] RasMan C:\Windows\System32\rasmans.dll
20:57:10.0733 4452 RasMan - ok
20:57:10.0733 4452 [ 00695B9C2DB6111064499C529E90C042 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
20:57:10.0733 4452 RasPppoe - ok
20:57:10.0748 4452 [ A7F24D8CD1956B0A1FDCB86CC5114DE4 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
20:57:10.0764 4452 RasSstp - ok
20:57:10.0764 4452 [ B72C33DBD5326B3864CF2091AF8B906B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
20:57:10.0779 4452 rdbss - ok
20:57:10.0795 4452 [ CA7DF5EC95D8DE0DD24BE7FF97369F68 ] rdpbus C:\Windows\System32\drivers\rdpbus.sys
20:57:10.0826 4452 rdpbus - ok
20:57:10.0842 4452 [ B2A3AD74FF2E2FFA73AF2567108231B3 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
20:57:10.0858 4452 RDPDR - ok
20:57:10.0905 4452 [ 57F4787E4602A3FCA719C0A33137C6DA ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
20:57:10.0905 4452 RdpVideoMiniport - ok
20:57:10.0920 4452 [ B3CB0721E81E30419CE7D837EF4EA151 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
20:57:10.0951 4452 RDPWD - ok
20:57:10.0967 4452 [ 62C1F8A0685FE07E998AA296C4F697C4 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
20:57:10.0998 4452 rdyboost - ok
20:57:11.0014 4452 [ 3663CCF243EE0C04E9F6F91ED1737273 ] RemoteAccess C:\Windows\System32\mprdim.dll
20:57:11.0045 4452 RemoteAccess - ok
20:57:11.0061 4452 [ E80DD61E52EDFFF9DA1ED7260A68855B ] RemoteRegistry C:\Windows\system32\regsvc.dll
20:57:11.0092 4452 RemoteRegistry - ok
20:57:11.0139 4452 [ 0B169FE016039571ECC6DB70073F8979 ] RichVideo64 C:\Program Files\CyberLink\Shared files\RichVideo64.exe
20:57:11.0155 4452 RichVideo64 - ok
20:57:11.0170 4452 [ 73F2E030B5C24E4E41401B5F0D59E6FD ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
20:57:11.0201 4452 RpcEptMapper - ok
20:57:11.0217 4452 [ 10B21284B3D964AB3DC45490E57D422E ] RpcLocator C:\Windows\system32\locator.exe
20:57:11.0248 4452 RpcLocator - ok
20:57:11.0280 4452 [ 1EC6E533C954BDDF2A37E7851A7E58FD ] RpcSs C:\Windows\system32\rpcss.dll
20:57:11.0295 4452 RpcSs - ok
20:57:11.0311 4452 [ E04E770DD198B9399640717145E79EBF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
20:57:11.0326 4452 rspndr - ok
20:57:11.0358 4452 [ 34DA0D14F5C3F1883A331AFB975AB434 ] RTL8168 C:\Windows\system32\DRIVERS\Rt630x64.sys
20:57:11.0389 4452 RTL8168 - ok
20:57:11.0405 4452 [ 752EC7DCD2F96871A3857EEE6AFE965A ] s3cap C:\Windows\System32\drivers\vms3cap.sys
20:57:11.0420 4452 s3cap - ok
20:57:11.0436 4452 [ F702AB6181513303AB0FC8D59E52708B ] SamSs C:\Windows\system32\lsass.exe
20:57:11.0436 4452 SamSs - ok
20:57:11.0467 4452 [ 9C7B28CE0D136DB226E24DB3BC817F92 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
20:57:11.0467 4452 sbp2port - ok
20:57:11.0498 4452 [ 14316954FCE79C9DE5A0AFF9D42C83AA ] SCardSvr C:\Windows\System32\SCardSvr.dll
20:57:11.0514 4452 SCardSvr - ok
20:57:11.0545 4452 [ 5D7733A12756B267FCA021672B26BC9E ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
20:57:11.0576 4452 scfilter - ok
20:57:11.0608 4452 [ EDCDF4DB82EF825B94B190D544C8C58B ] Schedule C:\Windows\system32\schedsvc.dll
20:57:11.0655 4452 Schedule - ok
20:57:11.0686 4452 [ BAF8F0F55BC300E5F882E521F054E345 ] SCPolicySvc C:\Windows\System32\certprop.dll
20:57:11.0701 4452 SCPolicySvc - ok
20:57:11.0717 4452 [ 12F06525912BBEF67837DE47D87C60A9 ] sdbus C:\Windows\System32\drivers\sdbus.sys
20:57:11.0733 4452 sdbus - ok
20:57:11.0748 4452 [ 92968277ED491E4B3DDA361E3952361E ] SDRSVC C:\Windows\System32\SDRSVC.dll
20:57:11.0780 4452 SDRSVC - ok
20:57:11.0858 4452 [ 206387AB881E93A1A6EB89966C8651F1 ] SDScannerService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
20:57:11.0889 4452 SDScannerService - ok
20:57:11.0920 4452 [ BB107AA9980B0DA4E19A3A90C3BD4460 ] sdstor C:\Windows\System32\drivers\sdstor.sys
20:57:11.0920 4452 sdstor - ok
20:57:11.0951 4452 [ A529CFE32565C0B145578FFB2B32C9A5 ] SDUpdateService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
20:57:11.0983 4452 SDUpdateService - ok
20:57:12.0014 4452 [ CB63BDB77BB86549FC3303C2F11EDC18 ] SDWSCService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
20:57:12.0014 4452 SDWSCService - ok
20:57:12.0045 4452 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
20:57:12.0061 4452 secdrv - ok
20:57:12.0092 4452 [ CD282626738B6BC92B6E7CD0AAE95B63 ] seclogon C:\Windows\system32\seclogon.dll
20:57:12.0123 4452 seclogon - ok
20:57:12.0139 4452 [ 9C51620998F0763039DFA6BF68E475ED ] SENS C:\Windows\System32\sens.dll
20:57:12.0170 4452 SENS - ok
