Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Laptop hängt und ständig Bluescreens

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 10.04.2013, 14:10   #1
anonym25
 
Laptop hängt und ständig Bluescreens - Standard

Laptop hängt und ständig Bluescreens



Hallo ,
ich habe seit paar monaten ein Ultrabook und am anfang war noch alles ok, seit paar Wochen hängt mein Laptop sogar beim schreiben ! Pro Tag habe ich 2-3 Bluescreens..
Malwarebytes hat auch was gefunden :

Code:
ATTFilter
 Malwarebytes Anti-Malware  (PRO) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.04.10.04

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16519
Denis :: LAPTOP [Administrator]

Schutz: Aktiviert

10.04.2013 13:13:05
MBAM-log-2013-04-10 (14-32-01).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 385614
Laufzeit: 58 Minute(n), 21 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Users\Denis\AppData\Local\Temp\addlyrics1030.exe (Adware.Dropper.AL) -> Keine Aktion durchgeführt.
C:\Users\Denis\Desktop\Cryptload1.1.8\router\FRITZ!Box\nc.exe (PUP.Netcat) -> Keine Aktion durchgeführt.

(Ende)
         
OTL:
Code:
ATTFilter
OTL logfile created on: 10.04.2013 14:35:55 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Denis\Downloads
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16519)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,82 Gb Total Physical Memory | 1,76 Gb Available Physical Memory | 45,98% Memory free
7,69 Gb Paging File | 5,02 Gb Available in Paging File | 65,19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 444,95 Gb Total Space | 378,53 Gb Free Space | 85,07% Space Free | Partition Type: NTFS
 
Computer Name: LAPTOP | User Name: Denis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Denis\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe (NTI Corporation)
PRC - C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe (DT Soft Ltd)
PRC - C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe (Acer Incorporated)
PRC - C:\Programme\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe ()
PRC - C:\Programme\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe ()
PRC - C:\Program Files (x86)\Launch Manager\LMutilps32.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe (Intel)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe (CyberLink)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\65220f0f32ec84454f9a811fba883c2e\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#\1f3dbc5b0a874bf49a4559e71274f8ba\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\38b47b5452863bcadb6b731fe6c5198f\CustomMarshalers.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\fb048f69c5b71baf063604bd1724b078\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ae31f7dc9817e359d05c9c8efdd5f359\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\7e6b074d3f3e3cc8e0270a3552c47aaa\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28c2c6e7f48ff80c680a97b08df66a72\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\8d2929ad589e1092eb62a43424361465\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\e1ec8b9a6d4f9af9d6065c4187fb1b5f\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\f641b786d36d1cc5a5531a746c96ce1b\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\bbebe831e3b0761ad47dcc09231cbc29\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\05cc6faa6704d01e78700561b22937e3\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\8347ac8367f91309fa888d79a54c7450\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\1c7f4533b2b24c10a628793a8b93e1a7\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\15cc4fff434f274c1f6ab56a385dcb54\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\0247de206c1c48ac4f8b55df16468405\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\a7811936e59aaee26b1d9d467174d6d4\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\374a0cc6603f58864831897ef723bd4a\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Programme\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe ()
MOD - C:\Programme\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll ()
MOD - C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (netprofm) -- C:\Windows\SysNative\netprofmsvc.dll (Microsoft Corporation)
SRV:64bit: - (wlidsvc) -- C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)
SRV:64bit: - (LSM) -- C:\Windows\SysNative\lsm.dll (Microsoft Corporation)
SRV:64bit: - (TimeBroker) -- C:\Windows\SysNative\TimeBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (SystemEventsBroker) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (PrintNotify) -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV:64bit: - (AudioEndpointBuilder) -- C:\Windows\SysNative\AudioEndpointBuilder.dll (Microsoft Corporation)
SRV:64bit: - (WSService) -- C:\Windows\SysNative\WSService.dll (Microsoft Corporation)
SRV:64bit: - (fhsvc) -- C:\Windows\SysNative\fhsvc.dll (Microsoft Corporation)
SRV:64bit: - (BrokerInfrastructure) -- C:\Windows\SysNative\bisrv.dll (Microsoft Corporation)
SRV:64bit: - (WiaRpc) -- C:\Windows\SysNative\wiarpc.dll (Microsoft Corporation)
SRV:64bit: - (Wcmsvc) -- C:\Windows\SysNative\wcmsvc.dll (Microsoft Corporation)
SRV:64bit: - (VaultSvc) -- C:\Windows\SysNative\vaultsvc.dll (Microsoft Corporation)
SRV:64bit: - (svsvc) -- C:\Windows\SysNative\svsvc.dll (Microsoft Corporation)
SRV:64bit: - (Netlogon) -- C:\Windows\SysNative\netlogon.dll (Microsoft Corporation)
SRV:64bit: - (NcaSvc) -- C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)
SRV:64bit: - (NcdAutoSetup) -- C:\Windows\SysNative\NcdAutoSetup.dll (Microsoft Corporation)
SRV:64bit: - (KeyIso) -- C:\Windows\SysNative\keyiso.dll (Microsoft Corporation)
SRV:64bit: - (EFS) -- C:\Windows\SysNative\efssvc.dll (Microsoft Corporation)
SRV:64bit: - (DsmSvc) -- C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)
SRV:64bit: - (DeviceAssociationService) -- C:\Windows\SysNative\das.dll (Microsoft Corporation)
SRV:64bit: - (AllUserInstallAgent) -- C:\Windows\SysNative\AUInstallAgent.dll (Microsoft Corporation)
SRV:64bit: - (vmicvss) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmictimesync) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicshutdown) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicrdv) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmickvpexchange) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicheartbeat) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (ETDService) -- C:\Programme\Elantech\ETDService.exe (ELAN Microelectronics Corp.)
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (USecuAppSvc) -- C:\Programme\Acer\Acer Theft Shield\USecuAppSvc.exe (Acer Incorporated)
SRV - (PrintNotify) -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe (NTI Corporation)
SRV - (ose64) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (RfButtonDriverService) -- C:\Windows\RfBtnSvc64.exe (Dritek System INC.)
SRV - (CCDMonitorService) -- C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe (Acer Incorporated)
SRV - (DeviceFastLaneService) -- C:\Programme\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe (Acer Incorporated)
SRV - (ePowerSvc) -- C:\Programme\Acer\Acer Power Management\ePowerSvc.exe (Acer Incorporated)
SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
SRV - (AtherosSvc) -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (Qualcomm Atheros Commnucations)
SRV - (StorSvc) -- C:\Windows\SysWOW64\StorSvc.dll (Microsoft Corporation)
SRV - (irstrtsv) -- C:\Windows\SysWOW64\irstrtsv.exe (Intel Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
SRV - (IconMan_R) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Realsil Microelectronics Inc.)
SRV - (EgisTec Ticket Service) -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe (Egis Technology Inc. )
SRV - (Intel(R) -- C:\Programme\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation)
SRV - (ExpressCache) -- C:\Programme\Diskeeper Corporation\ExpressCache\ExpressCache.exe (Diskeeper Corporation)
SRV - (FFSOpzSvc) -- C:\Programme\Acer\Acer Instant Service\Sleep Memory Optimizer\FFSService.exe (Acer Incorporated)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\Drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (klwfp) -- C:\Windows\SysNative\Drivers\klwfp.sys (Kaspersky Lab ZAO)
DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\Drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\Drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (pdc) -- C:\Windows\SysNative\Drivers\pdc.sys (Microsoft Corporation)
DRV:64bit: - (USBHUB3) -- C:\Windows\SysNative\Drivers\USBHUB3.SYS (Microsoft Corporation)
DRV:64bit: - (BthAvrcpTg) -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys (Microsoft Corporation)
DRV:64bit: - (WdBoot) -- C:\Windows\SysNative\Drivers\WdBoot.sys (Microsoft Corporation)
DRV:64bit: - (WdFilter) -- C:\Windows\SysNative\Drivers\WdFilter.sys (Microsoft Corporation)
DRV:64bit: - (ETD) -- C:\Windows\SysNative\Drivers\ETD.sys (ELAN Microelectronics Corp.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\Drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\Drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (KLIF) -- C:\Windows\SysNative\Drivers\klif.sys (Kaspersky Lab)
DRV:64bit: - (klkbdflt) -- C:\Windows\SysNative\Drivers\klkbdflt.sys (Kaspersky Lab)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\Drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (msgpiowin32) -- C:\Windows\SysNative\Drivers\msgpiowin32.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\Drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (bthhfhid) -- C:\Windows\SysNative\Drivers\BthhfHid.sys (Microsoft Corporation)
DRV:64bit: - (hidi2c) -- C:\Windows\SysNative\Drivers\hidi2c.sys (Microsoft Corporation)
DRV:64bit: - (FxPPM) -- C:\Windows\SysNative\Drivers\fxppm.sys (Microsoft Corporation)
DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\Drivers\klmouflt.sys (Kaspersky Lab)
DRV:64bit: - (athr) -- C:\Windows\SysNative\Drivers\athw8x.sys (Qualcomm Atheros Communications, Inc.)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (sdstor) -- C:\Windows\SysNative\Drivers\sdstor.sys (Microsoft Corporation)
DRV:64bit: - (dam) -- C:\Windows\SysNative\Drivers\dam.sys (Microsoft Corporation)
DRV:64bit: - (USBXHCI) -- C:\Windows\SysNative\Drivers\USBXHCI.SYS (Microsoft Corporation)
DRV:64bit: - (UCX01000) -- C:\Windows\SysNative\Drivers\UCX01000.SYS (Microsoft Corporation)
DRV:64bit: - (GPIOClx0101) -- C:\Windows\SysNative\Drivers\msgpioclx.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\Drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\Drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\Drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (Ps2Kb2Hid) -- C:\Windows\SysNative\Drivers\aPs2Kb2Hid.sys (Dritek System Inc.)
DRV:64bit: - (kneps) -- C:\Windows\SysNative\Drivers\kneps.sys (Kaspersky Lab)
DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\Drivers\mwlPSDVDisk.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\Drivers\mwlPSDFilter.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\Drivers\mwlPSDNserv.sys (Egis Technology Inc.)
DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\Drivers\klim6.sys (Kaspersky Lab ZAO)
DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\Drivers\btfilter.sys (Qualcomm Atheros)
DRV:64bit: - (BTATH_RCP) -- C:\Windows\SysNative\Drivers\btath_rcp.sys (Qualcomm Atheros)
DRV:64bit: - (BTATH_LWFLT) -- C:\Windows\SysNative\Drivers\btath_lwflt.sys (Qualcomm Atheros)
DRV:64bit: - (BTATH_HCRP) -- C:\Windows\SysNative\Drivers\btath_hcrp.sys (Qualcomm Atheros)
DRV:64bit: - (AthBTPort) -- C:\Windows\SysNative\Drivers\btath_flt.sys (Qualcomm Atheros)
DRV:64bit: - (BTATH_A2DP) -- C:\Windows\SysNative\Drivers\btath_a2dp.sys (Qualcomm Atheros)
DRV:64bit: - (btath_avdt) -- C:\Windows\SysNative\Drivers\btath_avdt.sys (Qualcomm Atheros)
DRV:64bit: - (BTATH_BUS) -- C:\Windows\SysNative\Drivers\btath_bus.sys (Qualcomm Atheros)
DRV:64bit: - (klelam) -- C:\Windows\SysNative\Drivers\klelam.sys (Kaspersky Lab)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (condrv) -- C:\Windows\SysNative\Drivers\condrv.sys (Microsoft Corporation)
DRV:64bit: - (VSTXRAID) -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS (VIA Corporation)
DRV:64bit: - (VerifierExt) -- C:\Windows\SysNative\Drivers\VerifierExt.sys (Microsoft Corporation)
DRV:64bit: - (UASPStor) -- C:\Windows\SysNative\Drivers\uaspstor.sys (Microsoft Corporation)
DRV:64bit: - (acpiex) -- C:\Windows\SysNative\Drivers\acpiex.sys (Microsoft Corporation)
DRV:64bit: - (spaceport) -- C:\Windows\SysNative\Drivers\spaceport.sys (Microsoft Corporation)
DRV:64bit: - (storahci) -- C:\Windows\SysNative\Drivers\storahci.sys (Microsoft Corporation)
DRV:64bit: - (mvumis) -- C:\Windows\SysNative\Drivers\mvumis.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\Drivers\stexstor.sys (Promise Technology, Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\Drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (LSI_SSS) -- C:\Windows\SysNative\Drivers\lsi_sss.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\Drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (EhStorTcgDrv) -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys (Microsoft Corporation)
DRV:64bit: - (EhStorClass) -- C:\Windows\SysNative\Drivers\EhStorClass.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\Drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (3ware) -- C:\Windows\SysNative\Drivers\3ware.sys (LSI)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\Drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\Drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (CLFS) -- C:\Windows\SysNative\Drivers\clfs.sys (Microsoft Corporation)
DRV:64bit: - (WFPLWFS) -- C:\Windows\SysNative\Drivers\wfplwfs.sys (Microsoft Corporation)
DRV:64bit: - (vpci) -- C:\Windows\SysNative\Drivers\vpci.sys (Microsoft Corporation)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\Drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (mshidumdf) -- C:\Windows\SysNative\Drivers\mshidumdf.sys (Microsoft Corporation)
DRV:64bit: - (BasicDisplay) -- C:\Windows\SysNative\Drivers\BasicDisplay.sys (Microsoft Corporation)
DRV:64bit: - (HyperVideo) -- C:\Windows\SysNative\Drivers\HyperVideo.sys (Microsoft Corporation)
DRV:64bit: - (BasicRender) -- C:\Windows\SysNative\Drivers\BasicRender.sys (Microsoft Corporation)
DRV:64bit: - (gencounter) -- C:\Windows\SysNative\Drivers\vmgencounter.sys (Microsoft Corporation)
DRV:64bit: - (kdnic) -- C:\Windows\SysNative\Drivers\kdnic.sys (Microsoft Corporation)
DRV:64bit: - (acpitime) -- C:\Windows\SysNative\Drivers\acpitime.sys (Microsoft Corporation)
DRV:64bit: - (npsvctrig) -- C:\Windows\SysNative\Drivers\npsvctrig.sys (Microsoft Corporation)
DRV:64bit: - (WpdUpFltr) -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys (Microsoft Corporation)
DRV:64bit: - (acpipagr) -- C:\Windows\SysNative\Drivers\acpipagr.sys (Microsoft Corporation)
DRV:64bit: - (hyperkbd) -- C:\Windows\SysNative\Drivers\hyperkbd.sys (Microsoft Corporation)
DRV:64bit: - (SerCx) -- C:\Windows\SysNative\Drivers\SerCx.sys (Microsoft Corporation)
DRV:64bit: - (SpbCx) -- C:\Windows\SysNative\Drivers\SpbCx.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\Drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (BthHFEnum) -- C:\Windows\SysNative\Drivers\bthhfenum.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\Drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (wpcfltr) -- C:\Windows\SysNative\Drivers\wpcfltr.sys (Microsoft Corporation)
DRV:64bit: - (BthLEEnum) -- C:\Windows\SysNative\Drivers\BthLEEnum.sys (Microsoft Corporation)
DRV:64bit: - (NdisImPlatform) -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys (Microsoft Corporation)
DRV:64bit: - (MsLldp) -- C:\Windows\SysNative\Drivers\mslldp.sys (Microsoft Corporation)
DRV:64bit: - (Ndu) -- C:\Windows\SysNative\Drivers\Ndu.sys (Microsoft Corporation)
DRV:64bit: - (irstrtdv) -- C:\Windows\SysNative\Drivers\irstrtdv.sys (Intel Corporation)
DRV:64bit: - (iaStorA) -- C:\Windows\SysNative\Drivers\iaStorA.sys (Intel Corporation)
DRV:64bit: - (RSPCIESTOR) -- C:\Windows\SysNative\Drivers\RtsPStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (kl1) -- C:\Windows\SysNative\Drivers\kl1.sys (Kaspersky Lab ZAO)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\Drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\Drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (excsd) -- C:\Windows\SysNative\Drivers\excsd.sys (Diskeeper Corporation)
DRV:64bit: - (excfs) -- C:\Windows\SysNative\Drivers\excfs.sys (Diskeeper Corporation)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\Drivers\UBHelper.sys (NTI Corporation)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\Drivers\NTIDrvr.sys (NTI Corporation)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {986B18CE-935F-4991-918E-E88E5751A708}
IE:64bit: - HKLM\..\SearchScopes\{986B18CE-935F-4991-918E-E88E5751A708}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {986B18CE-935F-4991-918E-E88E5751A708}
IE - HKLM\..\SearchScopes\{986B18CE-935F-4991-918E-E88E5751A708}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2929871637-3288670245-3381123236-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2929871637-3288670245-3381123236-1001\..\SearchScopes,DefaultScope = {986B18CE-935F-4991-918E-E88E5751A708}
IE - HKU\S-1-5-21-2929871637-3288670245-3381123236-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Web Search"
FF - prefs.js..browser.startup.homepage: "google.at"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Aurora 21.0a2\extensions\\Components: C:\Program Files (x86)\Aurora\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Aurora 21.0a2\extensions\\Plugins: C:\Program Files (x86)\Aurora\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2013.01.15 03:34:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2013.01.15 03:34:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2013.01.15 03:34:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2013.01.15 03:34:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2013.01.15 03:34:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.13 23:38:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.17 15:30:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK
 
[2013.01.06 02:18:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Denis\AppData\Roaming\mozilla\Extensions
[2013.03.28 14:36:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Denis\AppData\Roaming\mozilla\Firefox\Profiles\p31gzfsm.default\extensions
[2013.03.28 14:36:44 | 002,358,379 | ---- | M] () (No name found) -- C:\Users\Denis\AppData\Roaming\mozilla\firefox\profiles\p31gzfsm.default\extensions\nasanightlaunch@example.com.xpi
[2013.03.01 22:53:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013.03.13 23:38:40 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013.01.11 04:06:08 | 000,033,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll
[2013.02.16 02:35:09 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.02.16 02:35:09 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\pdf.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Denis\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\13.0.1.4190_0\plugin/content_blocker_npapi.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Denis\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0\plugin/online_banking_npapi.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Denis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0\plugin/npABPlugin.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Denis\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\plugin/npUrlAdvisor.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Denis\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4190_0\plugin/npVKPlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Microsoft Office 2013 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
CHR - plugin: Microsoft Office 2013 (Enabled) = C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: Java(TM) Platform SE 7 U11 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
CHR - plugin: Java Deployment Toolkit 7.0.110.21 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Docs = C:\Users\Denis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: Google Drive = C:\Users\Denis\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: YouTube = C:\Users\Denis\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Denis\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Modul zur Link-Untersuchung = C:\Users\Denis\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\
CHR - Extension: Sicherer Zahlungsverkehr = C:\Users\Denis\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0\
CHR - Extension: Modul f\u00FCr das Blockieren gef\u00E4hrlicher Webseiten = C:\Users\Denis\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\13.0.1.4190_0\
CHR - Extension: Virtuelle Tastatur = C:\Users\Denis\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4190_0\
CHR - Extension: Google Mail = C:\Users\Denis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Anti-Banner = C:\Users\Denis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0\
 
O1 HOSTS File: ([2012.07.26 07:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
O2:64bit: - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Programme\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [BtPreLoad] C:\Program Files (x86)\Bluetooth Suite\BtPreLoad.exe ()
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Programme\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\runner_avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [BakupManagerTray] C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
O4 - HKLM..\Run: [Dolby Home Theater v4] C:\Dolby PCEE4\pcee4.exe (Dolby Laboratories Inc.)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [LManager]  File not found
O4 - HKU\S-1-5-21-2929871637-3288670245-3381123236-1001..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKU\S-1-5-21-2929871637-3288670245-3381123236-1001..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup File not found
O4 - HKU\S-1-5-21-2929871637-3288670245-3381123236-1001..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O8:64bit: - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Denis\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Denis\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Denis\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Denis\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office15\EXCEL.EXE (Microsoft Corporation)
O9:64bit: - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Lync: Anruf per Mausklick - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Lync: Anruf per Mausklick - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.186.211.21 195.34.133.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{397E3952-FEB0-4B1A-BD3A-D22F421EC68D}: DhcpNameServer = 212.186.211.21 195.34.133.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C078D38A-C17B-41A3-B332-A0B351131F0D}: DhcpNameServer = 212.186.211.21 195.34.133.21
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Programme\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807583E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.10 13:05:39 | 000,000,000 | ---D | C] -- C:\Users\Denis\AppData\Roaming\Malwarebytes
[2013.04.10 13:05:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.04.10 13:05:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.04.10 13:05:28 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.04.10 13:05:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.04.10 00:42:17 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump
[2013.04.10 00:37:35 | 000,203,544 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudmdm.sys
[2013.04.10 00:37:35 | 000,102,936 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudbus.sys
[2013.04.10 00:31:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MarkAny
[2013.04.10 00:31:08 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\NativeFus_Log
[2013.04.10 00:31:04 | 000,000,000 | ---D | C] -- C:\Users\Denis\AppData\Local\Samsung
[2013.04.10 00:31:02 | 000,000,000 | ---D | C] -- C:\Users\Denis\AppData\Roaming\Samsung
[2013.04.10 00:30:59 | 000,000,000 | ---D | C] -- C:\Users\Denis\Documents\samsung
[2013.04.10 00:28:32 | 001,490,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WdfCoInstaller01007.dll
[2013.04.10 00:28:32 | 000,708,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WinUSBCoInstaller.dll
[2013.04.10 00:27:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec
[2013.04.10 00:27:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyFree Codec
[2013.04.10 00:24:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
[2013.04.10 00:24:20 | 004,659,712 | ---- | C] (Dmitry Streblechenko) -- C:\Windows\SysWow64\Redemption.dll
[2013.04.10 00:23:58 | 000,821,824 | ---- | C] (Devguru Co., Ltd.) -- C:\Windows\SysWow64\dgderapi.dll
[2013.04.10 00:23:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
[2013.04.10 00:23:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Samsung
[2013.04.10 00:22:11 | 000,000,000 | ---D | C] -- C:\Users\Denis\AppData\Local\Downloaded Installations
[2013.03.22 23:48:59 | 000,000,000 | ---D | C] -- C:\Users\Denis\Desktop\media
[2013.03.22 23:48:40 | 000,000,000 | ---D | C] -- C:\Users\Denis\Desktop\WhatsApp Video
[2013.03.22 23:48:26 | 000,000,000 | ---D | C] -- C:\Users\Denis\Desktop\WhatsApp Images
[2013.03.22 17:23:26 | 000,000,000 | ---D | C] -- C:\Users\Denis\Desktop\DCIM
[2013.03.22 16:53:43 | 000,000,000 | ---D | C] -- C:\Users\Denis\Documents\default
[2013.03.22 02:26:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SystemRequirementsLab
[2013.03.20 01:19:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
[2013.03.20 01:19:53 | 000,000,000 | ---D | C] -- C:\Program Files\CPUID
[2013.03.20 01:07:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2013.03.20 01:07:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[2013.03.17 15:40:27 | 001,010,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\reseteng.dll
[2013.03.17 15:40:27 | 000,443,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ReAgent.dll
[2013.03.17 15:40:27 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ReAgent.dll
[2013.03.17 15:36:08 | 000,692,568 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.03.17 15:36:08 | 000,078,168 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.03.17 15:20:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013.03.17 15:19:15 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013.03.17 15:19:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2013.03.17 15:17:10 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.03.17 15:17:08 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.03.17 15:17:07 | 003,966,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.03.17 15:17:07 | 000,907,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\uxtheme.dll
[2013.03.17 15:17:07 | 000,854,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.03.17 15:17:07 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.03.17 15:17:07 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.03.17 15:17:07 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.03.17 15:17:07 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UXInit.dll
[2013.03.17 15:17:07 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.03.17 15:17:06 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.03.17 15:17:06 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UXInit.dll
[2013.03.17 15:17:00 | 013,643,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.UI.Xaml.dll
[2013.03.17 15:16:57 | 010,792,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.UI.Xaml.dll
[2013.03.17 15:16:55 | 005,977,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2013.03.17 15:16:50 | 005,090,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2013.03.17 15:16:48 | 000,729,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\duser.dll
[2013.03.17 15:16:48 | 000,543,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlroamextension.dll
[2013.03.17 15:16:47 | 000,475,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WWanAPI.dll
[2013.03.17 15:16:47 | 000,467,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netprofmsvc.dll
[2013.03.17 15:16:47 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SettingSync.dll
[2013.03.17 15:16:47 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll
[2013.03.17 15:16:47 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Networking.Connectivity.dll
[2013.03.17 15:16:46 | 000,731,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013.03.17 15:16:46 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpd_ci.dll
[2013.03.17 15:16:46 | 000,446,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\USBHUB3.SYS
[2013.03.17 15:16:46 | 000,410,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlroamextension.dll
[2013.03.17 15:16:46 | 000,370,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WWanAPI.dll
[2013.03.17 15:16:46 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SettingSync.dll
[2013.03.17 15:16:46 | 000,329,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
[2013.03.17 15:16:46 | 000,260,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\hotspotauth.dll
[2013.03.17 15:16:46 | 000,228,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll
[2013.03.17 15:16:46 | 000,225,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mbsmsapi.dll
[2013.03.17 15:16:46 | 000,197,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Networking.Connectivity.dll
[2013.03.17 15:16:46 | 000,157,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mbsmsapi.dll
[2013.03.17 15:16:46 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll
[2013.03.17 15:16:46 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskkill.exe
[2013.03.17 15:16:46 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tasklist.exe
[2013.03.17 15:16:46 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidclass.sys
[2013.03.17 15:16:46 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskkill.exe
[2013.03.17 15:16:46 | 000,061,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\crashdmp.sys
[2013.03.17 15:16:46 | 000,037,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys
[2013.03.17 15:16:45 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tasklist.exe
[2013.03.17 15:16:45 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nlmproxy.dll
[2013.03.17 15:16:45 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nlmsprep.dll
[2013.03.17 15:16:42 | 010,115,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\twinui.dll
[2013.03.17 15:16:41 | 008,856,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\twinui.dll
[2013.03.17 15:16:38 | 002,302,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2013.03.17 15:16:37 | 002,146,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\actxprxy.dll
[2013.03.17 15:16:37 | 002,033,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2013.03.17 15:16:37 | 000,069,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pdc.sys
[2013.03.17 15:16:35 | 001,690,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\GdiPlus.dll
[2013.03.17 15:16:34 | 001,437,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\GdiPlus.dll
[2013.03.17 15:16:33 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys
[2013.03.17 15:16:27 | 000,230,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdFilter.sys
[2013.03.17 15:16:26 | 000,035,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdBoot.sys
[2013.03.17 15:16:23 | 000,468,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MFMediaEngine.dll
[2013.03.17 15:16:23 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFMediaEngine.dll
[2013.03.16 16:13:40 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.03.16 16:13:35 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.03.16 16:13:35 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.03.16 16:13:35 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.03.16 16:13:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013.03.15 01:58:04 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.10 14:33:06 | 000,000,178 | ---- | M] () -- C:\Users\Denis\defogger_reenable
[2013.04.10 14:14:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.10 13:08:14 | 001,754,216 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.04.10 13:08:14 | 000,756,772 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.04.10 13:08:14 | 000,713,148 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.04.10 13:08:14 | 000,156,908 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.04.10 13:08:14 | 000,133,458 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.04.10 13:05:29 | 000,001,077 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.04.10 13:02:56 | 000,067,584 | -H-- | M] () -- C:\Windows\bootstat.dat
[2013.04.10 13:00:54 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013.04.10 13:00:52 | 3279,331,328 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.10 00:33:35 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01007.Wdf
[2013.04.10 00:30:51 | 000,001,960 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies.lnk
[2013.04.09 23:05:51 | 1412,904,550 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.03.20 01:19:57 | 000,000,873 | ---- | M] () -- C:\Users\Public\Desktop\CPUID CPU-Z.lnk
[2013.03.20 01:09:44 | 000,001,207 | ---- | M] () -- C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
[2013.03.18 11:46:46 | 000,421,792 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.03.16 16:13:28 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013.03.16 16:13:28 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013.03.16 16:13:28 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.03.16 16:13:28 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.03.16 16:13:28 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.03.16 16:13:28 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.03.13 01:14:14 | 016,486,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
 
