Hilfe bei der Entfernung von Spyhunter!

Aristo136 · 15.05.2013, 19:18

Hallo,

seit ein paar Tagen hatten wir den Toolbar von search conduit auf dem Laptop - bei der Recherche, diesen wieder zu entfernen, bin ich auf spyhunter4 gestoßen und habe diesen runtergeladen. Nach weiterer Recherche habe ich dann festgestellt, dass ich die Sache damit schlimmer gemacht habe.

Im 1. Versuch habe ich eine Systemwiederherstellung auf einen Zeitpunkt vor der Installation gemacht (habe allerdings hier im Forum gelesen, dass das nichts bringt; zumindest taucht Spyhunter nun nicht mehr unter "Programme" auf). Ansonsten läuft der Laptop gefühlt auch ganz normal, nur das Hochfahren dauert länger als sonst. Da ich unsicher bin, ob noch eine Infizierung vorliegt, wäre ich für Hilfe dankbar.

Schritt 1 "defogger" habe ich installiert und "disable" geklickt. Es kam die Meldung "finished", Eine Fehlermldlung kam nicht.

Schritt 2 OTL-Quick Scan habe ich durchgeführt.

Schritt 3 "Gmer" habe ich ebenfalls durchgeführt.

Vielen Dank schonmal vorab!!

cosinus · 15.05.2013, 20:05

Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die jemals fündig geworden?
Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Aristo136 · 15.05.2013, 20:22

Vielen Dank für die schnelle Antwort und die Erklärung, wie ich die Dateitexte direkt einfügen kann!! Soll ich die bereits versandten noch mal direkt einfügen?

Ich habe von gestern abend nach der Systemzurücksetzung einen Log von Malwarebytes:

Code:

ATTFilter

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.05.14.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
samsung :: SAMSUNG-PC [Administrator]

15.05.2013 00:00:20
mbam-log-2013-05-15 (00-00-20).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 240567
Laufzeit: 3 Minute(n), 59 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

cosinus · 15.05.2013, 20:35

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.

Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.
Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.
Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!
Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!
Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!
Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.

Bitte die drei Tools MBAR / aswMBR / TDSSkiller nun ausführen und die Logs in CODE-Tags posten

MBAR (Malwarebytes Anti-Rootkit)

Downloade dir bitte

Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

aswMBR

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

TDSS-Killer

Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Aristo136 · 15.05.2013, 21:22

Hallo,

1. Schritt: Malwarebytes AntiRoot-Kit:

Beim Öffnen kam folgende Meldung

Zitat:

Probable rootkit activity detected
Registry value "AppInit_DIIs" has been found, which may be caused by rootkit activity.
Press "No" if you're not sure [...]
Do you want to remove this value and restart the tool?

Da ich mir nicht sicher war, habe ich entsprechend No angeklickt. Der Scan ist dann durchgelaufen und es kam folgende Meldung

Zitat:

Congratulations, no cleanup is required! Scan finished - no malware found!

2. Schritt: aswMBR

Code:

ATTFilter

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-05-15 21:59:38
-----------------------------
21:59:38.840    OS Version: Windows x64 6.1.7601 Service Pack 1
21:59:38.840    Number of processors: 4 586 0x3A09
21:59:38.840    ComputerName: SAMSUNG-PC  UserName: samsung
21:59:40.387    Initialize success
22:00:33.167    AVAST engine defs: 13051500
22:00:57.949    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:00:57.952    Disk 0 Vendor: Hitachi_ JF4O Size: 715404MB BusType: 3
22:00:58.038    Disk 0 MBR read successfully
22:00:58.041    Disk 0 MBR scan
22:00:58.048    Disk 0 unknown MBR code
22:00:58.052    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
22:00:58.067    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       688443 MB offset 206848
22:00:58.094    Disk 0 Partition 3 00     27 Hidden NTFS WinRE NTFS        26860 MB offset 1410138112
22:00:58.195    Disk 0 scanning C:\windows\system32\drivers
22:01:08.129    Service scanning
22:01:33.522    Modules scanning
22:01:33.532    Disk 0 trace - called modules:
22:01:33.592    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll 
22:01:33.602    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8008c32790]
22:01:33.612    3 CLASSPNP.SYS[fffff88001c8343f] -> nt!IofCallDriver -> [0xfffffa800790b950]
22:01:33.612    5 ACPI.sys[fffff88000d657a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8008c31050]
22:01:35.302    AVAST engine scan C:\windows
22:01:38.863    AVAST engine scan C:\windows\system32
22:04:02.097    AVAST engine scan C:\windows\system32\drivers
22:04:14.229    AVAST engine scan C:\Users\samsung
22:10:09.421    AVAST engine scan C:\ProgramData
22:11:13.560    Scan finished successfully
22:11:54.624    Disk 0 MBR has been saved successfully to "C:\Users\samsung\Desktop\MBR.dat"
22:11:54.634    The log file has been saved successfully to "C:\Users\samsung\Desktop\aswMBR.txt"

3. Schritt: TDSS Killer

Code:

ATTFilter

22:15:53.0844 6404  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
22:15:53.0930 6404  ============================================================
22:15:53.0930 6404  Current date / time: 2013/05/15 22:15:53.0930
22:15:53.0930 6404  SystemInfo:
22:15:53.0930 6404  
22:15:53.0930 6404  OS Version: 6.1.7601 ServicePack: 1.0
22:15:53.0930 6404  Product type: Workstation
22:15:53.0930 6404  ComputerName: SAMSUNG-PC
22:15:53.0931 6404  UserName: samsung
22:15:53.0931 6404  Windows directory: C:\windows
22:15:53.0931 6404  System windows directory: C:\windows
22:15:53.0931 6404  Running under WOW64
22:15:53.0931 6404  Processor architecture: Intel x64
22:15:53.0931 6404  Number of processors: 4
22:15:53.0931 6404  Page size: 0x1000
22:15:53.0931 6404  Boot type: Normal boot
22:15:53.0931 6404  ============================================================
22:15:54.0480 6404  Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:15:54.0483 6404  ============================================================
22:15:54.0483 6404  \Device\Harddisk0\DR0:
22:15:54.0484 6404  MBR partitions:
22:15:54.0484 6404  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
22:15:54.0484 6404  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x5409D800
22:15:54.0484 6404  ============================================================
22:15:54.0540 6404  C: <-> \Device\Harddisk0\DR0\Partition2
22:15:54.0540 6404  ============================================================
22:15:54.0540 6404  Initialize success
22:15:54.0540 6404  ============================================================
22:17:47.0104 1676  ============================================================
22:17:47.0104 1676  Scan started
22:17:47.0104 1676  Mode: Manual; SigCheck; TDLFS; 
22:17:47.0104 1676  ============================================================
22:17:47.0378 1676  ================ Scan system memory ========================
22:17:47.0378 1676  System memory - ok
22:17:47.0378 1676  ================ Scan services =============================
22:17:47.0585 1676  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\windows\system32\drivers\1394ohci.sys
22:17:47.0661 1676  1394ohci - ok
22:17:47.0717 1676  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\windows\system32\drivers\ACPI.sys
22:17:47.0746 1676  ACPI - ok
22:17:47.0783 1676  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\windows\system32\drivers\acpipmi.sys
22:17:47.0853 1676  AcpiPmi - ok
22:17:47.0938 1676  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
22:17:47.0956 1676  AdobeARMservice - ok
22:17:48.0139 1676  [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:17:48.0161 1676  AdobeFlashPlayerUpdateSvc - ok
22:17:48.0259 1676  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\windows\system32\drivers\adp94xx.sys
22:17:48.0287 1676  adp94xx - ok
22:17:48.0336 1676  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\windows\system32\drivers\adpahci.sys
22:17:48.0349 1676  adpahci - ok
22:17:48.0370 1676  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\windows\system32\drivers\adpu320.sys
22:17:48.0387 1676  adpu320 - ok
22:17:48.0412 1676  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\windows\System32\aelupsvc.dll
22:17:48.0524 1676  AeLookupSvc - ok
22:17:48.0585 1676  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\windows\system32\drivers\afd.sys
22:17:48.0632 1676  AFD - ok
22:17:48.0688 1676  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\windows\system32\drivers\agp440.sys
22:17:48.0706 1676  agp440 - ok
22:17:48.0752 1676  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\windows\System32\alg.exe
22:17:48.0781 1676  ALG - ok
22:17:48.0830 1676  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\windows\system32\drivers\aliide.sys
22:17:48.0847 1676  aliide - ok
22:17:48.0864 1676  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\windows\system32\drivers\amdide.sys
22:17:48.0871 1676  amdide - ok
22:17:48.0890 1676  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\windows\system32\drivers\amdk8.sys
22:17:48.0936 1676  AmdK8 - ok
22:17:48.0941 1676  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\windows\system32\drivers\amdppm.sys
22:17:48.0984 1676  AmdPPM - ok
22:17:49.0022 1676  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\windows\system32\drivers\amdsata.sys
22:17:49.0033 1676  amdsata - ok
22:17:49.0077 1676  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\windows\system32\drivers\amdsbs.sys
22:17:49.0089 1676  amdsbs - ok
22:17:49.0104 1676  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\windows\system32\drivers\amdxata.sys
22:17:49.0114 1676  amdxata - ok
22:17:49.0178 1676  [ 449D90F1FB6402773C2F1ECCEAE15F74 ] AMPPAL          C:\windows\system32\DRIVERS\AMPPAL.sys
22:17:49.0240 1676  AMPPAL - ok
22:17:49.0247 1676  [ 449D90F1FB6402773C2F1ECCEAE15F74 ] AMPPALP         C:\windows\system32\DRIVERS\amppal.sys
22:17:49.0262 1676  AMPPALP - ok
22:17:49.0327 1676  [ AB6E5B9333101E414D8F04BC570064F1 ] AMPPALR3        C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
