Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Windows 7 - Befall von System care antivirus

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 08.05.2013, 19:13   #1
Dumpty
 
Windows 7 - Befall von System care antivirus - Icon35

Windows 7 - Befall von System care antivirus



Hallo, ich habe jetzt schon viel in eurem Forum über mein Problem gelesen und auch, dass ich mich trotzdem bei Euch melden kann zwecks Fehlerbehebung.
Gestern Abend erschien bei mir die Meldung von System Care Antivirus mit der Info, dass ich Fehler auf meinem Rechner hätte. Ich kappte sofort die w-LAN Verbindung und ließ avira durchlaufen (kostenpflichtige Version). Avira erkannte das Problem nicht, so dass ich avira direkt mit meinem Problem betraute in der Hoffnung, dass mir geholfen wird. Heute erhielt ich eine Antwort von denen in der sie mir beschrieben, wie ich im abgesicherten Modus einen System-Scan durchführen soll. Dies Tat ich, aber avira hat nichts gefunden. Nun schlagen die mir den Download ihrer rescue CD vor, aber ich weiß nicht, ob das was bringt, deshalb wende ich mich nun an euch.

- Aktuell befindet sich der befallene Rechner im abgesicherten Modus
- ich bekomme keine Verbindung zum Internet
- Windows meldet mir, dass ich das Windows-Sicherheitscenter aktivieren soll, funktioniert aber nicht
- auf meinem Desktop befindet sich ein Icon von System care..

Was kann ich tun, damit mein System wieder läuft? Ich wäre Euch dankbar für verständliche Anleitungen, da ich kein PC-Spezialist bin. Aktuell schreibe ich euch von meinem ipad, da ich anders,, also im aktuellen abgesicherten Modus nicht ins www komme.
Bitte um Hilfe. Danke

Alt 08.05.2013, 19:15   #2
markusg
/// Malware-holic
 
Windows 7 - Befall von System care antivirus - Standard

Windows 7 - Befall von System care antivirus



Hi
versuche mal, ob du in den abgesicherten Modus mit Netzwerk kommst, falls ja, lade von da das jetzt genannte Programm, bzw kopiere es, falls nein, via usb stick auf den PC

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________

Alt 08.05.2013, 19:55   #3
Dumpty
 
Windows 7 - Befall von System care antivirus - Standard

Windows 7 - Befall von System care antivirus



Danke für die schnelle Antwort. Ich versuche vergeblich ins www zu kommen, was nicht funktioniert. Ich habe im abgesicherten Modus ein Netzwerkkabel mit dem Router verbunden, aber ich erhalte keine Verbindung .ebenso kann ich über das ipad, sprich Safari den OTL nicht downloaden. ��
__________________

Alt 08.05.2013, 20:10   #4
markusg
/// Malware-holic
 
Windows 7 - Befall von System care antivirus - Standard

Windows 7 - Befall von System care antivirus



hi
bist du im abgesicherten modus mit netzwerk, es gibt verschiedene Modi.
otl sind 2 Links, evtl. den anderen versuchen, oder über einen anderen PC
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 08.05.2013, 20:13   #5
Dumpty
 
Windows 7 - Befall von System care antivirus - Standard

Windows 7 - Befall von System care antivirus



Ich habe den PC jetzt via Systemwiederherstellung auf den 5.5.2013 zurückgesetzt. Da funktionierte ja noch alles. So bin ich normal (kein abgesicherter modus) ins www gekommen und habe mir OTL runtergelaufen. Folge nun im normalen Modus deinen Anweisungen. Okay?


Alt 08.05.2013, 20:16   #6
markusg
/// Malware-holic
 
Windows 7 - Befall von System care antivirus - Standard

Windows 7 - Befall von System care antivirus



bitte nutze nie wieder die swh bei malware befall, damit kannst du es dann evtl. nur schlimmer machen, aber nu machs halt im normalen modus
__________________
--> Windows 7 - Befall von System care antivirus

Alt 08.05.2013, 20:22   #7
Dumpty
 
Windows 7 - Befall von System care antivirus - Standard

Windows 7 - Befall von System care antivirus



Okay, hoffentlich ist es nun nicht schlimmer geworden..
OTL scannt nun durch, im normalen Modus. Und ich kopiere dann gleich die Otl und extra in den thread.
Das dauert ganz schön, aber ist sicher normal. Nebenbei Updates avira und Java fragt mich, ob ich Update zulasse.

Alt 08.05.2013, 20:23   #8
markusg
/// Malware-holic
 
Windows 7 - Befall von System care antivirus - Standard

Windows 7 - Befall von System care antivirus



erst mal nicht, und mache nichts nebenbei.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 08.05.2013, 20:46   #9
Dumpty
 
Windows 7 - Befall von System care antivirus - Standard

Windows 7 - Befall von System care antivirus



hier nun die otl:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 08.05.2013 21:18:29 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\MEDION\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 1,97 Gb Available Physical Memory | 60,70% Memory free
6,50 Gb Paging File | 5,22 Gb Available in Paging File | 80,39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 910,41 Gb Total Space | 830,99 Gb Free Space | 91,28% Space Free | Partition Type: NTFS
Drive D: | 20,00 Gb Total Space | 10,76 Gb Free Space | 53,81% Space Free | Partition Type: NTFS
Drive E: | 14,92 Gb Total Space | 5,62 Gb Free Space | 37,71% Space Free | Partition Type: FAT32
 
Computer Name: MEDION-PC | User Name: MEDION | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.05.08 21:07:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\MEDION\Desktop\OTL.exe
PRC - [2013.03.27 15:28:24 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2013.03.27 15:27:53 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.03.12 09:05:50 | 029,106,336 | ---- | M] (Dropbox, Inc.) -- C:\Users\MEDION\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.11.23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012.06.11 16:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) -- C:\Programme\Microsoft\BingBar\7.1.391.0\BBSvc.EXE
PRC - [2011.05.18 08:22:53 | 000,099,896 | ---- | M] (HP) -- C:\Windows\System32\HPSIsvc.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 14:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2010.09.16 22:04:06 | 001,164,584 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
PRC - [2009.12.24 12:17:20 | 000,100,152 | ---- | M] (MICRO-STAR INT'L,.LTD.) -- C:\Programme\msi\OSD hot keys\WMI_Hook_Service.exe
PRC - [2009.07.14 03:14:42 | 000,181,760 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\TabTip.exe
PRC - [2009.07.14 03:14:21 | 000,294,400 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\InputPersonalization.exe
PRC - [2009.06.03 21:59:02 | 000,103,720 | ---- | M] (CyberLink) -- C:\Programme\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009.03.30 17:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009.03.30 17:28:36 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009.02.03 15:53:00 | 001,155,072 | ---- | M] (MAGIX AG) -- C:\Programme\Common Files\MAGIX Services\Database\bin\FABS.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.09.27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.09.27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.03.02 12:40:51 | 000,140,288 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2010.09.16 22:04:50 | 000,095,528 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2010.09.16 22:04:06 | 001,164,584 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
MOD - [2009.06.03 21:59:14 | 000,013,096 | ---- | M] () -- C:\Programme\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009.06.03 21:59:02 | 000,619,816 | ---- | M] () -- C:\Programme\CyberLink\Power2Go\CLMediaLibrary.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013.04.12 09:53:50 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.03.27 15:28:24 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.03.27 15:28:00 | 000,565,472 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2013.03.27 15:27:56 | 000,374,496 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2013.03.27 15:27:54 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.03.27 15:27:52 | 000,657,120 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avfwsvc.exe -- (AntiVirFirewallService)
SRV - [2013.03.13 19:10:06 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.06.11 16:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Programme\Microsoft\BingBar\7.1.391.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012.06.11 16:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Programme\Microsoft\BingBar\7.1.391.0\BBSvc.EXE -- (BBSvc)
SRV - [2011.05.18 08:22:53 | 000,099,896 | ---- | M] (HP) [Auto | Running] -- C:\Windows\System32\HPSIsvc.exe -- (HPSIService)
SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.01.09 22:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 22:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009.12.24 12:17:20 | 000,100,152 | ---- | M] (MICRO-STAR INT'L,.LTD.) [Auto | Running] -- C:\Programme\msi\OSD hot keys\WMI_Hook_Service.exe -- (WMI_Hook_Service)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.03.30 17:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.02.03 15:53:00 | 001,155,072 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2008.08.07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- E:\DIAGNOSE\WSTGER32\2PART\uxddrv86.sys -- (uxddrv)
DRV - [2013.03.27 15:28:34 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2013.03.27 15:28:34 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2013.03.27 15:28:34 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2013.02.12 21:30:59 | 000,113,024 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avfwot.sys -- (avfwot)
DRV - [2013.02.12 21:30:59 | 000,092,448 | ---- | M] (Avira GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avfwim.sys -- (avfwim)
DRV - [2012.12.24 06:53:24 | 000,017,408 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mvusbews.sys -- (mvusbews)
DRV - [2012.10.03 10:26:12 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.12.02 13:13:30 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010.12.02 13:13:28 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010.12.02 13:13:26 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010.12.02 13:13:22 | 000,018,304 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.04.01 11:13:38 | 001,009,184 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se)
DRV - [2009.12.22 14:43:16 | 001,558,368 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NxpCap.sys -- (NxpCap)
DRV - [2009.11.21 04:34:54 | 011,515,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009.10.29 12:20:40 | 000,010,360 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hidkmdf.sys -- (hidkmdf)
DRV - [2009.10.29 12:20:38 | 000,022,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NW1950.sys -- (NW1950)
DRV - [2009.07.14 02:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.06.30 17:32:54 | 000,212,000 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2009.06.29 00:36:36 | 000,017,920 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2009.06.05 01:47:48 | 000,024,608 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvamacpi.sys -- (nvamacpi)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.msn.com/?pc=MAMD&ocid=bb7hp
IE - HKCU\..\SearchScopes,DefaultScope = {25D7FF24-1841-4B37-A67D-10DB139504C9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{25D7FF24-1841-4B37-A67D-10DB139504C9}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledAddons: toolbar%40web.de:2.5
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0039-ABCDEFFEDCBA%7D:6.0.39
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.4: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files\Virtual Earth 3D\ [2010.02.04 10:23:46 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.12 09:53:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.04.12 09:53:44 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.12 09:53:51 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.04.12 09:53:44 | 000,000,000 | ---D | M]
 