========== Files Created - No Company Name ==========
 
[2013.04.10 14:33:06 | 000,000,178 | ---- | C] () -- C:\Users\Denis\defogger_reenable
[2013.04.10 13:05:29 | 000,001,077 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.04.10 00:33:35 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01007.Wdf
[2013.04.10 00:30:51 | 000,001,960 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Kies.lnk
[2013.03.20 01:19:57 | 000,000,873 | ---- | C] () -- C:\Users\Public\Desktop\CPUID CPU-Z.lnk
[2013.03.20 01:09:44 | 000,001,207 | ---- | C] () -- C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
[2013.03.18 11:46:34 | 000,421,792 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.03.15 01:58:00 | 1412,904,550 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013.02.05 17:52:54 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2013.02.05 17:52:50 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2013.02.05 17:52:50 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2013.02.05 17:52:50 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2013.02.05 17:52:50 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2013.01.16 03:35:47 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2013.01.16 03:35:46 | 000,963,452 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin
[2013.01.11 18:21:52 | 000,228,088 | ---- | C] () -- C:\ProgramData\1357921100.bdinstall.bin
[2013.01.08 01:50:14 | 000,007,599 | ---- | C] () -- C:\Users\Denis\AppData\Local\Resmon.ResmonCfg
[2013.01.06 14:06:06 | 000,444,766 | ---- | C] () -- C:\ProgramData\1357473868.bdinstall.bin
[2013.01.06 14:04:26 | 000,090,848 | ---- | C] () -- C:\ProgramData\1357473857.bdinstall.bin
[2013.01.06 04:06:07 | 000,591,862 | ---- | C] () -- C:\ProgramData\1357437740.bdinstall.bin
[2013.01.05 21:57:22 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll
[2013.01.05 21:57:21 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2013.01.05 21:57:21 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2013.01.05 21:57:11 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2013.01.05 21:57:06 | 000,112,640 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2013.01.05 21:56:33 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2012.09.09 21:41:16 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2012.08.11 22:47:01 | 000,272,928 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin
[2012.07.26 10:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2012.07.26 10:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2012.07.26 09:21:26 | 000,067,584 | -H-- | C] () -- C:\Windows\bootstat.dat
[2012.07.26 03:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2012.07.25 22:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2012.07.25 22:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012.07.25 22:22:56 | 000,733,840 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin
[2012.07.25 22:22:56 | 000,492,340 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin
[2012.06.02 16:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2012.04.20 13:59:44 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
 
========== ZeroAccess Check ==========
 
[2013.01.06 04:16:37 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.01.10 01:23:07 | 019,791,360 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.01.10 01:26:23 | 017,560,576 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.07.26 05:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012.07.26 05:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.07.26 05:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.01.06 15:47:01 | 000,000,000 | ---D | M] -- C:\Users\Denis\AppData\Roaming\Ashampoo
[2013.01.16 02:38:41 | 000,000,000 | ---D | M] -- C:\Users\Denis\AppData\Roaming\DAEMON Tools Pro
[2013.03.20 01:09:59 | 000,000,000 | ---D | M] -- C:\Users\Denis\AppData\Roaming\DVDVideoSoft
[2013.01.11 17:46:35 | 000,000,000 | ---D | M] -- C:\Users\Denis\AppData\Roaming\DVDVideoSoftIEHelpers
[2013.01.11 21:32:13 | 000,000,000 | ---D | M] -- C:\Users\Denis\AppData\Roaming\ImgBurn
[2013.01.06 04:16:52 | 000,000,000 | ---D | M] -- C:\Users\Denis\AppData\Roaming\liQeNSoft
[2013.01.06 00:33:34 | 000,000,000 | ---D | M] -- C:\Users\Denis\AppData\Roaming\lm
[2013.02.21 12:33:37 | 000,000,000 | ---D | M] -- C:\Users\Denis\AppData\Roaming\PDF Architect
[2013.02.21 12:27:45 | 000,000,000 | ---D | M] -- C:\Users\Denis\AppData\Roaming\pdfforge
[2013.01.06 04:03:22 | 000,000,000 | ---D | M] -- C:\Users\Denis\AppData\Roaming\QuickScan
[2013.04.10 00:31:08 | 000,000,000 | ---D | M] -- C:\Users\Denis\AppData\Roaming\Samsung
[2013.01.08 17:45:35 | 000,000,000 | ---D | M] -- C:\Users\Denis\AppData\Roaming\Thunderbird
 
========== Purity Check ==========
 
 

< End of report >
         
Extras:
Code:
ATTFilter
OTL Extras logfile created on: 10.04.2013 14:35:55 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Denis\Downloads
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16519)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,82 Gb Total Physical Memory | 1,76 Gb Available Physical Memory | 45,98% Memory free
7,69 Gb Paging File | 5,02 Gb Available in Paging File | 65,19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 444,95 Gb Total Space | 378,53 Gb Free Space | 85,07% Space Free | Partition Type: NTFS
 
Computer Name: LAPTOP | User Name: Denis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-2929871637-3288670245-3381123236-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09FC242E-BE7A-4639-98E2-EDF206FBFEC9}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{113DD6DE-6F03-4476-961A-569DD4ECB11B}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{12231DB3-F323-4EC3-9442-39006FD824DD}" = rport=445 | protocol=6 | dir=out | app=system | 
"{1D543576-F34F-4DFD-9F93-F7F2B9D820D4}" = rport=137 | protocol=17 | dir=out | app=system | 
"{1E4E8DC2-C9FA-4836-81F2-3DB0522137D1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{29E9B9E8-2943-465D-BEA4-8D8FB48C50D7}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{356B8101-8EFC-4C71-951F-50C8D8CCCDBB}" = lport=139 | protocol=6 | dir=in | app=system | 
"{3D21A7B6-AF00-424D-A679-A52F8E7BC481}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{4C0F3308-188D-4A3E-B5DC-62FE4425FB99}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{5163F41D-94B7-48A8-BD9A-F3C8765DC6B3}" = lport=138 | protocol=17 | dir=in | app=system | 
"{55C0CDC0-A97C-4981-A14C-AF1AD6CC8C9F}" = rport=138 | protocol=17 | dir=out | app=system | 
"{5DF566DE-0C61-46ED-A101-4856D2DE2E66}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{62F7A807-5F0F-40BE-A07D-54B95274ED95}" = lport=137 | protocol=17 | dir=in | app=system | 
"{8DEB65FA-FCBF-46EA-826B-12E6DDBA073E}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office15\outlook.exe | 
"{A81415E9-02EB-4F1E-BA0B-BC054DB071A0}" = rport=139 | protocol=6 | dir=out | app=system | 
"{AB0602C9-8C8B-414D-AB88-124182EE0077}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{AD2C9DEB-B09B-4E61-9188-58646AD109D3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C813BB8D-79AD-449A-B183-88E087E0ABEC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{CFE89FB6-24A8-455E-A77C-BD8CCBD357B3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{D1E098BB-BB3D-4194-9403-0323799325BC}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{E4065425-F76E-458A-ACA8-9D7C00BB458E}" = lport=445 | protocol=6 | dir=in | app=system | 
"{F9E96377-767F-47BF-A50C-E6D94CDBE6DF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{001FCE24-73E8-4AB8-8929-E8153206EFE7}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi media\dmcdaemon.exe | 
"{0891285B-5DA3-4D05-AF49-D10E4BED8E01}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{17D90225-669D-47DC-86B0-8304DFB1E675}" = dir=out | name=youtube player | 
"{1ECADFDB-2F4D-47A9-AC3A-870898AB25B9}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe | 
"{2BF3CC82-DECF-4EFF-886D-8E0E387677DC}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\lync.exe | 
"{2CC4F63B-0928-4A12-AC59-024F50706A48}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe | 
"{2DE8AAEC-D883-4FFF-92F0-1CB013275698}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{30375B2D-0EB2-4303-848D-2B798B70A385}" = dir=out | name=@{microsoft.bingmaps_1.5.1.240_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | 
"{389E70C0-2719-43AA-9DDB-4169F8382ABB}" = protocol=6 | dir=out | app=system | 
"{3DB24368-2397-4F7A-A289-3FB3D533F382}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\lync.exe | 
"{4B39F1C3-BF16-44B9-9B4A-76DBC25C5719}" = dir=in | app=c:\program files\acer\acer theft shield\usecuappclient.exe | 
"{4C1E7221-7B31-4AC9-AFF6-6A5E6ED0C4F7}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\dmcdaemon.exe | 
"{5089ED47-BC57-4895-8C6F-8FA4D0F7EE02}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{5315E709-EA60-41A5-AA56-E05BF1E8F21E}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\windowsupnp.exe | 
"{54CB5998-62A8-44C3-8DF4-21C698164D56}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi media\windowsupnpmv.exe | 
"{56984BD0-6B5C-4CB4-9986-23DC1BBAFD3F}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\acer cloud\ccd.exe | 
"{5B30D869-4504-4080-AC7A-A894D3C49D3E}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{5B3A68D1-C1BB-4A96-91BB-B20500BEA798}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\windowsupnp.exe | 
"{5C21E7B1-5A1B-4F5D-A3D3-2B9FF1BF7C3C}" = dir=out | name=@{microsoft.zunevideo_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} | 
"{5D0C6D37-E583-4423-A2E5-D42226EEE262}" = dir=out | name=@{microsoft.bingweather_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | 
"{61980CC1-3F9E-4A61-AFFA-B9277EEF2094}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{63EE7B1F-8C54-4AEB-896C-1D611C9E7F47}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\lync.exe | 
"{67123EBC-3859-4DE8-B852-20D455DE08FE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{6F37463E-8B60-4C5D-9AE3-AAAF62349AE1}" = protocol=6 | dir=in | app=c:\program files (x86)\bluetooth suite\bttray.exe | 
"{702B346D-98A9-4AE6-9266-9E5C08AA9B7C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{7238AC84-5DBB-4496-8199-08179998F361}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{77300AA4-010E-42FF-85CC-5B70D5117A16}" = protocol=6 | dir=out | app=c:\program files (x86)\bluetooth suite\win7ui.exe | 
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{870CE6DB-A7D7-4483-B9E3-B1CA019C5F71}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{8D6E0952-9D55-47D1-9C75-EF58E069AA4C}" = dir=out | name=@{microsoft.zunemusic_1.1.139.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} | 
"{90F25EB4-5FD4-44BE-8CC8-17D2B02D4600}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\acer cloud\ccd.exe | 
"{931E367F-6B9B-49ED-9303-86E72E9FFCA1}" = dir=in | app=c:\program files (x86)\nti\acer backup manager\backupmanager.exe | 
"{94234AE6-2104-4080-9BD8-C3FE39C8FFD0}" = dir=in | app=c:\program files (x86)\nti\acer backup manager\ischedulesvc.exe | 
"{94B52CB7-C062-4EC7-BFAA-B73431C06780}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{9576E2F3-9D61-43BD-B093-402511AA476E}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | 
"{9617CA92-9011-4942-BBD1-9F99420AC365}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{96C8E867-6D50-4BDD-B180-96B8CEFE2634}" = dir=in | app=c:\program files (x86)\nti\acer backup manager\fileexplorer.exe | 
"{984EC752-9964-48E9-B344-C1EFF41A1EDA}" = dir=out | name=acer crystal eye | 
"{99809141-0DCA-4AE0-AA0B-8364ED6D4509}" = dir=in | name=acer explorer | 
"{999F15F0-CFBB-4C9D-A0A6-3077F632FDA9}" = dir=out | name=acer explorer | 
"{99B9947F-41B4-4902-9789-2D3A9BFD3592}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{9D1097C4-76E1-4E51-B0F1-DAEEAF035EF2}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{9FF2D917-DB93-48F1-9DFF-879D6D00CED6}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{A67A1E83-3419-4396-8F5E-D0AFC3B1BC0B}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi media\dmcdaemon.exe | 
"{AE7D688F-68F5-4B36-8CC9-E1197C7CF3F3}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{B543F518-0C1C-4548-843B-262ECE61E8C2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{BA180F67-8D9C-480A-894E-BF5CE0C2A312}" = dir=out | name=fresh paint | 
"{BDDDB83E-DC6F-4975-8A07-2B966EA66861}" = dir=in | app=c:\program files (x86)\acer\clear.fi sdk21\video\videoplayer.exe | 
"{C096C6C3-1D1A-423B-B371-78724849E455}" = dir=out | name=@{microsoft.skypeapp_1.3.0.112_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} | 
"{C43BDF31-A386-48F1-95A7-32C4DB453CCD}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi media\windowsupnpmv.exe | 
"{C878611C-A867-4AFF-8738-380441895B61}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{C8C2638D-1269-4E82-AE7C-BE334C070794}" = dir=out | name=windows_ie_ac_001 | 
"{CA4E8DE5-AE69-477C-BF64-F611F775AAA2}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe | 
"{CC9B38FE-74B5-4A09-9ABE-EB0F45D91DF4}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{D0B254C9-274B-4E7E-8BBB-3C795F67AE6A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D1184077-A968-4A00-AE95-9468DA35FFE4}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{D3DA94FD-A1F6-41C4-AAE5-FFDCEC0B4540}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{DA1CCFA8-E888-40A9-ACB2-CEAFC5C8FA1C}" = protocol=6 | dir=out | app=c:\program files (x86)\bluetooth suite\bttray.exe | 
"{DADA4A00-9632-47D8-A09F-E9195C491250}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | 
"{DDC47FD5-F2CD-4039-838E-53E8761670E4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E3BA83C5-45CE-4798-A387-7A31038F5420}" = dir=in | name=@{microsoft.skypeapp_1.3.0.112_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} | 
"{E6420F81-2847-4263-9D3C-31C4AF193D8D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\lync.exe | 
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{E8C55DDD-6E22-4EA8-84C7-4D598CFC61EF}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\dmcdaemon.exe | 
"{F4879581-A9CE-463B-99E2-359B7179FCB9}" = protocol=6 | dir=in | app=c:\program files (x86)\bluetooth suite\btvstack.exe | 
"{F9495E4D-8F93-4502-AF43-01A5785E8428}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe | 
"TCP Query User{C979FB41-4B2F-422C-9456-191E0EBCDCD3}C:\program files (x86)\bluetooth suite\bttray.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bluetooth suite\bttray.exe | 
"TCP Query User{F4077F06-97C1-4D66-AB95-00071D729B75}C:\program files (x86)\bluetooth suite\btvstack.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bluetooth suite\btvstack.exe | 
"UDP Query User{A267BAD0-76C2-490A-9F34-EA56DD7D6258}C:\program files (x86)\bluetooth suite\bttray.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bluetooth suite\bttray.exe | 
"UDP Query User{CCCCA9B9-E0F9-4E5B-8A50-DB4EBD50095C}C:\program files (x86)\bluetooth suite\btvstack.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bluetooth suite\btvstack.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07E867C5-0C48-40FF-A013-DDAF4565AD47}" = Acer USB Charge Manager
"{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}" = Acer Recovery Management
"{0B78ECB0-1A6B-4E6D-89D7-0E7CE77F0427}" = MyWinLocker
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{2EBEFDA8-F905-4C39-AC1C-D5ABE7B3E0AE}" = ExpressCache
"{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}" = Acer Device Fast-lane
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADB0CD2-4E5A-452F-BB3B-3A2984CAC749}" = Acer Theft Shield
"{90150000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2013
"{90150000-0015-0407-1000-0000000FF1CE}" = Microsoft Access MUI (German) 2013
"{90150000-0016-0407-1000-0000000FF1CE}" = Microsoft Excel MUI (German) 2013
"{90150000-0018-0407-1000-0000000FF1CE}" = Microsoft PowerPoint MUI (German) 2013
"{90150000-0019-0407-1000-0000000FF1CE}" = Microsoft Publisher MUI (German) 2013
"{90150000-001A-0407-1000-0000000FF1CE}" = Microsoft Outlook MUI (German) 2013
"{90150000-001B-0407-1000-0000000FF1CE}" = Microsoft Word MUI (German) 2013
"{90150000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Korrekturhilfen 2013 - Deutsch
"{90150000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - English
"{90150000-001F-040C-1000-0000000FF1CE}" = Outils de vérification linguistique 2013 de Microsoft Office*- Français
"{90150000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - Italiano
"{90150000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2013
"{90150000-0044-0407-1000-0000000FF1CE}" = Microsoft InfoPath MUI (German) 2013
"{90150000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2013
"{90150000-0090-0407-1000-0000000FF1CE}" = Microsoft DCF MUI (German) 2013
"{90150000-00A1-0407-1000-0000000FF1CE}" = Microsoft OneNote MUI (German) 2013
"{90150000-00BA-0407-1000-0000000FF1CE}" = Microsoft Groove MUI (German) 2013
"{90150000-00C1-0000-1000-0000000FF1CE}" = Microsoft Office 32-bit Components 2013
"{90150000-00C1-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2013
"{90150000-00E1-0407-1000-0000000FF1CE}" = Microsoft Office OSM MUI (German) 2013
"{90150000-00E2-0407-1000-0000000FF1CE}" = Microsoft Office OSM UX MUI (German) 2013
"{90150000-012B-0407-1000-0000000FF1CE}" = Microsoft Lync MUI (German) 2013
"{91F52DE4-B789-42B0-9311-A349F10E5479}" = Acer Power Management
"{A10FCEC8-5523-4C2D-8B42-091B48EDEB55}" = Sleep Memory Optimizer
"{A84A4FB1-D703-48DB-89E0-68B6499D2801}" = Qualcomm Atheros Bluetooth Suite (64)
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}" = Intel® Trusted Connect Service Client
"{F6100F13-F183-47A2-94A8-9AAC4976E228}" = Acer Instant Update Service
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.63.0
"Elantech" = ETDWare PS/2-X64 11.6.11.002_WHQL
"Office15.PROPLUS" = Microsoft Office Professional Plus 2013
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{25F6C1CB-C8F0-4BAE-996B-9C16F97B82F3}" = Acer PicEvermore
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Qualcomm Atheros WiFi Driver Installation
"{35DA427D-BB23-49B8-9AFD-CFFCFE3B708D}" =  clear.fi SDK- Movie 2
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{39F15B50-A977-4CA6-B1C3-6A8724CDA025}" = MyWinLocker 4
"{3D9CB654-99AD-4301-89C6-0D12A790767C}" = Identity Card
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D2BBE1D-E600-4695-BA37-0B0E605542CC}" = Office Addin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89DB52FC-EA72-468F-A0C7-150AF8B7AB74}" = Smart Timer
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{91B33C97-0FBA-74AE-E802-D782F5C8AA89}_is1" = Ashampoo Burning Studio 2013 v.11.0.5
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DDDF20E-9FD1-4434-A43E-E7889DBC9420}" = Backup Manager v4
"{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}" = AcerCloud
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{B26438B4-BF51-49C3-9567-7F14A5E40CB9}" = Dolby Home Theater v4
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}" = System Requirements Lab for Intel
"{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}" = AcerCloud Docs
"{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
"{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso 6.5
"{EBA33CAD-E071-48d5-A168-FBA4EEB42E93}" =  clear.fi SDK - Video 2
"{EE26E302-876A-48D9-9058-3129E5B99999}" = Live Updater
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) SDK for OpenCL - CPU Only Runtime Package
"3D073343-CEEB-4ce7-85AC-A69A7631B5D6" = Intel(R) Rapid Start Technology
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Aurora 21.0a2 (x86 de)" = Aurora 21.0a2 (x86 de)
"DAEMON Tools Pro" = DAEMON Tools Pro
"Free Studio_is1" = Free Studio version 2013
"ImgBurn" = ImgBurn
"InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite
"InstallShield_{25F6C1CB-C8F0-4BAE-996B-9C16F97B82F3}" = Acer PicEvermore
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{9DDDF20E-9FD1-4434-A43E-E7889DBC9420}" = Acer Backup Manager
"InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
"InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso 6.5
"InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 9.6.5
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Mozilla Firefox 19.0.2 (x86 en-US)" = Mozilla Firefox 19.0.2 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"VLC media player" = VLC media player 2.0.5
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2929871637-3288670245-3381123236-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BB108A893815B64BF41C4574C3324FB7371AA244" = Atheros Outlook Addin 2010
"MyFreeCodec" = MyFreeCodec
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 19.03.2013 19:41:48 | Computer Name = Laptop | Source = .NET Runtime | ID = 1026
Description = 
 
Error - 19.03.2013 19:41:49 | Computer Name = Laptop | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: liveupdater_agent.exe, Version: 2.0.3000.0,
 Zeitstempel: 0x4fe30d82  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.16451,
 Zeitstempel: 0x50988aa6  Ausnahmecode: 0xe0434352  Fehleroffset: 0x000000000003811c
ID
 des fehlerhaften Prozesses: 0x161c  Startzeit der fehlerhaften Anwendung: 0x01ce24fb52a858b6
Pfad
 der fehlerhaften Anwendung: C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\system32\KERNELBASE.dll  Berichtskennung: 90c7583a-90ee-11e2-bed8-4c72b9897278
Vollständiger
 Name des fehlerhaften Pakets:   Anwendungs-ID, die relativ zum fehlerhaften Paket
 ist: 
 
Error - 19.03.2013 19:41:53 | Computer Name = Laptop | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: WerFault.exe, Version: 6.2.9200.16384,
 Zeitstempel: 0x501096ef  Name des fehlerhaften Moduls: werui.dll, Version: 6.2.9200.16384,
 Zeitstempel: 0x50109732  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000000000000ca98
ID
 des fehlerhaften Prozesses: 0x178c  Startzeit der fehlerhaften Anwendung: 0x01ce24fb530c7cd3
Pfad
 der fehlerhaften Anwendung: C:\Windows\system32\WerFault.exe  Pfad des fehlerhaften
 Moduls: C:\Windows\system32\werui.dll  Berichtskennung: 934d7d22-90ee-11e2-bed8-4c72b9897278
Vollständiger
 Name des fehlerhaften Pakets:   Anwendungs-ID, die relativ zum fehlerhaften Paket
 ist: 
 
Error - 21.03.2013 07:11:21 | Computer Name = Laptop | Source = Office 2013 Licensing Service | ID = 0
Description = 
 
Error - 22.03.2013 05:44:29 | Computer Name = Laptop | Source = Office 2013 Licensing Service | ID = 0
Description = 
 
Error - 24.03.2013 14:05:14 | Computer Name = Laptop | Source = Office 2013 Licensing Service | ID = 0
Description = 
 
Error - 25.03.2013 15:06:43 | Computer Name = Laptop | Source = Office 2013 Licensing Service | ID = 0
Description = 
 
Error - 26.03.2013 11:24:43 | Computer Name = Laptop | Source = Office 2013 Licensing Service | ID = 0
Description = 
 
Error - 27.03.2013 10:38:05 | Computer Name = Laptop | Source = Office 2013 Licensing Service | ID = 0
Description = 
 
Error - 28.03.2013 08:41:19 | Computer Name = Laptop | Source = Office 2013 Licensing Service | ID = 0
Description = 
 
[ System Events ]
Error - 16.03.2013 22:36:41 | Computer Name = Laptop | Source = BugCheck | ID = 1001
Description = 
 
Error - 17.03.2013 09:27:17 | Computer Name = Laptop | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070103 fehlgeschlagen: Intel driver update for Intel(R) Management Engine
 Interface
 
Error - 18.03.2013 05:46:48 | Computer Name = Laptop | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?18.?03.?2013 um 02:06:07 unerwartet heruntergefahren.
 
Error - 19.03.2013 19:31:45 | Computer Name = Laptop | Source = Microsoft-Windows-Eventlog | ID = 23
Description = Der Ereignisprotokollierungsdienst hat einen Fehler (Auflösung=1500)
 beim Initialisieren der Protokollierung der Ressourcen für Kanal "Microsoft-Windows-AppxPackaging/Operational"
 erkannt.
 
Error - 19.03.2013 19:57:50 | Computer Name = Laptop | Source = DCOM | ID = 10010
Description = 
 
Error - 22.03.2013 11:20:37 | Computer Name = Laptop | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?22.?03.?2013 um 16:19:29 unerwartet heruntergefahren.
 
Error - 22.03.2013 11:20:50 | Computer Name = Laptop | Source = BugCheck | ID = 1001
Description = 
 
Error - 29.03.2013 08:24:42 | Computer Name = Laptop | Source = DCOM | ID = 10010
Description = 
 
Error - 08.04.2013 19:28:17 | Computer Name = Laptop | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?09.?04.?2013 um 01:15:05 unerwartet heruntergefahren.
 