20:57:12.0186 4452 [ 0D50B4B860DAB65241628D04CD33ACAE ] SensrSvc C:\Windows\system32\sensrsvc.dll
20:57:12.0186 4452 SensrSvc - ok
20:57:12.0201 4452 [ 87C46B239A7EEF30FDFDD5E9BD46130C ] SerCx C:\Windows\system32\drivers\SerCx.sys
20:57:12.0217 4452 SerCx - ok
20:57:12.0248 4452 [ 7A1F9347C85FD55E39B8A76B3A25C5AD ] Serenum C:\Windows\System32\drivers\serenum.sys
20:57:12.0264 4452 Serenum - ok
20:57:12.0264 4452 [ F640A0A218BBF857F1D04A15D7D939F6 ] Serial C:\Windows\System32\drivers\serial.sys
20:57:12.0280 4452 Serial - ok
20:57:12.0295 4452 [ F1A5F56B2620B862CC28FF96A0A6DAAB ] sermouse C:\Windows\System32\drivers\sermouse.sys
20:57:12.0373 4452 sermouse - ok
20:57:12.0420 4452 [ CB60A60340788C8D6DE2A269D28086AB ] SessionEnv C:\Windows\system32\sessenv.dll
20:57:12.0436 4452 SessionEnv - ok
20:57:12.0451 4452 [ 7EE65419B29302C795714FF8073969A1 ] sfloppy C:\Windows\System32\drivers\sfloppy.sys
20:57:12.0467 4452 sfloppy - ok
20:57:12.0498 4452 [ 090AE16F79C8EAD04E6031F863DA85F3 ] SharedAccess C:\Windows\System32\ipnathlp.dll
20:57:12.0530 4452 SharedAccess - ok
20:57:12.0561 4452 [ A77F3ABE13FCC698511E5DEC7ACEBD5F ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:57:12.0592 4452 ShellHWDetection - ok
20:57:12.0608 4452 [ 2560721D6F16D5B611C36A3A9D28C1B2 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
20:57:12.0623 4452 SiSRaid2 - ok
20:57:12.0623 4452 [ 3AA8FDE1DBF65BB8B88B053529554A0D ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
20:57:12.0639 4452 SiSRaid4 - ok
20:57:12.0655 4452 [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
20:57:12.0670 4452 SkypeUpdate - ok
20:57:12.0686 4452 [ E660156A4588A84305CB772FD2C0DB21 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
20:57:12.0717 4452 SNMPTRAP - ok
20:57:12.0733 4452 [ 465F3C355CE5ED2779B8F460F14C5A78 ] spaceport C:\Windows\system32\drivers\spaceport.sys
20:57:12.0748 4452 spaceport - ok
20:57:12.0748 4452 [ 3D8679C8DF52EB26EB7583A4E0A29202 ] SpbCx C:\Windows\system32\drivers\SpbCx.sys
20:57:12.0764 4452 SpbCx - ok
20:57:12.0780 4452 [ 3F215BF2D4D8D6756298B25B579772C2 ] Spooler C:\Windows\System32\spoolsv.exe
20:57:12.0811 4452 Spooler - ok
20:57:12.0873 4452 [ EC84D961501054F87A6878EC5D53388F ] sppsvc C:\Windows\system32\sppsvc.exe
20:57:12.0967 4452 sppsvc - ok
20:57:12.0983 4452 [ 0F1FCD575A03ABDE13FCA9D0ADE4DDA6 ] srv C:\Windows\system32\DRIVERS\srv.sys
20:57:13.0014 4452 srv - ok
20:57:13.0030 4452 [ C2106BB710AA34A046126AED7BCA6964 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
20:57:13.0061 4452 srv2 - ok
20:57:13.0155 4452 [ 5A73F1714761B818D4C101B5CE2373CD ] srvcPVR C:\Program Files (x86)\Sceneo\AbsolutTV\Services\PVR\PVRService.exe
20:57:13.0202 4452 srvcPVR ( UnsignedFile.Multi.Generic ) - warning
20:57:13.0202 4452 srvcPVR - detected UnsignedFile.Multi.Generic (1)
20:57:13.0217 4452 [ 9400C71F5A1A380B494B6922F007D485 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
20:57:13.0248 4452 srvnet - ok
20:57:13.0264 4452 [ 7A20882D76D4A78240A5AC9F2C2EBA21 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
20:57:13.0295 4452 SSDPSRV - ok
20:57:13.0311 4452 [ D233B16999A8E626F6004BD7814C57EC ] SstpSvc C:\Windows\system32\sstpsvc.dll
20:57:13.0327 4452 SstpSvc - ok
20:57:13.0358 4452 [ 4E85355B94CFCB67C135F6521A4895A7 ] stexstor C:\Windows\system32\drivers\stexstor.sys
20:57:13.0358 4452 stexstor - ok
20:57:13.0389 4452 [ BAC8A721736AECC55A4F71523AEAB65F ] stisvc C:\Windows\System32\wiaservc.dll
20:57:13.0405 4452 stisvc - ok
20:57:13.0420 4452 [ C588BBD37B432CE3204E5765B459E6B2 ] storahci C:\Windows\system32\drivers\storahci.sys
20:57:13.0436 4452 storahci - ok
20:57:13.0483 4452 [ F74DBC95A57B1EE866D3732EB5F79BE2 ] storflt C:\Windows\system32\DRIVERS\vmstorfl.sys
20:57:13.0498 4452 storflt - ok
20:57:13.0530 4452 [ 5337E138B49ED1F44CCBA4073BC35C20 ] StorSvc C:\Windows\system32\storsvc.dll
20:57:13.0577 4452 StorSvc - ok
20:57:13.0592 4452 [ 543CD3CC0E05B8D8815E0D4F040B6F59 ] storvsc C:\Windows\system32\drivers\storvsc.sys
20:57:13.0608 4452 storvsc - ok
20:57:13.0623 4452 [ 8BC1C1ED6EF9C985A3FAA6A72F41679A ] svsvc C:\Windows\system32\svsvc.dll
20:57:13.0655 4452 svsvc - ok
20:57:13.0670 4452 [ 4AFD66AAE74FFB5986BC240744DC5FC9 ] swenum C:\Windows\System32\drivers\swenum.sys
20:57:13.0686 4452 swenum - ok
20:57:13.0702 4452 [ 502F9488540051F3E6C39889ECFA76BB ] swprv C:\Windows\System32\swprv.dll
20:57:13.0733 4452 swprv - ok
20:57:13.0748 4452 [ DC21E1F06343773D7E24362DCEF7944B ] SysMain C:\Windows\system32\sysmain.dll
20:57:13.0780 4452 SysMain - ok