[2010.10.13 18:03:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MEDION\AppData\Roaming\mozilla\Extensions
[2013.03.22 19:12:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MEDION\AppData\Roaming\mozilla\Firefox\Profiles\ur11sf9k.default\extensions
[2013.03.22 19:12:04 | 000,549,639 | ---- | M] () (No name found) -- C:\Users\MEDION\AppData\Roaming\mozilla\firefox\profiles\ur11sf9k.default\extensions\toolbar@web.de.xpi
[2013.02.15 11:39:50 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\MEDION\AppData\Roaming\mozilla\firefox\profiles\ur11sf9k.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.03.22 19:12:08 | 000,001,050 | ---- | M] () -- C:\Users\MEDION\AppData\Roaming\mozilla\firefox\profiles\ur11sf9k.default\searchplugins\11-suche.xml
[2013.03.22 19:12:08 | 000,002,418 | ---- | M] () -- C:\Users\MEDION\AppData\Roaming\mozilla\firefox\profiles\ur11sf9k.default\searchplugins\englische-ergebnisse.xml
[2013.03.22 19:12:07 | 000,010,701 | ---- | M] () -- C:\Users\MEDION\AppData\Roaming\mozilla\firefox\profiles\ur11sf9k.default\searchplugins\gmx-suche.xml
[2013.03.22 19:12:08 | 000,002,432 | ---- | M] () -- C:\Users\MEDION\AppData\Roaming\mozilla\firefox\profiles\ur11sf9k.default\searchplugins\lastminute.xml
[2013.03.22 19:12:07 | 000,005,682 | ---- | M] () -- C:\Users\MEDION\AppData\Roaming\mozilla\firefox\profiles\ur11sf9k.default\searchplugins\webde-suche.xml
[2013.04.12 09:53:38 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.04.12 09:53:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013.04.12 09:53:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013.04.12 09:53:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}
[2013.04.12 09:53:39 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}
[2013.04.12 09:53:50 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.06.17 16:58:52 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.10 09:04:44 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.17 16:58:52 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.17 16:58:52 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.17 16:58:52 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.17 16:58:52 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Programme\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [NWEReboot]  File not found
O4 - HKCU..\Run: [ApplePhotoStreams] C:\Programme\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKCU..\Run: [iCloudServices] C:\Programme\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - Startup: C:\Users\MEDION\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\MEDION\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} hxxp://download.microsoft.com/download/7/4/9/749b0dc5-2175-4d5b-a6dd-9c4bc923683e/Selfhelpcontrol.cab (Microsoft Genuine Advantage Self Support Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 10.17.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0C05F6D5-4A03-4FC6-B207-445F9F509472}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{f3d757ff-a6af-11e2-8537-406186bfb951}\Shell - "" = AutoRun
O33 - MountPoints2\{f3d757ff-a6af-11e2-8537-406186bfb951}\Shell\AutoRun\command - "" = E:\SISetup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.08 21:21:34 | 000,066,656 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avnetflt.sys
[2013.05.08 21:16:45 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\MEDION\Desktop\OTL.exe
[2013.05.07 21:53:54 | 000,000,000 | ---D | C] -- C:\ProgramData\146B3392068476C50000146B1F2B7B59
[2013.04.20 12:13:10 | 000,000,000 | ---D | C] -- C:\Users\MEDION\Desktop\2013-04-20 godi plan 2013
[2013.04.16 18:32:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2013.04.16 18:31:59 | 001,035,408 | ---- | C] (The OpenSSL Project) -- C:\Windows\System32\ltcry15u.dll
[2013.04.12 09:53:35 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011.03.12 20:33:42 | 009,105,656 | ---- | C] (VSO-Software                                                ) -- C:\Users\MEDION\vso_image_resizer4_setup.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.08 21:21:52 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.08 21:21:52 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.08 21:21:28 | 000,654,150 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.05.08 21:21:28 | 000,616,032 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.05.08 21:21:28 | 000,130,022 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.05.08 21:21:28 | 000,106,412 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.05.08 21:21:14 | 000,066,656 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avnetflt.sys
[2013.05.08 21:14:49 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.08 21:14:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.08 21:14:29 | 2616,647,680 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.08 21:07:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\MEDION\Desktop\OTL.exe
[2013.04.30 08:56:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.30 08:33:05 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.04.17 11:17:17 | 000,001,195 | ---- | M] () -- C:\Users\Public\Desktop\ElsterFormular.lnk
[2013.04.16 18:55:17 | 003,357,194 | ---- | M] () -- C:\Users\MEDION\Desktop\rügen 001.jpg
[2013.04.16 18:23:52 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_mvusbews_01009.Wdf
[2013.04.14 09:50:14 | 000,456,240 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.04.16 18:54:44 | 003,357,194 | ---- | C] () -- C:\Users\MEDION\Desktop\rügen 001.jpg
[2013.04.16 18:27:26 | 001,167,360 | ---- | C] () -- C:\Windows\System32\HPM1210SM.exe
[2013.04.16 18:27:26 | 000,284,672 | ---- | C] () -- C:\Windows\System32\mvhlewsi.DLL
[2013.04.16 18:27:26 | 000,167,936 | ---- | C] () -- C:\Windows\System32\HPM1210LM.DLL
[2013.04.16 18:23:52 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_mvusbews_01009.Wdf
[2012.12.24 06:53:28 | 000,081,920 | ---- | C] () -- C:\Windows\System32\mvusbews.dll
[2012.11.07 05:23:30 | 000,029,184 | ---- | C] () -- C:\Windows\System32\HPImgFlt.dll
[2012.11.07 05:23:04 | 000,053,760 | ---- | C] () -- C:\Windows\System32\HPM1210SMs.dll
[2012.05.08 13:44:00 | 000,185,901 | ---- | C] () -- C:\Windows\hpoins43.dat.temp
[2012.05.08 13:44:00 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl43.dat.temp
[2012.02.13 21:30:02 | 000,000,614 | ---- | C] () -- C:\Users\MEDION\AppData\Roaming\wklnhst.dat
[2011.06.10 06:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2011.04.08 22:27:42 | 000,003,584 | ---- | C] () -- C:\Users\MEDION\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.03.12 21:02:00 | 000,002,112 | ---- | C] () -- C:\Users\MEDION\AppData\Local\Images.fl
[2011.01.23 12:31:17 | 000,077,891 | ---- | C] () -- C:\Users\MEDION\ESt2010_Müller_Antje.elfo
[2010.11.09 13:35:40 | 001,008,736 | ---- | C] () -- C:\Users\MEDION\AmazonMP3Installer-de_DE.exe
[2010.10.20 16:25:01 | 070,621,664 | ---- | C] () -- C:\Users\MEDION\PS_AIO_06_C4700_USW_Basic_Win_deu_140_175.exe
[2010.10.16 11:58:45 | 000,022,777 | ---- | C] () -- C:\Users\MEDION\19666-knecht1.jpg
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2010.11.09 13:37:43 | 000,000,000 | ---D | M] -- C:\Users\MEDION\AppData\Roaming\Amazon
[2013.05.08 21:15:40 | 000,000,000 | ---D | M] -- C:\Users\MEDION\AppData\Roaming\Dropbox
[2012.01.14 12:50:45 | 000,000,000 | ---D | M] -- C:\Users\MEDION\AppData\Roaming\elsterformular
[2012.05.14 10:05:31 | 000,000,000 | ---D | M] -- C:\Users\MEDION\AppData\Roaming\Pixlromatic
[2012.02.13 21:30:05 | 000,000,000 | ---D | M] -- C:\Users\MEDION\AppData\Roaming\Template
[2013.03.24 21:55:29 | 000,000,000 | ---D | M] -- C:\Users\MEDION\AppData\Roaming\VSO
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2012.02.26 12:04:00 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2010.01.08 11:23:58 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2013.05.08 21:04:02 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2010.01.22 15:05:22 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2013.04.14 10:07:12 | 000,000,000 | R--D | M] -- C:\Program Files
[2013.05.08 21:04:06 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2010.01.08 11:23:58 | 000,000,000 | -HSD | M] -- C:\Programme
[2010.01.08 11:23:59 | 000,000,000 | -HSD | M] -- C:\Recovery
[2013.05.08 21:23:53 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2010.01.08 11:24:08 | 000,000,000 | R--D | M] -- C:\Users
[2013.05.08 21:10:08 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2009.07.14 03:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2009.07.14 03:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2009.07.14 03:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2009.07.14 03:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2010.11.20 14:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2009.07.14 06:53:46 | 000,032,640 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009.07.14 06:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2011.08.07 11:47:46 | 000,001,094 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2011.08.07 11:47:49 | 000,001,098 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2012.05.02 11:21:38 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2008.06.06 15:03:52 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: NVSTOR32.SYS  >
[2009.06.30 17:32:54 | 000,212,000 | ---- | M] (NVIDIA Corporation) MD5=032EF66DD96692AD3A9D36160F467F67 -- C:\Windows\System32\drivers\nvstor32.sys
[2009.06.30 17:32:54 | 000,212,000 | ---- | M] (NVIDIA Corporation) MD5=032EF66DD96692AD3A9D36160F467F67 -- C:\Windows\System32\DriverStore\FileRepository\nvstor32.inf_x86_neutral_68640c3c72cad0af\nvstor32.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.07.14 03:15:13 | 000,346,112 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll
[2009.07.14 03:15:13 | 000,215,552 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll
[2009.07.14 03:15:21 | 000,462,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\FirewallAPI.dll
[2009.07.14 03:15:36 | 000,226,816 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\LocationApi.dll
 
< %USERPROFILE%\*.* >
[2010.10.16 11:58:46 | 000,022,777 | ---- | M] () -- C:\Users\MEDION\19666-knecht1.jpg
[2010.11.09 13:35:41 | 001,008,736 | ---- | M] () -- C:\Users\MEDION\AmazonMP3Installer-de_DE.exe
[2011.03.02 19:41:10 | 000,077,891 | ---- | M] () -- C:\Users\MEDION\ESt2010_Müller_Antje.elfo
[2013.05.08 21:28:14 | 002,883,584 | -HS- | M] () -- C:\Users\MEDION\ntuser.dat
[2013.05.08 21:28:13 | 000,262,144 | -HS- | M] () -- C:\Users\MEDION\ntuser.dat.LOG1
[2010.01.08 11:24:10 | 000,000,000 | -HS- | M] () -- C:\Users\MEDION\ntuser.dat.LOG2
[2010.01.08 13:11:23 | 000,065,536 | -HS- | M] () -- C:\Users\MEDION\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2010.01.08 13:11:23 | 000,524,288 | -HS- | M] () -- C:\Users\MEDION\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2010.01.08 13:11:23 | 000,524,288 | -HS- | M] () -- C:\Users\MEDION\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2013.05.08 21:09:13 | 000,065,536 | -HS- | M] () -- C:\Users\MEDION\ntuser.dat{a1e8a479-b80d-11e2-883a-ca967c7bdcf1}.TM.blf
[2013.05.08 21:09:13 | 000,524,288 | -HS- | M] () -- C:\Users\MEDION\ntuser.dat{a1e8a479-b80d-11e2-883a-ca967c7bdcf1}.TMContainer00000000000000000001.regtrans-ms
[2013.05.08 21:09:13 | 000,524,288 | -HS- | M] () -- C:\Users\MEDION\ntuser.dat{a1e8a479-b80d-11e2-883a-ca967c7bdcf1}.TMContainer00000000000000000002.regtrans-ms
[2010.01.08 11:24:11 | 000,000,020 | -HS- | M] () -- C:\Users\MEDION\ntuser.ini
[2010.10.20 16:28:55 | 070,621,664 | ---- | M] () -- C:\Users\MEDION\PS_AIO_06_C4700_USW_Basic_Win_deu_140_175.exe
[2011.09.24 10:30:56 | 000,011,264 | -HS- | M] () -- C:\Users\MEDION\Thumbs.db
[2011.03.12 20:34:06 | 009,105,656 | ---- | M] (VSO-Software                                                ) -- C:\Users\MEDION\vso_image_resizer4_setup.exe
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

< End of report >
         
--- --- ---


und die extra.txtOTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 08.05.2013 21:18:29 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\MEDION\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 1,97 Gb Available Physical Memory | 60,70% Memory free
6,50 Gb Paging File | 5,22 Gb Available in Paging File | 80,39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 910,41 Gb Total Space | 830,99 Gb Free Space | 91,28% Space Free | Partition Type: NTFS
Drive D: | 20,00 Gb Total Space | 10,76 Gb Free Space | 53,81% Space Free | Partition Type: NTFS
Drive E: | 14,92 Gb Total Space | 5,62 Gb Free Space | 37,71% Space Free | Partition Type: FAT32
 