Error - 08.04.2013 19:28:23 | Computer Name = Laptop | Source = BugCheck | ID = 1001
Description = 
 
 
< End of report >
         
Gmer:
Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-04-10 14:59:53
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\0000003a Hitachi_HTS545050A7E380 rev.GG2OA6C0 465,76GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Denis\AppData\Local\Temp\fwloapow.sys


---- Threads - GMER 2.1 ----

Thread  C:\Windows\system32\csrss.exe [784:808]                                                                                      fffff960009745e8
Thread  C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe [3700:5168]  000007fcee06b364

---- Disk sectors - GMER 2.1 ----

Disk    \Device\Harddisk0\DR0                                                                                                        unknown MBR code

---- EOF - GMER 2.1 ----
         
Danke schonn mal für die Hilfe.

Alt 10.04.2013, 22:34   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Laptop hängt und ständig Bluescreens - Standard

Laptop hängt und ständig Bluescreens



Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner?
Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 10.04.2013, 23:07   #3
anonym25
 
Laptop hängt und ständig Bluescreens - Standard

Laptop hängt und ständig Bluescreens



habe nur noch die von malwarebytes:

Code:
ATTFilter
 Malwarebytes Anti-Malware  (PRO) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.04.10.04

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16519
Denis :: LAPTOP [Administrator]

Schutz: Aktiviert

10.04.2013 13:13:05
mbam-log-2013-04-10 (13-13-05).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 385614
Laufzeit: 58 Minute(n), 21 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Users\Denis\Desktop\Cryptload1.1.8\router\FRITZ!Box\nc.exe (PUP.Netcat) -> Keine Aktion durchgeführt.
C:\Users\Denis\AppData\Local\Temp\addlyrics1030.exe (Adware.Dropper.AL) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
Code:
ATTFilter
2013/04/10 13:07:55 +0200	LAPTOP	Denis	MESSAGE	Starting protection
2013/04/10 13:07:55 +0200	LAPTOP	Denis	MESSAGE	Protection started successfully
2013/04/10 13:07:55 +0200	LAPTOP	Denis	MESSAGE	Starting IP protection
2013/04/10 13:08:18 +0200	LAPTOP	Denis	MESSAGE	IP Protection started successfully
2013/04/10 14:35:41 +0200	LAPTOP	Denis	MESSAGE	Stopping protection
2013/04/10 14:35:41 +0200	LAPTOP	Denis	MESSAGE	Protection stopped successfully
2013/04/10 14:35:41 +0200	LAPTOP	Denis	MESSAGE	Stopping IP protection
2013/04/10 14:35:48 +0200	LAPTOP	Denis	MESSAGE	IP Protection stopped successfully
2013/04/10 14:42:45 +0200	LAPTOP	Denis	MESSAGE	Protection stopped
2013/04/10 16:33:34 +0200	LAPTOP	Denis	MESSAGE	Executing scheduled update:  Daily
2013/04/10 16:33:44 +0200	LAPTOP	Denis	MESSAGE	Scheduled update executed successfully:  database updated from version v2013.04.10.04 to version v2013.04.10.08
         
__________________

Alt 11.04.2013, 08:41   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Laptop hängt und ständig Bluescreens - Standard

Laptop hängt und ständig Bluescreens



aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).




TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 11.04.2013, 12:46   #5
anonym25
 
Laptop hängt und ständig Bluescreens - Standard

Laptop hängt und ständig Bluescreens



aswMBR:

Code:
ATTFilter
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-04-11 13:40:01
-----------------------------
13:40:01.013    OS Version: Windows x64 6.2.9200 
13:40:01.013    Number of processors: 4 586 0x2A07
13:40:01.013    ComputerName: LAPTOP  UserName: Denis
13:40:01.075    Initialze error 1 
13:41:41.238    AVAST engine defs: 13041100
13:42:28.037    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000003a
13:42:28.052    Disk 0 Vendor: Hitachi_HTS545050A7E380 GG2OA6C0 Size: 476940MB BusType: 11
13:42:28.052    Disk 1  \Device\Harddisk1\DR1 -> \Device\0000003b
13:42:28.052    Disk 1 Vendor: SATA_SSD S5FAM018 Size: 19087MB BusType: 11
13:42:28.084    Disk 0 MBR read successfully
13:42:28.084    Disk 0 MBR scan
13:42:28.099    Disk 0 unknown MBR code
13:42:28.099    Disk 0 Partition 1 00     EE          GPT           2097151 MB offset 1
13:42:28.115    Disk 0 scanning C:\Windows\system32\drivers
13:42:28.115    Service scanning
13:42:28.912    Modules scanning
13:42:28.928    Disk 0 trace - called modules:
13:42:28.959    ntoskrnl.exe CLASSPNP.SYS disk.sys storport.sys hal.dll iaStorA.sys 
13:42:28.974    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80063ed740]
13:42:28.974    3 CLASSPNP.SYS[fffff88000b068aa] -> nt!IofCallDriver -> \Device\0000003a[0xfffffa8004d26060]
13:42:28.990    AVAST engine scan C:\Windows
13:42:28.990    AVAST engine scan C:\Windows\system32
13:42:29.006    AVAST engine scan C:\Windows\system32\drivers
13:42:29.006    AVAST engine scan C:\Users\Denis
13:42:29.006    AVAST engine scan C:\ProgramData
13:42:29.021    Scan finished successfully
13:42:39.491    Disk 0 MBR has been saved successfully to "C:\Users\Denis\Desktop\MBR.dat"
13:42:39.491    The log file has been saved successfully to "C:\Users\Denis\Desktop\aswMBR.txt"

tdsskiller:
         