22:17:49.0364 1676  AMPPALR3 - ok
22:17:49.0397 1676  [ 4DE0D5D747A73797C95A97DCCE5018B5 ] androidusb      C:\windows\system32\Drivers\ssadadb.sys
22:17:49.0436 1676  androidusb - ok
22:17:49.0470 1676  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\windows\system32\drivers\appid.sys
22:17:49.0532 1676  AppID - ok
22:17:49.0567 1676  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\windows\System32\appidsvc.dll
22:17:49.0635 1676  AppIDSvc - ok
22:17:49.0649 1676  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\windows\System32\appinfo.dll
22:17:49.0695 1676  Appinfo - ok
22:17:49.0777 1676  [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:17:49.0794 1676  Apple Mobile Device - ok
22:17:49.0824 1676  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\windows\system32\drivers\arc.sys
22:17:49.0836 1676  arc - ok
22:17:49.0849 1676  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\windows\system32\drivers\arcsas.sys
22:17:49.0860 1676  arcsas - ok
22:17:49.0921 1676  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\windows\system32\DRIVERS\asyncmac.sys
22:17:49.0996 1676  AsyncMac - ok
22:17:50.0036 1676  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\windows\system32\drivers\atapi.sys
22:17:50.0045 1676  atapi - ok
22:17:50.0146 1676  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
22:17:50.0207 1676  AudioEndpointBuilder - ok
22:17:50.0217 1676  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\windows\System32\Audiosrv.dll
22:17:50.0248 1676  AudioSrv - ok
22:17:50.0280 1676  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\windows\System32\AxInstSV.dll
22:17:50.0314 1676  AxInstSV - ok
22:17:50.0396 1676  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\windows\system32\drivers\bxvbda.sys
22:17:50.0472 1676  b06bdrv - ok
22:17:50.0509 1676  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\windows\system32\DRIVERS\b57nd60a.sys
22:17:50.0549 1676  b57nd60a - ok
22:17:50.0590 1676  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\windows\System32\bdesvc.dll
22:17:50.0645 1676  BDESVC - ok
22:17:50.0665 1676  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\windows\system32\drivers\Beep.sys
22:17:50.0726 1676  Beep - ok
22:17:50.0753 1676  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\windows\System32\bfe.dll
22:17:50.0799 1676  BFE - ok
22:17:50.0956 1676  [ E92A3DA47BED7CC65D264235617ED46E ] BHDrvx64        C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20130322.001\BHDrvx64.sys
22:17:50.0997 1676  BHDrvx64 - ok
22:17:51.0027 1676  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\windows\System32\qmgr.dll
22:17:51.0080 1676  BITS - ok
22:17:51.0104 1676  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\windows\system32\DRIVERS\blbdrive.sys
22:17:51.0132 1676  blbdrive - ok
22:17:51.0204 1676  [ 05981C3E51D827ED6B8101A54B05E392 ] Bluetooth Device Monitor C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
22:17:51.0236 1676  Bluetooth Device Monitor - ok
22:17:51.0259 1676  [ BBFAF63BF768047FE2441B4139E803E3 ] Bluetooth Media Service C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
22:17:51.0283 1676  Bluetooth Media Service - ok
22:17:51.0356 1676  [ 41D8F56E6BBE0111244D87BE2FA90374 ] Bluetooth OBEX Service C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
22:17:51.0389 1676  Bluetooth OBEX Service - ok
22:17:51.0421 1676  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
22:17:51.0431 1676  Bonjour Service - ok
22:17:51.0461 1676  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\windows\system32\DRIVERS\bowser.sys
22:17:51.0494 1676  bowser - ok
22:17:51.0522 1676  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\windows\system32\drivers\BrFiltLo.sys
22:17:51.0544 1676  BrFiltLo - ok
22:17:51.0552 1676  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\windows\system32\drivers\BrFiltUp.sys
22:17:51.0577 1676  BrFiltUp - ok
22:17:51.0609 1676  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\windows\System32\browser.dll
22:17:51.0664 1676  Browser - ok
22:17:51.0688 1676  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\windows\System32\Drivers\Brserid.sys
22:17:51.0745 1676  Brserid - ok
22:17:51.0759 1676  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\windows\System32\Drivers\BrSerWdm.sys
22:17:51.0796 1676  BrSerWdm - ok
22:17:51.0834 1676  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\windows\System32\Drivers\BrUsbMdm.sys
22:17:51.0864 1676  BrUsbMdm - ok
22:17:51.0868 1676  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\windows\System32\Drivers\BrUsbSer.sys
22:17:51.0885 1676  BrUsbSer - ok
22:17:51.0926 1676  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\windows\system32\drivers\BthEnum.sys
22:17:51.0960 1676  BthEnum - ok
22:17:51.0987 1676  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\windows\system32\drivers\bthmodem.sys
22:17:52.0025 1676  BTHMODEM - ok
22:17:52.0056 1676  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\windows\system32\DRIVERS\bthpan.sys
22:17:52.0091 1676  BthPan - ok