Computer Name: MEDION-PC | User Name: MEDION | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE FOTOSCHAU] -- "C:\Program Files\OnlineFotoservice\OnlineFotoservice\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mein CEWE FOTOBUCH] -- "C:\Program Files\CEWE COLOR\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" ()
Directory [OnlineFotoservice] -- "C:\Program Files\OnlineFotoservice\OnlineFotoservice\OnlineFotoservice.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01620887-569E-47D1-AF92-B2794C31A0A3}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{0A38DC91-1013-4F62-8D6F-08A3BEBC5498}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{0A5B0242-7F89-4396-AF9E-4AC4774A6B30}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{0B521632-C158-41BC-A940-E71ABFD4C416}" = lport=138 | protocol=17 | dir=in | app=system | 
"{11AD5A2D-D30A-4946-93A2-AD5036DCD26D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{187E324C-24D0-4F1F-9BAE-BADB373A2806}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{2649CE07-BD4F-45ED-BC45-9B7AF6242D32}" = rport=139 | protocol=6 | dir=out | app=system | 
"{33340A3E-3AE7-4331-BF39-92C15827D32D}" = rport=445 | protocol=6 | dir=out | app=system | 
"{35FA3A0A-A9A7-4B30-AF94-04C625509501}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{361E6F13-9C6E-441E-BD5F-674E727CE31C}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{38F8EE44-3FE2-4823-B12D-F5D99D6C1542}" = lport=137 | protocol=17 | dir=in | app=system | 
"{4A75B34B-036F-4A29-B73F-90B6550D84F6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{58FFE0B6-58FA-4979-B3B7-BCDCE92B694A}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{5E8DCCED-86CF-49B8-B812-2AE6D521B95C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{64E589C3-541D-4AE4-B449-8F5E9E272F6A}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{667AC8BB-1A77-4F04-AA14-39D6606B3E56}" = lport=139 | protocol=6 | dir=in | app=system | 
"{7C485BB5-D8BA-4714-AEE1-AD7C022B077B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{8E6D01F5-A482-455F-9F9A-5520D9D185E3}" = lport=5357 | protocol=6 | dir=in | app=system | 
"{92AB3CE8-D6E7-45E4-8932-F7341542ADE1}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{973FBC71-3715-4EEB-9BDF-8463AA87398A}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{A39878E6-2378-41B7-B454-10E08FD77460}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{A4337DBB-2234-4D2A-8BDD-EFC29CD29A84}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{AFA1F53F-A959-4762-B00E-13CAB983F9A7}" = lport=445 | protocol=6 | dir=in | app=system | 
"{B0C1968A-26A5-4856-8A30-A00DD0602D95}" = rport=5358 | protocol=6 | dir=out | app=system | 
"{B73078CA-F773-4E6E-94FC-F773E927B920}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{BF09127E-2A2D-4347-8F4E-58D02DE6D7F8}" = lport=445 | protocol=6 | dir=in | app=system | 
"{D8663BA6-F505-41D9-A128-3DC95C3EA4C5}" = rport=138 | protocol=17 | dir=out | app=system | 
"{DB593E6D-8CBD-4E8D-80C9-D5750968DCD2}" = rport=137 | protocol=17 | dir=out | app=system | 
"{DFBF274D-35F4-44A6-B81B-D3AC88F592BD}" = lport=5358 | protocol=6 | dir=in | app=system | 
"{DFF3A74A-FD9D-49A0-96D9-683C0DA53C6A}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe | 
"{E6C74909-5F04-44F0-A011-8C81EE236D14}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{EC976CE7-E7AB-44E8-BFF1-CB2A90166CE9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{FD247FA8-B67D-4639-9B72-12F47C1AA5A1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{FD76B103-5057-47F7-8A0F-1B4CAE63A08E}" = rport=5357 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0340C827-81ED-4198-8690-B7568B83CBD2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{07B78EA8-79B2-4D13-B47A-2D52F4E75774}" = dir=in | app=c:\program files\cyberlink\powercinema movie\powercinemamovie.exe | 
"{0C7DD1B5-43F2-435B-8182-A2D93E54E7A0}" = dir=in | app=c:\program files\cyberlink\youmemo\youmemo.exe | 
"{103103C4-023A-4182-92B6-29ADC5D8D075}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{18638D94-DFCD-4F34-880A-34DEE891BB32}" = dir=in | app=c:\program files\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe | 
"{1DB3C7AB-27BB-49B9-8E04-6ADF175A4ECB}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe | 
"{220F1C17-A4C5-4165-A8E8-393202B43E77}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{2BA3DB76-BA9D-48DD-9B9B-90886F179B60}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe | 
"{2CB3D0A3-478D-4446-82C5-DB8C172DF6B6}" = protocol=6 | dir=out | app=system | 
"{3266F8C0-F91D-4C64-883B-D7F10359472D}" = dir=in | app=c:\program files\cyberlink\powerdvd9\powerdvd9.exe | 
"{42424C17-F93A-4834-8D0E-67618F453B62}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{491D04CF-C801-44B9-8813-0CF820B32AD4}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{4AE19C23-C6E0-41C5-8823-C13344B7E241}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{5E251CF7-251D-4713-B069-97514B4C2FA6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{602CD244-7453-4F78-B9C5-EE3327030177}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{69ECD1C4-1628-479A-982E-D71DA9215084}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{6E3EB584-3FA9-4E98-8ACA-EA277D77A183}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{6F7C5D68-32A8-4393-A8F3-9FF34E1BE398}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{7201C861-D326-47F1-8558-66806D7F1DA5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{7F140670-6FFF-4439-ADB5-568887E412F3}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{7FCEB9C8-3D0E-4C4B-BF2F-C0B458180C0C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8909F3AF-0911-4117-BC8E-2C74DD5ED52E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8A19A574-EF9C-42B6-97F1-B575CCA90F2E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{8A585F77-0C24-46D3-A349-9621DE545746}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{931A750B-A614-4898-A52A-A406C8AFC9F2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{94EE57A7-B6DC-48CE-BAAA-3373D98DAD1B}" = dir=in | app=c:\program files\cyberlink\powercinema\powercinema.exe | 
"{9E464F21-77EE-4B85-BD5C-952FE70CF4C9}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{9F0EAA22-17DE-4086-BA92-3A18DD764CC7}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{A76E5D9A-2D14-48E0-81D1-1B4B59F55806}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{A7D0404C-4074-4546-AA2B-7C8775960210}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{CAEB1F4A-0C32-46DD-9C99-D3FB288C1A66}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D0A14B2B-702E-4600-98B5-0B241811CE76}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{D77F7D21-1AC5-4E20-932D-AF608886292C}" = protocol=6 | dir=out | app=%systemroot%\system32\wudfhost.exe | 
"{DE669EDE-0F5E-45A5-8B6E-EAB0A8894B2B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{DF971AE9-CD92-4B74-A85F-15CD0542F10E}" = dir=in | app=c:\users\medion\appdata\local\temp\7zs5c35\setup\hpznui01.exe | 
"{E06BFF73-9BEA-49F2-AE03-8089CE92A80C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{EA946BFE-E9CD-4A2C-993B-2ACF78A0474B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{EC84D397-832D-4942-9D61-0EF23A8BFA1D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | 
"{F8D57D21-BD3C-478D-960F-910A2228B637}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID-Anmelde-Assistent
"{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}" = Bing Bar
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Medion Touch Center
"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 39
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2D87E961-577B-492B-AD54-1368680FB9A7}" = Bing Maps 3D
"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
"{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E6F0CAD-EE38-42A5-9EEA-AE17A55BF2D4}" = Firebird SQL Server - MAGIX Edition
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{41A63ADA-088B-1C2D-43B3-E4087FE79881}" = Pixlr-o-matic
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5176C4D8-E6C1-422A-8D6F-E13EB996DCEA}" = CyberLink YouMemo
"{537DB9D6-1AB1-4CE9-8DE7-312256B49A98}" = PS_AIO_06_C4700_SW_Min
"{5DDB3393-E08B-447E-925F-6C00B95D0FE7}" = iCloud
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer
"{68550918-63B5-4762-85CB-3C160AA4B213}" = HP Photosmart C4700 All-in-One Driver 14.0 Rel. 6
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{70CC0095-AA68-45BE-AE98-D8170182E9EB}" = PowerCinema Movie
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72BF1DA0-2B00-4794-9173-159722019B74}" = CyberLink YouPaint
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8969CD6F-5B75-40B9-8701-86ECA4C1F263}_is1" = VSO Image Resizer 4.0.3.2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8FF90DB8-6DED-44A3-B182-244FEC09012F}" = Microsoft Touch Pack for Windows 7
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A081C347-F821-434F-B75B-3C175163C0D7}" = OSD hot keys
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.2 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B0261E53-B6F1-474A-864B-E7C3CBF468E0}" = iTunes
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}" = NVIDIA PhysX
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"{E8A34AC8-0137-4515-A94B-0A0946DDC251}" = Scan To
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"Avira AntiVir Desktop" = Avira Internet Security
"CCleaner" = CCleaner
"DivX Setup.divx.com" = DivX-Setup
"ElsterFormular" = ElsterFormular
"HP LaserJet Professional M1130-M1210 MFP Series" = HP LaserJet Professional M1130-M1210 MFP Series
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Medion Touch Center
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{5176C4D8-E6C1-422A-8D6F-E13EB996DCEA}" = CyberLink YouMemo
"InstallShield_{72BF1DA0-2B00-4794-9173-159722019B74}" = CyberLink YouPaint
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{A081C347-F821-434F-B75B-3C175163C0D7}" = OSD hot keys
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"Mein CEWE FOTOBUCH" = Mein CEWE FOTOBUCH
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"OnlineFotoservice" = OnlineFotoservice
"Pixlromatic" = Pixlr-o-matic
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.00 (32-Bit)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 24.03.2013 15:53:23 | Computer Name = MEDION-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Resize.exe, Version: 4.0.3.2, Zeitstempel:
 0x4d10dfee  Name des fehlerhaften Moduls: Resize.exe, Version: 4.0.3.2, Zeitstempel:
 0x4d10dfee  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0063c417  ID des fehlerhaften Prozesses:
 0x1160  Startzeit der fehlerhaften Anwendung: 0x01ce28c9385214e0  Pfad der fehlerhaften
 Anwendung: C:\Program Files\VSO\Image Resizer 4\Resize.exe  Pfad des fehlerhaften
 Moduls: C:\Program Files\VSO\Image Resizer 4\Resize.exe  Berichtskennung: 7b78a9a0-94bc-11e2-8a59-406186bfb951
 
Error - 06.05.2013 05:38:30 | Computer Name = MEDION-PC | Source = Avira Antivirus | ID = 4122
Description = Die Datei AVGDLL_InitScan konnte nicht geladen werden.  Fehlercode: 
0x2
 
Error - 07.05.2013 16:26:45 | Computer Name = MEDION-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wlmail.exe, Version: 14.0.8089.726,
 Zeitstempel: 0x4a6ce53d  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec49b60  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00047732  ID des fehlerhaften
 Prozesses: 0x1440  Startzeit der fehlerhaften Anwendung: 0x01ce4b60efb06ec0  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Windows Live\Mail\wlmail.exe  Pfad des fehlerhaften
 Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: 6f760e80-b754-11e2-a44b-406186bfb951
 
Error - 08.05.2013 14:28:34 | Computer Name = MEDION-PC | Source = RasClient | ID = 20227
Description = 
 
Error - 08.05.2013 14:29:51 | Computer Name = MEDION-PC | Source = RasClient | ID = 20227
Description = 
 
Error - 08.05.2013 14:30:18 | Computer Name = MEDION-PC | Source = RasClient | ID = 20227
Description = 
 
Error - 08.05.2013 15:05:19 | Computer Name = MEDION-PC | Source = Avira FireWall | ID = 0
Description = Ungültige Lizenz
 
Error - 08.05.2013 15:05:20 | Computer Name = MEDION-PC | Source = Avira Antivirus | ID = 4110
Description = Während der Initialisierung der Suchengine trat ein unbekannter Fehler
 auf!  Fehlercode: 0x35
 
Error - 08.05.2013 15:14:40 | Computer Name = MEDION-PC | Source = Avira FireWall | ID = 0
Description = Ungültige Lizenz
 
Error - 08.05.2013 15:14:41 | Computer Name = MEDION-PC | Source = Avira Antivirus | ID = 4110
Description = Während der Initialisierung der Suchengine trat ein unbekannter Fehler
 auf!  Fehlercode: 0x35
 
[ System Events ]
Error - 08.05.2013 15:10:33 | Computer Name = MEDION-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 08.05.2013 15:10:33 | Computer Name = MEDION-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 08.05.2013 15:10:33 | Computer Name = MEDION-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 08.05.2013 15:12:09 | Computer Name = MEDION-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 08.05.2013 15:12:09 | Computer Name = MEDION-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 08.05.2013 15:12:09 | Computer Name = MEDION-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 08.05.2013 15:14:41 | Computer Name = MEDION-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Avira Echtzeit-Scanner" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%306.
 