Code:
ATTFilter
13:42:52.0314 3348  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
13:42:52.0314 3348  UEFI system
13:42:52.0517 3348  ============================================================
13:42:52.0517 3348  Current date / time: 2013/04/11 13:42:52.0517
13:42:52.0517 3348  SystemInfo:
13:42:52.0517 3348  
13:42:52.0517 3348  OS Version: 6.2.9200 ServicePack: 0.0
13:42:52.0517 3348  Product type: Workstation
13:42:52.0517 3348  ComputerName: LAPTOP
13:42:52.0517 3348  UserName: Denis
13:42:52.0517 3348  Windows directory: C:\Windows
13:42:52.0517 3348  System windows directory: C:\Windows
13:42:52.0517 3348  Running under WOW64
13:42:52.0517 3348  Processor architecture: Intel x64
13:42:52.0517 3348  Number of processors: 4
13:42:52.0517 3348  Page size: 0x1000
13:42:52.0517 3348  Boot type: Normal boot
13:42:52.0517 3348  ============================================================
13:42:53.0126 3348  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:42:53.0126 3348  Drive \Device\Harddisk1\DR1 - Size: 0x4A8F86000 (18.64 Gb), SectorSize: 0x200, Cylinders: 0x981, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:42:53.0126 3348  ============================================================
13:42:53.0126 3348  \Device\Harddisk0\DR0:
13:42:53.0126 3348  GPT partitions:
13:42:53.0126 3348  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {D4797D13-1C49-4530-A7E2-C9375DDE5C8B}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0xC8000
13:42:53.0126 3348  \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {DD858D45-6A40-4B92-A3D3-C2C0263DCD81}, Name: EFI system partition, StartLBA 0xC8800, BlocksNum 0x96000
13:42:53.0126 3348  \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {F6067140-B14E-4E60-853E-6ECA418CD4B2}, Name: Microsoft reserved partition, StartLBA 0x15E800, BlocksNum 0x40000
13:42:53.0126 3348  \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {70481CB3-18D2-4F4B-8109-835E5FF5A474}, Name: Basic data partition, StartLBA 0x19E800, BlocksNum 0x379E7000
13:42:53.0126 3348  \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {87C5F8BF-A14A-4540-9834-AE631FECCC27}, Name: Basic data partition, StartLBA 0x37B85800, BlocksNum 0x2800800
13:42:53.0126 3348  MBR partitions:
13:42:53.0126 3348  \Device\Harddisk1\DR1:
13:42:53.0142 3348  GPT partitions:
13:42:53.0142 3348  \Device\Harddisk1\DR1\Partition1: GPT, TypeGUID: {B8CB5058-C187-4719-BAF0-379CA2D4C97E}, UniqueGUID: {4613EE39-4727-4347-8134-173F590F716F}, Name: HFS, StartLBA 0x77A000, BlocksNum 0x1DCD800
13:42:53.0142 3348  \Device\Harddisk1\DR1\Partition2: GPT, TypeGUID: {D3BFE2DE-3DAF-11DF-BA40-E3A556D89593}, UniqueGUID: {57E74E48-6B70-4E83-A10A-3A7B8F82E051}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0x779000
13:42:53.0142 3348  MBR partitions:
13:42:53.0142 3348  ============================================================
13:42:53.0173 3348  C: <-> \Device\Harddisk0\DR0\Partition4
13:42:53.0173 3348  ============================================================
13:42:53.0173 3348  Initialize success
13:42:53.0173 3348  ============================================================
13:43:02.0814 5208  ============================================================
13:43:02.0814 5208  Scan started
13:43:02.0814 5208  Mode: Manual; SigCheck; TDLFS; 
13:43:02.0814 5208  ============================================================
13:43:03.0252 5208  ================ Scan system memory ========================
13:43:03.0252 5208  System memory - ok
13:43:03.0252 5208  ================ Scan services =============================
13:43:03.0393 5208  [ E890C46E4754F0DF51BAFCC8D2E07498 ] 1394ohci        C:\Windows\System32\drivers\1394ohci.sys
13:43:03.0471 5208  1394ohci - ok
13:43:03.0471 5208  [ 4F18D4C7EA14F11A7211F60D553C03DB ] 3ware           C:\Windows\system32\drivers\3ware.sys
13:43:03.0502 5208  3ware - ok
13:43:03.0580 5208  [ 975AABEB243B800C23626D6B652C5A9C ] ACPI            C:\Windows\system32\drivers\ACPI.sys
13:43:03.0611 5208  ACPI - ok
13:43:03.0627 5208  [ DC968C37822117E576B933F34A2D130C ] acpiex          C:\Windows\system32\Drivers\acpiex.sys
13:43:03.0642 5208  acpiex - ok
13:43:03.0689 5208  [ 0CA9F7C3A78227C21A0A7854E245CFB2 ] acpipagr        C:\Windows\System32\drivers\acpipagr.sys
13:43:03.0721 5208  acpipagr - ok
13:43:03.0736 5208  [ 8EB8DA03B142D3DD1EB9ED8107A76C43 ] AcpiPmi         C:\Windows\System32\drivers\acpipmi.sys
13:43:03.0752 5208  AcpiPmi - ok
13:43:03.0767 5208  [ CBCE725C5D86ABA7D2604E22951AA9B8 ] acpitime        C:\Windows\System32\drivers\acpitime.sys
13:43:03.0783 5208  acpitime - ok
13:43:03.0846 5208  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
13:43:03.0861 5208  AdobeARMservice - ok
13:43:03.0955 5208  [ 479901C99FA62D1C3261B7ACB1228DAD ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
13:43:03.0971 5208  AdobeFlashPlayerUpdateSvc - ok
13:43:04.0002 5208  [ 93C6388592B99925C1D1576E465BC80F ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
13:43:04.0049 5208  adp94xx - ok
13:43:04.0064 5208  [ D27763E0247292654E7F7D16444C7C72 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
13:43:04.0096 5208  adpahci - ok
13:43:04.0111 5208  [ 67B90070FF48F794AF19F9FCF0080D75 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
13:43:04.0127 5208  adpu320 - ok
13:43:04.0158 5208  [ 974AE60BF5B90E31412D93596C968E5B ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
13:43:04.0189 5208  AeLookupSvc - ok
13:43:04.0236 5208  [ 36D6A3201721558A8AFBCC09C2DA4C2C ] AFD             C:\Windows\system32\drivers\afd.sys
13:43:04.0252 5208  AFD - ok
13:43:04.0283 5208  [ 01590377A5AB19E792528C628A2A68F9 ] agp440          C:\Windows\system32\drivers\agp440.sys
13:43:04.0314 5208  agp440 - ok
13:43:04.0361 5208  [ D1BE8E6E5B3AF23A4393AF1BF867977A ] ALG             C:\Windows\System32\alg.exe
13:43:04.0377 5208  ALG - ok
13:43:04.0424 5208  [ 025E8C755BE293E50854D26D1BBE5133 ] AllUserInstallAgent C:\Windows\system32\AUInstallAgent.dll
13:43:04.0455 5208  AllUserInstallAgent - ok
13:43:04.0486 5208  [ 5A81054B824004B1ECC04F0034A1CDF9 ] AmdK8           C:\Windows\System32\drivers\amdk8.sys
13:43:04.0502 5208  AmdK8 - ok
13:43:04.0518 5208  [ B849D453E644FAB9BC8EF6DC8CA9C4C6 ] AmdPPM          C:\Windows\System32\drivers\amdppm.sys
13:43:04.0564 5208  AmdPPM - ok
13:43:04.0596 5208  [ 35A0EB5AECB0FA3C41A2FB514A562304 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
13:43:04.0611 5208  amdsata - ok
13:43:04.0627 5208  [ 00452671904F5EE94B50BF0219C97164 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
13:43:04.0674 5208  amdsbs - ok
13:43:04.0674 5208  [ EA3FFE53E92E59C87E3ECA9BEB20D9B7 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
13:43:04.0705 5208  amdxata - ok
13:43:04.0768 5208  [ 83B3682CE922FB0F415734B26D9D6233 ] AppID           C:\Windows\system32\drivers\appid.sys
13:43:04.0799 5208  AppID - ok
13:43:04.0846 5208  [ CE2BEAD7F31816FF0AC490D048C969F9 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
13:43:04.0877 5208  AppIDSvc - ok
13:43:04.0893 5208  [ D64C4AFEE8277F35EF729A2B924666B0 ] Appinfo         C:\Windows\System32\appinfo.dll
13:43:04.0908 5208  Appinfo - ok
13:43:04.0924 5208  [ E933401B392387F4BE34DE8BAF1722A7 ] arc             C:\Windows\system32\drivers\arc.sys
13:43:04.0955 5208  arc - ok
13:43:04.0971 5208  [ 07CA323EF2E8247A568AB0F3662AD644 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
13:43:04.0986 5208  arcsas - ok
13:43:05.0002 5208  [ 74DBAEC35366C4EE7670428808715A6A ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
13:43:05.0018 5208  AsyncMac - ok
13:43:05.0033 5208  [ A721FF570C2387E383BDDEA9632863C9 ] atapi           C:\Windows\system32\drivers\atapi.sys
13:43:05.0049 5208  atapi - ok
13:43:05.0080 5208  [ 8AEDB0F8258EBE71B5E8E0900E901295 ] AthBTPort       C:\Windows\system32\DRIVERS\btath_flt.sys
13:43:05.0111 5208  AthBTPort - ok
13:43:05.0158 5208  [ CAE43CF6BB56DF7E67FBF40B837514DF ] AtherosSvc      C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
13:43:05.0174 5208  AtherosSvc - ok
13:43:05.0268 5208  [ 1DA32C4ED8D3928B0DAC570557B8A09B ] athr            C:\Windows\system32\DRIVERS\athw8x.sys
13:43:05.0361 5208  athr - ok
13:43:05.0393 5208  [ 810ED88782952228AF9C0985FB7D259E ] AudioEndpointBuilder C:\Windows\System32\AudioEndpointBuilder.dll
13:43:05.0408 5208  AudioEndpointBuilder - ok
13:43:05.0439 5208  [ 25CA8B87479A374919563B3EE7136F32 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
13:43:05.0471 5208  Audiosrv - ok
13:43:05.0533 5208  [ 587EFD6A3A30A35A27904D21AE1FB882 ] AVP             C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
13:43:05.0564 5208  AVP - ok
13:43:05.0596 5208  [ 89491EF71D5EA011127832C588002853 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
13:43:05.0611 5208  AxInstSV - ok
13:43:05.0658 5208  [ 87AB5BB072A3F128541D5B815F82FFDD ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
13:43:05.0721 5208  b06bdrv - ok
13:43:05.0752 5208  [ 81703BC5D68DEDBB086C2368FBE7B334 ] BasicDisplay    C:\Windows\System32\drivers\BasicDisplay.sys
13:43:05.0768 5208  BasicDisplay - ok
13:43:05.0783 5208  [ 5EC68164E14D25675C98BBB5F09E8606 ] BasicRender     C:\Windows\System32\drivers\BasicRender.sys
13:43:05.0799 5208  BasicRender - ok
13:43:05.0846 5208  [ 89143A7BA7850F5C7E61B43BB44B6418 ] BDESVC          C:\Windows\System32\bdesvc.dll
13:43:05.0861 5208  BDESVC - ok
13:43:05.0877 5208  [ 9E7AEA59776D904607985AFFE7E5E183 ] Beep            C:\Windows\system32\drivers\Beep.sys
13:43:05.0893 5208  Beep - ok
13:43:05.0939 5208  [ 9E6A544F465C582AB42444A217CF04DC ] BFE             C:\Windows\System32\bfe.dll
13:43:05.0971 5208  BFE - ok
13:43:06.0002 5208  [ D598C44A7072D3108D8D8102EC5E07F7 ] BITS            C:\Windows\System32\qmgr.dll
13:43:06.0049 5208  BITS - ok
13:43:06.0065 5208  [ B17AC10B47C7FCB44D22A1F06415840E ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
13:43:06.0080 5208  bowser - ok
13:43:06.0127 5208  [ 975398A3D2C1FEA73FC93931978DF354 ] BrokerInfrastructure C:\Windows\System32\bisrv.dll
13:43:06.0143 5208  BrokerInfrastructure - ok
13:43:06.0174 5208  [ 310068BDA80B1D55C36580FD8A873FAF ] Browser         C:\Windows\System32\browser.dll
13:43:06.0205 5208  Browser - ok
13:43:06.0221 5208  [ 942F3F6286056D6BBB5B02ED2B7088BD ] BTATH_A2DP      C:\Windows\system32\drivers\btath_a2dp.sys
13:43:06.0283 5208  BTATH_A2DP - ok
13:43:06.0283 5208  [ 43C965027229D9FF6E52E4C71C03B09E ] btath_avdt      C:\Windows\system32\drivers\btath_avdt.sys
13:43:06.0315 5208  btath_avdt - ok
13:43:06.0330 5208  [ 23CEDCD7527A26B222732A158F76EB24 ] BTATH_BUS       C:\Windows\System32\drivers\btath_bus.sys
13:43:06.0346 5208  BTATH_BUS - ok
13:43:06.0377 5208  [ 3DD64966A764BCAFF07C9DC064BD410E ] BTATH_HCRP      C:\Windows\System32\drivers\btath_hcrp.sys
13:43:06.0393 5208  BTATH_HCRP - ok
13:43:06.0424 5208  [ B68EE0721EAC305AB1C9C989CDF1AEFF ] BTATH_LWFLT     C:\Windows\system32\DRIVERS\btath_lwflt.sys
13:43:06.0455 5208  BTATH_LWFLT - ok
13:43:06.0502 5208  [ EC7BB341229E9E6B04349580F55218B2 ] BTATH_RCP       C:\Windows\System32\drivers\btath_rcp.sys
13:43:06.0533 5208  BTATH_RCP - ok
13:43:06.0596 5208  [ B0AE297D5BFDEAA5D0671B4483AA19C4 ] BtFilter        C:\Windows\system32\DRIVERS\btfilter.sys
13:43:06.0627 5208  BtFilter - ok
13:43:06.0674 5208  [ F17DEEAC7D51D44CF1BFF8DD4F0A2B6D ] BthAvrcpTg      C:\Windows\System32\drivers\BthAvrcpTg.sys
13:43:06.0705 5208  BthAvrcpTg - ok
13:43:06.0736 5208  [ A8B20D852B07AE19A13B5D47EC4E4C3B ] BthEnum         C:\Windows\System32\drivers\BthEnum.sys
13:43:06.0768 5208  BthEnum - ok
13:43:06.0783 5208  [ 616EB8748C988AEE98D93DA141C3D3B4 ] BthHFEnum       C:\Windows\System32\drivers\bthhfenum.sys
13:43:06.0846 5208  BthHFEnum - ok
13:43:06.0861 5208  [ DCB4EBD928A6FB368BE6CAE522412DE1 ] bthhfhid        C:\Windows\System32\drivers\BthHFHid.sys
13:43:06.0893 5208  bthhfhid - ok
13:43:06.0908 5208  [ 42201C346F0B8C458E1E9CDE04D68A2C ] BthLEEnum       C:\Windows\system32\DRIVERS\BthLEEnum.sys
13:43:06.0955 5208  BthLEEnum - ok
13:43:06.0971 5208  [ 033916CE8784A848B9A3D686B7F66D97 ] BTHMODEM        C:\Windows\System32\drivers\bthmodem.sys
13:43:07.0018 5208  BTHMODEM - ok
13:43:07.0018 5208  [ 091BB978E9504D0AD14586929431A957 ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
13:43:07.0049 5208  BthPan - ok
13:43:07.0096 5208  [ B2FD839F9AF51B8580C02B89AC6C6C89 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
13:43:07.0143 5208  BTHPORT - ok
13:43:07.0174 5208  [ A4387C3D271959313E2577DB7BE8BA7A ] bthserv         C:\Windows\system32\bthserv.dll
13:43:07.0190 5208  bthserv - ok
13:43:07.0205 5208  [ 1F715957F5236D30B6020A19A4271F6A ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
13:43:07.0236 5208  BTHUSB - ok
13:43:07.0315 5208  [ CFA963D67CF8791B2145ED9E2B89ED95 ] CCDMonitorService C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
13:43:07.0377 5208  CCDMonitorService - ok
13:43:07.0408 5208  [ 990B1BABE6E81FB18E65A87EBEFB1772 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
13:43:07.0440 5208  cdfs - ok
13:43:07.0486 5208  [ 339BFF85D788268752DA8C9644B188EE ] cdrom           C:\Windows\System32\drivers\cdrom.sys
13:43:07.0518 5208  cdrom - ok
13:43:07.0549 5208  [ BAF8F0F55BC300E5F882E521F054E345 ] CertPropSvc     C:\Windows\System32\certprop.dll
13:43:07.0565 5208  CertPropSvc - ok
13:43:07.0580 5208  [ F64B7D1A37CC1D5F421D5359EEC81E2E ] circlass        C:\Windows\System32\drivers\circlass.sys
13:43:07.0627 5208  circlass - ok
13:43:07.0643 5208  [ 9905168708DB68849B879B5548F68AB3 ] CLFS            C:\Windows\system32\drivers\CLFS.sys
13:43:07.0674 5208  CLFS - ok
13:43:07.0690 5208  [ 2DC8538A2260647484A6C921CA837313 ] CmBatt          C:\Windows\System32\drivers\CmBatt.sys
13:43:07.0705 5208  CmBatt - ok
13:43:07.0721 5208  [ E708BFF0473EC6B271EA46B65B16CA56 ] CNG             C:\Windows\system32\Drivers\cng.sys
13:43:07.0768 5208  CNG - ok
13:43:07.0783 5208  [ 0E5B1E9E7122EDAAF1F6CE047965CA92 ] CompositeBus    C:\Windows\System32\drivers\CompositeBus.sys
13:43:07.0815 5208  CompositeBus - ok
13:43:07.0815 5208  COMSysApp - ok
13:43:07.0846 5208  [ D9CB0782AF819548072AA45B70F8B22D ] condrv          C:\Windows\system32\drivers\condrv.sys
13:43:07.0861 5208  condrv - ok
13:43:07.0940 5208  [ 78AF1C499BF02F9814DF959A04A4F9C9 ] cphs            C:\Windows\SysWow64\IntelCpHeciSvc.exe
13:43:07.0955 5208  cphs - ok
13:43:07.0987 5208  [ F0E78B119D12BA81F163D48C0FF30B9A ] CryptSvc        C:\Windows\system32\cryptsvc.dll
13:43:08.0018 5208  CryptSvc - ok
13:43:08.0033 5208  [ C4D01BD86D6B207275FC143EEA951D75 ] dam             C:\Windows\system32\drivers\dam.sys
13:43:08.0049 5208  dam - ok
13:43:08.0080 5208  [ 1EC6E533C954BDDF2A37E7851A7E58FD ] DcomLaunch      C:\Windows\system32\rpcss.dll
13:43:08.0127 5208  DcomLaunch - ok
13:43:08.0158 5208  [ C8650D1F61149AA546BDBC99172EBBC1 ] defragsvc       C:\Windows\System32\defragsvc.dll
13:43:08.0190 5208  defragsvc - ok
13:43:08.0205 5208  [ 5EAEF67AE2AF4D2DC664B649DB7B2E16 ] DeviceAssociationService C:\Windows\system32\das.dll
13:43:08.0236 5208  DeviceAssociationService - ok
13:43:08.0299 5208  [ 91E80E3783883DA59A065E16AC031C3B ] DeviceFastLaneService C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe
13:43:08.0330 5208  DeviceFastLaneService - ok
13:43:08.0362 5208  [ 799BE46D45D486704CE0F37CA5385262 ] DeviceInstall   C:\Windows\system32\umpnpmgr.dll
13:43:08.0377 5208  DeviceInstall - ok
13:43:08.0393 5208  [ 09D9EB9E7898F8E6561473A20CC808B9 ] Dfsc            C:\Windows\system32\Drivers\dfsc.sys
13:43:08.0408 5208  Dfsc - ok
13:43:08.0440 5208  [ 41AC348DBD378F618CB4FDEE54270692 ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
13:43:08.0502 5208  dg_ssudbus - ok
13:43:08.0533 5208  [ 9E0E72222264745ADEB0E5AC680B0ED6 ] Dhcp            C:\Windows\system32\dhcpcore.dll
13:43:08.0565 5208  Dhcp - ok
13:43:08.0580 5208  [ 3C736FAE17BA6F91BA37594AAB139CD0 ] discache        C:\Windows\system32\drivers\discache.sys
13:43:08.0627 5208  discache - ok
13:43:08.0674 5208  [ 560495FF4CA22E1D9B1972FA18F43B6F ] disk            C:\Windows\system32\drivers\disk.sys
13:43:08.0690 5208  disk - ok
13:43:08.0721 5208  [ 82A7C72593793FE1EADA7A305BD1567A ] dmvsc           C:\Windows\System32\drivers\dmvsc.sys
13:43:08.0737 5208  dmvsc - ok
13:43:08.0768 5208  [ 066B9710B36AB550E01EEFCA52155968 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
13:43:08.0783 5208  Dnscache - ok
13:43:08.0830 5208  [ 9949AD2ABA168A618D46C799D6CC898C ] dot3svc         C:\Windows\System32\dot3svc.dll
13:43:08.0862 5208  dot3svc - ok
13:43:08.0893 5208  [ 109FC3F80BF4F4DC5A071058074F13C1 ] DPS             C:\Windows\system32\dps.dll
13:43:08.0908 5208  DPS - ok
13:43:08.0940 5208  [ 9C7C183F937951AE17C5B8B3259CF3FF ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
13:43:08.0971 5208  drmkaud - ok
13:43:09.0033 5208  [ 4E2C9C48316B2156B45B58687C7435AC ] DsiWMIService   C:\Program Files (x86)\Launch Manager\dsiwmis.exe
13:43:09.0049 5208  DsiWMIService - ok
13:43:09.0080 5208  [ BF48F32EE248C3D371DA5DC93BBEADA7 ] DsmSvc          C:\Windows\System32\DeviceSetupManager.dll
13:43:09.0112 5208  DsmSvc - ok
13:43:09.0143 5208  [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01     C:\Windows\System32\drivers\dtsoftbus01.sys
13:43:09.0158 5208  dtsoftbus01 - ok
13:43:09.0221 5208  [ ED120AA770A78B5079F8C7BB5AF8A035 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
13:43:09.0283 5208  DXGKrnl - ok
13:43:09.0315 5208  [ 58BA473DD88F5FC1932282BA683AA03E ] Eaphost         C:\Windows\System32\eapsvc.dll
13:43:09.0346 5208  Eaphost - ok
13:43:09.0424 5208  [ 5AB97B3282D7D6114949D1EB5C8598E4 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
13:43:09.0580 5208  ebdrv - ok
13:43:09.0627 5208  [ F702AB6181513303AB0FC8D59E52708B ] EFS             C:\Windows\System32\lsass.exe
13:43:09.0643 5208  EFS - ok
13:43:09.0705 5208  [ AD23FC5DB336CA89A6FC2DA1F70E421C ] EgisTec Ticket Service C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
13:43:09.0705 5208  EgisTec Ticket Service - ok
13:43:09.0737 5208  [ 66D60BD9A4C05616ABECA2A901475098 ] EhStorClass     C:\Windows\system32\drivers\EhStorClass.sys
13:43:09.0752 5208  EhStorClass - ok
13:43:09.0768 5208  [ A61D0F543024E458C0FE32352E1978E2 ] EhStorTcgDrv    C:\Windows\system32\drivers\EhStorTcgDrv.sys
13:43:09.0799 5208  EhStorTcgDrv - ok
13:43:09.0830 5208  [ 3D897AAAAC4BC8D6F069DA3BB65D136D ] ePowerSvc       C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
13:43:09.0846 5208  ePowerSvc - ok
13:43:09.0862 5208  [ D790D058D67582DB9C84C2D33695FE6B ] ErrDev          C:\Windows\System32\drivers\errdev.sys
13:43:09.0893 5208  ErrDev - ok
13:43:09.0924 5208  [ 4E8D5177B439872F7AE6DAB7B6859B6B ] ETD             C:\Windows\system32\DRIVERS\ETD.sys
13:43:09.0955 5208  ETD - ok
13:43:09.0971 5208  [ 1C5DFB77CC4E637694CF269382BC55C0 ] ETDService      C:\Program Files\Elantech\ETDService.exe
13:43:09.0987 5208  ETDService - ok
13:43:10.0033 5208  [ F9E01C2D9F8BC049E04CF5DC24A5F638 ] EventSystem     C:\Windows\system32\es.dll
13:43:10.0065 5208  EventSystem - ok
13:43:10.0096 5208  [ D2EAA04AF43154B62FA85B08BAD0A7CA ] excfs           C:\Windows\system32\DRIVERS\excfs.sys
13:43:10.0112 5208  excfs - ok
13:43:10.0112 5208  [ E6082A6C109238A725D83184724C4A36 ] excsd           C:\Windows\system32\DRIVERS\excsd.sys
13:43:10.0127 5208  excsd - ok
13:43:10.0158 5208  [ 7A4D6FEB8C52B3FE855E4DCDF9107E03 ] exfat           C:\Windows\system32\drivers\exfat.sys
13:43:10.0190 5208  exfat - ok
13:43:10.0205 5208  [ 68030FF4B7669E15916910885E2E6160 ] ExpressCache    C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe
13:43:10.0221 5208  ExpressCache - ok
13:43:10.0237 5208  [ 60996602A7111FD2D086E803F33E4282 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
13:43:10.0268 5208  fastfat - ok
13:43:10.0299 5208  [ F0E7F8382ED5E138B0DFA4CB5058BCFE ] Fax             C:\Windows\system32\fxssvc.exe
13:43:10.0330 5208  Fax - ok
13:43:10.0362 5208  [ 73B2D11DF0B6E03A0CB0323218ACB3E4 ] fdc             C:\Windows\System32\drivers\fdc.sys
13:43:10.0377 5208  fdc - ok
13:43:10.0424 5208  [ 0828E3E7BD77C89149EAD3232BFD38DB ] fdPHost         C:\Windows\system32\fdPHost.dll
13:43:10.0455 5208  fdPHost - ok
13:43:10.0471 5208  [ 872506AAB591E8908DF4461475AF92DF ] FDResPub        C:\Windows\system32\fdrespub.dll
13:43:10.0487 5208  FDResPub - ok
13:43:10.0518 5208  [ 94BF5636736112F2C74E6B4D813681AE ] FFSOpzSvc       C:\Program Files\Acer\Acer Instant Service\Sleep Memory Optimizer\FFSService.exe
13:43:10.0533 5208  FFSOpzSvc - ok
13:43:10.0565 5208  [ 0588950D93A426F97C7AAADB1A9B0458 ] fhsvc           C:\Windows\system32\fhsvc.dll
13:43:10.0596 5208  fhsvc - ok
13:43:10.0612 5208  [ 88A9EBACD1058ABB237A6B4E96E7F397 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
13:43:10.0627 5208  FileInfo - ok
13:43:10.0659 5208  [ 9E4EE3A0B00FF7D5F42A4AF9744CBA02 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
13:43:10.0690 5208  Filetrace - ok
13:43:10.0721 5208  [ BB0667B0171B632B97EA759515476F07 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
13:43:10.0752 5208  FLEXnet Licensing Service - ok
13:43:10.0752 5208  [ B1D4C168FF7B8579E3745888658FFB1D ] flpydisk        C:\Windows\System32\drivers\flpydisk.sys
13:43:10.0783 5208  flpydisk - ok
13:43:10.0799 5208  [ B33EC133AE4E6C1881D2302D93D2467D ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
13:43:10.0830 5208  FltMgr - ok
13:43:10.0877 5208  [ 0BCDC0FF11B984162B0CF0FF6E9E0146 ] FontCache       C:\Windows\system32\FntCache.dll
13:43:10.0909 5208  FontCache - ok
13:43:10.0971 5208  [ 0B56259F5611787222A04A8F254E51D4 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:43:10.0987 5208  FontCache3.0.0.0 - ok
13:43:11.0002 5208  [ A5F7873A39E4E9FAAAE59B7E9E36B705 ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
13:43:11.0018 5208  FsDepends - ok
13:43:11.0049 5208  [ A6DD7D491F587F4BC13FB972977DC8E8 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
13:43:11.0065 5208  Fs_Rec - ok
13:43:11.0174 5208  [ FA228F4BB10DC7ED7E7D131C034E2331 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
13:43:11.0205 5208  fvevol - ok
13:43:11.0237 5208  [ A969D92973DFA895E7776B4BFE36DBB2 ] FxPPM           C:\Windows\System32\drivers\fxppm.sys
13:43:11.0252 5208  FxPPM - ok
13:43:11.0268 5208  [ 52BC441E07A827EBAB70CDC7EAEDB28D ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
13:43:11.0299 5208  gagp30kx - ok
13:43:11.0315 5208  [ 721F8EEF5E9747F32670DEFF7FB92541 ] gencounter      C:\Windows\System32\drivers\vmgencounter.sys
13:43:11.0330 5208  gencounter - ok
13:43:11.0362 5208  [ CA18ECFCFFDD638ECE80799A9056B238 ] GPIOClx0101     C:\Windows\system32\Drivers\msgpioclx.sys
13:43:11.0377 5208  GPIOClx0101 - ok
13:43:11.0424 5208  [ 5358678C6370F2ADC5291849F6503262 ] gpsvc           C:\Windows\System32\gpsvc.dll
13:43:11.0471 5208  gpsvc - ok
13:43:11.0534 5208  [ C2504AA983B5D411F7D31402E8B57725 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
13:43:11.0565 5208  HdAudAddService - ok
13:43:11.0596 5208  [ 7D87B5B6C7188D553E11B59DC7F0B111 ] HDAudBus        C:\Windows\System32\drivers\HDAudBus.sys
13:43:11.0612 5208  HDAudBus - ok
13:43:11.0643 5208  [ 3F76BBA53D65E85A7F53E7A71082082C ] HidBatt         C:\Windows\System32\drivers\HidBatt.sys
13:43:11.0659 5208  HidBatt - ok
13:43:11.0674 5208  [ A25BAE8C1F2830C8E5625EC7E4E968BE ] HidBth          C:\Windows\System32\drivers\hidbth.sys
13:43:11.0705 5208  HidBth - ok
13:43:11.0721 5208  [ CC4A07E51D89575CAB6F4EB590D87CD4 ] hidi2c          C:\Windows\System32\drivers\hidi2c.sys
13:43:11.0752 5208  hidi2c - ok
13:43:11.0752 5208  [ DC96F7DACB777CDEAEF9958A50BFDA06 ] HidIr           C:\Windows\System32\drivers\hidir.sys
13:43:11.0784 5208  HidIr - ok
13:43:11.0815 5208  [ FAC37D7B3D6354A5A5E19A45B50B4008 ] hidserv         C:\Windows\system32\hidserv.dll
13:43:11.0830 5208  hidserv - ok
13:43:11.0830 5208  [ 590B6F71BCDA4368B4BF7D8DF22B60F7 ] HidUsb          C:\Windows\System32\drivers\hidusb.sys
13:43:11.0862 5208  HidUsb - ok
13:43:11.0893 5208  [ 43F884B61A24377567CD0FEB35236334 ] hkmsvc          C:\Windows\system32\kmsvc.dll
13:43:11.0924 5208  hkmsvc - ok
13:43:11.0955 5208  [ 33DFC14DFDCCFA7AA10E392F6A8EC1CF ] HomeGroupListener C:\Windows\system32\ListSvc.dll
13:43:11.0987 5208  HomeGroupListener - ok
13:43:12.0018 5208  [ E0D9F6FE18FA7F53ADD29AF719CE2B7E ] HomeGroupProvider C:\Windows\system32\provsvc.dll
13:43:12.0034 5208  HomeGroupProvider - ok
13:43:12.0049 5208  [ 64DB7A8D97CA53DCCF93D0A1E08342CF ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
13:43:12.0080 5208  HpSAMD - ok
13:43:12.0127 5208  [ 29CB98187BB5711F7759540976D295FC ] HTTP            C:\Windows\system32\drivers\HTTP.sys
13:43:12.0159 5208  HTTP - ok
13:43:12.0159 5208  [ 2A98301068801700906C06649860FE94 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
13:43:12.0174 5208  hwpolicy - ok
13:43:12.0174 5208  [ DC76901D82097C9E297F20C287CB9A27 ] hyperkbd        C:\Windows\System32\drivers\hyperkbd.sys