22:17:52.0138 1676  [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT         C:\windows\system32\Drivers\BTHport.sys
22:17:52.0182 1676  BTHPORT - ok
22:17:52.0215 1676  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\windows\system32\bthserv.dll
22:17:52.0255 1676  bthserv - ok
22:17:52.0267 1676  [ 588762F716C2B7A2054AFBC3D58E5C21 ] BTHSSecurityMgr C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
22:17:52.0274 1676  BTHSSecurityMgr - ok
22:17:52.0283 1676  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\windows\system32\Drivers\BTHUSB.sys
22:17:52.0313 1676  BTHUSB - ok
22:17:52.0338 1676  [ 988CC6CC49303665D3B2435C51505C3F ] btmaux          C:\windows\system32\DRIVERS\btmaux.sys
22:17:52.0361 1676  btmaux - ok
22:17:52.0409 1676  [ 2B4B508AFAC2A563931AF1FE875A5B16 ] btmhsf          C:\windows\system32\DRIVERS\btmhsf.sys
22:17:52.0435 1676  btmhsf - ok
22:17:52.0514 1676  [ A8AD33C9DD88C810CAC00ACC7F4329FB ] ccSet_NIS       C:\windows\system32\drivers\NISx64\1301000.01C\ccSetx64.sys
22:17:52.0533 1676  ccSet_NIS - ok
22:17:52.0555 1676  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\windows\system32\DRIVERS\cdfs.sys
22:17:52.0586 1676  cdfs - ok
22:17:52.0608 1676  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\windows\system32\DRIVERS\cdrom.sys
22:17:52.0620 1676  cdrom - ok
22:17:52.0640 1676  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\windows\System32\certprop.dll
22:17:52.0668 1676  CertPropSvc - ok
22:17:52.0687 1676  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\windows\system32\drivers\circlass.sys
22:17:52.0717 1676  circlass - ok
22:17:52.0740 1676  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\windows\system32\CLFS.sys
22:17:52.0751 1676  CLFS - ok
22:17:52.0838 1676  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:17:52.0859 1676  clr_optimization_v2.0.50727_32 - ok
22:17:52.0926 1676  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:17:52.0945 1676  clr_optimization_v2.0.50727_64 - ok
22:17:52.0998 1676  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:17:53.0016 1676  clr_optimization_v4.0.30319_32 - ok
22:17:53.0037 1676  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:17:53.0047 1676  clr_optimization_v4.0.30319_64 - ok
22:17:53.0087 1676  [ E13A438F9E51DD034730678E33B73290 ] clwvd           C:\windows\system32\DRIVERS\clwvd.sys
22:17:53.0102 1676  clwvd - ok
22:17:53.0123 1676  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\windows\system32\DRIVERS\CmBatt.sys
22:17:53.0158 1676  CmBatt - ok
22:17:53.0188 1676  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\windows\system32\drivers\cmdide.sys
22:17:53.0203 1676  cmdide - ok
22:17:53.0239 1676  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\windows\system32\Drivers\cng.sys
22:17:53.0269 1676  CNG - ok
22:17:53.0290 1676  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\windows\system32\DRIVERS\compbatt.sys
22:17:53.0298 1676  Compbatt - ok
22:17:53.0321 1676  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\windows\system32\DRIVERS\CompositeBus.sys
22:17:53.0352 1676  CompositeBus - ok
22:17:53.0368 1676  COMSysApp - ok
22:17:53.0417 1676  [ 6625A43592D123EE9AF0AB42B27B2384 ] cphs            C:\windows\SysWow64\IntelCpHeciSvc.exe
22:17:53.0440 1676  cphs - ok
22:17:53.0462 1676  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\windows\system32\drivers\crcdisk.sys
22:17:53.0473 1676  crcdisk - ok
22:17:53.0522 1676  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\windows\system32\cryptsvc.dll
22:17:53.0571 1676  CryptSvc - ok
22:17:53.0606 1676  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\windows\system32\rpcss.dll
22:17:53.0667 1676  DcomLaunch - ok
22:17:53.0710 1676  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\windows\System32\defragsvc.dll
22:17:53.0770 1676  defragsvc - ok
22:17:53.0798 1676  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\windows\system32\Drivers\dfsc.sys
22:17:53.0835 1676  DfsC - ok
22:17:53.0861 1676  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\windows\system32\dhcpcore.dll
22:17:53.0909 1676  Dhcp - ok
22:17:53.0914 1676  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\windows\system32\drivers\discache.sys
22:17:53.0954 1676  discache - ok
22:17:54.0001 1676  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\windows\system32\drivers\disk.sys
22:17:54.0019 1676  Disk - ok
22:17:54.0060 1676  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\windows\System32\dnsrslvr.dll
22:17:54.0125 1676  Dnscache - ok
22:17:54.0186 1676  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\windows\System32\dot3svc.dll
22:17:54.0231 1676  dot3svc - ok
22:17:54.0234 1676  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\windows\system32\dps.dll
22:17:54.0267 1676  DPS - ok
22:17:54.0298 1676  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\windows\system32\drivers\drmkaud.sys
22:17:54.0331 1676  drmkaud - ok
22:17:54.0374 1676  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\windows\System32\drivers\dxgkrnl.sys
22:17:54.0411 1676  DXGKrnl - ok