Error - 08.05.2013 15:14:41 | Computer Name = MEDION-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Avira Email Schutz" ist vom Dienst "Avira Echtzeit-Scanner"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1066
 
Error - 08.05.2013 15:14:41 | Computer Name = MEDION-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Avira Browser-Schutz" ist vom Dienst "Avira Echtzeit-Scanner"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1066
 
Error - 08.05.2013 15:14:41 | Computer Name = MEDION-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
 
< End of report >
         
--- --- ---

Alt 08.05.2013, 21:08   #10
markusg
/// Malware-holic
 
Windows 7 - Befall von System care antivirus - Standard

Windows 7 - Befall von System care antivirus



Hi,


otl fix

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:
ATTFilter
:OTL
[2013.05.07 21:53:54 | 000,000,000 | ---D | C] -- C:\ProgramData\146B3392068476C50000146B1F2B7B59
:files
:Commands
[emptytemp]
         
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread



Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 08.05.2013, 21:09   #11
Dumpty
 
Windows 7 - Befall von System care antivirus - Standard

Windows 7 - Befall von System care antivirus



was soll ich jetzt tun? malwarebytes?

okay, ich führe fix durch. danke

Der pc rödelt ... Die Icons sind vom Desktop verschwunden und ich sehe das blanko-hintergrundbild. Wie lange soll ich ausharren? Denn der Rechner scheint nicht zu reagieren außer lautstark arbeiten...

das ergebnis von fix

All processes killed
========== OTL ==========
Folder C:\ProgramData\146B3392068476C50000146B1F2B7B59\ not found.
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56466 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: MEDION
->Temp folder emptied: 462603580 bytes
->Temporary Internet Files folder emptied: 994574851 bytes
->Java cache emptied: 21061243 bytes
->FireFox cache emptied: 1119285317 bytes
->Flash cache emptied: 30797077 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 200704 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 164338313 bytes
RecycleBin emptied: 191265998 bytes

Total Files Cleaned = 2.846,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 05082013_221226

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Alt 08.05.2013, 21:39   #12
markusg
/// Malware-holic
 
Windows 7 - Befall von System care antivirus - Standard

Windows 7 - Befall von System care antivirus



ok, weiter hiermit:
Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 08.05.2013, 21:49   #13
Dumpty
 
Windows 7 - Befall von System care antivirus - Standard

Windows 7 - Befall von System care antivirus



okay, gesagt - getan. tdsskiller hat zwei logdateien auf meinem rechner gespeichert.

nummer 1

22:43:27.0471 3492 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
22:43:27.0752 3492 ============================================================
22:43:27.0752 3492 Current date / time: 2013/05/08 22:43:27.0752
22:43:27.0752 3492 SystemInfo:
22:43:27.0752 3492
22:43:27.0752 3492 OS Version: 6.1.7601 ServicePack: 1.0
22:43:27.0752 3492 Product type: Workstation
22:43:27.0752 3492 ComputerName: MEDION-PC
22:43:27.0752 3492 UserName: MEDION
22:43:27.0752 3492 Windows directory: C:\Windows
22:43:27.0752 3492 System windows directory: C:\Windows
22:43:27.0752 3492 Processor architecture: Intel x86
22:43:27.0752 3492 Number of processors: 2
22:43:27.0752 3492 Page size: 0x1000
22:43:27.0752 3492 Boot type: Normal boot
22:43:27.0752 3492 ============================================================
22:43:30.0170 3492 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
22:43:30.0170 3492 Drive \Device\Harddisk1\DR1 - Size: 0x3BB3FFE00 (14.93 Gb), SectorSize: 0x200, Cylinders: 0x79C, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
22:43:30.0170 3492 ============================================================
22:43:30.0170 3492 \Device\Harddisk0\DR0:
22:43:30.0170 3492 MBR partitions:
22:43:30.0170 3492 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
22:43:30.0170 3492 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x71CD3000
22:43:30.0170 3492 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x71D05800, BlocksNum 0x2800000
22:43:30.0170 3492 \Device\Harddisk1\DR1:
22:43:30.0170 3492 MBR partitions:
22:43:30.0170 3492 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x34, BlocksNum 0x1DD5A92
22:43:30.0170 3492 ============================================================
22:43:30.0186 3492 C: <-> \Device\Harddisk0\DR0\Partition2
22:43:30.0217 3492 D: <-> \Device\Harddisk0\DR0\Partition3
22:43:30.0217 3492 ============================================================
22:43:30.0217 3492 Initialize success
22:43:30.0217 3492 ============================================================
22:43:45.0911 4068 Deinitialize success