20:57:13.0795 4452 [ E219BF7BCCFE4881B0C053C7E0B47ECC ] SystemEventsBroker C:\Windows\System32\SystemEventsBrokerServer.dll
20:57:13.0827 4452 SystemEventsBroker - ok
20:57:13.0858 4452 [ A6C06C45C44AD06C70AF8899AEC15BDC ] TabletInputService C:\Windows\System32\TabSvc.dll
20:57:13.0873 4452 TabletInputService - ok
20:57:13.0905 4452 [ 88B7721AB551C4325036B25A34A2BF7B ] TapiSrv C:\Windows\System32\tapisrv.dll
20:57:13.0936 4452 TapiSrv - ok
20:57:13.0967 4452 [ D192288CE5FB395F0BBAFDD1A8B5285D ] Tcpip C:\Windows\system32\drivers\tcpip.sys
20:57:14.0014 4452 Tcpip - ok
20:57:14.0030 4452 [ D192288CE5FB395F0BBAFDD1A8B5285D ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
20:57:14.0061 4452 TCPIP6 - ok
20:57:14.0092 4452 [ 8F2A13A5DF99D72FDDE87F502A66F989 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
20:57:14.0123 4452 tcpipreg - ok
20:57:14.0123 4452 [ 73DC722CE5DF26D7638CE2446F2655C7 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
20:57:14.0155 4452 tdx - ok
20:57:14.0155 4452 [ F7C8AB5D8AFFAA318D6A21093D139BF4 ] terminpt C:\Windows\System32\drivers\terminpt.sys
20:57:14.0170 4452 terminpt - ok
20:57:14.0202 4452 [ 541EE228D0DEF392F7B2DFD885DD021B ] TermService C:\Windows\System32\termsrv.dll
20:57:14.0217 4452 TermService - ok
20:57:14.0248 4452 [ 519A6F672FFF56B7D8EE8C730CEC8ECD ] Themes C:\Windows\system32\themeservice.dll
20:57:14.0280 4452 Themes - ok
20:57:14.0295 4452 [ EEE908BE7143FCA48CF0CB87214E2AB8 ] THREADORDER C:\Windows\system32\mmcss.dll
20:57:14.0311 4452 THREADORDER - ok
20:57:14.0342 4452 [ FF4135424A79DCC2998276D8E39C9B4D ] TimeBroker C:\Windows\System32\TimeBrokerServer.dll
20:57:14.0373 4452 TimeBroker - ok
20:57:14.0405 4452 [ B44EFE254C0B3719E4037088D24FE4B5 ] TPM C:\Windows\system32\drivers\tpm.sys
20:57:14.0420 4452 TPM - ok
20:57:14.0436 4452 [ 8C8CF3041B27E7657ADD0EE17F6DBFCA ] TrkWks C:\Windows\System32\trkwks.dll
20:57:14.0452 4452 TrkWks - ok
20:57:14.0498 4452 [ 8D516AEF3C1DF980664CF17BB1FF6093 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:57:14.0514 4452 TrustedInstaller - ok
20:57:14.0545 4452 [ 4E7C5FB10A50435523DE0CAA37DE2BD3 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
20:57:14.0545 4452 TsUsbFlt - ok
20:57:14.0561 4452 [ 16D684A820872EE54F6370703AC0B513 ] TsUsbGD C:\Windows\System32\drivers\TsUsbGD.sys
20:57:14.0577 4452 TsUsbGD - ok
20:57:14.0592 4452 [ 78C9EE193AC2B4CBDBC48B620314D740 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
20:57:14.0608 4452 tunnel - ok
20:57:14.0623 4452 [ 6D4F67CA56ACA2085DFA2CD89EAFBC1A ] uagp35 C:\Windows\system32\drivers\uagp35.sys
20:57:14.0623 4452 uagp35 - ok
20:57:14.0639 4452 [ 6FD6D03B7752C78712E5CFF29A305026 ] UASPStor C:\Windows\System32\drivers\uaspstor.sys
20:57:14.0639 4452 UASPStor - ok
20:57:14.0655 4452 [ 1ED222DFE6C13DA50FE081ABF90CAFE1 ] UCX01000 C:\Windows\System32\drivers\ucx01000.sys
20:57:14.0670 4452 UCX01000 - ok
20:57:14.0686 4452 [ DC5A461591C71AF7F19DC048A81E3F88 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
20:57:14.0702 4452 udfs - ok
20:57:14.0717 4452 [ FB3475FEA1CCB0DAEA1EBE44D0E3BB7D ] UI0Detect C:\Windows\system32\UI0Detect.exe
20:57:14.0748 4452 UI0Detect - ok
20:57:14.0764 4452 [ 07FEBCDF24FABA0D47B635D85A0FFB7A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
20:57:14.0764 4452 uliagpkx - ok
20:57:14.0858 4452 [ 02CEB3FE6152668A7BA420B93B664860 ] umbus C:\Windows\System32\drivers\umbus.sys
20:57:14.0889 4452 umbus - ok
20:57:14.0905 4452 [ 991EE6B5FC41EAEF99C8AF5B92F2CA09 ] UmPass C:\Windows\System32\drivers\umpass.sys
20:57:14.0936 4452 UmPass - ok
20:57:14.0967 4452 [ 43FEFB040A0CC30F795FBF544169594D ] UmRdpService C:\Windows\System32\umrdp.dll
20:57:15.0014 4452 UmRdpService - ok
20:57:15.0045 4452 [ DBE2E6388379D5CC78099650541E9566 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
20:57:15.0061 4452 UNS - ok
20:57:15.0092 4452 [ 14D22C411854AA2560AFC94CD2D5E61F ] upnphost C:\Windows\System32\upnphost.dll
20:57:15.0123 4452 upnphost - ok
20:57:15.0139 4452 [ 4E93C8496359E97830C75AC36393654D ] upperdev C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys
20:57:15.0170 4452 upperdev - ok
20:57:15.0186 4452 [ 3FBE0784E42E7BA93FCC5201D2BAFE23 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
20:57:15.0217 4452 usbaudio - ok
20:57:15.0233 4452 [ 2AF9F0E16D75B8F783A1ACE74EF51C9B ] usbccgp C:\Windows\System32\drivers\usbccgp.sys
20:57:15.0248 4452 usbccgp - ok
20:57:15.0248 4452 [ B395B62B62F28106218FA6FB17F4C797 ] usbcir C:\Windows\System32\drivers\usbcir.sys
20:57:15.0264 4452 usbcir - ok