22:17:54.0448 1676  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\windows\System32\eapsvc.dll
22:17:54.0500 1676  EapHost - ok
22:17:54.0581 1676  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\windows\system32\drivers\evbda.sys
22:17:54.0659 1676  ebdrv - ok
22:17:54.0721 1676  [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl          C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
22:17:54.0749 1676  eeCtrl - ok
22:17:54.0771 1676  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\windows\System32\lsass.exe
22:17:54.0789 1676  EFS - ok
22:17:54.0841 1676  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\windows\ehome\ehRecvr.exe
22:17:54.0915 1676  ehRecvr - ok
22:17:54.0923 1676  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\windows\ehome\ehsched.exe
22:17:54.0960 1676  ehSched - ok
22:17:55.0009 1676  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\windows\system32\drivers\elxstor.sys
22:17:55.0038 1676  elxstor - ok
22:17:55.0069 1676  [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
22:17:55.0081 1676  EraserUtilRebootDrv - ok
22:17:55.0091 1676  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\windows\system32\drivers\errdev.sys
22:17:55.0122 1676  ErrDev - ok
22:17:55.0169 1676  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\windows\system32\es.dll
22:17:55.0226 1676  EventSystem - ok
22:17:55.0291 1676  [ 64D25284A4E9D11CA0722AF3F30FD970 ] EvtEng          C:\Program Files\Intel\WiFi\bin\EvtEng.exe
22:17:55.0309 1676  EvtEng - ok
22:17:55.0329 1676  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\windows\system32\drivers\exfat.sys
22:17:55.0389 1676  exfat - ok
22:17:55.0415 1676  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\windows\system32\drivers\fastfat.sys
22:17:55.0460 1676  fastfat - ok
22:17:55.0500 1676  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\windows\system32\fxssvc.exe
22:17:55.0545 1676  Fax - ok
22:17:55.0575 1676  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\windows\system32\drivers\fdc.sys
22:17:55.0614 1676  fdc - ok
22:17:55.0652 1676  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\windows\system32\fdPHost.dll
22:17:55.0707 1676  fdPHost - ok
22:17:55.0727 1676  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\windows\system32\fdrespub.dll
22:17:55.0799 1676  FDResPub - ok
22:17:55.0831 1676  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\windows\system32\drivers\fileinfo.sys
22:17:55.0843 1676  FileInfo - ok
22:17:55.0862 1676  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\windows\system32\drivers\filetrace.sys
22:17:55.0896 1676  Filetrace - ok
22:17:55.0916 1676  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\windows\system32\drivers\flpydisk.sys
22:17:55.0925 1676  flpydisk - ok
22:17:55.0941 1676  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\windows\system32\drivers\fltmgr.sys
22:17:55.0951 1676  FltMgr - ok
22:17:55.0988 1676  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\windows\system32\FntCache.dll
22:17:56.0020 1676  FontCache - ok
22:17:56.0070 1676  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:17:56.0086 1676  FontCache3.0.0.0 - ok
22:17:56.0102 1676  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\windows\system32\drivers\FsDepends.sys
22:17:56.0115 1676  FsDepends - ok
22:17:56.0161 1676  [ B16B626996C74B564005BA855C5DEE90 ] fssfltr         C:\windows\system32\DRIVERS\fssfltr.sys
22:17:56.0171 1676  fssfltr - ok
22:17:56.0266 1676  [ 812E1BA5C52A78F13EA6AA10DF708B1D ] fsssvc          C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
22:17:56.0312 1676  fsssvc - ok
22:17:56.0333 1676  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\windows\system32\drivers\Fs_Rec.sys
22:17:56.0340 1676  Fs_Rec - ok
22:17:56.0371 1676  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\windows\system32\DRIVERS\fvevol.sys
22:17:56.0382 1676  fvevol - ok
22:17:56.0418 1676  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\windows\system32\drivers\gagp30kx.sys
22:17:56.0436 1676  gagp30kx - ok
22:17:56.0469 1676  [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM     C:\windows\system32\DRIVERS\GEARAspiWDM.sys
22:17:56.0478 1676  GEARAspiWDM - ok
22:17:56.0508 1676  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\windows\System32\gpsvc.dll
22:17:56.0551 1676  gpsvc - ok
22:17:56.0590 1676  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:17:56.0606 1676  gupdate - ok
22:17:56.0612 1676  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:17:56.0624 1676  gupdatem - ok
22:17:56.0677 1676  [ C1B577B2169900F4CF7190C39F085794 ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
22:17:56.0693 1676  gusvc - ok
22:17:56.0732 1676  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\windows\system32\drivers\hcw85cir.sys
22:17:56.0776 1676  hcw85cir - ok
22:17:56.0800 1676  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
22:17:56.0846 1676  HdAudAddService - ok
22:17:56.0882 1676  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\windows\system32\DRIVERS\HDAudBus.sys
22:17:56.0924 1676  HDAudBus - ok