und nummer 2

22:43:49.0018 3084 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
22:43:49.0267 3084 ============================================================
22:43:49.0267 3084 Current date / time: 2013/05/08 22:43:49.0267
22:43:49.0267 3084 SystemInfo:
22:43:49.0267 3084
22:43:49.0267 3084 OS Version: 6.1.7601 ServicePack: 1.0
22:43:49.0267 3084 Product type: Workstation
22:43:49.0267 3084 ComputerName: MEDION-PC
22:43:49.0267 3084 UserName: MEDION
22:43:49.0267 3084 Windows directory: C:\Windows
22:43:49.0267 3084 System windows directory: C:\Windows
22:43:49.0267 3084 Processor architecture: Intel x86
22:43:49.0267 3084 Number of processors: 2
22:43:49.0267 3084 Page size: 0x1000
22:43:49.0267 3084 Boot type: Normal boot
22:43:49.0267 3084 ============================================================
22:43:50.0578 3084 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
22:43:50.0578 3084 Drive \Device\Harddisk1\DR1 - Size: 0x3BB3FFE00 (14.93 Gb), SectorSize: 0x200, Cylinders: 0x79C, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
22:43:50.0578 3084 ============================================================
22:43:50.0578 3084 \Device\Harddisk0\DR0:
22:43:50.0578 3084 MBR partitions:
22:43:50.0578 3084 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
22:43:50.0578 3084 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x71CD3000
22:43:50.0578 3084 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x71D05800, BlocksNum 0x2800000
22:43:50.0578 3084 \Device\Harddisk1\DR1:
22:43:50.0593 3084 MBR partitions:
22:43:50.0593 3084 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x34, BlocksNum 0x1DD5A92
22:43:50.0593 3084 ============================================================
22:43:50.0609 3084 C: <-> \Device\Harddisk0\DR0\Partition2
22:43:50.0609 3084 D: <-> \Device\Harddisk0\DR0\Partition3
22:43:50.0609 3084 ============================================================
22:43:50.0609 3084 Initialize success
22:43:50.0609 3084 ============================================================
22:44:10.0798 3192 ============================================================
22:44:10.0798 3192 Scan started
22:44:10.0798 3192 Mode: Manual; SigCheck; TDLFS;
22:44:10.0798 3192 ============================================================
22:44:11.0235 3192 ================ Scan system memory ========================
22:44:11.0235 3192 System memory - ok
22:44:11.0235 3192 ================ Scan services =============================
22:44:11.0391 3192 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
22:44:11.0500 3192 1394ohci - ok
22:44:11.0563 3192 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
22:44:11.0594 3192 ACPI - ok
22:44:11.0610 3192 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
22:44:11.0656 3192 AcpiPmi - ok
22:44:11.0734 3192 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
22:44:11.0766 3192 AdobeFlashPlayerUpdateSvc - ok
22:44:11.0812 3192 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
22:44:11.0844 3192 adp94xx - ok
22:44:11.0890 3192 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
22:44:11.0922 3192 adpahci - ok
22:44:11.0937 3192 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
22:44:11.0953 3192 adpu320 - ok
22:44:12.0000 3192 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
22:44:12.0062 3192 AeLookupSvc - ok
22:44:12.0124 3192 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
22:44:12.0202 3192 AFD - ok
22:44:12.0249 3192 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
22:44:12.0280 3192 agp440 - ok
22:44:12.0312 3192 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
22:44:12.0343 3192 aic78xx - ok
22:44:12.0374 3192 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
22:44:12.0421 3192 ALG - ok
22:44:12.0436 3192 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
22:44:12.0452 3192 aliide - ok
22:44:12.0468 3192 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
22:44:12.0499 3192 amdagp - ok
22:44:12.0514 3192 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
22:44:12.0530 3192 amdide - ok
22:44:12.0561 3192 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
22:44:12.0608 3192 AmdK8 - ok
22:44:12.0608 3192 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
22:44:12.0655 3192 AmdPPM - ok
22:44:12.0686 3192 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
22:44:12.0717 3192 amdsata - ok
22:44:12.0733 3192 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
22:44:12.0764 3192 amdsbs - ok
22:44:12.0780 3192 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
22:44:12.0795 3192 amdxata - ok
22:44:12.0904 3192 [ 07B0B7175C61F65483D60577AC864B41 ] AntiVirFirewallService C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
22:44:12.0936 3192 AntiVirFirewallService - ok
22:44:12.0998 3192 [ 50DDEB8CA3620655B9FF68FFFC41248E ] AntiVirMailService C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
22:44:13.0029 3192 AntiVirMailService - ok
22:44:13.0076 3192 [ BD33282EC067551060DC3A9628160E5B ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
22:44:13.0092 3192 AntiVirSchedulerService - ok
22:44:13.0138 3192 [ 2B73EF0F975642509AB66827C4E9D6C8 ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
22:44:13.0138 3192 AntiVirService - ok
22:44:13.0201 3192 [ F46BD152C8A9C4EBAE2EC51B063DE0ED ] AntiVirWebService C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
22:44:13.0216 3192 AntiVirWebService - ok
22:44:13.0263 3192 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
22:44:13.0294 3192 AppID - ok
22:44:13.0310 3192 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
22:44:13.0388 3192 AppIDSvc - ok
22:44:13.0419 3192 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
22:44:13.0466 3192 Appinfo - ok
22:44:13.0575 3192 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:44:13.0591 3192 Apple Mobile Device - ok
22:44:13.0622 3192 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
22:44:13.0638 3192 arc - ok
22:44:13.0653 3192 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
22:44:13.0684 3192 arcsas - ok
22:44:13.0700 3192 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
22:44:13.0747 3192 AsyncMac - ok
22:44:13.0762 3192 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
22:44:13.0778 3192 atapi - ok
22:44:13.0809 3192 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:44:13.0872 3192 AudioEndpointBuilder - ok
22:44:13.0903 3192 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
22:44:13.0934 3192 Audiosrv - ok
22:44:13.0996 3192 [ 662ECAEC0FAE2C2069B75EF8A762BE87 ] avfwim C:\Windows\system32\DRIVERS\avfwim.sys
22:44:14.0308 3192 avfwim - ok
22:44:14.0371 3192 [ E4DC0228AB7492086B96FCC8298CF3B6 ] avfwot C:\Windows\system32\DRIVERS\avfwot.sys
22:44:14.0386 3192 avfwot - ok
22:44:14.0449 3192 [ 87425709A251386064C99B684BF96F72 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
22:44:14.0464 3192 avgntflt - ok
22:44:14.0496 3192 [ D50FBA68163BC498F2C136E0E5BA8E2F ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
22:44:14.0511 3192 avipbb - ok
22:44:14.0527 3192 [ CB8741CD7B126499FED40C9B197F6AC5 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
22:44:14.0542 3192 avkmgr - ok
22:44:14.0605 3192 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
22:44:14.0714 3192 AxInstSV - ok
22:44:14.0761 3192 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
22:44:14.0823 3192 b06bdrv - ok
22:44:14.0854 3192 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
22:44:14.0886 3192 b57nd60x - ok
22:44:14.0979 3192 [ F48FEB7DA35821DA15E0B006DCB9A169 ] BBSvc C:\Program Files\Microsoft\BingBar\7.1.391.0\BBSvc.exe
22:44:14.0995 3192 BBSvc - ok
22:44:15.0042 3192 [ 8E16F7A85441986FD2B9CE6C879524E4 ] BBUpdate C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.exe
22:44:15.0057 3192 BBUpdate - ok
22:44:15.0073 3192 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
22:44:15.0135 3192 BDESVC - ok
22:44:15.0151 3192 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
22:44:15.0198 3192 Beep - ok
22:44:15.0244 3192 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
22:44:15.0322 3192 BFE - ok
22:44:15.0354 3192 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
22:44:15.0416 3192 BITS - ok
22:44:15.0416 3192 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
22:44:15.0447 3192 blbdrive - ok
22:44:15.0510 3192 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
22:44:15.0541 3192 Bonjour Service - ok
22:44:15.0588 3192 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
22:44:15.0619 3192 bowser - ok
22:44:15.0650 3192 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:44:15.0697 3192 BrFiltLo - ok
22:44:15.0697 3192 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:44:15.0744 3192 BrFiltUp - ok
22:44:15.0790 3192 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
22:44:15.0837 3192 Browser - ok
22:44:15.0853 3192 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
22:44:15.0900 3192 Brserid - ok
22:44:15.0915 3192 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
22:44:15.0946 3192 BrSerWdm - ok
22:44:15.0978 3192 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
22:44:16.0009 3192 BrUsbMdm - ok
22:44:16.0009 3192 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
22:44:16.0040 3192 BrUsbSer - ok
22:44:16.0040 3192 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
22:44:16.0071 3192 BTHMODEM - ok
22:44:16.0102 3192 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
22:44:16.0134 3192 bthserv - ok
22:44:16.0180 3192 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
22:44:16.0227 3192 cdfs - ok
22:44:16.0305 3192 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
22:44:16.0368 3192 cdrom - ok
22:44:16.0414 3192 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
22:44:16.0492 3192 CertPropSvc - ok
22:44:16.0524 3192 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
22:44:16.0570 3192 circlass - ok
22:44:16.0586 3192 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
22:44:16.0602 3192 CLFS - ok
22:44:16.0695 3192 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:44:16.0726 3192 clr_optimization_v2.0.50727_32 - ok
22:44:16.0789 3192 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:44:16.0820 3192 clr_optimization_v4.0.30319_32 - ok
22:44:16.0836 3192 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
22:44:16.0867 3192 CmBatt - ok
22:44:16.0867 3192 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
22:44:16.0898 3192 cmdide - ok
22:44:16.0929 3192 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
22:44:16.0960 3192 CNG - ok
22:44:16.0976 3192 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
22:44:16.0992 3192 Compbatt - ok
22:44:17.0054 3192 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
22:44:17.0101 3192 CompositeBus - ok
22:44:17.0116 3192 COMSysApp - ok
22:44:17.0148 3192 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
22:44:17.0179 3192 crcdisk - ok
22:44:17.0241 3192 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
22:44:17.0304 3192 CryptSvc - ok
22:44:17.0350 3192 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
22:44:17.0397 3192 DcomLaunch - ok
22:44:17.0428 3192 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
22:44:17.0475 3192 defragsvc - ok
22:44:17.0491 3192 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
22:44:17.0553 3192 DfsC - ok
22:44:17.0584 3192 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
22:44:17.0662 3192 Dhcp - ok
22:44:17.0694 3192 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
22:44:17.0725 3192 discache - ok
22:44:17.0756 3192 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
22:44:17.0787 3192 Disk - ok
22:44:17.0803 3192 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
22:44:17.0850 3192 Dnscache - ok
22:44:17.0881 3192 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
22:44:17.0959 3192 dot3svc - ok
22:44:18.0021 3192 [ B5E479EB83707DD698F66953E922042C ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
22:44:18.0037 3192 Dot4 - ok
22:44:18.0052 3192 [ CAEFD09B6A6249C53A67D55A9A9FCABF ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
22:44:18.0084 3192 Dot4Print - ok
22:44:18.0115 3192 [ CF491FF38D62143203C065260567E2F7 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
22:44:18.0146 3192 dot4usb - ok
22:44:18.0177 3192 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
22:44:18.0224 3192 DPS - ok
22:44:18.0271 3192 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
22:44:18.0302 3192 drmkaud - ok
22:44:18.0349 3192 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
22:44:18.0380 3192 DXGKrnl - ok
22:44:18.0396 3192 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
22:44:18.0442 3192 EapHost - ok
22:44:18.0536 3192 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
22:44:18.0692 3192 ebdrv - ok
22:44:18.0723 3192 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
22:44:18.0754 3192 EFS - ok
22:44:18.0786 3192 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
22:44:18.0832 3192 ehRecvr - ok
22:44:18.0848 3192 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
22:44:18.0895 3192 ehSched - ok
22:44:18.0926 3192 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
22:44:18.0957 3192 elxstor - ok
22:44:18.0973 3192 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
22:44:19.0004 3192 ErrDev - ok
22:44:19.0035 3192 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
22:44:19.0098 3192 EventSystem - ok
22:44:19.0129 3192 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
22:44:19.0176 3192 exfat - ok
22:44:19.0222 3192 Fabs - ok
22:44:19.0238 3192 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
22:44:19.0269 3192 fastfat - ok
22:44:19.0394 3192 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
22:44:19.0519 3192 Fax - ok
22:44:19.0550 3192 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
22:44:19.0659 3192 fdc - ok
22:44:19.0675 3192 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
22:44:19.0722 3192 fdPHost - ok
22:44:19.0753 3192 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
22:44:19.0815 3192 FDResPub - ok
22:44:19.0831 3192 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
22:44:19.0846 3192 FileInfo - ok
22:44:19.0862 3192 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
22:44:19.0893 3192 Filetrace - ok
22:44:19.0971 3192 [ FFF1130F7C9FA01D093A1EDFC5CCE8FC ] FirebirdServerMAGIXInstance C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe
22:44:20.0080 3192 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning
22:44:20.0080 3192 FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic (1)
22:44:20.0112 3192 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
22:44:20.0143 3192 flpydisk - ok
22:44:20.0158 3192 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
22:44:20.0190 3192 FltMgr - ok
22:44:20.0252 3192 [ E12C4928B32ACE04610259647F072635 ] FontCache C:\Windows\system32\FntCache.dll
22:44:20.0314 3192 FontCache - ok
22:44:20.0361 3192 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
22:44:20.0392 3192 FontCache3.0.0.0 - ok
22:44:20.0408 3192 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
22:44:20.0439 3192 FsDepends - ok
22:44:20.0470 3192 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
22:44:20.0486 3192 Fs_Rec - ok
22:44:20.0533 3192 [ E306A24D9694C724FA2491278BF50FDB ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
22:44:20.0564 3192 fvevol - ok
22:44:20.0611 3192 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
22:44:20.0626 3192 gagp30kx - ok
22:44:20.0689 3192 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:44:20.0704 3192 GEARAspiWDM - ok
22:44:20.0751 3192 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
22:44:20.0798 3192 gpsvc - ok
22:44:20.0860 3192 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
22:44:20.0876 3192 gupdate - ok
22:44:20.0892 3192 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
22:44:20.0907 3192 gupdatem - ok
22:44:20.0923 3192 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
22:44:20.0970 3192 hcw85cir - ok
22:44:21.0016 3192 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:44:21.0079 3192 HdAudAddService - ok
22:44:21.0094 3192 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
22:44:21.0110 3192 HDAudBus - ok
22:44:21.0141 3192 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
22:44:21.0188 3192 HidBatt - ok
22:44:21.0204 3192 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
22:44:21.0250 3192 HidBth - ok
22:44:21.0282 3192 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
22:44:21.0297 3192 HidIr - ok
22:44:21.0328 3192 [ 1FAB2540C1BD6DA847CCD292F4EEE48A ] hidkmdf C:\Windows\system32\DRIVERS\hidkmdf.sys
22:44:21.0344 3192 hidkmdf - ok
22:44:21.0360 3192 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
22:44:21.0406 3192 hidserv - ok
22:44:21.0438 3192 [ 25072FB35AC90B25F9E4E3BACF774102 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
22:44:21.0453 3192 HidUsb - ok
22:44:21.0484 3192 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
22:44:21.0547 3192 hkmsvc - ok
22:44:21.0594 3192 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:44:21.0641 3192 HomeGroupListener - ok
22:44:21.0673 3192 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:44:21.0704 3192 HomeGroupProvider - ok
22:44:21.0719 3192 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
22:44:21.0751 3192 HpSAMD - ok
22:44:21.0813 3192 [ 1D387C1F30296D3A24205CC2D09C6926 ] HPSIService C:\Windows\system32\HPSIsvc.exe