20:57:15.0280 4452 [ 52F267AEE8CA5AA5CEB88C6A71EE1E86 ] usbehci C:\Windows\System32\drivers\usbehci.sys
20:57:15.0295 4452 usbehci - ok
20:57:15.0311 4452 [ FBB6794E3BBAD92D66D59D206C1F849F ] usbhub C:\Windows\System32\drivers\usbhub.sys
20:57:15.0327 4452 usbhub - ok
20:57:15.0358 4452 [ B7A948501424805571BF562BB0BFE31D ] USBHUB3 C:\Windows\System32\drivers\UsbHub3.sys
20:57:15.0373 4452 USBHUB3 - ok
20:57:15.0373 4452 [ 325F6179009B5A7F6118951A5BA422AB ] usbohci C:\Windows\System32\drivers\usbohci.sys
20:57:15.0389 4452 usbohci - ok
20:57:15.0420 4452 [ BA3ABE0CD1C14B3295BAD0F076B84CAC ] usbprint C:\Windows\System32\drivers\usbprint.sys
20:57:15.0436 4452 usbprint - ok
20:57:15.0452 4452 [ 72334EC4B3FD4EB270623E32E701B57D ] usbser C:\Windows\system32\drivers\usbser.sys
20:57:15.0483 4452 usbser - ok
20:57:15.0499 4452 [ 8844CB19A37B65E27049D4A7786726A9 ] UsbserFilt C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys
20:57:15.0530 4452 UsbserFilt - ok
20:57:15.0545 4452 [ F77177F6C95B2116EE7AD23B5EF57007 ] USBSTOR C:\Windows\System32\drivers\USBSTOR.SYS
20:57:15.0545 4452 USBSTOR - ok
20:57:15.0577 4452 [ D25EF4A6EC244C5DE85D88A05B7C149D ] usbuhci C:\Windows\System32\drivers\usbuhci.sys
20:57:15.0592 4452 usbuhci - ok
20:57:15.0623 4452 [ 09799E701B4327097E9F63D3FE221083 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
20:57:15.0639 4452 usbvideo - ok
20:57:15.0670 4452 [ 9CD4259AD15F84DE27B94A956C978D6C ] USBXHCI C:\Windows\System32\drivers\USBXHCI.SYS
20:57:15.0686 4452 USBXHCI - ok
20:57:15.0686 4452 [ F702AB6181513303AB0FC8D59E52708B ] VaultSvc C:\Windows\system32\lsass.exe
20:57:15.0702 4452 VaultSvc - ok
20:57:15.0733 4452 [ BACECBFF9C97F7627A60B0E0F1FE7EE8 ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
20:57:15.0733 4452 vdrvroot - ok
20:57:15.0764 4452 [ 8A8CDA9E3CF2E0B4C6CC19FBC6FB9A71 ] vds C:\Windows\System32\vds.exe
20:57:15.0795 4452 vds - ok
20:57:15.0811 4452 [ 74FA2D4368DE6F6CE14393EDF1F342BE ] VerifierExt C:\Windows\system32\drivers\VerifierExt.sys
20:57:15.0827 4452 VerifierExt - ok
20:57:15.0842 4452 [ 8628FA679F0EC4B709CCD1F6B6A3233B ] vhdmp C:\Windows\System32\drivers\vhdmp.sys
20:57:15.0858 4452 vhdmp - ok
20:57:15.0858 4452 [ F5B4A14B00E89250C50982AC762DDD1D ] viaide C:\Windows\system32\drivers\viaide.sys
20:57:15.0858 4452 viaide - ok
20:57:15.0874 4452 [ 78DB50F7329F6D1311658DABFFFC8BE0 ] vmbus C:\Windows\system32\drivers\vmbus.sys
20:57:15.0874 4452 vmbus - ok
20:57:15.0874 4452 [ ECFEE2F2BA3932C7880D1A8F67D68F91 ] VMBusHID C:\Windows\System32\drivers\VMBusHID.sys
20:57:15.0889 4452 VMBusHID - ok
20:57:15.0936 4452 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicheartbeat C:\Windows\System32\ICSvc.dll
20:57:15.0952 4452 vmicheartbeat - ok
20:57:15.0967 4452 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmickvpexchange C:\Windows\System32\ICSvc.dll
20:57:15.0967 4452 vmickvpexchange - ok
20:57:15.0983 4452 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicrdv C:\Windows\System32\ICSvc.dll
20:57:15.0983 4452 vmicrdv - ok
20:57:15.0999 4452 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicshutdown C:\Windows\System32\ICSvc.dll
20:57:15.0999 4452 vmicshutdown - ok
20:57:16.0014 4452 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmictimesync C:\Windows\System32\ICSvc.dll
20:57:16.0014 4452 vmictimesync - ok
20:57:16.0014 4452 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicvss C:\Windows\System32\ICSvc.dll
20:57:16.0030 4452 vmicvss - ok
20:57:16.0061 4452 [ CB60FAAED8B49B812EBBF77EB87D9B18 ] volmgr C:\Windows\system32\drivers\volmgr.sys
20:57:16.0061 4452 volmgr - ok
20:57:16.0061 4452 [ A74101DA9809251BCD0E5A26BAE0F824 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
20:57:16.0077 4452 volmgrx - ok
20:57:16.0092 4452 [ 2FB3CDFD5EAF4CD9D4AFAF96877D13AE ] volsnap C:\Windows\system32\drivers\volsnap.sys
20:57:16.0092 4452 volsnap - ok
20:57:16.0108 4452 [ A8DA1C1B52ECEA3726DEBED4FF1B700D ] vpci C:\Windows\System32\drivers\vpci.sys
20:57:16.0124 4452 vpci - ok
20:57:16.0124 4452 [ 38A60CD9C009C55C6D3B5586F8E6A353 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
20:57:16.0139 4452 vsmraid - ok
20:57:16.0170 4452 [ EA658570314042C914964FC72AB50E6B ] VSS C:\Windows\system32\vssvc.exe
20:57:16.0233 4452 VSS - ok
20:57:16.0233 4452 [ A0F6FE0FC2F647C22BBFD6BD4249DBCC ] VSTXRAID C:\Windows\system32\drivers\vstxraid.sys
20:57:16.0249 4452 VSTXRAID - ok
20:57:16.0264 4452 [ 62460A45435A26A334907E3F2EA45611 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