22:17:56.0955 1676  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\windows\system32\drivers\HidBatt.sys
22:17:56.0974 1676  HidBatt - ok
22:17:56.0993 1676  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\windows\system32\drivers\hidbth.sys
22:17:57.0035 1676  HidBth - ok
22:17:57.0063 1676  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\windows\system32\drivers\hidir.sys
22:17:57.0076 1676  HidIr - ok
22:17:57.0092 1676  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\windows\system32\hidserv.dll
22:17:57.0145 1676  hidserv - ok
22:17:57.0179 1676  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\windows\system32\DRIVERS\hidusb.sys
22:17:57.0190 1676  HidUsb - ok
22:17:57.0216 1676  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\windows\system32\kmsvc.dll
22:17:57.0264 1676  hkmsvc - ok
22:17:57.0289 1676  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
22:17:57.0339 1676  HomeGroupListener - ok
22:17:57.0367 1676  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
22:17:57.0409 1676  HomeGroupProvider - ok
22:17:57.0445 1676  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\windows\system32\drivers\HpSAMD.sys
22:17:57.0463 1676  HpSAMD - ok
22:17:57.0487 1676  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\windows\system32\drivers\HTTP.sys
22:17:57.0547 1676  HTTP - ok
22:17:57.0574 1676  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\windows\system32\drivers\hwpolicy.sys
22:17:57.0582 1676  hwpolicy - ok
22:17:57.0612 1676  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\windows\system32\DRIVERS\i8042prt.sys
22:17:57.0621 1676  i8042prt - ok
22:17:57.0646 1676  [ C224331A54571C8C9162F7714400BBBD ] iaStor          C:\windows\system32\DRIVERS\iaStor.sys
22:17:57.0658 1676  iaStor - ok
22:17:57.0708 1676  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\windows\system32\drivers\iaStorV.sys
22:17:57.0734 1676  iaStorV - ok
22:17:57.0755 1676  [ 9E3D44CE737388F6BBBB6DD4A1C1847C ] ibtfltcoex      C:\windows\system32\DRIVERS\iBtFltCoex.sys
22:17:57.0784 1676  ibtfltcoex - ok
22:17:57.0843 1676  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:17:57.0881 1676  idsvc - ok
22:17:58.0023 1676  [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64        C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20130405.001\IDSvia64.sys
22:17:58.0051 1676  IDSVia64 - ok
22:17:58.0303 1676  [ 54E37A4E66B2CA1C38E9728FAD5F9822 ] igfx            C:\windows\system32\DRIVERS\igdkmd64.sys
22:17:58.0597 1676  igfx - ok
22:17:58.0625 1676  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\windows\system32\drivers\iirsp.sys
22:17:58.0632 1676  iirsp - ok
22:17:58.0673 1676  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\windows\System32\ikeext.dll
22:17:58.0733 1676  IKEEXT - ok
22:17:58.0764 1676  [ CADDF0927DAC63EDAE48F5C35A61D87D ] intaud_WaveExtensible C:\windows\system32\drivers\intelaud.sys
22:17:58.0770 1676  intaud_WaveExtensible - ok
22:17:58.0896 1676  [ 112A84BD9A31C59826AC2979D451F0DA ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys
22:17:58.0978 1676  IntcAzAudAddService - ok
22:17:59.0015 1676  [ 6C9FFFECA9FED31347D211C5D1FFBD2D ] IntcDAud        C:\windows\system32\DRIVERS\IntcDAud.sys
22:17:59.0043 1676  IntcDAud - ok
22:17:59.0099 1676  [ 832CE330DD987227B7DEA8C03F22AEFA ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
22:17:59.0133 1676  Intel(R) Capability Licensing Service Interface - ok
22:17:59.0196 1676  [ 9571D8BDB56EBC52280E8020574508E6 ] Intel(R) ME Service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
22:17:59.0214 1676  Intel(R) ME Service - ok
22:17:59.0223 1676  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\windows\system32\drivers\intelide.sys
22:17:59.0235 1676  intelide - ok
22:17:59.0268 1676  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\windows\system32\DRIVERS\intelppm.sys
22:17:59.0294 1676  intelppm - ok
22:17:59.0334 1676  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\windows\system32\ipbusenum.dll
22:17:59.0390 1676  IPBusEnum - ok
22:17:59.0422 1676  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\windows\system32\DRIVERS\ipfltdrv.sys
22:17:59.0479 1676  IpFilterDriver - ok
22:17:59.0514 1676  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\windows\System32\iphlpsvc.dll
22:17:59.0546 1676  iphlpsvc - ok
22:17:59.0568 1676  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\windows\system32\drivers\IPMIDrv.sys
22:17:59.0595 1676  IPMIDRV - ok
22:17:59.0625 1676  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\windows\system32\drivers\ipnat.sys
22:17:59.0667 1676  IPNAT - ok
22:17:59.0724 1676  [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
22:17:59.0750 1676  iPod Service - ok
22:17:59.0771 1676  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\windows\system32\drivers\irenum.sys
22:17:59.0800 1676  IRENUM - ok
22:17:59.0837 1676  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\windows\system32\drivers\isapnp.sys
22:17:59.0854 1676  isapnp - ok
22:17:59.0876 1676  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\windows\system32\drivers\msiscsi.sys