22:44:21.0829 3192 HPSIService - ok
22:44:21.0907 3192 [ A04F4AC48895774A2CF9D1C9EAAACEF0 ] HPSLPSVC C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
22:44:22.0515 3192 HPSLPSVC - ok
22:44:22.0562 3192 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
22:44:22.0641 3192 HTTP - ok
22:44:22.0672 3192 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
22:44:22.0703 3192 hwpolicy - ok
22:44:22.0734 3192 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
22:44:22.0781 3192 i8042prt - ok
22:44:22.0812 3192 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
22:44:22.0844 3192 iaStorV - ok
22:44:22.0906 3192 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:44:22.0968 3192 idsvc - ok
22:44:22.0968 3192 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
22:44:23.0000 3192 iirsp - ok
22:44:23.0031 3192 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
22:44:23.0078 3192 IKEEXT - ok
22:44:23.0187 3192 [ 4E3F36F7704CBBCD1B32657491A1944F ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
22:44:23.0265 3192 IntcAzAudAddService - ok
22:44:23.0280 3192 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
22:44:23.0296 3192 intelide - ok
22:44:23.0327 3192 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
22:44:23.0343 3192 intelppm - ok
22:44:23.0374 3192 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
22:44:23.0436 3192 IPBusEnum - ok
22:44:23.0452 3192 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:44:23.0499 3192 IpFilterDriver - ok
22:44:23.0530 3192 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
22:44:23.0561 3192 iphlpsvc - ok
22:44:23.0592 3192 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
22:44:23.0624 3192 IPMIDRV - ok
22:44:23.0639 3192 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
22:44:23.0703 3192 IPNAT - ok
22:44:23.0749 3192 [ E8A39D41474BE42FD8830CED32932D6C ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
22:44:23.0765 3192 iPod Service - ok
22:44:23.0796 3192 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
22:44:23.0827 3192 IRENUM - ok
22:44:23.0859 3192 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
22:44:23.0874 3192 isapnp - ok
22:44:23.0890 3192 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
22:44:23.0921 3192 iScsiPrt - ok
22:44:23.0937 3192 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
22:44:23.0968 3192 kbdclass - ok
22:44:24.0015 3192 [ 3D9F0EBF350EDCFD6498057301455964 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
22:44:24.0046 3192 kbdhid - ok
22:44:24.0061 3192 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
22:44:24.0077 3192 KeyIso - ok
22:44:24.0093 3192 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
22:44:24.0124 3192 KSecDD - ok
22:44:24.0139 3192 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
22:44:24.0171 3192 KSecPkg - ok
22:44:24.0202 3192 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
22:44:24.0264 3192 KtmRm - ok
22:44:24.0280 3192 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
22:44:24.0342 3192 LanmanServer - ok
22:44:24.0358 3192 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:44:24.0389 3192 LanmanWorkstation - ok
22:44:24.0436 3192 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
22:44:24.0467 3192 lltdio - ok
22:44:24.0498 3192 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
22:44:24.0529 3192 lltdsvc - ok
22:44:24.0545 3192 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
22:44:24.0607 3192 lmhosts - ok
22:44:24.0623 3192 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
22:44:24.0654 3192 LSI_FC - ok
22:44:24.0670 3192 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
22:44:24.0701 3192 LSI_SAS - ok
22:44:24.0779 3192 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:44:24.0873 3192 LSI_SAS2 - ok
22:44:24.0966 3192 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:44:25.0044 3192 LSI_SCSI - ok
22:44:25.0044 3192 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
22:44:25.0091 3192 luafv - ok
22:44:25.0122 3192 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
22:44:25.0153 3192 Mcx2Svc - ok
22:44:25.0169 3192 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
22:44:25.0185 3192 megasas - ok
22:44:25.0216 3192 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
22:44:25.0231 3192 MegaSR - ok
22:44:25.0247 3192 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
22:44:25.0278 3192 MMCSS - ok
22:44:25.0294 3192 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
22:44:25.0356 3192 Modem - ok
22:44:25.0372 3192 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
22:44:25.0419 3192 monitor - ok
22:44:25.0450 3192 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\drivers\mouclass.sys
22:44:25.0465 3192 mouclass - ok
22:44:25.0481 3192 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
22:44:25.0512 3192 mouhid - ok
22:44:25.0559 3192 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
22:44:25.0575 3192 mountmgr - ok
22:44:25.0668 3192 [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
22:44:25.0699 3192 MozillaMaintenance - ok
22:44:25.0715 3192 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
22:44:25.0731 3192 mpio - ok
22:44:25.0762 3192 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
22:44:25.0809 3192 mpsdrv - ok
22:44:25.0855 3192 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
22:44:25.0918 3192 MpsSvc - ok
22:44:25.0949 3192 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
22:44:25.0996 3192 MRxDAV - ok
22:44:26.0043 3192 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
22:44:26.0074 3192 mrxsmb - ok
22:44:26.0121 3192 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:44:26.0152 3192 mrxsmb10 - ok
22:44:26.0167 3192 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:44:26.0199 3192 mrxsmb20 - ok
22:44:26.0214 3192 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
22:44:26.0230 3192 msahci - ok
22:44:26.0261 3192 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
22:44:26.0292 3192 msdsm - ok
22:44:26.0308 3192 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
22:44:26.0339 3192 MSDTC - ok
22:44:26.0355 3192 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
22:44:26.0401 3192 Msfs - ok
22:44:26.0417 3192 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
22:44:26.0464 3192 mshidkmdf - ok
22:44:26.0495 3192 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
22:44:26.0511 3192 msisadrv - ok
22:44:26.0526 3192 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
22:44:26.0573 3192 MSiSCSI - ok
22:44:26.0573 3192 msiserver - ok
22:44:26.0604 3192 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
22:44:26.0635 3192 MSKSSRV - ok
22:44:26.0682 3192 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
22:44:26.0729 3192 MSPCLOCK - ok
22:44:26.0760 3192 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
22:44:26.0807 3192 MSPQM - ok
22:44:26.0838 3192 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
22:44:26.0854 3192 MsRPC - ok
22:44:26.0885 3192 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
22:44:26.0885 3192 mssmbios - ok
22:44:26.0901 3192 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
22:44:26.0947 3192 MSTEE - ok
22:44:26.0994 3192 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
22:44:27.0010 3192 MTConfig - ok
22:44:27.0025 3192 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
22:44:27.0041 3192 Mup - ok
22:44:27.0088 3192 [ 12AAA46852CFD850129881971976F047 ] mvusbews C:\Windows\system32\Drivers\mvusbews.sys
22:44:27.0150 3192 mvusbews - ok
22:44:27.0197 3192 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
22:44:27.0228 3192 napagent - ok
22:44:27.0291 3192 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
22:44:27.0322 3192 NativeWifiP - ok
22:44:27.0369 3192 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
22:44:27.0384 3192 NDIS - ok
22:44:27.0431 3192 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
22:44:27.0478 3192 NdisCap - ok
22:44:27.0540 3192 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
22:44:27.0571 3192 NdisTapi - ok
22:44:27.0603 3192 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
22:44:27.0634 3192 Ndisuio - ok
22:44:27.0665 3192 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
22:44:27.0727 3192 NdisWan - ok
22:44:27.0759 3192 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
22:44:27.0805 3192 NDProxy - ok
22:44:27.0852 3192 [ 69C503C004F49AEE8B8E3067CC047BA7 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
22:44:27.0852 3192 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
22:44:27.0852 3192 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
22:44:27.0899 3192 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
22:44:27.0930 3192 NetBIOS - ok
22:44:27.0961 3192 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
22:44:28.0024 3192 NetBT - ok
22:44:28.0055 3192 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
22:44:28.0071 3192 Netlogon - ok
22:44:28.0117 3192 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
22:44:28.0180 3192 Netman - ok
22:44:28.0195 3192 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
22:44:28.0242 3192 netprofm - ok
22:44:28.0273 3192 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:44:28.0305 3192 NetTcpPortSharing - ok
22:44:28.0336 3192 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
22:44:28.0351 3192 nfrd960 - ok
22:44:28.0383 3192 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll
22:44:28.0414 3192 NlaSvc - ok
22:44:28.0461 3192 [ 712BC0C22BA00B2BA324C6B8DF668EE7 ] nmwcd C:\Windows\system32\drivers\ccdcmb.sys
22:44:28.0539 3192 nmwcd - ok
22:44:28.0570 3192 [ 7312987B6CCDE6F6CEE32C14BED1CA2E ] nmwcdc C:\Windows\system32\drivers\ccdcmbo.sys
22:44:28.0601 3192 nmwcdc - ok
22:44:28.0617 3192 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
22:44:28.0663 3192 Npfs - ok
22:44:28.0663 3192 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
22:44:28.0710 3192 nsi - ok
22:44:28.0726 3192 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
22:44:28.0757 3192 nsiproxy - ok
22:44:28.0804 3192 [ 5E43D2B0EE64123D4880DFA6626DEFDE ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
22:44:28.0897 3192 Ntfs - ok
22:44:28.0913 3192 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
22:44:28.0944 3192 Null - ok
22:44:29.0007 3192 [ DD1D4DBA6223A8F512AC4301D4270A7A ] nvamacpi C:\Windows\system32\DRIVERS\NVAMACPI.sys
22:44:29.0038 3192 nvamacpi - ok
22:44:29.0287 3192 [ 19F5C4949B2E4CBD2E95B8ECDFC84D25 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:44:29.0506 3192 nvlddmkm - ok
22:44:29.0553 3192 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
22:44:29.0584 3192 nvraid - ok
22:44:29.0646 3192 [ F13618F0CB1E95232F4C2401592A59E9 ] nvsmu C:\Windows\system32\DRIVERS\nvsmu.sys
22:44:29.0677 3192 nvsmu - ok
22:44:29.0709 3192 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
22:44:29.0740 3192 nvstor - ok
22:44:29.0771 3192 [ 032EF66DD96692AD3A9D36160F467F67 ] nvstor32 C:\Windows\system32\DRIVERS\nvstor32.sys
22:44:29.0802 3192 nvstor32 - ok
22:44:29.0818 3192 [ 7A68320FA236ED0479EFF93540391568 ] nvsvc C:\Windows\system32\nvvsvc.exe
22:44:29.0833 3192 nvsvc - ok
22:44:29.0865 3192 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
22:44:29.0880 3192 nv_agp - ok
22:44:29.0896 3192 [ F1A718C6C6CD3EDF157FA3D459ADFEF7 ] NW1950 C:\Windows\system32\DRIVERS\NW1950.sys
22:44:29.0911 3192 NW1950 - ok
22:44:30.0005 3192 [ 953E08D5CA0B02697A8145AAA0CA28BE ] NxpCap C:\Windows\system32\DRIVERS\NxpCap.sys
22:44:30.0052 3192 NxpCap - ok
22:44:30.0083 3192 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
22:44:30.0114 3192 ohci1394 - ok
22:44:30.0161 3192 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:44:30.0208 3192 ose - ok
22:44:30.0348 3192 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
22:44:30.0442 3192 osppsvc - ok
22:44:30.0457 3192 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
22:44:30.0504 3192 p2pimsvc - ok
22:44:30.0535 3192 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
22:44:30.0551 3192 p2psvc - ok
22:44:30.0582 3192 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
22:44:30.0629 3192 Parport - ok
22:44:30.0660 3192 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
22:44:30.0691 3192 partmgr - ok
22:44:30.0723 3192 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
22:44:30.0769 3192 Parvdm - ok
22:44:30.0785 3192 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
22:44:30.0816 3192 PcaSvc - ok
22:44:30.0832 3192 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
22:44:30.0847 3192 pci - ok
22:44:30.0879 3192 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
22:44:30.0894 3192 pciide - ok
22:44:30.0925 3192 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
22:44:30.0941 3192 pcmcia - ok
22:44:30.0972 3192 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
22:44:30.0988 3192 pcw - ok
22:44:31.0035 3192 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
22:44:31.0097 3192 PEAUTH - ok
22:44:31.0159 3192 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
22:44:31.0284 3192 pla - ok
22:44:31.0315 3192 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
22:44:31.0378 3192 PlugPlay - ok
22:44:31.0425 3192 [ 12B4549D515CB26BB8D375038017CA65 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
22:44:31.0440 3192 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
22:44:31.0440 3192 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
22:44:31.0440 3192 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
22:44:31.0471 3192 PNRPAutoReg - ok
22:44:31.0471 3192 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
22:44:31.0503 3192 PNRPsvc - ok
22:44:31.0518 3192 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
22:44:31.0565 3192 PolicyAgent - ok
22:44:31.0612 3192 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
22:44:31.0643 3192 Power - ok
22:44:31.0674 3192 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
22:44:31.0721 3192 PptpMiniport - ok
22:44:31.0721 3192 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
22:44:31.0768 3192 Processor - ok
22:44:31.0799 3192 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
22:44:31.0877 3192 ProfSvc - ok
22:44:31.0893 3192 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
22:44:31.0908 3192 ProtectedStorage - ok
22:44:31.0955 3192 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
22:44:32.0002 3192 Psched - ok
22:44:32.0049 3192 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
22:44:32.0127 3192 ql2300 - ok
22:44:32.0158 3192 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
22:44:32.0173 3192 ql40xx - ok
22:44:32.0205 3192 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
22:44:32.0236 3192 QWAVE - ok
22:44:32.0251 3192 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
22:44:32.0267 3192 QWAVEdrv - ok
22:44:32.0283 3192 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
22:44:32.0329 3192 RasAcd - ok
22:44:32.0361 3192 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
22:44:32.0392 3192 RasAgileVpn - ok
22:44:32.0407 3192 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
22:44:32.0454 3192 RasAuto - ok
22:44:32.0454 3192 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
22:44:32.0501 3192 Rasl2tp - ok
22:44:32.0563 3192 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
22:44:32.0626 3192 RasMan - ok
22:44:32.0657 3192 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
22:44:32.0704 3192 RasPppoe - ok
22:44:32.0735 3192 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
22:44:32.0782 3192 RasSstp - ok
22:44:32.0813 3192 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
22:44:32.0860 3192 rdbss - ok
22:44:32.0875 3192 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
22:44:32.0891 3192 rdpbus - ok
22:44:32.0922 3192 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
22:44:32.0969 3192 RDPCDD - ok
22:44:33.0000 3192 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
22:44:33.0031 3192 RDPENCDD - ok
22:44:33.0047 3192 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
22:44:33.0078 3192 RDPREFMP - ok
22:44:33.0109 3192 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
22:44:33.0156 3192 RDPWD - ok
22:44:33.0203 3192 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
22:44:33.0234 3192 rdyboost - ok
22:44:33.0250 3192 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
22:44:33.0281 3192 RemoteAccess - ok
22:44:33.0312 3192 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
22:44:33.0343 3192 RemoteRegistry - ok
22:44:33.0421 3192 [ F12A68ED55053940CADD59CA5E3468DD ] RichVideo C:\Program Files\CyberLink\Shared files\RichVideo.exe
22:44:33.0453 3192 RichVideo ( UnsignedFile.Multi.Generic ) - warning
22:44:33.0453 3192 RichVideo - detected UnsignedFile.Multi.Generic (1)
22:44:33.0468 3192 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
22:44:33.0531 3192 RpcEptMapper - ok
22:44:33.0546 3192 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
22:44:33.0593 3192 RpcLocator - ok
22:44:33.0624 3192 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
22:44:33.0655 3192 RpcSs - ok
22:44:33.0655 3192 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
22:44:33.0718 3192 rspndr - ok
22:44:33.0749 3192 [ 5283B9A27FF230F2FF70D92451FF409A ] RTL8167 C:\Windows\system32\DRIVERS\Rt86win7.sys
22:44:33.0797 3192 RTL8167 - ok
22:44:33.0859 3192 [ B5E9979FBB26FC059BD87A81F763D5DA ] rtl8192se C:\Windows\system32\DRIVERS\rtl8192se.sys