20:57:16.0280 4452 vwifibus - ok
20:57:16.0295 4452 [ 095E943D27025E4D588AF0A72CC2318F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
20:57:16.0311 4452 vwififlt - ok
20:57:16.0311 4452 [ 73FA1A41A97A5C34ADC03B3577FF1A86 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
20:57:16.0342 4452 vwifimp - ok
20:57:16.0358 4452 [ F690B6EEAA94576727B24376D7ED3601 ] W32Time C:\Windows\system32\w32time.dll
20:57:16.0389 4452 W32Time - ok
20:57:16.0405 4452 [ 6B806E893714019969E2B50D7EF6A4D9 ] WacomPen C:\Windows\System32\drivers\wacompen.sys
20:57:16.0405 4452 WacomPen - ok
20:57:16.0436 4452 [ 6081CEC9EF9EB145D8B46655C7708D51 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
20:57:16.0452 4452 Wanarp - ok
20:57:16.0467 4452 [ 6081CEC9EF9EB145D8B46655C7708D51 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
20:57:16.0467 4452 Wanarpv6 - ok
20:57:16.0499 4452 [ 42DF22F8C448E7CD219F6D63743505E2 ] wbengine C:\Windows\system32\wbengine.exe
20:57:16.0545 4452 wbengine - ok
20:57:16.0561 4452 [ 31D37B2F6069C631EF0557D322924812 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
20:57:16.0592 4452 WbioSrvc - ok
20:57:16.0592 4452 [ D9C1E82651BF19C6FF69CEC6FD400124 ] Wcmsvc C:\Windows\System32\wcmsvc.dll
20:57:16.0608 4452 Wcmsvc - ok
20:57:16.0639 4452 [ 5B5FEAB51172F5513C2CF7B39CFA6A01 ] wcncsvc C:\Windows\System32\wcncsvc.dll
20:57:16.0655 4452 wcncsvc - ok
20:57:16.0686 4452 [ E19556D414332E2BEBA1F368229006B4 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:57:16.0702 4452 WcsPlugInService - ok
20:57:16.0733 4452 [ B3A4D918DAB90505B6BC7B70632913CB ] Wd C:\Windows\system32\drivers\wd.sys
20:57:16.0733 4452 Wd - ok
20:57:16.0749 4452 [ 260F8DFC4D5748F4CCB9B19CFB0E58EA ] WdBoot C:\Windows\system32\drivers\WdBoot.sys
20:57:16.0749 4452 WdBoot - ok
20:57:16.0780 4452 [ 2ADC985B85A71BD7D99712EC0C24358B ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
20:57:16.0795 4452 Wdf01000 - ok
20:57:16.0811 4452 [ 880FFFC4D5BBBB4187B6B04AB2E8C32A ] WdFilter C:\Windows\system32\drivers\WdFilter.sys
20:57:16.0811 4452 WdFilter - ok
20:57:16.0842 4452 [ 240FC332484572227CD1DF82407F33E5 ] WdiServiceHost C:\Windows\system32\wdi.dll
20:57:16.0858 4452 WdiServiceHost - ok
20:57:16.0858 4452 [ 240FC332484572227CD1DF82407F33E5 ] WdiSystemHost C:\Windows\system32\wdi.dll
20:57:16.0874 4452 WdiSystemHost - ok
20:57:16.0889 4452 [ F2002DA5E6B78C15B2CD48CFF8F0FBB6 ] WebClient C:\Windows\System32\webclnt.dll
20:57:16.0920 4452 WebClient - ok
20:57:16.0936 4452 [ 35FD720943D4FCD75C3275BF062FF140 ] Wecsvc C:\Windows\system32\wecsvc.dll
20:57:16.0952 4452 Wecsvc - ok
20:57:16.0967 4452 [ 4D2612E3C462B68F499D840B1133263E ] wercplsupport C:\Windows\System32\wercplsupport.dll
20:57:17.0014 4452 wercplsupport - ok
20:57:17.0030 4452 [ 8E2426162ED6749A127B35D235F21E11 ] WerSvc C:\Windows\System32\WerSvc.dll
20:57:17.0045 4452 WerSvc - ok
20:57:17.0077 4452 [ FE762D3498719C3A23471BBA62F747B4 ] WFPLWFS C:\Windows\system32\DRIVERS\wfplwfs.sys
20:57:17.0092 4452 WFPLWFS - ok
20:57:17.0124 4452 [ 60E0C220593DA4F7C289CB909D2DBAE0 ] WiaRpc C:\Windows\System32\wiarpc.dll
20:57:17.0139 4452 WiaRpc - ok
20:57:17.0155 4452 [ A3C7624A42A3447EF5EDD1ED37FE4E60 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
20:57:17.0155 4452 WIMMount - ok
20:57:17.0186 4452 WinDefend - ok
20:57:17.0233 4452 [ 7911470B6018059A880469A63B65700A ] WinHttpAutoProxySvc C:\Windows\system32\winhttp.dll
20:57:17.0249 4452 WinHttpAutoProxySvc - ok
20:57:17.0311 4452 [ 3D6B518B71C75C8FA4115A33615C107A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
20:57:17.0342 4452 Winmgmt - ok
20:57:17.0389 4452 [ 8E212A627F33F6FC3B5F3BB47212F66E ] WinRM C:\Windows\system32\WsmSvc.dll
20:57:17.0452 4452 WinRM - ok
20:57:17.0483 4452 [ BB20956C424531003F7FA6CD36F11D5D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
20:57:17.0514 4452 WinUsb - ok
20:57:17.0545 4452 [ 6351724B8FA0255C2DBD970297F00B93 ] WlanSvc C:\Windows\System32\wlansvc.dll
20:57:17.0592 4452 WlanSvc - ok
20:57:17.0624 4452 [ B330CE47FB74A6BE9A3FFFF4B3F64D9B ] wlidsvc C:\Windows\system32\wlidsvc.dll
20:57:17.0671 4452 wlidsvc - ok
20:57:17.0702 4452 [ E2A596CACFC6504306CDB7B593B90084 ] WmiAcpi C:\Windows\System32\drivers\wmiacpi.sys
20:57:17.0702 4452 WmiAcpi - ok
20:57:17.0733 4452 [ D113499052C5E541906B727779F0F959 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
20:57:17.0749 4452 wmiApSrv - ok
20:57:17.0780 4452 WMPNetworkSvc - ok
20:57:17.0796 4452 [ C6FF953D5D6F2EAE3B8883474D5076B3 ] wpcfltr C:\Windows\system32\DRIVERS\wpcfltr.sys