22:17:59.0891 1676  iScsiPrt - ok
22:17:59.0916 1676  [ 8E4577C6E0D3114170509159DE658907 ] iusb3hcs        C:\windows\system32\DRIVERS\iusb3hcs.sys
22:17:59.0925 1676  iusb3hcs - ok
22:17:59.0944 1676  [ FE76346E9B57DA575BD1B3BD0CCAD7FF ] iusb3hub        C:\windows\system32\DRIVERS\iusb3hub.sys
22:17:59.0958 1676  iusb3hub - ok
22:17:59.0974 1676  [ 1008CD90DA2198FFD250298DEB9DF160 ] iusb3xhc        C:\windows\system32\DRIVERS\iusb3xhc.sys
22:17:59.0996 1676  iusb3xhc - ok
22:18:00.0023 1676  [ 716F66336F10885D935B08174DC54242 ] iwdbus          C:\windows\system32\DRIVERS\iwdbus.sys
22:18:00.0030 1676  iwdbus - ok
22:18:00.0053 1676  [ DBD76BC1D498FE368F2C8CB76C3E00A4 ] jhi_service     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
22:18:00.0062 1676  jhi_service - ok
22:18:00.0080 1676  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\windows\system32\DRIVERS\kbdclass.sys
22:18:00.0088 1676  kbdclass - ok
22:18:00.0115 1676  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\windows\system32\drivers\kbdhid.sys
22:18:00.0148 1676  kbdhid - ok
22:18:00.0180 1676  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\windows\system32\lsass.exe
22:18:00.0201 1676  KeyIso - ok
22:18:00.0223 1676  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\windows\system32\Drivers\ksecdd.sys
22:18:00.0243 1676  KSecDD - ok
22:18:00.0255 1676  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\windows\system32\Drivers\ksecpkg.sys
22:18:00.0266 1676  KSecPkg - ok
22:18:00.0280 1676  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\windows\system32\drivers\ksthunk.sys
22:18:00.0329 1676  ksthunk - ok
22:18:00.0364 1676  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\windows\system32\msdtckrm.dll
22:18:00.0413 1676  KtmRm - ok
22:18:00.0446 1676  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\windows\system32\srvsvc.dll
22:18:00.0495 1676  LanmanServer - ok
22:18:00.0522 1676  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
22:18:00.0572 1676  LanmanWorkstation - ok
22:18:00.0600 1676  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\windows\system32\DRIVERS\lltdio.sys
22:18:00.0644 1676  lltdio - ok
22:18:00.0675 1676  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\windows\System32\lltdsvc.dll
22:18:00.0702 1676  lltdsvc - ok
22:18:00.0719 1676  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\windows\System32\lmhsvc.dll
22:18:00.0764 1676  lmhosts - ok
22:18:00.0798 1676  [ 86E4CC39C953D11EF57CF54C4DC78238 ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
22:18:00.0809 1676  LMS - ok
22:18:00.0843 1676  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\windows\system32\drivers\lsi_fc.sys
22:18:00.0851 1676  LSI_FC - ok
22:18:00.0887 1676  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\windows\system32\drivers\lsi_sas.sys
22:18:00.0908 1676  LSI_SAS - ok
22:18:00.0924 1676  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\windows\system32\drivers\lsi_sas2.sys
22:18:00.0934 1676  LSI_SAS2 - ok
22:18:00.0949 1676  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\windows\system32\drivers\lsi_scsi.sys
22:18:00.0959 1676  LSI_SCSI - ok
22:18:00.0985 1676  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\windows\system32\drivers\luafv.sys
22:18:01.0053 1676  luafv - ok
22:18:01.0114 1676  [ DDCC236009C707761D60E5C76D639176 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe
22:18:01.0137 1676  McComponentHostService - ok
22:18:01.0159 1676  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\windows\system32\Mcx2Svc.dll
22:18:01.0182 1676  Mcx2Svc - ok
22:18:01.0208 1676  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\windows\system32\drivers\megasas.sys
22:18:01.0216 1676  megasas - ok
22:18:01.0242 1676  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\windows\system32\drivers\MegaSR.sys
22:18:01.0253 1676  MegaSR - ok
22:18:01.0293 1676  [ 6B01B7414A105B9E51652089A03027CF ] MEIx64          C:\windows\system32\DRIVERS\HECIx64.sys
22:18:01.0300 1676  MEIx64 - ok
22:18:01.0382 1676  Microsoft SharePoint Workspace Audit Service - ok
22:18:01.0406 1676  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\windows\system32\mmcss.dll
22:18:01.0461 1676  MMCSS - ok
22:18:01.0477 1676  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\windows\system32\drivers\modem.sys
22:18:01.0522 1676  Modem - ok
22:18:01.0567 1676  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\windows\system32\DRIVERS\monitor.sys
22:18:01.0597 1676  monitor - ok
22:18:01.0631 1676  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\windows\system32\DRIVERS\mouclass.sys
22:18:01.0638 1676  mouclass - ok
22:18:01.0658 1676  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\windows\system32\DRIVERS\mouhid.sys
22:18:01.0684 1676  mouhid - ok
22:18:01.0710 1676  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\windows\system32\drivers\mountmgr.sys
22:18:01.0719 1676  mountmgr - ok
22:18:01.0750 1676  [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
22:18:01.0769 1676  MozillaMaintenance - ok
22:18:01.0796 1676  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\windows\system32\drivers\mpio.sys