22:44:33.0890 3192 rtl8192se - ok
22:44:33.0922 3192 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
22:44:33.0937 3192 SamSs - ok
22:44:33.0984 3192 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
22:44:34.0000 3192 sbp2port - ok
22:44:34.0015 3192 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
22:44:34.0046 3192 SCardSvr - ok
22:44:34.0062 3192 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
22:44:34.0124 3192 scfilter - ok
22:44:34.0156 3192 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
22:44:34.0218 3192 Schedule - ok
22:44:34.0234 3192 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
22:44:34.0265 3192 SCPolicySvc - ok
22:44:34.0312 3192 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
22:44:34.0374 3192 SDRSVC - ok
22:44:34.0390 3192 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
22:44:34.0436 3192 secdrv - ok
22:44:34.0483 3192 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
22:44:34.0608 3192 seclogon - ok
22:44:34.0639 3192 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
22:44:34.0686 3192 SENS - ok
22:44:34.0702 3192 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
22:44:34.0733 3192 SensrSvc - ok
22:44:34.0748 3192 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
22:44:34.0795 3192 Serenum - ok
22:44:34.0826 3192 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
22:44:34.0858 3192 Serial - ok
22:44:34.0873 3192 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
22:44:34.0889 3192 sermouse - ok
22:44:34.0920 3192 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
22:44:34.0967 3192 SessionEnv - ok
22:44:34.0998 3192 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
22:44:35.0045 3192 sffdisk - ok
22:44:35.0060 3192 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
22:44:35.0092 3192 sffp_mmc - ok
22:44:35.0107 3192 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
22:44:35.0138 3192 sffp_sd - ok
22:44:35.0154 3192 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
22:44:35.0185 3192 sfloppy - ok
22:44:35.0216 3192 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
22:44:35.0279 3192 SharedAccess - ok
22:44:35.0310 3192 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:44:35.0341 3192 ShellHWDetection - ok
22:44:35.0357 3192 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
22:44:35.0388 3192 sisagp - ok
22:44:35.0435 3192 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:44:35.0466 3192 SiSRaid2 - ok
22:44:35.0482 3192 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
22:44:35.0497 3192 SiSRaid4 - ok
22:44:35.0544 3192 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
22:44:35.0575 3192 Smb - ok
22:44:35.0591 3192 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
22:44:35.0638 3192 SNMPTRAP - ok
22:44:35.0669 3192 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
22:44:35.0684 3192 spldr - ok
22:44:35.0731 3192 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
22:44:35.0762 3192 Spooler - ok
22:44:35.0825 3192 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
22:44:35.0887 3192 sppsvc - ok
22:44:35.0950 3192 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
22:44:35.0981 3192 sppuinotify - ok
22:44:36.0028 3192 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
22:44:36.0059 3192 srv - ok
22:44:36.0074 3192 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
22:44:36.0106 3192 srv2 - ok
22:44:36.0137 3192 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
22:44:36.0168 3192 srvnet - ok
22:44:36.0184 3192 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
22:44:36.0246 3192 SSDPSRV - ok
22:44:36.0324 3192 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
22:44:36.0355 3192 ssmdrv - ok
22:44:36.0371 3192 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
22:44:36.0402 3192 SstpSvc - ok
22:44:36.0418 3192 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
22:44:36.0433 3192 stexstor - ok
22:44:36.0464 3192 [ EDB05BD63148796F23EA78506404A538 ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
22:44:36.0496 3192 StillCam - ok
22:44:36.0542 3192 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
22:44:36.0589 3192 StiSvc - ok
22:44:36.0636 3192 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
22:44:36.0652 3192 swenum - ok
22:44:36.0667 3192 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
22:44:36.0698 3192 swprv - ok
22:44:36.0761 3192 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
22:44:36.0808 3192 SysMain - ok
22:44:36.0823 3192 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:44:36.0839 3192 TabletInputService - ok
22:44:36.0870 3192 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
22:44:36.0901 3192 TapiSrv - ok
22:44:36.0917 3192 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
22:44:36.0964 3192 TBS - ok
22:44:37.0010 3192 [ 7C0507D2391AF5933600CBCED799F277 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
22:44:37.0073 3192 Tcpip - ok
22:44:37.0120 3192 [ 7C0507D2391AF5933600CBCED799F277 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
22:44:37.0151 3192 TCPIP6 - ok
22:44:37.0182 3192 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
22:44:37.0213 3192 tcpipreg - ok
22:44:37.0260 3192 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
22:44:37.0322 3192 TDPIPE - ok
22:44:37.0354 3192 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
22:44:37.0385 3192 TDTCP - ok
22:44:37.0416 3192 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
22:44:37.0478 3192 tdx - ok
22:44:37.0478 3192 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
22:44:37.0510 3192 TermDD - ok
22:44:37.0556 3192 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
22:44:37.0619 3192 TermService - ok
22:44:37.0634 3192 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
22:44:37.0666 3192 Themes - ok
22:44:37.0681 3192 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
22:44:37.0712 3192 THREADORDER - ok
22:44:37.0759 3192 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
22:44:37.0837 3192 TrkWks - ok
22:44:37.0900 3192 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:44:37.0962 3192 TrustedInstaller - ok
22:44:37.0993 3192 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
22:44:38.0024 3192 tssecsrv - ok
22:44:38.0056 3192 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
22:44:38.0087 3192 TsUsbFlt - ok
22:44:38.0102 3192 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
22:44:38.0149 3192 tunnel - ok
22:44:38.0180 3192 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
22:44:38.0196 3192 uagp35 - ok
22:44:38.0227 3192 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
22:44:38.0290 3192 udfs - ok
22:44:38.0321 3192 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
22:44:38.0352 3192 UI0Detect - ok
22:44:38.0399 3192 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
22:44:38.0414 3192 uliagpkx - ok
22:44:38.0461 3192 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
22:44:38.0508 3192 umbus - ok
22:44:38.0524 3192 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
22:44:38.0539 3192 UmPass - ok
22:44:38.0555 3192 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
22:44:38.0617 3192 upnphost - ok
22:44:38.0664 3192 [ 7062ED67A10F1C83B2AB951736E24F11 ] upperdev C:\Windows\system32\DRIVERS\usbser_lowerflt.sys
22:44:38.0711 3192 upperdev - ok
22:44:38.0742 3192 [ 8BF5D980CDCE35FB26F05047144BB57E ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
22:44:38.0773 3192 USBAAPL - ok
22:44:38.0804 3192 [ 8455C4ED038EFD09E99327F9D2D48FFA ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
22:44:38.0820 3192 usbccgp - ok
22:44:38.0851 3192 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
22:44:38.0898 3192 usbcir - ok
22:44:38.0929 3192 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
22:44:38.0960 3192 usbehci - ok
22:44:38.0992 3192 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
22:44:39.0023 3192 usbhub - ok
22:44:39.0038 3192 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
22:44:39.0054 3192 usbohci - ok
22:44:39.0085 3192 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
22:44:39.0116 3192 usbprint - ok
22:44:39.0148 3192 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
22:44:39.0179 3192 usbscan - ok
22:44:39.0210 3192 [ 31181DE6190B39FC8007DFFD1A48FFD6 ] usbser C:\Windows\system32\drivers\usbser.sys
22:44:39.0257 3192 usbser - ok
22:44:39.0272 3192 [ B76D8039F5B595C4CA551B3D5DD15A98 ] UsbserFilt C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys
22:44:39.0304 3192 UsbserFilt - ok
22:44:39.0335 3192 [ D8889D56E0D27E57ED4591837FE71D27 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:44:39.0350 3192 USBSTOR - ok
22:44:39.0366 3192 [ 78780C3EBCE17405B1CCD07A3A8A7D72 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
22:44:39.0382 3192 usbuhci - ok
22:44:39.0428 3192 [ F642A7E4BF78CFA359CCA0A3557C28D7 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
22:44:39.0460 3192 usbvideo - ok
22:44:39.0491 3192 uxddrv - ok
22:44:39.0506 3192 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
22:44:39.0538 3192 UxSms - ok
22:44:39.0553 3192 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
22:44:39.0569 3192 VaultSvc - ok
22:44:39.0584 3192 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
22:44:39.0616 3192 vdrvroot - ok
22:44:39.0647 3192 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
22:44:39.0709 3192 vds - ok
22:44:39.0740 3192 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
22:44:39.0787 3192 vga - ok
22:44:39.0803 3192 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
22:44:39.0834 3192 VgaSave - ok
22:44:39.0850 3192 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
22:44:39.0881 3192 vhdmp - ok
22:44:39.0912 3192 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
22:44:39.0943 3192 viaagp - ok
22:44:39.0959 3192 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
22:44:39.0990 3192 ViaC7 - ok
22:44:40.0006 3192 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
22:44:40.0037 3192 viaide - ok
22:44:40.0052 3192 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
22:44:40.0068 3192 volmgr - ok
22:44:40.0084 3192 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
22:44:40.0115 3192 volmgrx - ok
22:44:40.0146 3192 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
22:44:40.0177 3192 volsnap - ok
22:44:40.0208 3192 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
22:44:40.0240 3192 vsmraid - ok
22:44:40.0286 3192 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
22:44:40.0333 3192 VSS - ok
22:44:40.0349 3192 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
22:44:40.0380 3192 vwifibus - ok
22:44:40.0396 3192 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
22:44:40.0427 3192 vwififlt - ok
22:44:40.0458 3192 [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
22:44:40.0474 3192 vwifimp - ok
22:44:40.0505 3192 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
22:44:40.0552 3192 W32Time - ok
22:44:40.0567 3192 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
22:44:40.0614 3192 WacomPen - ok
22:44:40.0645 3192 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
22:44:40.0692 3192 WANARP - ok
22:44:40.0708 3192 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
22:44:40.0723 3192 Wanarpv6 - ok
22:44:40.0770 3192 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
22:44:40.0832 3192 wbengine - ok
22:44:40.0864 3192 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
22:44:40.0895 3192 WbioSrvc - ok
22:44:40.0926 3192 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
22:44:40.0957 3192 wcncsvc - ok
22:44:40.0973 3192 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:44:41.0035 3192 WcsPlugInService - ok
22:44:41.0051 3192 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
22:44:41.0082 3192 Wd - ok
22:44:41.0113 3192 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
22:44:41.0144 3192 Wdf01000 - ok
22:44:41.0160 3192 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
22:44:41.0207 3192 WdiServiceHost - ok
22:44:41.0222 3192 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
22:44:41.0238 3192 WdiSystemHost - ok
22:44:41.0269 3192 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
22:44:41.0300 3192 WebClient - ok
22:44:41.0332 3192 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
22:44:41.0363 3192 Wecsvc - ok
22:44:41.0378 3192 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
22:44:41.0425 3192 wercplsupport - ok
22:44:41.0425 3192 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
22:44:41.0472 3192 WerSvc - ok
22:44:41.0503 3192 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
22:44:41.0534 3192 WfpLwf - ok
22:44:41.0566 3192 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
22:44:41.0581 3192 WIMMount - ok
22:44:41.0628 3192 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
22:44:41.0675 3192 WinDefend - ok
22:44:41.0690 3192 WinHttpAutoProxySvc - ok
22:44:41.0737 3192 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
22:44:41.0800 3192 Winmgmt - ok
22:44:41.0831 3192 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
22:44:41.0893 3192 WinRM - ok
22:44:41.0956 3192 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
22:44:42.0002 3192 WinUsb - ok
22:44:42.0034 3192 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
22:44:42.0080 3192 Wlansvc - ok
22:44:42.0158 3192 [ D9250B31B353EE3322C1CAD411997E38 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:44:42.0205 3192 wlidsvc - ok
22:44:42.0221 3192 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
22:44:42.0236 3192 WmiAcpi - ok
22:44:42.0268 3192 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
22:44:42.0299 3192 wmiApSrv - ok
22:44:42.0361 3192 [ 36ED6F108DFA7C7DD329CF103B02C74B ] WMI_Hook_Service C:\Program Files\msi\OSD hot keys\WMI_Hook_Service.exe
22:44:42.0408 3192 WMI_Hook_Service - ok
22:44:42.0470 3192 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
22:44:42.0533 3192 WMPNetworkSvc - ok
22:44:42.0548 3192 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
22:44:42.0580 3192 WPCSvc - ok
22:44:42.0611 3192 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
22:44:42.0642 3192 WPDBusEnum - ok
22:44:42.0673 3192 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
22:44:42.0720 3192 ws2ifsl - ok
22:44:42.0751 3192 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
22:44:42.0782 3192 wscsvc - ok
22:44:42.0829 3192 [ 553F6CCD7C58EB98D4A8FBDAF283D7A9 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
22:44:42.0876 3192 WSDPrintDevice - ok
22:44:42.0876 3192 WSearch - ok
22:44:42.0954 3192 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
22:44:43.0001 3192 wuauserv - ok
22:44:43.0032 3192 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
22:44:43.0063 3192 WudfPf - ok
22:44:43.0110 3192 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
22:44:43.0141 3192 WUDFRd - ok
22:44:43.0172 3192 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
22:44:43.0219 3192 wudfsvc - ok
22:44:43.0250 3192 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
22:44:43.0282 3192 WwanSvc - ok
22:44:43.0313 3192 ================ Scan global ===============================
22:44:43.0360 3192 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
22:44:43.0391 3192 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
22:44:43.0406 3192 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
22:44:43.0438 3192 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
22:44:43.0469 3192 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
22:44:43.0484 3192 [Global] - ok
22:44:43.0484 3192 ================ Scan MBR ==================================
22:44:43.0500 3192 [ 4624822E540EC83CD0819525C65846BA ] \Device\Harddisk0\DR0
22:44:46.0433 3192 \Device\Harddisk0\DR0 - ok
22:44:46.0433 3192 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
22:44:46.0589 3192 \Device\Harddisk1\DR1 - ok
22:44:46.0589 3192 ================ Scan VBR ==================================
22:44:46.0589 3192 [ 137FBB9DB68659101FFE5097EDB2D58B ] \Device\Harddisk0\DR0\Partition1
22:44:46.0589 3192 \Device\Harddisk0\DR0\Partition1 - ok
22:44:46.0620 3192 [ 3F1D14104B5F9652F541BD046C905C53 ] \Device\Harddisk0\DR0\Partition2
22:44:46.0620 3192 \Device\Harddisk0\DR0\Partition2 - ok
22:44:46.0651 3192 [ 6D95BE7D06AE83B714926815C52BAF92 ] \Device\Harddisk0\DR0\Partition3
22:44:46.0651 3192 \Device\Harddisk0\DR0\Partition3 - ok
22:44:46.0667 3192 [ B3C0FF75B36DC1575F89ACF96DD8D6B5 ] \Device\Harddisk1\DR1\Partition1
22:44:46.0667 3192 \Device\Harddisk1\DR1\Partition1 - ok
22:44:46.0667 3192 ============================================================
22:44:46.0667 3192 Scan finished
22:44:46.0667 3192 ============================================================
22:44:46.0682 3628 Detected object count: 4
22:44:46.0682 3628 Actual detected object count: 4
22:45:19.0255 3628 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - skipped by user
22:45:19.0255 3628 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:45:19.0271 3628 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
22:45:19.0271 3628 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:45:19.0271 3628 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
22:45:19.0271 3628 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:45:19.0271 3628 RichVideo ( UnsignedFile.Multi.Generic ) - skipped by user
22:45:19.0271 3628 RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip

Alt 08.05.2013, 21:52   #14
markusg
/// Malware-holic
 
Windows 7 - Befall von System care antivirus - Standard

Windows 7 - Befall von System care antivirus



Ok, passt.
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 08.05.2013, 22:11   #15
Dumpty
 
Windows 7 - Befall von System care antivirus - Standard

Windows 7 - Befall von System care antivirus



combofix lief ohne zu meckern.
hier die log:
Combofix Logfile:
Code:
ATTFilter
ComboFix 13-05-08.02 - MEDION 08.05.2013  23:00:16.1.2 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3327.2283 [GMT 2:00]
ausgeführt von:: c:\users\MEDION\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
FW: FireWall *Disabled* {CE40CCC0-8ADB-6D67-25A0-C5B6438E4B57}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\MEDION\4.0
c:\users\MEDION\AmazonMP3Installer-de_DE.exe
c:\users\Public\sdelevURL.tmp
c:\windows\security\Database\tmp.edb
c:\windows\system32\pt
c:\windows\system32\pt\Lagoon.resources.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-04-08 bis 2013-05-08  ))))))))))))))))))))))))))))))
.
.
2013-05-08 21:07 . 2013-05-08 21:07	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-05-08 21:05 . 2013-05-08 21:05	60872	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{9EDF226A-7731-49B0-B432-BBEC21C30E3D}\offreg.dll
2013-05-08 20:12 . 2013-05-08 20:12	--------	d-----w-	C:\_OTL
2013-05-08 19:21 . 2013-05-08 19:21	66656	----a-w-	c:\windows\system32\drivers\avnetflt.sys
2013-05-08 19:18 . 2013-04-10 03:08	6906960	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{9EDF226A-7731-49B0-B432-BBEC21C30E3D}\mpengine.dll
2013-05-07 19:53 . 2013-05-08 19:04	--------	d-----w-	c:\programdata\146B3392068476C50000146B1F2B7B59
2013-04-24 14:37 . 2013-04-12 13:45	1211752	----a-w-	c:\windows\system32\drivers\ntfs.sys
2013-04-16 16:32 . 2011-05-18 06:22	99896	----a-w-	c:\windows\system32\HPSIsvc.exe
2013-04-16 16:32 . 2008-12-22 03:02	117904	----a-w-	c:\windows\system32\Ltimgutl15u.dll
2013-04-16 16:28 . 2012-09-29 11:24	69632	----a-w-	c:\windows\system32\Spool\prtprocs\w32x86\HPM1210PP.dll
2013-04-16 16:27 . 2012-09-29 11:25	1167360	----a-w-	c:\windows\system32\HPM1210SM.exe
2013-04-16 16:27 . 2012-09-29 11:24	167936	----a-w-	c:\windows\system32\HPM1210LM.DLL
2013-04-16 16:27 . 2012-09-29 11:04	284672	----a-w-	c:\windows\system32\mvhlewsi.DLL
2013-04-12 07:15 . 2013-03-01 03:09	2347008	----a-w-	c:\windows\system32\win32k.sys
2013-04-12 07:15 . 2013-01-24 04:47	196328	----a-w-	c:\windows\system32\drivers\fvevol.sys
2013-04-12 07:15 . 2013-03-19 05:04	3913560	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-04-12 07:15 . 2013-03-19 05:04	3968856	----a-w-	c:\windows\system32\ntkrnlpa.exe
2013-04-12 07:15 . 2013-03-19 04:48	38912	----a-w-	c:\windows\system32\csrsrv.dll
2013-04-12 07:15 . 2013-03-19 02:49	69632	----a-w-	c:\windows\system32\smss.exe
2013-04-12 07:15 . 2013-02-15 04:37	3217408	----a-w-	c:\windows\system32\mstscax.dll
2013-04-12 07:15 . 2013-02-15 04:34	131584	----a-w-	c:\windows\system32\aaclient.dll
2013-04-12 07:15 . 2013-02-15 03:25	36864	----a-w-	c:\windows\system32\tsgqec.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-02 00:06 . 2010-01-22 13:33	238872	------w-	c:\windows\system32\MpSigStub.exe
2013-03-27 18:42 . 2013-03-27 18:43	94112	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2013-03-27 18:42 . 2012-09-11 05:37	861088	----a-w-	c:\windows\system32\npdeployJava1.dll
2013-03-27 18:42 . 2011-05-03 08:13	782240	----a-w-	c:\windows\system32\deployJava1.dll
2013-03-27 13:28 . 2012-10-03 08:31	84744	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2013-03-27 13:28 . 2012-10-03 08:31	37352	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2013-03-27 13:28 . 2012-10-03 08:31	135136	----a-w-	c:\windows\system32\drivers\avipbb.sys
2013-03-13 17:10 . 2012-05-02 09:21	693976	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-03-13 17:10 . 2011-12-03 19:14	73432	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-12 19:30 . 2012-10-03 08:31	92448	----a-w-	c:\windows\system32\drivers\avfwim.sys
2013-02-12 19:30 . 2012-10-03 08:31	113024	----a-w-	c:\windows\system32\drivers\avfwot.sys
2013-02-12 04:48 . 2013-03-13 09:01	474112	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 09:01	2176512	----a-w-	c:\windows\apppatch\AcGenral.dll
2013-02-12 03:32 . 2013-03-26 07:57	15872	----a-w-	c:\windows\system32\drivers\usb8023.sys
2013-04-12 07:53 . 2013-04-12 07:53	263064	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"iCloudServices"="c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-12-17 59872]
"ApplePhotoStreams"="c:\program files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-12-17 59872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-03 103720]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-11-10 7866912]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-05-08 345312]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\MEDION\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\MEDION\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-3-12 29106336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.1.391.0\BBSvc.exe [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [x]
R3 mvusbews;USB EWS Device;c:\windows\system32\Drivers\mvusbews.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 uxddrv;Dynamically loaded UxdDrv;e:\diagnose\WSTGER32\2PART\uxddrv86.sys [x]
S0 nvamacpi;NVIDIA Away Mode System;c:\windows\system32\DRIVERS\NVAMACPI.sys [x]
S1 avfwot;avfwot;c:\windows\system32\DRIVERS\avfwot.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S2 AntiVirFirewallService;Avira FireWall;c:\program files\Avira\AntiVir Desktop\avfwsvc.exe [x]
S2 AntiVirMailService;Avira Email Schutz;c:\program files\Avira\AntiVir Desktop\avmailc.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 AntiVirWebService;Avira Browser-Schutz;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [x]
S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [x]
S2 WMI_Hook_Service;WMI_Hook_Service;c:\program files\msi\OSD hot keys\WMI_Hook_Service.exe [x]
S3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\DRIVERS\avfwim.sys [x]
S3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.1.391.0\SeaPort.exe [x]
S3 hidkmdf;Microsoft HID Class Shim for KMDF;c:\windows\system32\DRIVERS\hidkmdf.sys [x]
S3 NW1950;NextWindow 1950 Touch Screen;c:\windows\system32\DRIVERS\NW1950.sys [x]
S3 NxpCap;CTX capture service;c:\windows\system32\DRIVERS\NxpCap.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 80862689
*NewlyCreated* - 95995494
*Deregistered* - 80862689
*Deregistered* - 95995494
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
HPService	REG_MULTI_SZ   	HPSLPSVC
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-05-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-02 17:10]
.
2013-05-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-07 09:47]
.
2013-05-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-07 09:47]
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\MEDION\AppData\Roaming\Mozilla\Firefox\Profiles\ur11sf9k.default\
FF - prefs.js: browser.startup.homepage - Google
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-NWEReboot - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-05-08  23:09:30
ComboFix-quarantined-files.txt  2013-05-08 21:09
.
Vor Suchlauf: 6 Verzeichnis(se), 894.555.705.344 Bytes frei
Nach Suchlauf: 10 Verzeichnis(se), 894.229.725.184 Bytes frei
.
- - End Of File - - BE59A2D5E7BBAF87D69D3DE02A4AD3BD
         
--- --- ---


combofix hat alles entfernt, oder? soll ich noch was zur sicherheit laufen lassen?

Antwort

Themen zu Windows 7 - Befall von System care antivirus
abgesicherten, aktivieren, aktuelle, antivirus, avira, befall, desktop, direkt, download, forum, funktioniert, icon, keine verbindung, malware / spyware / system care, meldet, meldung, modus, nichts, problem, rechner, system, system care, verbindung, version, w-lan, windows, windows 7



Ähnliche Themen: Windows 7 - Befall von System care antivirus


  1. System Care Antivirus - Befall
    Log-Analyse und Auswertung - 29.08.2013 (21)
  2. Windows 7: System Care Antivirus 3.7.33 blockiert andere Programme
    Log-Analyse und Auswertung - 29.08.2013 (19)
  3. Windows 7: System Care Antivirus
    Log-Analyse und Auswertung - 28.08.2013 (15)
  4. Windows 7: System Care Antivirus Befall
    Log-Analyse und Auswertung - 23.08.2013 (20)
  5. Laptop / Windows Vista Home 32bit/ System Care Antivirus Befall
    Log-Analyse und Auswertung - 20.08.2013 (13)
  6. System Care Antivirus entfernen, Windows 7
    Plagegeister aller Art und deren Bekämpfung - 29.07.2013 (14)
  7. Befall durch die "System Care Antivirus"-Maleware
    Plagegeister aller Art und deren Bekämpfung - 11.06.2013 (7)
  8. System Care Antivirus befall
    Log-Analyse und Auswertung - 10.06.2013 (33)
  9. Befall von System Care Antivirus
    Log-Analyse und Auswertung - 10.06.2013 (6)
  10. System Care Antivirus - Windows Vista infiziert - Wie entfernen?
    Log-Analyse und Auswertung - 09.06.2013 (11)
  11. System Care Antivirus auf Laptop -Windows 7- endgültig entfernen!
    Log-Analyse und Auswertung - 26.05.2013 (17)
  12. System Care Antivirus bei Windows XP
    Plagegeister aller Art und deren Bekämpfung - 24.05.2013 (25)
  13. System Care Antivirus Befall auf Windows XP
    Log-Analyse und Auswertung - 23.05.2013 (7)
  14. System Care Antivirus - Windows 7
    Plagegeister aller Art und deren Bekämpfung - 09.05.2013 (2)
  15. Windows 7 von System Care Antivirus befallen
    Plagegeister aller Art und deren Bekämpfung - 02.05.2013 (7)
  16. System Care Antivirus auf Windows XP
    Plagegeister aller Art und deren Bekämpfung - 30.04.2013 (3)
  17. XP-Rechner nach "System care antivirus" Befall neu aufgesetzt
    Log-Analyse und Auswertung - 29.04.2013 (9)

Zum Thema Windows 7 - Befall von System care antivirus - Hallo, ich habe jetzt schon viel in eurem Forum über mein Problem gelesen und auch, dass ich mich trotzdem bei Euch melden kann zwecks Fehlerbehebung. Gestern Abend erschien bei mir - Windows 7 - Befall von System care antivirus...
Archiv
Du betrachtest: Windows 7 - Befall von System care antivirus auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.