20:57:17.0827 4452 wpcfltr - ok
20:57:17.0858 4452 [ A6ED163169876BFD2437E872FE2F1509 ] WPCSvc C:\Windows\System32\wpcsvc.dll
20:57:17.0874 4452 WPCSvc - ok
20:57:17.0889 4452 [ 94AA5150E35B3ABB7191FE641E3C2473 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
20:57:17.0921 4452 WPDBusEnum - ok
20:57:17.0936 4452 [ 0346CAFC181C91C6E2330332EB332ED6 ] WpdUpFltr C:\Windows\system32\drivers\WpdUpFltr.sys
20:57:17.0952 4452 WpdUpFltr - ok
20:57:17.0967 4452 [ BC8B5CB336E63BB25EAD1CE8EDD34B81 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
20:57:17.0999 4452 ws2ifsl - ok
20:57:18.0014 4452 [ FB0C1B7F94FA08E72F19F6F2CE7210E1 ] wscsvc C:\Windows\System32\wscsvc.dll
20:57:18.0030 4452 wscsvc - ok
20:57:18.0061 4452 [ 74EFDA0526862C3D8D01A776182798EA ] WSDPrintDevice C:\Windows\System32\drivers\WSDPrint.sys
20:57:18.0077 4452 WSDPrintDevice - ok
20:57:18.0092 4452 [ FA07DF46070F0826139709EF4D31FB71 ] WSDScan C:\Windows\System32\drivers\WSDScan.sys
20:57:18.0124 4452 WSDScan - ok
20:57:18.0124 4452 WSearch - ok
20:57:18.0186 4452 [ C10BFFEE7E0D7A1366E84F251796C51D ] WSService C:\Windows\System32\WSService.dll
20:57:18.0233 4452 WSService - ok
20:57:18.0280 4452 [ A8484C0CB54DB48180FB7CA00F1C3F8F ] wuauserv C:\Windows\system32\wuaueng.dll
20:57:18.0358 4452 wuauserv - ok
20:57:18.0374 4452 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
20:57:18.0389 4452 WudfPf - ok
20:57:18.0405 4452 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\System32\drivers\WUDFRd.sys
20:57:18.0421 4452 WUDFRd - ok
20:57:18.0421 4452 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFSensorLP C:\Windows\system32\DRIVERS\WUDFRd.sys
20:57:18.0436 4452 WUDFSensorLP - ok
20:57:18.0467 4452 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
20:57:18.0483 4452 wudfsvc - ok
20:57:18.0483 4452 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFWpdFs C:\Windows\system32\DRIVERS\WUDFRd.sys
20:57:18.0499 4452 WUDFWpdFs - ok
20:57:18.0499 4452 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFWpdMtp C:\Windows\system32\DRIVERS\WUDFRd.sys
20:57:18.0514 4452 WUDFWpdMtp - ok
20:57:18.0546 4452 [ F9D8D2E6ECE08B278621D5BF3A7240A6 ] WwanSvc C:\Windows\System32\wwansvc.dll
20:57:18.0561 4452 WwanSvc - ok
20:57:18.0577 4452 ================ Scan global ===============================
20:57:18.0608 4452 [ DDC1AFBF9DDF880CE9BD3896114D8DED ] C:\Windows\system32\basesrv.dll
20:57:18.0639 4452 [ E9343076AE704D20BB0D01F3AF3EFFEF ] C:\Windows\system32\winsrv.dll
20:57:18.0655 4452 [ BD7C6949984D19AAA609896B675E7357 ] C:\Windows\system32\sxssrv.dll
20:57:18.0686 4452 [ 8F226143046435C75C033B0C52E90FFE ] C:\Windows\system32\services.exe
20:57:18.0686 4452 [Global] - ok
20:57:18.0686 4452 ================ Scan MBR ==================================
20:57:18.0702 4452 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
20:57:18.0764 4452 \Device\Harddisk0\DR0 - ok
20:57:18.0764 4452 ================ Scan VBR ==================================
20:57:18.0764 4452 [ 34CE1BCAC45C56D9F7BAFD48EDB7C575 ] \Device\Harddisk0\DR0\Partition1
20:57:18.0764 4452 \Device\Harddisk0\DR0\Partition1 - ok
20:57:18.0811 4452 [ BB638046B5045681E05FD2454FBB5943 ] \Device\Harddisk0\DR0\Partition2
20:57:18.0811 4452 \Device\Harddisk0\DR0\Partition2 - ok
20:57:18.0811 4452 [ 9D327BA77F9A4BB193707A464C3EE21D ] \Device\Harddisk0\DR0\Partition3
20:57:18.0811 4452 \Device\Harddisk0\DR0\Partition3 - ok
20:57:18.0827 4452 [ 39F6509B51FBCCD9C4D860897621ABB8 ] \Device\Harddisk0\DR0\Partition4
20:57:18.0827 4452 \Device\Harddisk0\DR0\Partition4 - ok
20:57:18.0843 4452 [ D05D5C4D54B3C1DF55828FCA60EB5E09 ] \Device\Harddisk0\DR0\Partition5
20:57:18.0843 4452 \Device\Harddisk0\DR0\Partition5 - ok
20:57:18.0874 4452 [ 2BF83185E0C5635C3292EA62D7E7DA32 ] \Device\Harddisk0\DR0\Partition6
20:57:18.0874 4452 \Device\Harddisk0\DR0\Partition6 - ok
20:57:18.0874 4452 ============================================================
20:57:18.0874 4452 Scan finished
20:57:18.0874 4452 ============================================================
20:57:18.0889 4608 Detected object count: 2
20:57:18.0889 4608 Actual detected object count: 2
20:57:50.0428 4608 IAStorDataMgrSvc ( UnsignedFile.Multi.Generic ) - skipped by user
20:57:50.0429 4608 IAStorDataMgrSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:57:50.0429 4608 srvcPVR ( UnsignedFile.Multi.Generic ) - skipped by user
20:57:50.0429 4608 srvcPVR ( UnsignedFile.Multi.Generic ) - User select action: Skip