13:43:12.0205 5208  hyperkbd - ok
13:43:12.0205 5208  [ 716413AB3CA12DE0A7222D28C1C9352C ] HyperVideo      C:\Windows\system32\DRIVERS\HyperVideo.sys
13:43:12.0237 5208  HyperVideo - ok
13:43:12.0252 5208  [ C9E9CBF73AFFBFE3E801EFB516787BA3 ] i8042prt        C:\Windows\System32\drivers\i8042prt.sys
13:43:12.0268 5208  i8042prt - ok
13:43:12.0299 5208  [ 0FE66A51D81A25AACEAAE4C26308121D ] iaStorA         C:\Windows\system32\drivers\iaStorA.sys
13:43:12.0330 5208  iaStorA - ok
13:43:12.0362 5208  [ 5E394EBD26FD68AA9300332C46BEDD62 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
13:43:12.0393 5208  iaStorV - ok
13:43:12.0455 5208  [ ABEFA4BD23329FD9BD47496BF2E58774 ] IconMan_R       C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
13:43:12.0502 5208  IconMan_R ( UnsignedFile.Multi.Generic ) - warning
13:43:12.0502 5208  IconMan_R - detected UnsignedFile.Multi.Generic (1)
13:43:12.0627 5208  [ A1CF07D24EDCDC6870535471654D957C ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
13:43:12.0784 5208  igfx - ok
13:43:12.0799 5208  [ 24847A06B84339FEEDE5CABF3D27D320 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
13:43:12.0815 5208  iirsp - ok
13:43:12.0862 5208  [ 531B5A98145DA689741A0AC18F14EA94 ] IKEEXT          C:\Windows\System32\ikeext.dll
13:43:12.0987 5208  IKEEXT - ok
13:43:13.0143 5208  [ DDC860724AEF8F8E42AC61E6585769C6 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
13:43:13.0252 5208  IntcAzAudAddService - ok
13:43:13.0299 5208  [ F5495B38BFB9149925F54F65AB40EFBF ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
13:43:13.0331 5208  IntcDAud - ok
13:43:13.0362 5208  [ C99F8E90DE4B8F0C7FE15BB1CBCD29DC ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
13:43:13.0393 5208  Intel(R) Capability Licensing Service Interface - ok
13:43:13.0409 5208  [ 4F37726CF764CA18A8A84F85EF3A7F24 ] intelide        C:\Windows\system32\drivers\intelide.sys
13:43:13.0424 5208  intelide - ok
13:43:13.0456 5208  [ E15CDF68DD73423F15D4AC404793AF0D ] intelppm        C:\Windows\System32\drivers\intelppm.sys
13:43:13.0471 5208  intelppm - ok
13:43:13.0502 5208  [ 8FCA66234A0933D796BB780B7953BAB9 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:43:13.0518 5208  IpFilterDriver - ok
13:43:13.0581 5208  [ C217B8D2E58C57A319B16125C3D4B69C ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
13:43:13.0612 5208  iphlpsvc - ok
13:43:13.0643 5208  [ 6E98A046A12AA113F8898AA5D612BD6E ] IPMIDRV         C:\Windows\System32\drivers\IPMIDrv.sys
13:43:13.0659 5208  IPMIDRV - ok
13:43:13.0659 5208  [ 3969B9C218DD3FAA9F4ED2FFC3651C02 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
13:43:13.0690 5208  IPNAT - ok
13:43:13.0706 5208  [ 25CD7C4BB2863FFC2B0B311F0AEBF77C ] IRENUM          C:\Windows\system32\drivers\irenum.sys
13:43:13.0721 5208  IRENUM - ok
13:43:13.0752 5208  [ 4D9B9A794F22415B8C3E0CCFBE61BC7A ] irstrtdv        C:\Windows\System32\drivers\irstrtdv.sys
13:43:13.0768 5208  irstrtdv - ok
13:43:13.0846 5208  [ E145E934392E7A49FDC6775AC3A347F8 ] irstrtsv        C:\Windows\SysWOW64\irstrtsv.exe
13:43:13.0862 5208  irstrtsv - ok
13:43:13.0877 5208  [ D940C5BB9DC92E588533C19ABCC3D2C2 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
13:43:13.0893 5208  isapnp - ok
13:43:13.0924 5208  [ 69C8BF0BC2B0EA10F130F4D3104DC2EF ] iScsiPrt        C:\Windows\System32\drivers\msiscsi.sys
13:43:13.0956 5208  iScsiPrt - ok
13:43:14.0002 5208  [ 3C4002D339491AF73D663FFC7F6E5ECB ] jhi_service     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
13:43:14.0018 5208  jhi_service - ok
13:43:14.0034 5208  [ CB30BC4ECF8B96BC090EC5DA09E9B17D ] k57nd60a        C:\Windows\system32\DRIVERS\k57nd60a.sys
13:43:14.0065 5208  k57nd60a - ok
13:43:14.0081 5208  [ 8FBD94B69D6423E20ABCD59D86368B21 ] kbdclass        C:\Windows\System32\drivers\kbdclass.sys
13:43:14.0096 5208  kbdclass - ok
13:43:14.0096 5208  [ E88C932ABDF8185A62C8F2FC7B051FB6 ] kbdhid          C:\Windows\System32\drivers\kbdhid.sys
13:43:14.0112 5208  kbdhid - ok
13:43:14.0127 5208  [ FB6C185092E18011EF49989425C2AA87 ] kdnic           C:\Windows\system32\DRIVERS\kdnic.sys
13:43:14.0143 5208  kdnic - ok
13:43:14.0174 5208  [ F702AB6181513303AB0FC8D59E52708B ] KeyIso          C:\Windows\system32\lsass.exe
13:43:14.0190 5208  KeyIso - ok
13:43:14.0252 5208  [ 8B5219318DF5895ABD230C373F2DF18A ] kl1             C:\Windows\system32\DRIVERS\kl1.sys
13:43:14.0268 5208  kl1 - ok
13:43:14.0299 5208  [ F2EB9202FCCC81E0902D3C5A70037A44 ] klelam          C:\Windows\system32\DRIVERS\klelam.sys
13:43:14.0315 5208  klelam - ok
13:43:14.0377 5208  [ 5D0104D068AA740A4CD75158652EA986 ] KLIF            C:\Windows\system32\DRIVERS\klif.sys
13:43:14.0409 5208  KLIF - ok
13:43:14.0456 5208  [ 1B5B924D27399F41DECD1CC6D706429F ] KLIM6           C:\Windows\system32\DRIVERS\klim6.sys
13:43:14.0456 5208  KLIM6 - ok
13:43:14.0471 5208  [ A0B1AE842D7C7F2FDF530A7049CB988D ] klkbdflt        C:\Windows\system32\DRIVERS\klkbdflt.sys
13:43:14.0487 5208  klkbdflt - ok
13:43:14.0502 5208  [ A8FFD74947077D8BD9A80936EC24514D ] klmouflt        C:\Windows\system32\DRIVERS\klmouflt.sys
13:43:14.0518 5208  klmouflt - ok
13:43:14.0534 5208  [ FE0F2B2F8B0EA185B572BD3082593600 ] klwfp           C:\Windows\system32\DRIVERS\klwfp.sys
13:43:14.0549 5208  klwfp - ok
13:43:14.0565 5208  [ 185D21CB8F10CFB351FF65DA88C18BC9 ] kneps           C:\Windows\system32\DRIVERS\kneps.sys
13:43:14.0581 5208  kneps - ok
13:43:14.0612 5208  [ DFA480F6DED551464F3A5B959F437800 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
13:43:14.0627 5208  KSecDD - ok
13:43:14.0659 5208  [ 127FB0AAD232BAAD2C9BBACD374F4FC5 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
13:43:14.0674 5208  KSecPkg - ok
13:43:14.0690 5208  [ 81492FEEBF2F26455B00EE8DBAE8A1B0 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
13:43:14.0706 5208  ksthunk - ok
13:43:14.0752 5208  [ 5825DBACEDC3812B5CF8D40B997BF210 ] KtmRm           C:\Windows\system32\msdtckrm.dll
13:43:14.0768 5208  KtmRm - ok
13:43:14.0799 5208  [ 256EE31588257E8A555DBFAA13F1908E ] LanmanServer    C:\Windows\system32\srvsvc.dll
13:43:14.0815 5208  LanmanServer - ok
13:43:14.0862 5208  [ 16650912BE5A94B40E0B3B4C39652B56 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:43:14.0877 5208  LanmanWorkstation - ok
13:43:14.0909 5208  [ CEEFD29FC551F289810B0B9381B321DC ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
13:43:14.0924 5208  lltdio - ok
13:43:14.0956 5208  [ BCF53485E0A94722CDE3C4A93CD8EB8C ] lltdsvc         C:\Windows\System32\lltdsvc.dll
13:43:14.0971 5208  lltdsvc - ok
13:43:14.0987 5208  [ 5A2F7F1CBC2E631A497DAD16164E06D2 ] lmhosts         C:\Windows\System32\lmhsvc.dll
13:43:15.0002 5208  lmhosts - ok
13:43:15.0034 5208  [ 4269D44BB47A6DA5D80B11F4C8536458 ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
13:43:15.0049 5208  LMS - ok
13:43:15.0065 5208  [ 022CDD12161B063D7852B1075BF3FFF2 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
13:43:15.0081 5208  LSI_SAS - ok
13:43:15.0096 5208  [ 07AD59D669B996F29F91817F0ECFA34F ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
13:43:15.0112 5208  LSI_SAS2 - ok
13:43:15.0112 5208  [ 216FB796AA4E252ACCE93B1BCB80B5EC ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
13:43:15.0127 5208  LSI_SCSI - ok
13:43:15.0143 5208  [ 5E80530AF37102488EE980B4A92AF99F ] LSI_SSS         C:\Windows\system32\drivers\lsi_sss.sys
13:43:15.0159 5208  LSI_SSS - ok
13:43:15.0190 5208  [ A57BA284F5996FFD32DCDBC41A4657DB ] LSM             C:\Windows\System32\lsm.dll
13:43:15.0221 5208  LSM - ok
13:43:15.0237 5208  [ 2BDC5D711FA61307CE6190D47C956368 ] luafv           C:\Windows\system32\drivers\luafv.sys
13:43:15.0268 5208  luafv - ok
13:43:15.0299 5208  [ 0BB97D43299910CBFBA59C461B99B910 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
13:43:15.0315 5208  MBAMProtector - ok
13:43:15.0378 5208  [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
13:43:15.0409 5208  MBAMScheduler - ok
13:43:15.0440 5208  [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
13:43:15.0456 5208  MBAMService - ok
13:43:15.0471 5208  [ 9B0D829C3BE4E7472DB9DD2B79908E3C ] megasas         C:\Windows\system32\drivers\megasas.sys
13:43:15.0487 5208  megasas - ok
13:43:15.0502 5208  [ ECC3F54C7AFC318271C4F0B4606D8DB0 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
13:43:15.0518 5208  MegaSR - ok
13:43:15.0549 5208  [ 2BB3EAE2EA641515D4B205CAB29E1624 ] MEIx64          C:\Windows\System32\drivers\HECIx64.sys
13:43:15.0565 5208  MEIx64 - ok
13:43:15.0612 5208  [ EEE908BE7143FCA48CF0CB87214E2AB8 ] MMCSS           C:\Windows\system32\mmcss.dll
13:43:15.0628 5208  MMCSS - ok
13:43:15.0659 5208  [ 780098AD5DA8A4822E2563984C85EF7B ] Modem           C:\Windows\system32\drivers\modem.sys
13:43:15.0674 5208  Modem - ok
13:43:15.0690 5208  [ 83EB0BF7E6EBD5B1AAC97F9DBD5EB935 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
13:43:15.0706 5208  monitor - ok
13:43:15.0721 5208  [ 618446B98C79776654340CE27C73485E ] mouclass        C:\Windows\System32\drivers\mouclass.sys
13:43:15.0737 5208  mouclass - ok
13:43:15.0737 5208  [ CB2527B8B87D83E56FBF3944BBB6F606 ] mouhid          C:\Windows\System32\drivers\mouhid.sys
13:43:15.0768 5208  mouhid - ok
13:43:15.0768 5208  [ 89D263DBF08119CE16273991C120D6DD ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
13:43:15.0784 5208  mountmgr - ok
13:43:15.0831 5208  [ C9E45CF331F5D966F77E0CE635D8E028 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
13:43:15.0846 5208  MozillaMaintenance - ok
13:43:15.0862 5208  [ 0D1609DD82C7440F5D5BF21A9D4D5C0C ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
13:43:15.0878 5208  mpsdrv - ok
13:43:15.0924 5208  [ 3031573A739DBEE8923851929D0AF423 ] MpsSvc          C:\Windows\system32\mpssvc.dll
13:43:15.0956 5208  MpsSvc - ok
13:43:15.0987 5208  [ 3D70147F55F1EC84EB9139ED7FFE48BC ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
13:43:16.0003 5208  MRxDAV - ok
13:43:16.0049 5208  [ 93179D48066918323628CB016D8C94DC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
13:43:16.0065 5208  mrxsmb - ok
13:43:16.0096 5208  [ 06D5F2FA3C61E8EA91648EA8E9F99FD3 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:43:16.0112 5208  mrxsmb10 - ok
13:43:16.0143 5208  [ 5C7DD2E5759FFCCD2C7341C1B90F2B26 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:43:16.0159 5208  mrxsmb20 - ok
13:43:16.0174 5208  [ 98487487D6B3797CA927E9D7B030AE13 ] MsBridge        C:\Windows\system32\DRIVERS\bridge.sys
13:43:16.0206 5208  MsBridge - ok
13:43:16.0206 5208  [ 4A07458EB4F17573BD39F22029A991C1 ] MSDTC           C:\Windows\System32\msdtc.exe
13:43:16.0237 5208  MSDTC - ok
13:43:16.0237 5208  [ 3886F1F2A4D2900ABAA7E4486BEEE6A2 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
13:43:16.0268 5208  Msfs - ok
13:43:16.0299 5208  [ C32A7A39B960A42BA9D4FBE47213CA03 ] msgpiowin32     C:\Windows\System32\drivers\msgpiowin32.sys
13:43:16.0315 5208  msgpiowin32 - ok
13:43:16.0346 5208  [ D3857A767B91A061B408CCAB02DA4F40 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
13:43:16.0362 5208  mshidkmdf - ok
13:43:16.0362 5208  [ 839B48910FB1E887635C48F3EC11A05E ] mshidumdf       C:\Windows\System32\drivers\mshidumdf.sys
13:43:16.0378 5208  mshidumdf - ok
13:43:16.0393 5208  [ 55C0DB741E3AB7463242B185B1C2997C ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
13:43:16.0409 5208  msisadrv - ok
13:43:16.0440 5208  [ 216C6B035A4BA5560E1255BD8E5BB89F ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
13:43:16.0471 5208  MSiSCSI - ok
13:43:16.0487 5208  msiserver - ok
13:43:16.0487 5208  [ 509809566E49F4411055864EA8D437CD ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
13:43:16.0503 5208  MSKSSRV - ok
13:43:16.0518 5208  [ 63145201D6458E4958E572E7D6FC2604 ] MsLldp          C:\Windows\system32\DRIVERS\mslldp.sys
13:43:16.0534 5208  MsLldp - ok
13:43:16.0534 5208  [ 99D526E803DB6D7FF290FD98B6204641 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
13:43:16.0549 5208  MSPCLOCK - ok
13:43:16.0549 5208  [ 06FA77C3E2A491ADCD704C5E73006269 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
13:43:16.0581 5208  MSPQM - ok
13:43:16.0596 5208  [ E134EC4DE11CF78CB01432D180710D84 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
13:43:16.0628 5208  MsRPC - ok
13:43:16.0643 5208  [ B5AECF12F09DEE97C9FCAA5BA016CE1E ] mssmbios        C:\Windows\System32\drivers\mssmbios.sys
13:43:16.0659 5208  mssmbios - ok
13:43:16.0674 5208  [ 72D66A05E0F99F2528F6C6204FD22AA1 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
13:43:16.0690 5208  MSTEE - ok
13:43:16.0690 5208  [ 8AAAE399FC255FA105D4158CBA289001 ] MTConfig        C:\Windows\System32\drivers\MTConfig.sys
13:43:16.0721 5208  MTConfig - ok
13:43:16.0737 5208  [ 3BCB702F3E6CC622DCAFCAA45D7CDE0A ] Mup             C:\Windows\system32\Drivers\mup.sys
13:43:16.0753 5208  Mup - ok
13:43:16.0753 5208  [ 3A1E095277BBD406CEA8EA6B76950664 ] mvumis          C:\Windows\system32\drivers\mvumis.sys
13:43:16.0768 5208  mvumis - ok
13:43:16.0784 5208  [ C009123B206C56854F4E88596035231D ] mwlPSDFilter    C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
13:43:16.0799 5208  mwlPSDFilter - ok
13:43:16.0799 5208  [ BF3739EEB9F008B1DEBAC115089A53F8 ] mwlPSDNServ     C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
13:43:16.0815 5208  mwlPSDNServ - ok
13:43:16.0831 5208  [ 38DD143D95E7A01B86F219DDA9C28779 ] mwlPSDVDisk     C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
13:43:16.0846 5208  mwlPSDVDisk - ok
13:43:16.0878 5208  [ 4B18840511D720BA118D3017E8165875 ] napagent        C:\Windows\system32\qagentRT.dll
13:43:16.0909 5208  napagent - ok
13:43:16.0940 5208  [ 43D7388A90A4C6EA346A4D6FF0377479 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
13:43:16.0956 5208  NativeWifiP - ok
13:43:16.0987 5208  [ 6A0C3996DA7DAE6D6939676D786EEEC4 ] NcaSvc          C:\Windows\System32\ncasvc.dll
13:43:17.0003 5208  NcaSvc - ok
13:43:17.0018 5208  [ C982FE4CC91DECE2259F494FCEB4030F ] NcdAutoSetup    C:\Windows\System32\NcdAutoSetup.dll
13:43:17.0034 5208  NcdAutoSetup - ok
13:43:17.0096 5208  [ 03CFE4108D1DE16D6C59455B5C73319C ] NDIS            C:\Windows\system32\drivers\ndis.sys
13:43:17.0143 5208  NDIS - ok
13:43:17.0143 5208  [ 39C8A1D9D46F5E83A016BCAB72455284 ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
13:43:17.0174 5208  NdisCap - ok
13:43:17.0174 5208  [ 762941932B7E4C588E48A577BA9D6440 ] NdisImPlatform  C:\Windows\system32\DRIVERS\NdisImPlatform.sys
13:43:17.0206 5208  NdisImPlatform - ok
13:43:17.0221 5208  [ 7A6F8A6D0E01432EBA294EF29CDD0FA7 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
13:43:17.0237 5208  NdisTapi - ok
13:43:17.0253 5208  [ 79AB68BB3FFF974AD4F41FA559F4EC67 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
13:43:17.0268 5208  Ndisuio - ok
13:43:17.0284 5208  [ 62C7DBF4F9301F76CF87D4B9D8F57BF8 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
13:43:17.0299 5208  NdisWan - ok
13:43:17.0315 5208  [ 62C7DBF4F9301F76CF87D4B9D8F57BF8 ] NDISWANLEGACY   C:\Windows\system32\DRIVERS\ndiswan.sys
13:43:17.0331 5208  NDISWANLEGACY - ok
13:43:17.0346 5208  [ CE6EBC0AD38CC6482D8FBB744FF15CE2 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
13:43:17.0362 5208  NDProxy - ok
13:43:17.0378 5208  [ D3F60A4345FCA9C1BE68AD7D0D6DE770 ] Ndu             C:\Windows\system32\drivers\Ndu.sys
13:43:17.0393 5208  Ndu - ok
13:43:17.0409 5208  [ 7C203A76394F9AE68F69EEE5F9612C4A ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
13:43:17.0424 5208  NetBIOS - ok
13:43:17.0440 5208  [ 7CEC25C682D319D484630B3952C31A11 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
13:43:17.0471 5208  NetBT - ok
13:43:17.0471 5208  [ F702AB6181513303AB0FC8D59E52708B ] Netlogon        C:\Windows\system32\lsass.exe
13:43:17.0503 5208  Netlogon - ok
13:43:17.0534 5208  [ 89519D29CBEC2121CA65CC29C4D345E0 ] Netman          C:\Windows\System32\netman.dll
13:43:17.0565 5208  Netman - ok
13:43:17.0612 5208  [ 5FF52E13C72838D87DAF228EC9E92C89 ] netprofm        C:\Windows\System32\netprofmsvc.dll
13:43:17.0643 5208  netprofm - ok
13:43:17.0706 5208  [ 5243CFC2E7161C91C2B355240035B9E4 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:43:17.0737 5208  NetTcpPortSharing - ok
13:43:17.0753 5208  [ 12DD2800E4EEA37DC9AE256AD62423B4 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
13:43:17.0768 5208  nfrd960 - ok
13:43:17.0800 5208  [ 80ABCD4C2DE9FD832477303AE0CA3BE5 ] NlaSvc          C:\Windows\System32\nlasvc.dll
13:43:17.0815 5208  NlaSvc - ok
13:43:17.0846 5208  [ 17E19A742FB30C002F8B43575451DBE1 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
13:43:17.0878 5208  Npfs - ok
13:43:17.0878 5208  [ 8ED299C30792544264E558BEA79F0947 ] npsvctrig       C:\Windows\System32\drivers\npsvctrig.sys
13:43:17.0909 5208  npsvctrig - ok
13:43:17.0924 5208  [ 832B5FDF0B5577713FD7F2465FCD0ACE ] nsi             C:\Windows\system32\nsisvc.dll
13:43:17.0940 5208  nsi - ok
13:43:17.0956 5208  [ 689B3B1E95C70ABF7AFF29F9406EF1E0 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
13:43:17.0971 5208  nsiproxy - ok
13:43:18.0034 5208  [ 76929F4A69E425911A63B407E26C2589 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
13:43:18.0112 5208  Ntfs - ok
13:43:18.0159 5208  [ A9AE582FE2240E7FB0E9C11E1CC762A0 ] NTI IScheduleSvc C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
13:43:18.0175 5208  NTI IScheduleSvc - ok
13:43:18.0190 5208  [ EE3BA1024594D5D09E314F206B94069E ] NTIDrvr         C:\Windows\system32\drivers\NTIDrvr.sys
13:43:18.0206 5208  NTIDrvr - ok
13:43:18.0221 5208  [ 4163ADE07DB51843AE31F65B94F5398D ] Null            C:\Windows\system32\drivers\Null.sys
13:43:18.0237 5208  Null - ok
13:43:18.0253 5208  [ D6D34118263412D3AAA8348A9572B7F2 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
13:43:18.0268 5208  nvraid - ok
13:43:18.0284 5208  [ 27AFC428D1D32ABD04A86763A4EDDEA9 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
13:43:18.0315 5208  nvstor - ok
13:43:18.0331 5208  [ 051CFB5107BAAE510419BDC41F8C4036 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
13:43:18.0346 5208  nv_agp - ok
13:43:18.0393 5208  [ B9C125314A025127FE562C116D614AA3 ] ose64           C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:43:18.0409 5208  ose64 - ok
13:43:18.0471 5208  [ AB76700D764A342D7475FB8F47CAB18C ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
13:43:18.0487 5208  p2pimsvc - ok
13:43:18.0550 5208  [ 4319FD931DCD796435ECB5DB4A04FBA5 ] p2psvc          C:\Windows\system32\p2psvc.dll
13:43:18.0565 5208  p2psvc - ok
13:43:18.0581 5208  [ 4563DAF8C6A740AD7F501E219BD10766 ] Parport         C:\Windows\System32\drivers\parport.sys
13:43:18.0596 5208  Parport - ok
13:43:18.0643 5208  [ D6ACCF9F2EEEEA711C14EFD976E573F3 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
13:43:18.0659 5208  partmgr - ok
13:43:18.0675 5208  [ 4811D9EC53649105A5A8BEA661B0F936 ] PcaSvc          C:\Windows\System32\pcasvc.dll
13:43:18.0706 5208  PcaSvc - ok
13:43:18.0721 5208  [ 4A003E8F718C1E6A2050CA98CD53E3E2 ] pci             C:\Windows\system32\drivers\pci.sys
13:43:18.0737 5208  pci - ok
13:43:18.0753 5208  [ F9908D274D458220F91E89B54D78D837 ] pciide          C:\Windows\system32\drivers\pciide.sys
13:43:18.0768 5208  pciide - ok
13:43:18.0784 5208  [ 84D19CB6102627932DCB5DFDF89FE269 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
13:43:18.0815 5208  pcmcia - ok
13:43:18.0831 5208  [ CEBBAD5391C2644560C55628A40BFD27 ] pcw             C:\Windows\system32\drivers\pcw.sys
13:43:18.0846 5208  pcw - ok
13:43:18.0862 5208  [ AECC24430301DBC6A76916E3029B6B83 ] pdc             C:\Windows\system32\drivers\pdc.sys
13:43:18.0878 5208  pdc - ok
13:43:18.0925 5208  [ 70DBB6A8B52B3830922F1C5789E1BEEB ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
13:43:18.0956 5208  PEAUTH - ok
13:43:19.0003 5208  [ EB88FA19F0EA05DD04BE9C5FFEEFFE1A ] PerfHost        C:\Windows\SysWow64\perfhost.exe
13:43:19.0018 5208  PerfHost - ok
13:43:19.0081 5208  [ 6E84BFF58F7643499277F29DFA2F8C8D ] pla             C:\Windows\system32\pla.dll
13:43:19.0128 5208  pla - ok
13:43:19.0159 5208  [ 799BE46D45D486704CE0F37CA5385262 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
13:43:19.0175 5208  PlugPlay - ok
13:43:19.0190 5208  [ 8E2414E818C26C4A9C70CB2B8567F04F ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
13:43:19.0206 5208  PNRPAutoReg - ok
13:43:19.0237 5208  [ AB76700D764A342D7475FB8F47CAB18C ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
13:43:19.0253 5208  PNRPsvc - ok
13:43:19.0284 5208  [ 0108C8E5176D590F242701EF5A62CC26 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
13:43:19.0315 5208  PolicyAgent - ok
13:43:19.0346 5208  [ F1E067F56373F11EA4B785CAE823740A ] Power           C:\Windows\system32\umpo.dll
13:43:19.0362 5208  Power - ok
13:43:19.0393 5208  [ 362D47E5B4D67270DE4B8606036F4ADD ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
13:43:19.0409 5208  PptpMiniport - ok
13:43:19.0518 5208  [ C2D3B3D0060619D5E03E696BD56FF59F ] PrintNotify     C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll
13:43:19.0581 5208  PrintNotify - ok
13:43:19.0612 5208  [ DD979EB6A7212F60E4AFBE96EDC7AE6D ] Processor       C:\Windows\System32\drivers\processr.sys
13:43:19.0628 5208  Processor - ok
13:43:19.0659 5208  [ 429E8502AD2227CF88F8840FC5BD590D ] ProfSvc         C:\Windows\system32\profsvc.dll
13:43:19.0675 5208  ProfSvc - ok
13:43:19.0706 5208  [ AF038FA3D3748B7595FE7096AD803696 ] Ps2Kb2Hid       C:\Windows\System32\drivers\aPs2Kb2Hid.sys
13:43:19.0721 5208  Ps2Kb2Hid - ok
13:43:19.0737 5208  [ EB8034147D4820CD31BFCB11A2A652DF ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
13:43:19.0753 5208  Psched - ok
13:43:19.0784 5208  [ 0AFBF333B6F87A2F598EAB379AF100B8 ] QWAVE           C:\Windows\system32\qwave.dll
13:43:19.0815 5208  QWAVE - ok
13:43:19.0831 5208  [ 13D47BB0CCA2FC51BD15F8E85C6A078E ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
13:43:19.0846 5208  QWAVEdrv - ok
13:43:19.0862 5208  [ 873C60F8178100557740A832FCE10B5F ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
13:43:19.0893 5208  RasAcd - ok
13:43:19.0893 5208  [ 69B93F623B130976243ECA3D84CC99CA ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
13:43:19.0925 5208  RasAgileVpn - ok
13:43:19.0956 5208  [ 005F6E54C4A2DA4EBF68FB0392CE8BB0 ] RasAuto         C:\Windows\System32\rasauto.dll
13:43:19.0971 5208  RasAuto - ok
13:43:19.0987 5208  [ A14D625C5AEE5FFE0F47D1A1D419FAAE ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
13:43:20.0018 5208  Rasl2tp - ok
13:43:20.0018 5208  [ C923C785A2DE0B396AD6D13ACAFF2DE9 ] RasMan          C:\Windows\System32\rasmans.dll
13:43:20.0050 5208  RasMan - ok
13:43:20.0065 5208  [ 00695B9C2DB6111064499C529E90C042 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
13:43:20.0081 5208  RasPppoe - ok
13:43:20.0112 5208  [ A7F24D8CD1956B0A1FDCB86CC5114DE4 ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
13:43:20.0128 5208  RasSstp - ok
13:43:20.0143 5208  [ B72C33DBD5326B3864CF2091AF8B906B ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
13:43:20.0175 5208  rdbss - ok
13:43:20.0190 5208  [ CA7DF5EC95D8DE0DD24BE7FF97369F68 ] rdpbus          C:\Windows\System32\drivers\rdpbus.sys
13:43:20.0206 5208  rdpbus - ok
13:43:20.0222 5208  [ B2A3AD74FF2E2FFA73AF2567108231B3 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
13:43:20.0237 5208  RDPDR - ok
13:43:20.0268 5208  [ 57F4787E4602A3FCA719C0A33137C6DA ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
13:43:20.0284 5208  RdpVideoMiniport - ok
13:43:20.0300 5208  [ B3CB0721E81E30419CE7D837EF4EA151 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
13:43:20.0315 5208  RDPWD - ok
13:43:20.0331 5208  [ 62C1F8A0685FE07E998AA296C4F697C4 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
13:43:20.0346 5208  rdyboost - ok
13:43:20.0378 5208  [ 3663CCF243EE0C04E9F6F91ED1737273 ] RemoteAccess    C:\Windows\System32\mprdim.dll
13:43:20.0409 5208  RemoteAccess - ok
13:43:20.0456 5208  [ E80DD61E52EDFFF9DA1ED7260A68855B ] RemoteRegistry  C:\Windows\system32\regsvc.dll
13:43:20.0472 5208  RemoteRegistry - ok
13:43:20.0503 5208  [ CF59781FCB68F859EB6C835ED285211D ] RfButtonDriverService C:\Windows\RfBtnSvc64.exe
13:43:20.0518 5208  RfButtonDriverService - ok
13:43:20.0550 5208  [ 17EF582CBC4809F96B9E6D0543480763 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
13:43:20.0581 5208  RFCOMM - ok
13:43:20.0597 5208  [ 73F2E030B5C24E4E41401B5F0D59E6FD ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
13:43:20.0628 5208  RpcEptMapper - ok
13:43:20.0643 5208  [ 10B21284B3D964AB3DC45490E57D422E ] RpcLocator      C:\Windows\system32\locator.exe
13:43:20.0659 5208  RpcLocator - ok
13:43:20.0690 5208  [ 1EC6E533C954BDDF2A37E7851A7E58FD ] RpcSs           C:\Windows\system32\rpcss.dll
13:43:20.0722 5208  RpcSs - ok
13:43:20.0753 5208  [ 7BFDFD1D2244B444D7BBC55087426518 ] RSPCIESTOR      C:\Windows\system32\DRIVERS\RtsPStor.sys
13:43:20.0784 5208  RSPCIESTOR - ok
13:43:20.0800 5208  [ E04E770DD198B9399640717145E79EBF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
13:43:20.0831 5208  rspndr - ok
13:43:20.0831 5208  [ 752EC7DCD2F96871A3857EEE6AFE965A ] s3cap           C:\Windows\System32\drivers\vms3cap.sys
13:43:20.0847 5208  s3cap - ok
13:43:20.0878 5208  [ F702AB6181513303AB0FC8D59E52708B ] SamSs           C:\Windows\system32\lsass.exe
13:43:20.0893 5208  SamSs - ok
13:43:20.0909 5208  [ 9C7B28CE0D136DB226E24DB3BC817F92 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
13:43:20.0940 5208  sbp2port - ok
13:43:20.0972 5208  [ 14316954FCE79C9DE5A0AFF9D42C83AA ] SCardSvr        C:\Windows\System32\SCardSvr.dll
13:43:21.0003 5208  SCardSvr - ok
13:43:21.0018 5208  [ 5D7733A12756B267FCA021672B26BC9E ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
13:43:21.0050 5208  scfilter - ok
13:43:21.0112 5208  [ EDCDF4DB82EF825B94B190D544C8C58B ] Schedule        C:\Windows\system32\schedsvc.dll
13:43:21.0159 5208  Schedule - ok
13:43:21.0268 5208  [ BAF8F0F55BC300E5F882E521F054E345 ] SCPolicySvc     C:\Windows\System32\certprop.dll
13:43:21.0284 5208  SCPolicySvc - ok
13:43:21.0331 5208  [ 12F06525912BBEF67837DE47D87C60A9 ] sdbus           C:\Windows\System32\drivers\sdbus.sys
13:43:21.0347 5208  sdbus - ok
13:43:21.0409 5208  [ 92968277ED491E4B3DDA361E3952361E ] SDRSVC          C:\Windows\System32\SDRSVC.dll
13:43:21.0425 5208  SDRSVC - ok
13:43:21.0472 5208  [ BB107AA9980B0DA4E19A3A90C3BD4460 ] sdstor          C:\Windows\System32\drivers\sdstor.sys
13:43:21.0503 5208  sdstor - ok
13:43:21.0518 5208  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
13:43:21.0534 5208  secdrv - ok
13:43:21.0565 5208  [ CD282626738B6BC92B6E7CD0AAE95B63 ] seclogon        C:\Windows\system32\seclogon.dll
13:43:21.0597 5208  seclogon - ok
13:43:21.0612 5208  [ 9C51620998F0763039DFA6BF68E475ED ] SENS            C:\Windows\System32\sens.dll
13:43:21.0643 5208  SENS - ok
13:43:21.0659 5208  [ 0D50B4B860DAB65241628D04CD33ACAE ] SensrSvc        C:\Windows\system32\sensrsvc.dll
13:43:21.0690 5208  SensrSvc - ok
13:43:21.0722 5208  [ 87C46B239A7EEF30FDFDD5E9BD46130C ] SerCx           C:\Windows\system32\drivers\SerCx.sys
13:43:21.0737 5208  SerCx - ok
13:43:21.0737 5208  [ 7A1F9347C85FD55E39B8A76B3A25C5AD ] Serenum         C:\Windows\System32\drivers\serenum.sys
13:43:21.0768 5208  Serenum - ok
13:43:21.0768 5208  [ F640A0A218BBF857F1D04A15D7D939F6 ] Serial          C:\Windows\System32\drivers\serial.sys
13:43:21.0784 5208  Serial - ok
13:43:21.0800 5208  [ F1A5F56B2620B862CC28FF96A0A6DAAB ] sermouse        C:\Windows\System32\drivers\sermouse.sys
13:43:21.0815 5208  sermouse - ok
13:43:21.0847 5208  [ CB60A60340788C8D6DE2A269D28086AB ] SessionEnv      C:\Windows\system32\sessenv.dll
13:43:21.0862 5208  SessionEnv - ok
13:43:21.0878 5208  [ 7EE65419B29302C795714FF8073969A1 ] sfloppy         C:\Windows\System32\drivers\sfloppy.sys
13:43:21.0893 5208  sfloppy - ok
13:43:21.0925 5208  [ 090AE16F79C8EAD04E6031F863DA85F3 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
13:43:21.0956 5208  SharedAccess - ok
13:43:21.0987 5208  [ A77F3ABE13FCC698511E5DEC7ACEBD5F ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:43:22.0034 5208  ShellHWDetection - ok
13:43:22.0034 5208  [ 2560721D6F16D5B611C36A3A9D28C1B2 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
13:43:22.0065 5208  SiSRaid2 - ok
13:43:22.0081 5208  [ 3AA8FDE1DBF65BB8B88B053529554A0D ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
13:43:22.0112 5208  SiSRaid4 - ok
13:43:22.0128 5208  [ E660156A4588A84305CB772FD2C0DB21 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
13:43:22.0159 5208  SNMPTRAP - ok
13:43:22.0175 5208  [ 465F3C355CE5ED2779B8F460F14C5A78 ] spaceport       C:\Windows\system32\drivers\spaceport.sys
13:43:22.0190 5208  spaceport - ok
13:43:22.0190 5208  [ 3D8679C8DF52EB26EB7583A4E0A29202 ] SpbCx           C:\Windows\system32\drivers\SpbCx.sys
13:43:22.0206 5208  SpbCx - ok
13:43:22.0237 5208  [ 3F215BF2D4D8D6756298B25B579772C2 ] Spooler         C:\Windows\System32\spoolsv.exe
13:43:22.0268 5208  Spooler - ok
13:43:22.0362 5208  [ EC84D961501054F87A6878EC5D53388F ] sppsvc          C:\Windows\system32\sppsvc.exe
13:43:22.0503 5208  sppsvc - ok
13:43:22.0518 5208  [ 0F1FCD575A03ABDE13FCA9D0ADE4DDA6 ] srv             C:\Windows\system32\DRIVERS\srv.sys
13:43:22.0534 5208  srv - ok
13:43:22.0612 5208  [ 9912FDF63EC78E1977083E20DEAE4889 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
13:43:22.0643 5208  srv2 - ok
13:43:22.0675 5208  [ FD8B4F201B681C555A4AF41922C52557 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
13:43:22.0690 5208  srvnet - ok
13:43:22.0722 5208  [ 7A20882D76D4A78240A5AC9F2C2EBA21 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
13:43:22.0753 5208  SSDPSRV - ok
13:43:22.0800 5208  [ D233B16999A8E626F6004BD7814C57EC ] SstpSvc         C:\Windows\system32\sstpsvc.dll
13:43:22.0815 5208  SstpSvc - ok
13:43:22.0862 5208  [ B4C983DA20E2970E21893BF0E4EE2AD8 ] ssudmdm         C:\Windows\system32\DRIVERS\ssudmdm.sys
13:43:22.0894 5208  ssudmdm - ok
13:43:22.0909 5208  [ 4E85355B94CFCB67C135F6521A4895A7 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
13:43:22.0940 5208  stexstor - ok
13:43:22.0987 5208  [ BAC8A721736AECC55A4F71523AEAB65F ] stisvc          C:\Windows\System32\wiaservc.dll
13:43:23.0019 5208  stisvc - ok
13:43:23.0034 5208  [ C588BBD37B432CE3204E5765B459E6B2 ] storahci        C:\Windows\system32\drivers\storahci.sys
13:43:23.0050 5208  storahci - ok
13:43:23.0050 5208  [ F74DBC95A57B1EE866D3732EB5F79BE2 ] storflt         C:\Windows\system32\DRIVERS\vmstorfl.sys
13:43:23.0065 5208  storflt - ok
13:43:23.0097 5208  [ 5337E138B49ED1F44CCBA4073BC35C20 ] StorSvc         C:\Windows\system32\storsvc.dll
13:43:23.0112 5208  StorSvc - ok
13:43:23.0128 5208  [ 543CD3CC0E05B8D8815E0D4F040B6F59 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
13:43:23.0159 5208  storvsc - ok
13:43:23.0159 5208  [ 8BC1C1ED6EF9C985A3FAA6A72F41679A ] svsvc           C:\Windows\system32\svsvc.dll
13:43:23.0190 5208  svsvc - ok
13:43:23.0206 5208  [ 4AFD66AAE74FFB5986BC240744DC5FC9 ] swenum          C:\Windows\System32\drivers\swenum.sys
13:43:23.0222 5208  swenum - ok
13:43:23.0237 5208  [ 502F9488540051F3E6C39889ECFA76BB ] swprv           C:\Windows\System32\swprv.dll
13:43:23.0269 5208  swprv - ok
13:43:23.0315 5208  [ DC21E1F06343773D7E24362DCEF7944B ] SysMain         C:\Windows\system32\sysmain.dll
13:43:23.0362 5208  SysMain - ok
13:43:23.0409 5208  [ E219BF7BCCFE4881B0C053C7E0B47ECC ] SystemEventsBroker C:\Windows\System32\SystemEventsBrokerServer.dll
13:43:23.0425 5208  SystemEventsBroker - ok
13:43:23.0456 5208  [ A6C06C45C44AD06C70AF8899AEC15BDC ] TabletInputService C:\Windows\System32\TabSvc.dll
13:43:23.0487 5208  TabletInputService - ok
13:43:23.0487 5208  [ 88B7721AB551C4325036B25A34A2BF7B ] TapiSrv         C:\Windows\System32\tapisrv.dll
13:43:23.0519 5208  TapiSrv - ok
13:43:23.0581 5208  [ F4F78B7F39BD56BD0BFE4C4399398F6F ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
13:43:23.0675 5208  Tcpip - ok
13:43:23.0737 5208  [ F4F78B7F39BD56BD0BFE4C4399398F6F ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
13:43:23.0815 5208  TCPIP6 - ok
13:43:23.0847 5208  [ 8F2A13A5DF99D72FDDE87F502A66F989 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
13:43:23.0862 5208  tcpipreg - ok
13:43:23.0878 5208  [ 73DC722CE5DF26D7638CE2446F2655C7 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
13:43:23.0894 5208  tdx - ok
13:43:23.0925 5208  [ F7C8AB5D8AFFAA318D6A21093D139BF4 ] terminpt        C:\Windows\System32\drivers\terminpt.sys
13:43:23.0940 5208  terminpt - ok
13:43:23.0987 5208  [ 541EE228D0DEF392F7B2DFD885DD021B ] TermService     C:\Windows\System32\termsrv.dll
13:43:24.0019 5208  TermService - ok
13:43:24.0034 5208  [ 519A6F672FFF56B7D8EE8C730CEC8ECD ] Themes          C:\Windows\system32\themeservice.dll
13:43:24.0065 5208  Themes - ok
13:43:24.0097 5208  [ EEE908BE7143FCA48CF0CB87214E2AB8 ] THREADORDER     C:\Windows\system32\mmcss.dll
13:43:24.0112 5208  THREADORDER - ok
13:43:24.0144 5208  [ FF4135424A79DCC2998276D8E39C9B4D ] TimeBroker      C:\Windows\System32\TimeBrokerServer.dll
13:43:24.0159 5208  TimeBroker - ok
13:43:24.0206 5208  [ B44EFE254C0B3719E4037088D24FE4B5 ] TPM             C:\Windows\system32\drivers\tpm.sys
13:43:24.0237 5208  TPM - ok
13:43:24.0269 5208  [ 8C8CF3041B27E7657ADD0EE17F6DBFCA ] TrkWks          C:\Windows\System32\trkwks.dll
13:43:24.0300 5208  TrkWks - ok
13:43:24.0362 5208  [ 8D516AEF3C1DF980664CF17BB1FF6093 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:43:24.0378 5208  TrustedInstaller - ok
13:43:24.0425 5208  [ 4E7C5FB10A50435523DE0CAA37DE2BD3 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
13:43:24.0440 5208  TsUsbFlt - ok
13:43:24.0440 5208  [ 16D684A820872EE54F6370703AC0B513 ] TsUsbGD         C:\Windows\System32\drivers\TsUsbGD.sys
13:43:24.0472 5208  TsUsbGD - ok
13:43:24.0487 5208  [ 78C9EE193AC2B4CBDBC48B620314D740 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
13:43:24.0503 5208  tunnel - ok
13:43:24.0503 5208  [ 6D4F67CA56ACA2085DFA2CD89EAFBC1A ] uagp35          C:\Windows\system32\drivers\uagp35.sys
13:43:24.0534 5208  uagp35 - ok
13:43:24.0534 5208  [ 6FD6D03B7752C78712E5CFF29A305026 ] UASPStor        C:\Windows\System32\drivers\uaspstor.sys
13:43:24.0550 5208  UASPStor - ok
13:43:24.0565 5208  [ A17D5E1A6DF4EAB0A480F2C490DE4C9D ] UBHelper        C:\Windows\system32\drivers\UBHelper.sys
13:43:24.0581 5208  UBHelper - ok
13:43:24.0612 5208  [ 1ED222DFE6C13DA50FE081ABF90CAFE1 ] UCX01000        C:\Windows\System32\drivers\ucx01000.sys
13:43:24.0628 5208  UCX01000 - ok
13:43:24.0644 5208  [ DC5A461591C71AF7F19DC048A81E3F88 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
13:43:24.0675 5208  udfs - ok
13:43:24.0706 5208  [ FB3475FEA1CCB0DAEA1EBE44D0E3BB7D ] UI0Detect       C:\Windows\system32\UI0Detect.exe
13:43:24.0722 5208  UI0Detect - ok
13:43:24.0753 5208  [ 07FEBCDF24FABA0D47B635D85A0FFB7A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
13:43:24.0784 5208  uliagpkx - ok
13:43:24.0816 5208  [ 02CEB3FE6152668A7BA420B93B664860 ] umbus           C:\Windows\System32\drivers\umbus.sys
13:43:24.0831 5208  umbus - ok
13:43:24.0847 5208  [ 991EE6B5FC41EAEF99C8AF5B92F2CA09 ] UmPass          C:\Windows\System32\drivers\umpass.sys
13:43:24.0862 5208  UmPass - ok
13:43:24.0894 5208  [ 43FEFB040A0CC30F795FBF544169594D ] UmRdpService    C:\Windows\System32\umrdp.dll
13:43:24.0909 5208  UmRdpService - ok
13:43:24.0987 5208  [ DBE2E6388379D5CC78099650541E9566 ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
13:43:25.0003 5208  UNS - ok
13:43:25.0034 5208  [ 14D22C411854AA2560AFC94CD2D5E61F ] upnphost        C:\Windows\System32\upnphost.dll
13:43:25.0081 5208  upnphost - ok
13:43:25.0097 5208  [ 2AF9F0E16D75B8F783A1ACE74EF51C9B ] usbccgp         C:\Windows\System32\drivers\usbccgp.sys
13:43:25.0112 5208  usbccgp - ok
13:43:25.0144 5208  [ B395B62B62F28106218FA6FB17F4C797 ] usbcir          C:\Windows\System32\drivers\usbcir.sys
13:43:25.0175 5208  usbcir - ok
13:43:25.0206 5208  [ 52F267AEE8CA5AA5CEB88C6A71EE1E86 ] usbehci         C:\Windows\System32\drivers\usbehci.sys
13:43:25.0222 5208  usbehci - ok
13:43:25.0253 5208  [ ADBF89B8E0BB372FEFE2E4B84E1E20AE ] usbhub          C:\Windows\System32\drivers\usbhub.sys
13:43:25.0284 5208  usbhub - ok
13:43:25.0300 5208  [ C5986337DE3BF63ABD9ED4D834D34B89 ] USBHUB3         C:\Windows\System32\drivers\UsbHub3.sys
13:43:25.0331 5208  USBHUB3 - ok
13:43:25.0347 5208  [ 325F6179009B5A7F6118951A5BA422AB ] usbohci         C:\Windows\System32\drivers\usbohci.sys
13:43:25.0362 5208  usbohci - ok
13:43:25.0378 5208  [ BA3ABE0CD1C14B3295BAD0F076B84CAC ] usbprint        C:\Windows\System32\drivers\usbprint.sys
13:43:25.0409 5208  usbprint - ok
13:43:25.0441 5208  [ A9858597B6DB695F78A37F6755A6FF98 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
13:43:25.0472 5208  usbscan - ok
13:43:25.0487 5208  [ F77177F6C95B2116EE7AD23B5EF57007 ] USBSTOR         C:\Windows\System32\drivers\USBSTOR.SYS
13:43:25.0503 5208  USBSTOR - ok
13:43:25.0534 5208  [ D25EF4A6EC244C5DE85D88A05B7C149D ] usbuhci         C:\Windows\System32\drivers\usbuhci.sys
13:43:25.0550 5208  usbuhci - ok
13:43:25.0566 5208  [ 09799E701B4327097E9F63D3FE221083 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
13:43:25.0581 5208  usbvideo - ok
13:43:25.0597 5208  [ 9CD4259AD15F84DE27B94A956C978D6C ] USBXHCI         C:\Windows\System32\drivers\USBXHCI.SYS
13:43:25.0628 5208  USBXHCI - ok
13:43:25.0675 5208  [ 96EDB0E013C1477CDC51D920B0674196 ] USecuAppSvc     C:\Program Files\Acer\Acer Theft Shield\USecuAppSvc.exe
13:43:25.0706 5208  USecuAppSvc - ok
13:43:25.0706 5208  [ F702AB6181513303AB0FC8D59E52708B ] VaultSvc        C:\Windows\system32\lsass.exe
13:43:25.0737 5208  VaultSvc - ok
13:43:25.0753 5208  [ BACECBFF9C97F7627A60B0E0F1FE7EE8 ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
13:43:25.0769 5208  vdrvroot - ok
13:43:25.0816 5208  [ 8A8CDA9E3CF2E0B4C6CC19FBC6FB9A71 ] vds             C:\Windows\System32\vds.exe
13:43:25.0847 5208  vds - ok
13:43:25.0862 5208  [ 74FA2D4368DE6F6CE14393EDF1F342BE ] VerifierExt     C:\Windows\system32\drivers\VerifierExt.sys
13:43:25.0878 5208  VerifierExt - ok
13:43:25.0909 5208  [ 8628FA679F0EC4B709CCD1F6B6A3233B ] vhdmp           C:\Windows\System32\drivers\vhdmp.sys
13:43:25.0941 5208  vhdmp - ok
13:43:25.0941 5208  [ F5B4A14B00E89250C50982AC762DDD1D ] viaide          C:\Windows\system32\drivers\viaide.sys
13:43:25.0956 5208  viaide - ok
13:43:25.0972 5208  [ 78DB50F7329F6D1311658DABFFFC8BE0 ] vmbus           C:\Windows\system32\drivers\vmbus.sys
13:43:25.0987 5208  vmbus - ok
13:43:25.0987 5208  [ ECFEE2F2BA3932C7880D1A8F67D68F91 ] VMBusHID        C:\Windows\System32\drivers\VMBusHID.sys
13:43:26.0003 5208  VMBusHID - ok
13:43:26.0034 5208  [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicheartbeat   C:\Windows\System32\ICSvc.dll
13:43:26.0066 5208  vmicheartbeat - ok
13:43:26.0066 5208  [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmickvpexchange C:\Windows\System32\ICSvc.dll
13:43:26.0097 5208  vmickvpexchange - ok
13:43:26.0097 5208  [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicrdv         C:\Windows\System32\ICSvc.dll
13:43:26.0112 5208  vmicrdv - ok
13:43:26.0128 5208  [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicshutdown    C:\Windows\System32\ICSvc.dll
13:43:26.0144 5208  vmicshutdown - ok
13:43:26.0159 5208  [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmictimesync    C:\Windows\System32\ICSvc.dll
13:43:26.0175 5208  vmictimesync - ok
13:43:26.0191 5208  [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicvss         C:\Windows\System32\ICSvc.dll
13:43:26.0206 5208  vmicvss - ok
13:43:26.0222 5208  [ CB60FAAED8B49B812EBBF77EB87D9B18 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
13:43:26.0237 5208  volmgr - ok
13:43:26.0253 5208  [ A74101DA9809251BCD0E5A26BAE0F824 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
13:43:26.0284 5208  volmgrx - ok
13:43:26.0284 5208  [ 2FB3CDFD5EAF4CD9D4AFAF96877D13AE ] volsnap         C:\Windows\system32\drivers\volsnap.sys
13:43:26.0316 5208  volsnap - ok
13:43:26.0316 5208  [ A8DA1C1B52ECEA3726DEBED4FF1B700D ] vpci            C:\Windows\System32\drivers\vpci.sys
13:43:26.0347 5208  vpci - ok
13:43:26.0347 5208  [ 38A60CD9C009C55C6D3B5586F8E6A353 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
13:43:26.0362 5208  vsmraid - ok
13:43:26.0409 5208  [ EA658570314042C914964FC72AB50E6B ] VSS             C:\Windows\system32\vssvc.exe
13:43:26.0472 5208  VSS - ok
13:43:26.0503 5208  [ A0F6FE0FC2F647C22BBFD6BD4249DBCC ] VSTXRAID        C:\Windows\system32\drivers\vstxraid.sys
13:43:26.0519 5208  VSTXRAID - ok
13:43:26.0550 5208  [ 62460A45435A26A334907E3F2EA45611 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
13:43:26.0566 5208  vwifibus - ok
13:43:26.0581 5208  [ 095E943D27025E4D588AF0A72CC2318F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
13:43:26.0597 5208  vwififlt - ok
13:43:26.0628 5208  [ 73FA1A41A97A5C34ADC03B3577FF1A86 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
13:43:26.0644 5208  vwifimp - ok
13:43:26.0691 5208  [ F690B6EEAA94576727B24376D7ED3601 ] W32Time         C:\Windows\system32\w32time.dll
13:43:26.0722 5208  W32Time - ok
13:43:26.0753 5208  [ 6B806E893714019969E2B50D7EF6A4D9 ] WacomPen        C:\Windows\System32\drivers\wacompen.sys
13:43:26.0769 5208  WacomPen - ok
13:43:26.0784 5208  [ 6081CEC9EF9EB145D8B46655C7708D51 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
13:43:26.0800 5208  Wanarp - ok
13:43:26.0816 5208  [ 6081CEC9EF9EB145D8B46655C7708D51 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
13:43:26.0831 5208  Wanarpv6 - ok
13:43:26.0878 5208  [ 42DF22F8C448E7CD219F6D63743505E2 ] wbengine        C:\Windows\system32\wbengine.exe
13:43:26.0925 5208  wbengine - ok
13:43:26.0941 5208  [ 31D37B2F6069C631EF0557D322924812 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
13:43:26.0972 5208  WbioSrvc - ok
13:43:27.0019 5208  [ D9C1E82651BF19C6FF69CEC6FD400124 ] Wcmsvc          C:\Windows\System32\wcmsvc.dll
13:43:27.0034 5208  Wcmsvc - ok
13:43:27.0066 5208  [ 5B5FEAB51172F5513C2CF7B39CFA6A01 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
13:43:27.0097 5208  wcncsvc - ok
13:43:27.0112 5208  [ E19556D414332E2BEBA1F368229006B4 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:43:27.0128 5208  WcsPlugInService - ok
13:43:27.0159 5208  [ B3A4D918DAB90505B6BC7B70632913CB ] Wd              C:\Windows\system32\drivers\wd.sys
13:43:27.0175 5208  Wd - ok
13:43:27.0206 5208  [ 6F4B5DDDC3B86091E94BC47347A78AF7 ] WdBoot          C:\Windows\system32\drivers\WdBoot.sys
13:43:27.0222 5208  WdBoot - ok
13:43:27.0253 5208  [ 2ADC985B85A71BD7D99712EC0C24358B ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
13:43:27.0284 5208  Wdf01000 - ok
13:43:27.0316 5208  [ 99D404A9A0AFC4734E014EBEBAC13F8F ] WdFilter        C:\Windows\system32\drivers\WdFilter.sys
13:43:27.0347 5208  WdFilter - ok
13:43:27.0363 5208  [ 240FC332484572227CD1DF82407F33E5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
13:43:27.0394 5208  WdiServiceHost - ok
13:43:27.0394 5208  [ 240FC332484572227CD1DF82407F33E5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
13:43:27.0425 5208  WdiSystemHost - ok
13:43:27.0456 5208  [ F2002DA5E6B78C15B2CD48CFF8F0FBB6 ] WebClient       C:\Windows\System32\webclnt.dll
13:43:27.0472 5208  WebClient - ok
13:43:27.0472 5208  [ 35FD720943D4FCD75C3275BF062FF140 ] Wecsvc          C:\Windows\system32\wecsvc.dll
13:43:27.0503 5208  Wecsvc - ok
13:43:27.0519 5208  [ 4D2612E3C462B68F499D840B1133263E ] wercplsupport   C:\Windows\System32\wercplsupport.dll
13:43:27.0566 5208  wercplsupport - ok
13:43:27.0597 5208  [ 5F70EBFC1F75B487DE79501E3CCBDB54 ] WerSvc          C:\Windows\System32\WerSvc.dll
13:43:27.0628 5208  WerSvc - ok
13:43:27.0644 5208  [ FE762D3498719C3A23471BBA62F747B4 ] WFPLWFS         C:\Windows\system32\DRIVERS\wfplwfs.sys
13:43:27.0659 5208  WFPLWFS - ok
13:43:27.0691 5208  [ 60E0C220593DA4F7C289CB909D2DBAE0 ] WiaRpc          C:\Windows\System32\wiarpc.dll
13:43:27.0706 5208  WiaRpc - ok
13:43:27.0722 5208  [ A3C7624A42A3447EF5EDD1ED37FE4E60 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
13:43:27.0738 5208  WIMMount - ok
13:43:27.0769 5208  WinDefend - ok
13:43:27.0816 5208  [ 7911470B6018059A880469A63B65700A ] WinHttpAutoProxySvc C:\Windows\system32\winhttp.dll
13:43:27.0847 5208  WinHttpAutoProxySvc - ok
13:43:27.0894 5208  [ 3D6B518B71C75C8FA4115A33615C107A ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
13:43:27.0925 5208  Winmgmt - ok
13:43:27.0988 5208  [ 8E212A627F33F6FC3B5F3BB47212F66E ] WinRM           C:\Windows\system32\WsmSvc.dll
13:43:28.0050 5208  WinRM - ok
13:43:28.0081 5208  [ BB20956C424531003F7FA6CD36F11D5D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
13:43:28.0113 5208  WinUsb - ok
13:43:28.0175 5208  [ 6351724B8FA0255C2DBD970297F00B93 ] WlanSvc         C:\Windows\System32\wlansvc.dll
13:43:28.0222 5208  WlanSvc - ok
13:43:28.0269 5208  [ B330CE47FB74A6BE9A3FFFF4B3F64D9B ] wlidsvc         C:\Windows\system32\wlidsvc.dll
13:43:28.0331 5208  wlidsvc - ok
13:43:28.0363 5208  [ E2A596CACFC6504306CDB7B593B90084 ] WmiAcpi         C:\Windows\System32\drivers\wmiacpi.sys
13:43:28.0378 5208  WmiAcpi - ok
13:43:28.0394 5208  [ D113499052C5E541906B727779F0F959 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
13:43:28.0425 5208  wmiApSrv - ok
13:43:28.0441 5208  WMPNetworkSvc - ok
13:43:28.0456 5208  [ C6FF953D5D6F2EAE3B8883474D5076B3 ] wpcfltr         C:\Windows\system32\DRIVERS\wpcfltr.sys
13:43:28.0488 5208  wpcfltr - ok
13:43:28.0503 5208  [ A6ED163169876BFD2437E872FE2F1509 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
13:43:28.0519 5208  WPCSvc - ok
13:43:28.0566 5208  [ 39D8AB837F91B729D12D32ED81E2062F ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
13:43:28.0597 5208  WPDBusEnum - ok
13:43:28.0628 5208  [ 0346CAFC181C91C6E2330332EB332ED6 ] WpdUpFltr       C:\Windows\system32\drivers\WpdUpFltr.sys
13:43:28.0659 5208  WpdUpFltr - ok
13:43:28.0691 5208  [ BC8B5CB336E63BB25EAD1CE8EDD34B81 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
13:43:28.0706 5208  ws2ifsl - ok
13:43:28.0738 5208  [ FB0C1B7F94FA08E72F19F6F2CE7210E1 ] wscsvc          C:\Windows\System32\wscsvc.dll
13:43:28.0753 5208  wscsvc - ok
13:43:28.0753 5208  WSearch - ok
13:43:28.0831 5208  [ C10BFFEE7E0D7A1366E84F251796C51D ] WSService       C:\Windows\System32\WSService.dll
13:43:28.0925 5208  WSService - ok
13:43:29.0003 5208  [ A8484C0CB54DB48180FB7CA00F1C3F8F ] wuauserv        C:\Windows\system32\wuaueng.dll
13:43:29.0097 5208  wuauserv - ok
13:43:29.0113 5208  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
13:43:29.0128 5208  WudfPf - ok
13:43:29.0128 5208  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\System32\drivers\WUDFRd.sys
13:43:29.0159 5208  WUDFRd - ok
13:43:29.0159 5208  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFSensorLP    C:\Windows\system32\DRIVERS\WUDFRd.sys
13:43:29.0175 5208  WUDFSensorLP - ok
13:43:29.0206 5208  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
13:43:29.0222 5208  wudfsvc - ok
13:43:29.0238 5208  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFWpdFs       C:\Windows\system32\DRIVERS\WUDFRd.sys
13:43:29.0253 5208  WUDFWpdFs - ok
13:43:29.0284 5208  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFWpdMtp      C:\Windows\system32\DRIVERS\WUDFRd.sys
13:43:29.0300 5208  WUDFWpdMtp - ok
13:43:29.0363 5208  [ F9D8D2E6ECE08B278621D5BF3A7240A6 ] WwanSvc         C:\Windows\System32\wwansvc.dll
13:43:29.0378 5208  WwanSvc - ok
13:43:29.0409 5208  ================ Scan global ===============================
13:43:29.0488 5208  [ DDC1AFBF9DDF880CE9BD3896114D8DED ] C:\Windows\system32\basesrv.dll
13:43:29.0519 5208  [ E9343076AE704D20BB0D01F3AF3EFFEF ] C:\Windows\system32\winsrv.dll
13:43:29.0534 5208  [ BD7C6949984D19AAA609896B675E7357 ] C:\Windows\system32\sxssrv.dll
13:43:29.0581 5208  [ 8F226143046435C75C033B0C52E90FFE ] C:\Windows\system32\services.exe
13:43:29.0581 5208  [Global] - ok
13:43:29.0581 5208  ================ Scan MBR ==================================
13:43:29.0613 5208  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
13:43:29.0706 5208  \Device\Harddisk0\DR0 - ok
13:43:29.0722 5208  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
13:43:29.0753 5208  \Device\Harddisk1\DR1 - ok
13:43:29.0753 5208  ================ Scan VBR ==================================
13:43:29.0785 5208  [ D8B6EF1A2841A0D49E9FF5A5DC2441B3 ] \Device\Harddisk0\DR0\Partition1
13:43:29.0800 5208  \Device\Harddisk0\DR0\Partition1 - ok
13:43:29.0800 5208  [ D6B3306E0BD861A5E0AC6131DBDC1163 ] \Device\Harddisk0\DR0\Partition2
13:43:29.0800 5208  \Device\Harddisk0\DR0\Partition2 - ok
13:43:29.0816 5208  [ B7B505099CCCC272CA89B47574FEAE84 ] \Device\Harddisk0\DR0\Partition3
13:43:29.0816 5208  \Device\Harddisk0\DR0\Partition3 - ok
13:43:29.0816 5208  [ E02ECE684F4A2CCBD50D589553EFAE6E ] \Device\Harddisk0\DR0\Partition4
13:43:29.0831 5208  \Device\Harddisk0\DR0\Partition4 - ok
13:43:29.0863 5208  [ B70A191B3EFBA525319D07F44F41EAD6 ] \Device\Harddisk0\DR0\Partition5
13:43:29.0863 5208  \Device\Harddisk0\DR0\Partition5 - ok
13:43:29.0863 5208  [ 1C66F3AAE6AFE7BE2F1F8F4113EAF521 ] \Device\Harddisk1\DR1\Partition1
13:43:29.0863 5208  \Device\Harddisk1\DR1\Partition1 - ok
13:43:29.0863 5208  [ 9EEBCDF2A5058DC397C056014BE47D47 ] \Device\Harddisk1\DR1\Partition2
13:43:29.0863 5208  \Device\Harddisk1\DR1\Partition2 - ok
13:43:29.0878 5208  ============================================================
13:43:29.0878 5208  Scan finished
13:43:29.0878 5208  ============================================================
13:43:29.0878 1492  Detected object count: 1
13:43:29.0878 1492  Actual detected object count: 1
13:43:51.0223 1492  IconMan_R ( UnsignedFile.Multi.Generic ) - skipped by user
13:43:51.0223 1492  IconMan_R ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:43:55.0536 5356  Deinitialize success
         