Alt 03.03.2013, 21:22   #9
markusg
/// Malware-holic
 
http://www.searchnu.com/413 Trojaner - Standard

http://www.searchnu.com/413 Trojaner



Hi,
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 03.03.2013, 21:36   #10
charliee
 
http://www.searchnu.com/413 Trojaner - Standard

http://www.searchnu.com/413 Trojaner



Ich habe Windows 8.
Er zeigt mir an, dass er auf meinem BEtriebssystem nicht funktioniert.

Alt 03.03.2013, 21:37   #11
markusg
/// Malware-holic
 
http://www.searchnu.com/413 Trojaner - Standard

http://www.searchnu.com/413 Trojaner



sorry
bitte mal Malwarebytes updaten und vollständigen Scan ausführen
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 04.03.2013, 21:40   #12
charliee
 
http://www.searchnu.com/413 Trojaner - Standard

http://www.searchnu.com/413 Trojaner



Malwarebytes Anti-Malware (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.03.04.09

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16484
Cara ***:: CARAS-PC [Administrator]

Schutz: Deaktiviert

04.03.2013 20:50:27
mbam-log-2013-03-04 (20-50-27).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 477670
Laufzeit: 46 Minute(n), 46 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Kein Fund allerdings befinden sich immer noch Dateien in der Quarantäne von Spybot.
Und wie mache ich das mit dem CODE Format. Am Anfang hat es ja geklappt nur jetzt nicht mehr.

Alt 04.03.2013, 22:10   #13
markusg
/// Malware-holic
 
http://www.searchnu.com/413 Trojaner - Standard

http://www.searchnu.com/413 Trojaner



klick auf antworten und da kannst du die codetaks einsehen
Code:
ATTFilter
         
lade den CCleaner standard:
CCleaner - Download - Filepony
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 04.03.2013, 22:22   #14
charliee
 
http://www.searchnu.com/413 Trojaner - Standard

http://www.searchnu.com/413 Trojaner



7-Zip 9.22 (x64 edition) Igor Pavlov 18.01.2013 4,75MB 9.22.00.0 unnötig
Adobe Flash Player 11 Plugin Adobe Systems Incorporated 28.02.2013 6,00MB 11.6.602.171 notwendig
Alcor Micro USB Card Reader Driver Alcor Micro Corp. 19.09.2012 9.1716.6366.1700 unbekannt
ArcSoft TV 5.0 ArcSoft 02.11.2012 67,1MB 5.0.8.133 notwendig
Ashampoo AppLauncher (Medion) v.1.0.0 Ashampoo GmbH & Co. KG 19.09.2012 310MB 1.0.0 unbekannt
Bing Bar Microsoft Corporation 11.01.2013 464KB 7.1.391.0 unbekannt
CCleaner Piriform 25.02.2013 3.28 notwendig
CyberLink PhotoDirector 3 CyberLink Corp. 19.09.2012 211MB 3.0.3124 unbekannt
CyberLink PhotoNow CyberLink Corp. 19.09.2012 21,7MB 1.1.7717 unbekannt
CyberLink PowerRecover CyberLink Corp. 02.11.2012 5.7.0.0913 unbekannt
D-i-v-X AVI Codec Pack Pro 2.4.0 D-i-v-X AVI Codec Pack Pro 04.01.2013 unnötig
DAEMON Tools Lite DT Soft Ltd 01.03.2013 4.46.1.0327 notwendig
Die Sims™ 3 Electronic Arts 17.01.2013 1.47.6 unnötig
Download Navigator SEIKO EPSON CORPORATION 02.02.2013 6,15MB 3.4.1 unbekannt
Druckerdeinstallation für EPSON XP-205 207 Series SEIKO EPSON Corporation 18.01.2013 unbekannt
DVBViewer Pro DEMO CM&V 06.01.2013 9,42MB 4.8.1 unbekannt
eDocPrintPro v3.17.0 MAY-Computer 23.02.2013 8,44MB 3.17.0 notwendig
Epson Connect Printer Setup SEIKO EPSON CORPORATION 02.02.2013 8,32MB 1.1.1 notwendig
EPSON Scan Seiko Epson Corporation 02.02.2013 notwendig
Fintek_CIR Fintek_Inc 19.09.2012 2.00.0000 unbekannt
Free Audio CD Burner version 2.0.22.1212 DVDVideoSoft Ltd. 23.01.2013 62,7MB 2.0.22.1212 unnötig
Free FLV Converter V 7.5.0 Koyote Soft 01.03.2013 17,6MB 7.5.0.0 unnötig (von denen kommt der Virus)
Free MP4 Video Converter version 5.0.22.128 DVDVideoSoft Ltd. 29.01.2013 73,6MB 5.0.22.128 unnötig
Free Studio version 2013 DVDVideoSoft Ltd. 29.01.2013 413MB 6.0.0.128 unnötig
Free YouTube Download version 3.1.42.1212 DVDVideoSoft Ltd. 31.12.2012 67,8MB 3.1.42.1212 unnötig
Free YouTube to MP3 Converter version 3.11.37.1212 DVDVideoSoft Ltd. 04.01.2013 72,7MB 3.11.37.1212 unnötig
GIMP 2.8.2 The GIMP Team 04.01.2013 234MB 2.8.2 notwendig
Google Chrome Google Inc. 30.12.2012 25.0.1364.97 notwendig
Google Drive Google, Inc. 16.01.2013 16,2MB 1.7.4018.3496 unnötig
gs_x86 MAY-Computer 23.02.2013 33,6MB 9.00 unbekannt
HandBrake 0.9.8 24.02.2013 0.9.8 unnötig
Intel(R) Management Engine Components Intel Corporation 10.10.2012 8.1.0.1252
Intel(R) Processor Graphics Intel Corporation 10.10.2012 9.17.10.2843
Intel(R) Rapid Storage Technology Intel Corporation 10.10.2012 11.5.4.1001
Intel(R) SDK for OpenCL - CPU Only Runtime Package Intel Corporation 10.10.2012 2.0.0.37149
alle vier unbekannt
IT9130 Driver v12.2.3.1 02.11.2012 unbekannt
Java 7 Update 15 Oracle 23.02.2013 129MB 7.0.150 notwendig
K-Lite Codec Pack 5.2.0 (Full) 03.02.2013 5.2.0 unnötig
Kaspersky Internet Security 2013 Kaspersky Lab 16.09.2012 13.0.1.4190 notwendig
Malwarebytes Anti-Malware Version 1.70.0.1100 Malwarebytes Corporation 01.03.2013 18,5MB 1.70.0.1100 notwendig
Mediathek Medion 16.09.2012 2,06MB 1.4.0 notwendig
Medion Home Cinema 10 CyberLink Corp. 02.11.2012 1,66GB 10.0 unnötig
Microsoft Office Professional Plus 2010 Microsoft Corporation 31.12.2012 14.0.6029.1000 notwendig
Microsoft Silverlight Microsoft Corporation 16.09.2012 40,4MB 4.1.10329.0 unbekannt
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 16.09.2012 1,92MB 3.1.0000unbekannt
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 19.09.2012 4,84MB 8.0.56336unbekannt
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 19.09.2012 13,2MB 9.0.30729unbekannt
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 31.12.2012 13,2MB 9.0.30729.6161unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Corporation 06.01.2013 5,95MB 9.0.21022unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 19.09.2012 10,2MB 9.0.30729unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 19.09.2012 8,69MB 9.0.30729.4148unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 31.12.2012 10,1MB 9.0.30729.6161unbekannt
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Corporation 19.09.2012 13,8MB 10.0.40219unbekannt
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 19.09.2012 11,1MB 10.0.40219unbekannt
Microsoft WSE 3.0 Runtime Microsoft Corp. 31.12.2012 1,76MB 3.0.5305.0unbekannt
Mozilla Firefox 18.0 (x86 de) Mozilla 14.01.2013 43,2MB 18.0 unnötig
Mozilla Maintenance Service Mozilla 14.01.2013 330KB 18.0 unbekannt
Nokia Connectivity Cable Driver 13.01.2013 7.1.32.69 unbekannt
Origin Electronic Arts, Inc. 31.12.2012 9.1.3.2637 unnötig
PhotoScape 05.01.2013 notwendig
Picasa 3 Google, Inc. 27.01.2013 3.8 notwedig
PowerDirector CyberLink Corp. 10.10.2012 297MB 9.0.0.3815c unbekannt
PowerRecover CyberLink Corp. 10.10.2012 5.7.0.0913 unbekannt
QuickLaunch Lenovo Group Limited 19.09.2012 2,28MB 1.00.0019 unbekannt
Ralink RT2860 Wireless LAN Card Ralink 19.09.2012 1.2.0.40 unbekannt
Realtek Ethernet Controller Driver Realtek 19.09.2012 8.3.730.2012 unbekannt
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 19.09.2012 6.0.1.6710 unbekannt
Sceneo AbsolutTV 06.01.2013 unnötig
Skype™ 6.1 Skype Technologies S.A. 29.01.2013 21,1MB 6.1.129 notwenig
Spybot - Search & Destroy Safer-Networking Ltd. 01.03.2013 135MB 2.0.12 unnötig
System Requirements Lab Detection Husdawg, LLC 01.01.2013 631KB 1.0.5.0 unnötig
TV-Browser 3.2.1 TV-Browser Team 06.01.2013 3.2.1 unnötig
Vegas Pro 12.0 (64-bit) Sony 02.01.2013 563MB 12.0.394 unnötig
Video DVD Maker v3.32.0.80 03.02.2013 unnötig
VLC media player 2.0.5 VideoLAN 30.12.2012 2.0.5 notwendig
Windows Live Essentials Microsoft Corporation 08.10.2012 16.4.3505.0912 unnötig

Alt 04.03.2013, 22:25   #15
markusg
/// Malware-holic
 
http://www.searchnu.com/413 Trojaner - Standard

http://www.searchnu.com/413 Trojaner



deinstaliere:
7-Zip
Ashampoo
Bing
CyberLink : alle
Die Sims™
Download Navigator
DVBViewer
Free : alle
Google Drive
HandBrake
K-Lite
Origin
PowerDirector
PowerRecover
Sceneo
Spybot
TV-Browser
Vegas
Video DVD
Windows Live

Öffne CCleaner analysieren, starten, PC neustarten
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu http://www.searchnu.com/413 Trojaner
administrator, anti-malware, autostart, beseitigt, bösartige, chip.de, dateien, ergebnis, explorer, heute, mbam, minute, nichts, player, plötzlich, registrierung, schei, schöne, schönen, seite, speicher, test, troja, trojaner, version, virus



Ähnliche Themen: http://www.searchnu.com/413 Trojaner


  1. http://www.searchnu.com/410 Mozilla Firefox
    Plagegeister aller Art und deren Bekämpfung - 04.07.2014 (10)
  2. Trojaner? Virus? Maleware? http://www.searchnu.com/406?appid=20 entfernen.
    Log-Analyse und Auswertung - 12.07.2013 (12)
  3. http://www.searchnu.com/406?tag=newtab als Startseite
    Log-Analyse und Auswertung - 13.12.2012 (15)
  4. http://www.searchnu.com/406 durch ilivid
    Plagegeister aller Art und deren Bekämpfung - 27.11.2012 (12)
  5. http://www.searchnu.com/413
    Plagegeister aller Art und deren Bekämpfung - 17.10.2012 (1)
  6. http://www.searchnu.com/410 - wie wegkriegen?
    Plagegeister aller Art und deren Bekämpfung - 06.09.2012 (1)
  7. Trojaner Searchnu - http://www.searchnu.com/413?tag=newtab
    Log-Analyse und Auswertung - 30.08.2012 (29)
  8. Startseite http://www.searchnu.com/410 Windows 7
    Log-Analyse und Auswertung - 27.08.2012 (17)
  9. http://www.searchnu.com/406 als startseite! Trojana?
    Log-Analyse und Auswertung - 11.06.2012 (8)
  10. Trojaner an Board? "http://www.searchnu.com/410" , wie werde ich wieder los?
    Log-Analyse und Auswertung - 17.05.2012 (1)
  11. Problem mit Trojaner http://www.searchnu.com/413
    Log-Analyse und Auswertung - 04.05.2012 (1)
  12. Trojaner http://www.searchnu.com/406
    Log-Analyse und Auswertung - 01.05.2012 (12)
  13. http://www.searchnu.com/410
    Log-Analyse und Auswertung - 24.04.2012 (7)
  14. Problem mit http://www.searchnu.com/413?tag=newtab
    Plagegeister aller Art und deren Bekämpfung - 20.04.2012 (1)
  15. Startseite http://www.searchnu.com/410
    Log-Analyse und Auswertung - 15.04.2012 (18)
  16. http://w w w. searchnu . com /413 Toolbar, Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 11.04.2012 (2)
  17. http://www.searchnu.com/414 <Startseite
    Log-Analyse und Auswertung - 26.03.2012 (1)

Zum Thema http://www.searchnu.com/413 Trojaner - Hallo und einen schönen Freitagabend, ich habe mir heute Nachmittag den FVL Player bei chip.de runtergeladen und plötzlich hatte ich die oben genannte Seite im System. Kaspersky hat nicht angeschlagen, - http://www.searchnu.com/413 Trojaner...
Archiv
Du betrachtest: http://www.searchnu.com/413 Trojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.