Alt 11.04.2013, 12:47   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Laptop hängt und ständig Bluescreens - Standard

Laptop hängt und ständig Bluescreens



JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.
__________________
--> Laptop hängt und ständig Bluescreens

Alt 11.04.2013, 13:23   #7
anonym25
 
Laptop hängt und ständig Bluescreens - Standard

Laptop hängt und ständig Bluescreens



JRT:

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.8.3 (04.05.2013:1)
OS: Windows 8 x64
Ran by Denis on 11.04.2013 at 13:56:11,51
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip" 
Successfully deleted: [Registry Key] "hkey_local_machine\software\pip" 



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\Users\Denis\AppData\Roaming\dvdvideosoftiehelpers"
Successfully deleted: [Folder] "C:\Users\Denis\AppData\Roaming\pdfforge"
Successfully deleted: [Folder] "C:\Users\Denis\appdata\local\software"



~~~ FireFox

Successfully deleted: [Registry Value] hkey_local_machine\software\mozilla\firefox\extensions\\{acaa314b-eeba-48e4-ad47-84e31c44796c}
Successfully deleted the following from C:\Users\Denis\AppData\Roaming\mozilla\firefox\profiles\p31gzfsm.default\prefs.js

user_pref("browser.search.selectedEngine", "Web Search");
Emptied folder: C:\Users\Denis\AppData\Roaming\mozilla\firefox\profiles\p31gzfsm.default\minidumps [48 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 11.04.2013 at 14:06:01,65
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
AdwCleaner:

Code:
ATTFilter
# AdwCleaner v2.200 - Datei am 11/04/2013 um 14:08:24 erstellt
# Aktualisiert am 02/04/2013 von Xplode
# Betriebssystem : Windows 8  (64 bits)
# Benutzer : Denis - LAPTOP
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Denis\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\Users\Denis\AppData\Local\PackageAware

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16519

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v19.0.2 (en-US)

Datei : C:\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\p31gzfsm.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\Denis\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [1429 octets] - [11/04/2013 14:08:24]

########## EOF - C:\AdwCleaner[S1].txt - [1489 octets] ##########
         
OTL:

Code:
ATTFilter
OTL logfile created on: 11.04.2013 14:14:24 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Denis\Desktop
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16519)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,82 Gb Total Physical Memory | 1,56 Gb Available Physical Memory | 40,76% Memory free
7,69 Gb Paging File | 5,30 Gb Available in Paging File | 68,93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 444,95 Gb Total Space | 379,99 Gb Free Space | 85,40% Space Free | Partition Type: NTFS
 
Computer Name: LAPTOP | User Name: Denis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Denis\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe (NTI Corporation)
PRC - C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe (DT Soft Ltd)
PRC - C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe (Acer Incorporated)
PRC - C:\Programme\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe ()
PRC - C:\Programme\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe ()
PRC - C:\Program Files (x86)\Launch Manager\LMutilps32.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe (Intel)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe (CyberLink)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\65220f0f32ec84454f9a811fba883c2e\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#\1f3dbc5b0a874bf49a4559e71274f8ba\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\38b47b5452863bcadb6b731fe6c5198f\CustomMarshalers.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\fb048f69c5b71baf063604bd1724b078\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ae31f7dc9817e359d05c9c8efdd5f359\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\7e6b074d3f3e3cc8e0270a3552c47aaa\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28c2c6e7f48ff80c680a97b08df66a72\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\8d2929ad589e1092eb62a43424361465\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\e1ec8b9a6d4f9af9d6065c4187fb1b5f\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\f641b786d36d1cc5a5531a746c96ce1b\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\bbebe831e3b0761ad47dcc09231cbc29\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\05cc6faa6704d01e78700561b22937e3\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\8347ac8367f91309fa888d79a54c7450\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\1c7f4533b2b24c10a628793a8b93e1a7\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\15cc4fff434f274c1f6ab56a385dcb54\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\0247de206c1c48ac4f8b55df16468405\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\a7811936e59aaee26b1d9d467174d6d4\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\374a0cc6603f58864831897ef723bd4a\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Programme\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe ()
MOD - C:\Programme\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll ()
MOD - C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (netprofm) -- C:\Windows\SysNative\netprofmsvc.dll (Microsoft Corporation)
SRV:64bit: - (wlidsvc) -- C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)
SRV:64bit: - (LSM) -- C:\Windows\SysNative\lsm.dll (Microsoft Corporation)
SRV:64bit: - (TimeBroker) -- C:\Windows\SysNative\TimeBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (SystemEventsBroker) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (PrintNotify) -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV:64bit: - (AudioEndpointBuilder) -- C:\Windows\SysNative\AudioEndpointBuilder.dll (Microsoft Corporation)
SRV:64bit: - (WSService) -- C:\Windows\SysNative\WSService.dll (Microsoft Corporation)
SRV:64bit: - (fhsvc) -- C:\Windows\SysNative\fhsvc.dll (Microsoft Corporation)
SRV:64bit: - (BrokerInfrastructure) -- C:\Windows\SysNative\bisrv.dll (Microsoft Corporation)
SRV:64bit: - (WiaRpc) -- C:\Windows\SysNative\wiarpc.dll (Microsoft Corporation)
SRV:64bit: - (Wcmsvc) -- C:\Windows\SysNative\wcmsvc.dll (Microsoft Corporation)
SRV:64bit: - (VaultSvc) -- C:\Windows\SysNative\vaultsvc.dll (Microsoft Corporation)
SRV:64bit: - (svsvc) -- C:\Windows\SysNative\svsvc.dll (Microsoft Corporation)
SRV:64bit: - (Netlogon) -- C:\Windows\SysNative\netlogon.dll (Microsoft Corporation)
SRV:64bit: - (NcaSvc) -- C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)
SRV:64bit: - (NcdAutoSetup) -- C:\Windows\SysNative\NcdAutoSetup.dll (Microsoft Corporation)
SRV:64bit: - (KeyIso) -- C:\Windows\SysNative\keyiso.dll (Microsoft Corporation)
SRV:64bit: - (EFS) -- C:\Windows\SysNative\efssvc.dll (Microsoft Corporation)
SRV:64bit: - (DsmSvc) -- C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)
SRV:64bit: - (DeviceAssociationService) -- C:\Windows\SysNative\das.dll (Microsoft Corporation)
SRV:64bit: - (AllUserInstallAgent) -- C:\Windows\SysNative\AUInstallAgent.dll (Microsoft Corporation)
SRV:64bit: - (vmicvss) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmictimesync) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicshutdown) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicrdv) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmickvpexchange) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicheartbeat) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (ETDService) -- C:\Programme\Elantech\ETDService.exe (ELAN Microelectronics Corp.)
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (USecuAppSvc) -- C:\Programme\Acer\Acer Theft Shield\USecuAppSvc.exe (Acer Incorporated)
SRV - (PrintNotify) -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe (NTI Corporation)
SRV - (ose64) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (RfButtonDriverService) -- C:\Windows\RfBtnSvc64.exe (Dritek System INC.)
SRV - (CCDMonitorService) -- C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe (Acer Incorporated)
SRV - (DeviceFastLaneService) -- C:\Programme\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe (Acer Incorporated)
SRV - (ePowerSvc) -- C:\Programme\Acer\Acer Power Management\ePowerSvc.exe (Acer Incorporated)
SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
SRV - (AtherosSvc) -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (Qualcomm Atheros Commnucations)
SRV - (StorSvc) -- C:\Windows\SysWOW64\StorSvc.dll (Microsoft Corporation)
SRV - (irstrtsv) -- C:\Windows\SysWOW64\irstrtsv.exe (Intel Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
SRV - (IconMan_R) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Realsil Microelectronics Inc.)
SRV - (EgisTec Ticket Service) -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe (Egis Technology Inc. )
SRV - (Intel(R) -- C:\Programme\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation)
SRV - (ExpressCache) -- C:\Programme\Diskeeper Corporation\ExpressCache\ExpressCache.exe (Diskeeper Corporation)
SRV - (FFSOpzSvc) -- C:\Programme\Acer\Acer Instant Service\Sleep Memory Optimizer\FFSService.exe (Acer Incorporated)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\Drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (klwfp) -- C:\Windows\SysNative\Drivers\klwfp.sys (Kaspersky Lab ZAO)
DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\Drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\Drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (pdc) -- C:\Windows\SysNative\Drivers\pdc.sys (Microsoft Corporation)
DRV:64bit: - (USBHUB3) -- C:\Windows\SysNative\Drivers\USBHUB3.SYS (Microsoft Corporation)
DRV:64bit: - (BthAvrcpTg) -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys (Microsoft Corporation)
DRV:64bit: - (WdBoot) -- C:\Windows\SysNative\Drivers\WdBoot.sys (Microsoft Corporation)
DRV:64bit: - (WdFilter) -- C:\Windows\SysNative\Drivers\WdFilter.sys (Microsoft Corporation)
DRV:64bit: - (ETD) -- C:\Windows\SysNative\Drivers\ETD.sys (ELAN Microelectronics Corp.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\Drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\Drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (KLIF) -- C:\Windows\SysNative\Drivers\klif.sys (Kaspersky Lab)
DRV:64bit: - (klkbdflt) -- C:\Windows\SysNative\Drivers\klkbdflt.sys (Kaspersky Lab)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\Drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (msgpiowin32) -- C:\Windows\SysNative\Drivers\msgpiowin32.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\Drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (bthhfhid) -- C:\Windows\SysNative\Drivers\BthhfHid.sys (Microsoft Corporation)
DRV:64bit: - (hidi2c) -- C:\Windows\SysNative\Drivers\hidi2c.sys (Microsoft Corporation)
DRV:64bit: - (FxPPM) -- C:\Windows\SysNative\Drivers\fxppm.sys (Microsoft Corporation)
DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\Drivers\klmouflt.sys (Kaspersky Lab)
DRV:64bit: - (athr) -- C:\Windows\SysNative\Drivers\athw8x.sys (Qualcomm Atheros Communications, Inc.)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (sdstor) -- C:\Windows\SysNative\Drivers\sdstor.sys (Microsoft Corporation)
DRV:64bit: - (dam) -- C:\Windows\SysNative\Drivers\dam.sys (Microsoft Corporation)
DRV:64bit: - (USBXHCI) -- C:\Windows\SysNative\Drivers\USBXHCI.SYS (Microsoft Corporation)
DRV:64bit: - (UCX01000) -- C:\Windows\SysNative\Drivers\UCX01000.SYS (Microsoft Corporation)
DRV:64bit: - (GPIOClx0101) -- C:\Windows\SysNative\Drivers\msgpioclx.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\Drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\Drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\Drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (Ps2Kb2Hid) -- C:\Windows\SysNative\Drivers\aPs2Kb2Hid.sys (Dritek System Inc.)
DRV:64bit: - (kneps) -- C:\Windows\SysNative\Drivers\kneps.sys (Kaspersky Lab)
DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\Drivers\mwlPSDVDisk.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\Drivers\mwlPSDFilter.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\Drivers\mwlPSDNserv.sys (Egis Technology Inc.)
DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\Drivers\klim6.sys (Kaspersky Lab ZAO)
DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\Drivers\btfilter.sys (Qualcomm Atheros)
DRV:64bit: - (BTATH_RCP) -- C:\Windows\SysNative\Drivers\btath_rcp.sys (Qualcomm Atheros)
DRV:64bit: - (BTATH_LWFLT) -- C:\Windows\SysNative\Drivers\btath_lwflt.sys (Qualcomm Atheros)
DRV:64bit: - (BTATH_HCRP) -- C:\Windows\SysNative\Drivers\btath_hcrp.sys (Qualcomm Atheros)
DRV:64bit: - (AthBTPort) -- C:\Windows\SysNative\Drivers\btath_flt.sys (Qualcomm Atheros)
DRV:64bit: - (BTATH_A2DP) -- C:\Windows\SysNative\Drivers\btath_a2dp.sys (Qualcomm Atheros)
DRV:64bit: - (btath_avdt) -- C:\Windows\SysNative\Drivers\btath_avdt.sys (Qualcomm Atheros)
DRV:64bit: - (BTATH_BUS) -- C:\Windows\SysNative\Drivers\btath_bus.sys (Qualcomm Atheros)
DRV:64bit: - (klelam) -- C:\Windows\SysNative\Drivers\klelam.sys (Kaspersky Lab)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (condrv) -- C:\Windows\SysNative\Drivers\condrv.sys (Microsoft Corporation)
DRV:64bit: - (VSTXRAID) -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS (VIA Corporation)
DRV:64bit: - (VerifierExt) -- C:\Windows\SysNative\Drivers\VerifierExt.sys (Microsoft Corporation)
DRV:64bit: - (UASPStor) -- C:\Windows\SysNative\Drivers\uaspstor.sys (Microsoft Corporation)
DRV:64bit: - (acpiex) -- C:\Windows\SysNative\Drivers\acpiex.sys (Microsoft Corporation)
DRV:64bit: - (spaceport) -- C:\Windows\SysNative\Drivers\spaceport.sys (Microsoft Corporation)
DRV:64bit: - (storahci) -- C:\Windows\SysNative\Drivers\storahci.sys (Microsoft Corporation)
DRV:64bit: - (mvumis) -- C:\Windows\SysNative\Drivers\mvumis.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\Drivers\stexstor.sys (Promise Technology, Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\Drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (LSI_SSS) -- C:\Windows\SysNative\Drivers\lsi_sss.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\Drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (EhStorTcgDrv) -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys (Microsoft Corporation)
DRV:64bit: - (EhStorClass) -- C:\Windows\SysNative\Drivers\EhStorClass.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\Drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (3ware) -- C:\Windows\SysNative\Drivers\3ware.sys (LSI)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\Drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\Drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (CLFS) -- C:\Windows\SysNative\Drivers\clfs.sys (Microsoft Corporation)
DRV:64bit: - (WFPLWFS) -- C:\Windows\SysNative\Drivers\wfplwfs.sys (Microsoft Corporation)
DRV:64bit: - (vpci) -- C:\Windows\SysNative\Drivers\vpci.sys (Microsoft Corporation)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\Drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (mshidumdf) -- C:\Windows\SysNative\Drivers\mshidumdf.sys (Microsoft Corporation)
DRV:64bit: - (BasicDisplay) -- C:\Windows\SysNative\Drivers\BasicDisplay.sys (Microsoft Corporation)
DRV:64bit: - (HyperVideo) -- C:\Windows\SysNative\Drivers\HyperVideo.sys (Microsoft Corporation)
DRV:64bit: - (BasicRender) -- C:\Windows\SysNative\Drivers\BasicRender.sys (Microsoft Corporation)
DRV:64bit: - (gencounter) -- C:\Windows\SysNative\Drivers\vmgencounter.sys (Microsoft Corporation)
DRV:64bit: - (kdnic) -- C:\Windows\SysNative\Drivers\kdnic.sys (Microsoft Corporation)
DRV:64bit: - (acpitime) -- C:\Windows\SysNative\Drivers\acpitime.sys (Microsoft Corporation)
DRV:64bit: - (npsvctrig) -- C:\Windows\SysNative\Drivers\npsvctrig.sys (Microsoft Corporation)
DRV:64bit: - (WpdUpFltr) -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys (Microsoft Corporation)
DRV:64bit: - (acpipagr) -- C:\Windows\SysNative\Drivers\acpipagr.sys (Microsoft Corporation)
DRV:64bit: - (hyperkbd) -- C:\Windows\SysNative\Drivers\hyperkbd.sys (Microsoft Corporation)
DRV:64bit: - (SerCx) -- C:\Windows\SysNative\Drivers\SerCx.sys (Microsoft Corporation)
DRV:64bit: - (SpbCx) -- C:\Windows\SysNative\Drivers\SpbCx.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\Drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (BthHFEnum) -- C:\Windows\SysNative\Drivers\bthhfenum.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\Drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (wpcfltr) -- C:\Windows\SysNative\Drivers\wpcfltr.sys (Microsoft Corporation)
DRV:64bit: - (BthLEEnum) -- C:\Windows\SysNative\Drivers\BthLEEnum.sys (Microsoft Corporation)
DRV:64bit: - (NdisImPlatform) -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys (Microsoft Corporation)
DRV:64bit: - (MsLldp) -- C:\Windows\SysNative\Drivers\mslldp.sys (Microsoft Corporation)
DRV:64bit: - (Ndu) -- C:\Windows\SysNative\Drivers\Ndu.sys (Microsoft Corporation)
DRV:64bit: - (irstrtdv) -- C:\Windows\SysNative\Drivers\irstrtdv.sys (Intel Corporation)
DRV:64bit: - (iaStorA) -- C:\Windows\SysNative\Drivers\iaStorA.sys (Intel Corporation)
DRV:64bit: - (RSPCIESTOR) -- C:\Windows\SysNative\Drivers\RtsPStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (kl1) -- C:\Windows\SysNative\Drivers\kl1.sys (Kaspersky Lab ZAO)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\Drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\Drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (excsd) -- C:\Windows\SysNative\Drivers\excsd.sys (Diskeeper Corporation)
DRV:64bit: - (excfs) -- C:\Windows\SysNative\Drivers\excfs.sys (Diskeeper Corporation)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\Drivers\UBHelper.sys (NTI Corporation)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\Drivers\NTIDrvr.sys (NTI Corporation)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{986B18CE-935F-4991-918E-E88E5751A708}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{986B18CE-935F-4991-918E-E88E5751A708}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-2929871637-3288670245-3381123236-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2929871637-3288670245-3381123236-1001\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-2929871637-3288670245-3381123236-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "google.at"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Aurora 21.0a2\extensions\\Components: C:\Program Files (x86)\Aurora\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Aurora 21.0a2\extensions\\Plugins: C:\Program Files (x86)\Aurora\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2013.01.15 03:34:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2013.01.15 03:34:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2013.01.15 03:34:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2013.01.15 03:34:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2013.01.15 03:34:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.13 23:38:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.17 15:30:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK
 
[2013.01.06 02:18:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Denis\AppData\Roaming\mozilla\Extensions
[2013.03.28 14:36:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Denis\AppData\Roaming\mozilla\Firefox\Profiles\p31gzfsm.default\extensions
[2013.03.28 14:36:44 | 002,358,379 | ---- | M] () (No name found) -- C:\Users\Denis\AppData\Roaming\mozilla\firefox\profiles\p31gzfsm.default\extensions\nasanightlaunch@example.com.xpi
[2013.03.01 22:53:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013.03.13 23:38:40 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013.01.11 04:06:08 | 000,033,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll
[2013.02.16 02:35:09 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.02.16 02:35:09 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\pdf.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Denis\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\13.0.1.4190_0\plugin/content_blocker_npapi.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Denis\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0\plugin/online_banking_npapi.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Denis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0\plugin/npABPlugin.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Denis\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\plugin/npUrlAdvisor.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Denis\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4190_0\plugin/npVKPlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Microsoft Office 2013 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
CHR - plugin: Microsoft Office 2013 (Enabled) = C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: Java(TM) Platform SE 7 U11 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
CHR - plugin: Java Deployment Toolkit 7.0.110.21 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Docs = C:\Users\Denis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: Google Drive = C:\Users\Denis\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: YouTube = C:\Users\Denis\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Denis\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Modul zur Link-Untersuchung = C:\Users\Denis\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\
CHR - Extension: Sicherer Zahlungsverkehr = C:\Users\Denis\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0\
CHR - Extension: Modul f\u00FCr das Blockieren gef\u00E4hrlicher Webseiten = C:\Users\Denis\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\13.0.1.4190_0\
CHR - Extension: Virtuelle Tastatur = C:\Users\Denis\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4190_0\
CHR - Extension: Google Mail = C:\Users\Denis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Anti-Banner = C:\Users\Denis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0\
 
O1 HOSTS File: ([2012.07.26 07:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
O2:64bit: - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Programme\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [BtPreLoad] C:\Program Files (x86)\Bluetooth Suite\BtPreLoad.exe ()
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Programme\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\runner_avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [BakupManagerTray] C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
O4 - HKLM..\Run: [Dolby Home Theater v4] C:\Dolby PCEE4\pcee4.exe (Dolby Laboratories Inc.)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [LManager]  File not found
O4 - HKU\S-1-5-21-2929871637-3288670245-3381123236-1001..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKU\S-1-5-21-2929871637-3288670245-3381123236-1001..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup File not found
O4 - HKU\S-1-5-21-2929871637-3288670245-3381123236-1001..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O8:64bit: - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Denis\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Denis\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Denis\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Denis\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office15\EXCEL.EXE (Microsoft Corporation)
O9:64bit: - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Lync: Anruf per Mausklick - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Lync: Anruf per Mausklick - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.186.211.21 195.34.133.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{397E3952-FEB0-4B1A-BD3A-D22F421EC68D}: DhcpNameServer = 212.186.211.21 195.34.133.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C078D38A-C17B-41A3-B332-A0B351131F0D}: DhcpNameServer = 212.186.211.21 195.34.133.21
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Programme\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807583E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.11 13:56:09 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.04.11 13:56:01 | 000,000,000 | ---D | C] -- C:\JRT
[2013.04.11 13:54:28 | 000,551,587 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Denis\Desktop\JRT.exe
[2013.04.11 13:36:50 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Denis\Desktop\tdsskiller.exe
[2013.04.11 13:36:29 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Denis\Desktop\aswMBR.exe
[2013.04.10 14:33:55 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Denis\Desktop\OTL.exe
[2013.04.10 13:05:39 | 000,000,000 | ---D | C] -- C:\Users\Denis\AppData\Roaming\Malwarebytes
[2013.04.10 13:05:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.04.10 13:05:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.04.10 13:05:28 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.04.10 13:05:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.04.10 00:42:17 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump
[2013.04.10 00:37:35 | 000,203,544 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudmdm.sys
[2013.04.10 00:37:35 | 000,102,936 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudbus.sys
[2013.04.10 00:31:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MarkAny
[2013.04.10 00:31:08 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\NativeFus_Log
[2013.04.10 00:31:04 | 000,000,000 | ---D | C] -- C:\Users\Denis\AppData\Local\Samsung
[2013.04.10 00:31:02 | 000,000,000 | ---D | C] -- C:\Users\Denis\AppData\Roaming\Samsung
[2013.04.10 00:30:59 | 000,000,000 | ---D | C] -- C:\Users\Denis\Documents\samsung
[2013.04.10 00:28:32 | 001,490,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WdfCoInstaller01007.dll
[2013.04.10 00:28:32 | 000,708,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WinUSBCoInstaller.dll
[2013.04.10 00:27:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec
[2013.04.10 00:27:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyFree Codec
[2013.04.10 00:24:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
[2013.04.10 00:24:20 | 004,659,712 | ---- | C] (Dmitry Streblechenko) -- C:\Windows\SysWow64\Redemption.dll
[2013.04.10 00:23:58 | 000,821,824 | ---- | C] (Devguru Co., Ltd.) -- C:\Windows\SysWow64\dgderapi.dll
[2013.04.10 00:23:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
[2013.04.10 00:23:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Samsung
[2013.04.10 00:22:11 | 000,000,000 | ---D | C] -- C:\Users\Denis\AppData\Local\Downloaded Installations
[2013.03.22 23:48:59 | 000,000,000 | ---D | C] -- C:\Users\Denis\Desktop\media
[2013.03.22 23:48:40 | 000,000,000 | ---D | C] -- C:\Users\Denis\Desktop\WhatsApp Video
[2013.03.22 23:48:26 | 000,000,000 | ---D | C] -- C:\Users\Denis\Desktop\WhatsApp Images
[2013.03.22 17:23:26 | 000,000,000 | ---D | C] -- C:\Users\Denis\Desktop\DCIM
[2013.03.22 16:53:43 | 000,000,000 | ---D | C] -- C:\Users\Denis\Documents\default
[2013.03.22 02:26:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SystemRequirementsLab
[2013.03.20 01:19:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
[2013.03.20 01:19:53 | 000,000,000 | ---D | C] -- C:\Program Files\CPUID
[2013.03.20 01:07:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2013.03.20 01:07:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[2013.03.17 15:40:27 | 001,010,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\reseteng.dll
[2013.03.17 15:40:27 | 000,443,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ReAgent.dll
[2013.03.17 15:40:27 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ReAgent.dll
[2013.03.17 15:36:08 | 000,692,568 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.03.17 15:36:08 | 000,078,168 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.03.17 15:20:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013.03.17 15:19:15 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013.03.17 15:19:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2013.03.17 15:17:10 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.03.17 15:17:08 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.03.17 15:17:07 | 003,966,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.03.17 15:17:07 | 000,907,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\uxtheme.dll
[2013.03.17 15:17:07 | 000,854,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.03.17 15:17:07 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.03.17 15:17:07 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.03.17 15:17:07 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.03.17 15:17:07 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UXInit.dll
[2013.03.17 15:17:07 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.03.17 15:17:06 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.03.17 15:17:06 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UXInit.dll
[2013.03.17 15:17:00 | 013,643,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.UI.Xaml.dll
[2013.03.17 15:16:57 | 010,792,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.UI.Xaml.dll
[2013.03.17 15:16:55 | 005,977,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2013.03.17 15:16:50 | 005,090,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2013.03.17 15:16:48 | 000,729,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\duser.dll
[2013.03.17 15:16:48 | 000,543,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlroamextension.dll
[2013.03.17 15:16:47 | 000,475,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WWanAPI.dll
[2013.03.17 15:16:47 | 000,467,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netprofmsvc.dll
[2013.03.17 15:16:47 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SettingSync.dll
[2013.03.17 15:16:47 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll
[2013.03.17 15:16:47 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Networking.Connectivity.dll
[2013.03.17 15:16:46 | 000,731,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013.03.17 15:16:46 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpd_ci.dll
[2013.03.17 15:16:46 | 000,446,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\USBHUB3.SYS
[2013.03.17 15:16:46 | 000,410,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlroamextension.dll
[2013.03.17 15:16:46 | 000,370,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WWanAPI.dll
[2013.03.17 15:16:46 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SettingSync.dll
[2013.03.17 15:16:46 | 000,329,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
[2013.03.17 15:16:46 | 000,260,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\hotspotauth.dll
[2013.03.17 15:16:46 | 000,228,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll
[2013.03.17 15:16:46 | 000,225,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mbsmsapi.dll
[2013.03.17 15:16:46 | 000,197,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Networking.Connectivity.dll
[2013.03.17 15:16:46 | 000,157,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mbsmsapi.dll
[2013.03.17 15:16:46 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll
[2013.03.17 15:16:46 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskkill.exe
[2013.03.17 15:16:46 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tasklist.exe
[2013.03.17 15:16:46 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidclass.sys
[2013.03.17 15:16:46 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskkill.exe
[2013.03.17 15:16:46 | 000,061,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\crashdmp.sys
[2013.03.17 15:16:46 | 000,037,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys
[2013.03.17 15:16:45 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tasklist.exe
[2013.03.17 15:16:45 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nlmproxy.dll
[2013.03.17 15:16:45 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nlmsprep.dll
[2013.03.17 15:16:42 | 010,115,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\twinui.dll
[2013.03.17 15:16:41 | 008,856,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\twinui.dll
[2013.03.17 15:16:38 | 002,302,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2013.03.17 15:16:37 | 002,146,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\actxprxy.dll
[2013.03.17 15:16:37 | 002,033,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2013.03.17 15:16:37 | 000,069,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pdc.sys
[2013.03.17 15:16:35 | 001,690,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\GdiPlus.dll
[2013.03.17 15:16:34 | 001,437,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\GdiPlus.dll
[2013.03.17 15:16:33 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys
[2013.03.17 15:16:27 | 000,230,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdFilter.sys
[2013.03.17 15:16:26 | 000,035,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdBoot.sys
[2013.03.17 15:16:23 | 000,468,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MFMediaEngine.dll
[2013.03.17 15:16:23 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFMediaEngine.dll
[2013.03.16 16:13:40 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.03.16 16:13:35 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.03.16 16:13:35 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.03.16 16:13:35 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.03.16 16:13:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013.03.15 01:58:04 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.11 14:14:03 | 001,754,216 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.04.11 14:14:03 | 000,756,772 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.04.11 14:14:03 | 000,713,148 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.04.11 14:14:03 | 000,156,908 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.04.11 14:14:03 | 000,133,458 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.04.11 14:14:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.11 14:11:36 | 000,067,584 | -H-- | M] () -- C:\Windows\bootstat.dat
[2013.04.11 14:09:35 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013.04.11 14:09:34 | 3279,331,328 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.11 13:54:48 | 000,613,083 | ---- | M] () -- C:\Users\Denis\Desktop\adwcleaner.exe
[2013.04.11 13:54:43 | 000,551,587 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Denis\Desktop\JRT.exe
[2013.04.11 13:42:39 | 000,000,512 | ---- | M] () -- C:\Users\Denis\Desktop\MBR.dat
[2013.04.11 13:37:55 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Denis\Desktop\aswMBR.exe
[2013.04.11 13:37:09 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Denis\Desktop\tdsskiller.exe
[2013.04.10 14:44:46 | 000,377,856 | ---- | M] () -- C:\Users\Denis\Desktop\gmer_2.1.19163.exe
[2013.04.10 14:33:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Denis\Desktop\OTL.exe
[2013.04.10 14:33:06 | 000,000,178 | ---- | M] () -- C:\Users\Denis\defogger_reenable
[2013.04.10 13:05:29 | 000,001,077 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.04.10 00:33:35 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01007.Wdf
[2013.04.10 00:30:51 | 000,001,960 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies.lnk
[2013.04.09 23:05:51 | 1412,904,550 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.03.20 01:19:57 | 000,000,873 | ---- | M] () -- C:\Users\Public\Desktop\CPUID CPU-Z.lnk
[2013.03.20 01:09:44 | 000,001,207 | ---- | M] () -- C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
[2013.03.18 11:46:46 | 000,421,792 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.03.16 16:13:28 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013.03.16 16:13:28 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013.03.16 16:13:28 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.03.16 16:13:28 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.03.16 16:13:28 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.03.16 16:13:28 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.03.13 01:14:14 | 016,486,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
 
========== Files Created - No Company Name ==========
 
[2013.04.11 13:54:45 | 000,613,083 | ---- | C] () -- C:\Users\Denis\Desktop\adwcleaner.exe
[2013.04.11 13:42:39 | 000,000,512 | ---- | C] () -- C:\Users\Denis\Desktop\MBR.dat
[2013.04.10 14:44:46 | 000,377,856 | ---- | C] () -- C:\Users\Denis\Desktop\gmer_2.1.19163.exe
[2013.04.10 14:33:06 | 000,000,178 | ---- | C] () -- C:\Users\Denis\defogger_reenable
[2013.04.10 13:05:29 | 000,001,077 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.04.10 00:33:35 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01007.Wdf
[2013.04.10 00:30:51 | 000,001,960 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Kies.lnk
[2013.03.20 01:19:57 | 000,000,873 | ---- | C] () -- C:\Users\Public\Desktop\CPUID CPU-Z.lnk
[2013.03.20 01:09:44 | 000,001,207 | ---- | C] () -- C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
[2013.03.18 11:46:34 | 000,421,792 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.03.15 01:58:00 | 1412,904,550 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013.02.05 17:52:54 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2013.02.05 17:52:50 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2013.02.05 17:52:50 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2013.02.05 17:52:50 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2013.02.05 17:52:50 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2013.01.16 03:35:47 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2013.01.16 03:35:46 | 000,963,452 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin
[2013.01.11 18:21:52 | 000,228,088 | ---- | C] () -- C:\ProgramData\1357921100.bdinstall.bin
[2013.01.08 01:50:14 | 000,007,599 | ---- | C] () -- C:\Users\Denis\AppData\Local\Resmon.ResmonCfg
[2013.01.06 14:06:06 | 000,444,766 | ---- | C] () -- C:\ProgramData\1357473868.bdinstall.bin
[2013.01.06 14:04:26 | 000,090,848 | ---- | C] () -- C:\ProgramData\1357473857.bdinstall.bin
[2013.01.06 04:06:07 | 000,591,862 | ---- | C] () -- C:\ProgramData\1357437740.bdinstall.bin
[2013.01.05 21:57:22 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll
[2013.01.05 21:57:21 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2013.01.05 21:57:21 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2013.01.05 21:57:11 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2013.01.05 21:57:06 | 000,112,640 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2013.01.05 21:56:33 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2012.09.09 21:41:16 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2012.08.11 22:47:01 | 000,272,928 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin
[2012.07.26 10:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2012.07.26 10:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2012.07.26 09:21:26 | 000,067,584 | -H-- | C] () -- C:\Windows\bootstat.dat
[2012.07.26 03:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2012.07.25 22:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2012.07.25 22:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012.07.25 22:22:56 | 000,733,840 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin
[2012.07.25 22:22:56 | 000,492,340 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin
[2012.06.02 16:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2012.04.20 13:59:44 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
 
========== ZeroAccess Check ==========
 
[2013.01.06 04:16:37 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.01.10 01:23:07 | 019,791,360 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.01.10 01:26:23 | 017,560,576 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.07.26 05:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012.07.26 05:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.07.26 05:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
         
Extra:

Code:
ATTFilter
OTL Extras logfile created on: 11.04.2013 14:14:24 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Denis\Desktop
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16519)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,82 Gb Total Physical Memory | 1,56 Gb Available Physical Memory | 40,76% Memory free
7,69 Gb Paging File | 5,30 Gb Available in Paging File | 68,93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 444,95 Gb Total Space | 379,99 Gb Free Space | 85,40% Space Free | Partition Type: NTFS
 
Computer Name: LAPTOP | User Name: Denis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-2929871637-3288670245-3381123236-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09FC242E-BE7A-4639-98E2-EDF206FBFEC9}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{113DD6DE-6F03-4476-961A-569DD4ECB11B}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{12231DB3-F323-4EC3-9442-39006FD824DD}" = rport=445 | protocol=6 | dir=out | app=system | 
"{1D543576-F34F-4DFD-9F93-F7F2B9D820D4}" = rport=137 | protocol=17 | dir=out | app=system | 
"{1E4E8DC2-C9FA-4836-81F2-3DB0522137D1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{29E9B9E8-2943-465D-BEA4-8D8FB48C50D7}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{356B8101-8EFC-4C71-951F-50C8D8CCCDBB}" = lport=139 | protocol=6 | dir=in | app=system | 
"{3D21A7B6-AF00-424D-A679-A52F8E7BC481}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{4C0F3308-188D-4A3E-B5DC-62FE4425FB99}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{5163F41D-94B7-48A8-BD9A-F3C8765DC6B3}" = lport=138 | protocol=17 | dir=in | app=system | 
"{55C0CDC0-A97C-4981-A14C-AF1AD6CC8C9F}" = rport=138 | protocol=17 | dir=out | app=system | 
"{5DF566DE-0C61-46ED-A101-4856D2DE2E66}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{62F7A807-5F0F-40BE-A07D-54B95274ED95}" = lport=137 | protocol=17 | dir=in | app=system | 
"{8DEB65FA-FCBF-46EA-826B-12E6DDBA073E}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office15\outlook.exe | 
"{A81415E9-02EB-4F1E-BA0B-BC054DB071A0}" = rport=139 | protocol=6 | dir=out | app=system | 
"{AB0602C9-8C8B-414D-AB88-124182EE0077}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{AD2C9DEB-B09B-4E61-9188-58646AD109D3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C813BB8D-79AD-449A-B183-88E087E0ABEC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{CFE89FB6-24A8-455E-A77C-BD8CCBD357B3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{D1E098BB-BB3D-4194-9403-0323799325BC}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{E4065425-F76E-458A-ACA8-9D7C00BB458E}" = lport=445 | protocol=6 | dir=in | app=system | 
"{F9E96377-767F-47BF-A50C-E6D94CDBE6DF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{001FCE24-73E8-4AB8-8929-E8153206EFE7}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi media\dmcdaemon.exe | 
"{0891285B-5DA3-4D05-AF49-D10E4BED8E01}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{17D90225-669D-47DC-86B0-8304DFB1E675}" = dir=out | name=youtube player | 
"{1ECADFDB-2F4D-47A9-AC3A-870898AB25B9}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe | 
"{2BF3CC82-DECF-4EFF-886D-8E0E387677DC}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\lync.exe | 
"{2CC4F63B-0928-4A12-AC59-024F50706A48}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe | 
"{2DE8AAEC-D883-4FFF-92F0-1CB013275698}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{30375B2D-0EB2-4303-848D-2B798B70A385}" = dir=out | name=@{microsoft.bingmaps_1.5.1.240_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | 
"{389E70C0-2719-43AA-9DDB-4169F8382ABB}" = protocol=6 | dir=out | app=system | 
"{3DB24368-2397-4F7A-A289-3FB3D533F382}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\lync.exe | 
"{4B39F1C3-BF16-44B9-9B4A-76DBC25C5719}" = dir=in | app=c:\program files\acer\acer theft shield\usecuappclient.exe | 
"{4C1E7221-7B31-4AC9-AFF6-6A5E6ED0C4F7}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\dmcdaemon.exe | 
"{5089ED47-BC57-4895-8C6F-8FA4D0F7EE02}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{5315E709-EA60-41A5-AA56-E05BF1E8F21E}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\windowsupnp.exe | 
"{54CB5998-62A8-44C3-8DF4-21C698164D56}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi media\windowsupnpmv.exe | 
"{56984BD0-6B5C-4CB4-9986-23DC1BBAFD3F}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\acer cloud\ccd.exe | 
"{5B30D869-4504-4080-AC7A-A894D3C49D3E}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{5B3A68D1-C1BB-4A96-91BB-B20500BEA798}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\windowsupnp.exe | 
"{5C21E7B1-5A1B-4F5D-A3D3-2B9FF1BF7C3C}" = dir=out | name=@{microsoft.zunevideo_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} | 
"{5D0C6D37-E583-4423-A2E5-D42226EEE262}" = dir=out | name=@{microsoft.bingweather_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | 
"{61980CC1-3F9E-4A61-AFFA-B9277EEF2094}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{63EE7B1F-8C54-4AEB-896C-1D611C9E7F47}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\lync.exe | 
"{67123EBC-3859-4DE8-B852-20D455DE08FE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{6F37463E-8B60-4C5D-9AE3-AAAF62349AE1}" = protocol=6 | dir=in | app=c:\program files (x86)\bluetooth suite\bttray.exe | 
"{702B346D-98A9-4AE6-9266-9E5C08AA9B7C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{7238AC84-5DBB-4496-8199-08179998F361}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{77300AA4-010E-42FF-85CC-5B70D5117A16}" = protocol=6 | dir=out | app=c:\program files (x86)\bluetooth suite\win7ui.exe | 
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{870CE6DB-A7D7-4483-B9E3-B1CA019C5F71}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{8D6E0952-9D55-47D1-9C75-EF58E069AA4C}" = dir=out | name=@{microsoft.zunemusic_1.1.139.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} | 
"{90F25EB4-5FD4-44BE-8CC8-17D2B02D4600}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\acer cloud\ccd.exe | 
"{931E367F-6B9B-49ED-9303-86E72E9FFCA1}" = dir=in | app=c:\program files (x86)\nti\acer backup manager\backupmanager.exe | 
"{94234AE6-2104-4080-9BD8-C3FE39C8FFD0}" = dir=in | app=c:\program files (x86)\nti\acer backup manager\ischedulesvc.exe | 
"{94B52CB7-C062-4EC7-BFAA-B73431C06780}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{9576E2F3-9D61-43BD-B093-402511AA476E}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | 
"{9617CA92-9011-4942-BBD1-9F99420AC365}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{96C8E867-6D50-4BDD-B180-96B8CEFE2634}" = dir=in | app=c:\program files (x86)\nti\acer backup manager\fileexplorer.exe | 
"{984EC752-9964-48E9-B344-C1EFF41A1EDA}" = dir=out | name=acer crystal eye | 
"{99809141-0DCA-4AE0-AA0B-8364ED6D4509}" = dir=in | name=acer explorer | 
"{999F15F0-CFBB-4C9D-A0A6-3077F632FDA9}" = dir=out | name=acer explorer | 
"{99B9947F-41B4-4902-9789-2D3A9BFD3592}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{9D1097C4-76E1-4E51-B0F1-DAEEAF035EF2}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{9FF2D917-DB93-48F1-9DFF-879D6D00CED6}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{A67A1E83-3419-4396-8F5E-D0AFC3B1BC0B}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi media\dmcdaemon.exe | 
"{AE7D688F-68F5-4B36-8CC9-E1197C7CF3F3}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{B543F518-0C1C-4548-843B-262ECE61E8C2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{BA180F67-8D9C-480A-894E-BF5CE0C2A312}" = dir=out | name=fresh paint | 
"{BDDDB83E-DC6F-4975-8A07-2B966EA66861}" = dir=in | app=c:\program files (x86)\acer\clear.fi sdk21\video\videoplayer.exe | 
"{C096C6C3-1D1A-423B-B371-78724849E455}" = dir=out | name=@{microsoft.skypeapp_1.3.0.112_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} | 
"{C43BDF31-A386-48F1-95A7-32C4DB453CCD}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi media\windowsupnpmv.exe | 
"{C878611C-A867-4AFF-8738-380441895B61}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{C8C2638D-1269-4E82-AE7C-BE334C070794}" = dir=out | name=windows_ie_ac_001 | 
"{CA4E8DE5-AE69-477C-BF64-F611F775AAA2}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe | 
"{CC9B38FE-74B5-4A09-9ABE-EB0F45D91DF4}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{D0B254C9-274B-4E7E-8BBB-3C795F67AE6A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D1184077-A968-4A00-AE95-9468DA35FFE4}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{D3DA94FD-A1F6-41C4-AAE5-FFDCEC0B4540}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{DA1CCFA8-E888-40A9-ACB2-CEAFC5C8FA1C}" = protocol=6 | dir=out | app=c:\program files (x86)\bluetooth suite\bttray.exe | 
"{DADA4A00-9632-47D8-A09F-E9195C491250}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | 
"{DDC47FD5-F2CD-4039-838E-53E8761670E4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E3BA83C5-45CE-4798-A387-7A31038F5420}" = dir=in | name=@{microsoft.skypeapp_1.3.0.112_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} | 
"{E6420F81-2847-4263-9D3C-31C4AF193D8D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\lync.exe | 
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{E8C55DDD-6E22-4EA8-84C7-4D598CFC61EF}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\dmcdaemon.exe | 
"{F4879581-A9CE-463B-99E2-359B7179FCB9}" = protocol=6 | dir=in | app=c:\program files (x86)\bluetooth suite\btvstack.exe | 
"{F9495E4D-8F93-4502-AF43-01A5785E8428}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe | 
"TCP Query User{C979FB41-4B2F-422C-9456-191E0EBCDCD3}C:\program files (x86)\bluetooth suite\bttray.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bluetooth suite\bttray.exe | 
"TCP Query User{F4077F06-97C1-4D66-AB95-00071D729B75}C:\program files (x86)\bluetooth suite\btvstack.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bluetooth suite\btvstack.exe | 
"UDP Query User{A267BAD0-76C2-490A-9F34-EA56DD7D6258}C:\program files (x86)\bluetooth suite\bttray.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bluetooth suite\bttray.exe | 
"UDP Query User{CCCCA9B9-E0F9-4E5B-8A50-DB4EBD50095C}C:\program files (x86)\bluetooth suite\btvstack.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bluetooth suite\btvstack.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07E867C5-0C48-40FF-A013-DDAF4565AD47}" = Acer USB Charge Manager
"{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}" = Acer Recovery Management
"{0B78ECB0-1A6B-4E6D-89D7-0E7CE77F0427}" = MyWinLocker
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{2EBEFDA8-F905-4C39-AC1C-D5ABE7B3E0AE}" = ExpressCache
"{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}" = Acer Device Fast-lane
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADB0CD2-4E5A-452F-BB3B-3A2984CAC749}" = Acer Theft Shield
"{90150000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2013
"{90150000-0015-0407-1000-0000000FF1CE}" = Microsoft Access MUI (German) 2013
"{90150000-0016-0407-1000-0000000FF1CE}" = Microsoft Excel MUI (German) 2013
"{90150000-0018-0407-1000-0000000FF1CE}" = Microsoft PowerPoint MUI (German) 2013
"{90150000-0019-0407-1000-0000000FF1CE}" = Microsoft Publisher MUI (German) 2013
"{90150000-001A-0407-1000-0000000FF1CE}" = Microsoft Outlook MUI (German) 2013
"{90150000-001B-0407-1000-0000000FF1CE}" = Microsoft Word MUI (German) 2013
"{90150000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Korrekturhilfen 2013 - Deutsch
"{90150000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - English
"{90150000-001F-040C-1000-0000000FF1CE}" = Outils de vérification linguistique 2013 de Microsoft Office*- Français
"{90150000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - Italiano
"{90150000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2013
"{90150000-0044-0407-1000-0000000FF1CE}" = Microsoft InfoPath MUI (German) 2013
"{90150000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2013
"{90150000-0090-0407-1000-0000000FF1CE}" = Microsoft DCF MUI (German) 2013
"{90150000-00A1-0407-1000-0000000FF1CE}" = Microsoft OneNote MUI (German) 2013
"{90150000-00BA-0407-1000-0000000FF1CE}" = Microsoft Groove MUI (German) 2013
"{90150000-00C1-0000-1000-0000000FF1CE}" = Microsoft Office 32-bit Components 2013
"{90150000-00C1-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2013
"{90150000-00E1-0407-1000-0000000FF1CE}" = Microsoft Office OSM MUI (German) 2013
"{90150000-00E2-0407-1000-0000000FF1CE}" = Microsoft Office OSM UX MUI (German) 2013
"{90150000-012B-0407-1000-0000000FF1CE}" = Microsoft Lync MUI (German) 2013
"{91F52DE4-B789-42B0-9311-A349F10E5479}" = Acer Power Management
"{A10FCEC8-5523-4C2D-8B42-091B48EDEB55}" = Sleep Memory Optimizer
"{A84A4FB1-D703-48DB-89E0-68B6499D2801}" = Qualcomm Atheros Bluetooth Suite (64)
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}" = Intel® Trusted Connect Service Client
"{F6100F13-F183-47A2-94A8-9AAC4976E228}" = Acer Instant Update Service
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.63.0
"Elantech" = ETDWare PS/2-X64 11.6.11.002_WHQL
"Office15.PROPLUS" = Microsoft Office Professional Plus 2013
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{25F6C1CB-C8F0-4BAE-996B-9C16F97B82F3}" = Acer PicEvermore
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Qualcomm Atheros WiFi Driver Installation
"{35DA427D-BB23-49B8-9AFD-CFFCFE3B708D}" =  clear.fi SDK- Movie 2
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{39F15B50-A977-4CA6-B1C3-6A8724CDA025}" = MyWinLocker 4
"{3D9CB654-99AD-4301-89C6-0D12A790767C}" = Identity Card
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D2BBE1D-E600-4695-BA37-0B0E605542CC}" = Office Addin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89DB52FC-EA72-468F-A0C7-150AF8B7AB74}" = Smart Timer
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{91B33C97-0FBA-74AE-E802-D782F5C8AA89}_is1" = Ashampoo Burning Studio 2013 v.11.0.5
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DDDF20E-9FD1-4434-A43E-E7889DBC9420}" = Backup Manager v4
"{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}" = AcerCloud
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{B26438B4-BF51-49C3-9567-7F14A5E40CB9}" = Dolby Home Theater v4
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}" = System Requirements Lab for Intel
"{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}" = AcerCloud Docs
"{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
"{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso 6.5
"{EBA33CAD-E071-48d5-A168-FBA4EEB42E93}" =  clear.fi SDK - Video 2
"{EE26E302-876A-48D9-9058-3129E5B99999}" = Live Updater
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) SDK for OpenCL - CPU Only Runtime Package
"3D073343-CEEB-4ce7-85AC-A69A7631B5D6" = Intel(R) Rapid Start Technology
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Aurora 21.0a2 (x86 de)" = Aurora 21.0a2 (x86 de)
"DAEMON Tools Pro" = DAEMON Tools Pro
"Free Studio_is1" = Free Studio version 2013
"ImgBurn" = ImgBurn
"InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite
"InstallShield_{25F6C1CB-C8F0-4BAE-996B-9C16F97B82F3}" = Acer PicEvermore
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{9DDDF20E-9FD1-4434-A43E-E7889DBC9420}" = Acer Backup Manager
"InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
"InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso 6.5
"InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 9.6.5
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Mozilla Firefox 19.0.2 (x86 en-US)" = Mozilla Firefox 19.0.2 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"VLC media player" = VLC media player 2.0.5
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2929871637-3288670245-3381123236-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BB108A893815B64BF41C4574C3324FB7371AA244" = Atheros Outlook Addin 2010
"MyFreeCodec" = MyFreeCodec
 
< End of report >
         

Alt 11.04.2013, 13:28   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Laptop hängt und ständig Bluescreens - Standard

Laptop hängt und ständig Bluescreens



Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 11.04.2013, 20:46   #9
anonym25
 
Laptop hängt und ständig Bluescreens - Standard

Laptop hängt und ständig Bluescreens



Malwarebytes:

Code:
ATTFilter
 Malwarebytes Anti-Malware  (PRO) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.04.11.07

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16519
Denis :: LAPTOP [Administrator]

Schutz: Deaktiviert

11.04.2013 14:34:11
MBAM-log-2013-04-11 (15-22-02).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 385107
Laufzeit: 47 Minute(n), 43 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Denis\Desktop\Cryptload1.1.8\router\FRITZ!Box\nc.exe (PUP.Netcat) -> Keine Aktion durchgeführt.

(Ende)
         
Eset:

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=5597d3854992e742ba7a55c76740fc1d
# engine=13597
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-04-11 07:34:28
# local_time=2013-04-11 09:34:28 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# lang=1033
# osver=6.2.9200 NT 
# compatibility_mode=1286 16777214 100 98 26687 20475190 0 0
# compatibility_mode=5893 16776574 100 94 2181621 25214979 0 0
# scanned=188911
# found=0
# cleaned=0
# scan_time=22110
         

Alt 12.04.2013, 13:15   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Laptop hängt und ständig Bluescreens - Standard

Laptop hängt und ständig Bluescreens



Zitat:
C:\Users\Denis\Desktop\Cryptload1.1.8\router\FRITZ!Box\nc.exe
Was genau machst du eigentlich mit cryptload?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 12.04.2013, 18:49   #11
anonym25
 
Laptop hängt und ständig Bluescreens - Standard

Laptop hängt und ständig Bluescreens



Ich selber nichts , mein Bruder wollte mal ein Programm damit herunterladen

Alt 13.04.2013, 13:42   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Laptop hängt und ständig Bluescreens - Standard

Laptop hängt und ständig Bluescreens



Ja, sag ihm er soll die Finger davon lassen, Cryptload lädt doch die Dateien von OneClickHostern runter (zB rapidshare) und Programme die da gehostet sind, sind nicht gerade vertrauenswürdig und häufig gecrackt.


Sieht soweit ok aus

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 14.04.2013, 13:26   #13
anonym25
 
Laptop hängt und ständig Bluescreens - Standard

Laptop hängt und ständig Bluescreens



ah okej hab gleich gelöscht , ich werde mal wenn ich zeit hab alles durchlesen, bis jetzt ist alles ok ..
Ich bedanke mich bei dir für die Hilfe

Mfg. anonym250

Alt 15.04.2013, 11:19   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Laptop hängt und ständig Bluescreens - Standard

Laptop hängt und ständig Bluescreens



Dann wären wir durch!


Falls du noch Lob oder Kritik loswerden möchtest => http://www.trojaner-board.de/lob-kritik-wuensche/



Die Programme, die hier zum Einsatz kamen, können alle wieder runter.

Combofix entfernen (nur relevant wenn es hier benutzt wurde!) : Start/Ausführen (Tastenkombination WIN+R), dort den Befehl combofix /uninstall eintippen und ausführen

Mit Hilfe von OTL kannst du auch viele andere Tools entfernen: Starte dazu einfach OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.

Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken.


Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate
Windows XP:Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.
Windows Vista/7: Start, Systemsteuerung, Windows-Update


PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:
Prüfen => Adobe - Flash Player
Downloadlinks findest du hier => Browsers and Plugins - FilePony.de

Alle Plugins im Firefox-Browser kannst du auch ganz einfach hier auf Aktualität prüfen => https://www.mozilla.org/de/plugincheck

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.


Java-Update
Veraltete Java-Installationen sind ein großes Sicherheitsrisiko, daher solltest Du die alten Versionen deinstallieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software (bzw. Programme und Funktionen) und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu Laptop hängt und ständig Bluescreens
addlyrics, adobe, adobe reader xi, adware.dropper.al, autorun, bho, bluescreen, cloud, converter, desktop, ebanking, error, flash player, format, hängt, iexplore.exe, install.exe, internet security 2013, kaspersky, kaspersky internet security 2013, klelam.sys, laptop hängt, launch, livecomm.exe, logfile, mausklick, office 2013, realtek, registry, security, senden, software, svchost.exe, tastatur, visual studio, whatsapp



Ähnliche Themen: Laptop hängt und ständig Bluescreens


  1. Samsung Laptop hängt ständig - kann nicht mehr mit arbeiten
    Plagegeister aller Art und deren Bekämpfung - 19.05.2016 (95)
  2. Win7_Rechner hängt/Internet langsam/ständig Meldung: Plug-in (Shockwave Flash / oder Flash Player) hängt oder reagiert nicht
    Plagegeister aller Art und deren Bekämpfung - 15.11.2014 (19)
  3. laptop lahm, mozilla hängt und ständig fehlermeldung :(
    Plagegeister aller Art und deren Bekämpfung - 14.07.2014 (7)
  4. Samsung Laptop mit Vista hängt sich ständig auf - auch schon beim Surfen
    Plagegeister aller Art und deren Bekämpfung - 20.01.2014 (11)
  5. Laptop hängt sich ständig auf
    Log-Analyse und Auswertung - 11.01.2014 (3)
  6. PC hängt sich ständig auf
    Plagegeister aller Art und deren Bekämpfung - 12.10.2012 (25)
  7. PC langsam und hängt / Desktop verändert / öfter Bluescreens / vermutlich TR/Kazy.19785.2
    Log-Analyse und Auswertung - 03.05.2011 (34)
  8. Panda meldet trj c.ia und ständig Bluescreens beim Hochfahren
    Log-Analyse und Auswertung - 11.10.2010 (1)
  9. Laptop hängt sich ständig auf...
    Alles rund um Windows - 10.08.2010 (7)
  10. Neues Notebook, ständig Bluescreens
    Netzwerk und Hardware - 21.07.2010 (5)
  11. PC hängt sich ständig auf
    Log-Analyse und Auswertung - 02.07.2010 (9)
  12. Laptop sehr träge, 89 Prozesse, hängt sich ständig auf
    Plagegeister aller Art und deren Bekämpfung - 08.01.2010 (1)
  13. PC hängt sich ständig auf
    Log-Analyse und Auswertung - 10.11.2009 (0)
  14. Pc hängt sich ständig auf :-(
    Log-Analyse und Auswertung - 14.10.2009 (11)
  15. internetseiten bauen sich langsam auf/laptop hängt sich ständig auf
    Plagegeister aller Art und deren Bekämpfung - 14.01.2009 (0)
  16. Ständig Bluescreens
    Alles rund um Windows - 09.10.2008 (10)
  17. ständig bluescreens ohne gründe
    Mülltonne - 13.08.2008 (1)

Zum Thema Laptop hängt und ständig Bluescreens - Hallo , ich habe seit paar monaten ein Ultrabook und am anfang war noch alles ok, seit paar Wochen hängt mein Laptop sogar beim schreiben ! Pro Tag habe ich - Laptop hängt und ständig Bluescreens...
Archiv
Du betrachtest: Laptop hängt und ständig Bluescreens auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.