22:18:01.0816 1676  mpio - ok
22:18:01.0833 1676  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\windows\system32\drivers\mpsdrv.sys
22:18:01.0877 1676  mpsdrv - ok
22:18:01.0905 1676  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\windows\system32\mpssvc.dll
22:18:01.0935 1676  MpsSvc - ok
22:18:01.0951 1676  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\windows\system32\drivers\mrxdav.sys
22:18:01.0986 1676  MRxDAV - ok
22:18:02.0027 1676  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\windows\system32\DRIVERS\mrxsmb.sys
22:18:02.0053 1676  mrxsmb - ok
22:18:02.0076 1676  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\windows\system32\DRIVERS\mrxsmb10.sys
22:18:02.0093 1676  mrxsmb10 - ok
22:18:02.0106 1676  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\windows\system32\DRIVERS\mrxsmb20.sys
22:18:02.0118 1676  mrxsmb20 - ok
22:18:02.0132 1676  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\windows\system32\drivers\msahci.sys
22:18:02.0143 1676  msahci - ok
22:18:02.0161 1676  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\windows\system32\drivers\msdsm.sys
22:18:02.0173 1676  msdsm - ok
22:18:02.0191 1676  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\windows\System32\msdtc.exe
22:18:02.0205 1676  MSDTC - ok
22:18:02.0219 1676  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\windows\system32\drivers\Msfs.sys
22:18:02.0266 1676  Msfs - ok
22:18:02.0293 1676  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\windows\System32\drivers\mshidkmdf.sys
22:18:02.0316 1676  mshidkmdf - ok
22:18:02.0323 1676  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\windows\system32\drivers\msisadrv.sys
22:18:02.0330 1676  msisadrv - ok
22:18:02.0348 1676  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\windows\system32\iscsiexe.dll
22:18:02.0393 1676  MSiSCSI - ok
22:18:02.0395 1676  msiserver - ok
22:18:02.0436 1676  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\windows\system32\drivers\MSKSSRV.sys
22:18:02.0505 1676  MSKSSRV - ok
22:18:02.0525 1676  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\windows\system32\drivers\MSPCLOCK.sys
22:18:02.0573 1676  MSPCLOCK - ok
22:18:02.0590 1676  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\windows\system32\drivers\MSPQM.sys
22:18:02.0638 1676  MSPQM - ok
22:18:02.0661 1676  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\windows\system32\drivers\MsRPC.sys
22:18:02.0676 1676  MsRPC - ok
22:18:02.0686 1676  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\windows\system32\DRIVERS\mssmbios.sys
22:18:02.0696 1676  mssmbios - ok
22:18:02.0704 1676  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\windows\system32\drivers\MSTEE.sys
22:18:02.0748 1676  MSTEE - ok
22:18:02.0772 1676  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\windows\system32\drivers\MTConfig.sys
22:18:02.0800 1676  MTConfig - ok
22:18:02.0831 1676  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\windows\system32\Drivers\mup.sys
22:18:02.0849 1676  Mup - ok
22:18:02.0884 1676  [ E3B58E3011B207C5289D11173B30E298 ] MyWiFiDHCPDNS   C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
22:18:02.0898 1676  MyWiFiDHCPDNS - ok
22:18:02.0919 1676  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\windows\system32\qagentRT.dll
22:18:02.0979 1676  napagent - ok
22:18:03.0040 1676  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\windows\system32\DRIVERS\nwifi.sys
22:18:03.0097 1676  NativeWifiP - ok
22:18:03.0152 1676  [ 88A2F45CE66B904285978D6BB13AFEB2 ] NAVENG          C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20130407.007\ENG64.SYS
22:18:03.0173 1676  NAVENG - ok
22:18:03.0222 1676  [ D2A545DA3A90BBFA40E020C23F1B7A48 ] NAVEX15         C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20130407.007\EX64.SYS
22:18:03.0273 1676  NAVEX15 - ok
22:18:03.0338 1676  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\windows\system32\drivers\ndis.sys
22:18:03.0375 1676  NDIS - ok
22:18:03.0411 1676  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\windows\system32\DRIVERS\ndiscap.sys
22:18:03.0455 1676  NdisCap - ok
22:18:03.0483 1676  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\windows\system32\DRIVERS\ndistapi.sys
22:18:03.0507 1676  NdisTapi - ok
22:18:03.0513 1676  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\windows\system32\DRIVERS\ndisuio.sys
22:18:03.0554 1676  Ndisuio - ok
22:18:03.0571 1676  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\windows\system32\DRIVERS\ndiswan.sys
22:18:03.0616 1676  NdisWan - ok
22:18:03.0652 1676  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\windows\system32\drivers\NDProxy.sys
22:18:03.0677 1676  NDProxy - ok
22:18:03.0697 1676  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\windows\system32\DRIVERS\netbios.sys
22:18:03.0741 1676  NetBIOS - ok
22:18:03.0764 1676  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\windows\system32\DRIVERS\netbt.sys
22:18:03.0803 1676  NetBT - ok
22:18:03.0822 1676  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\windows\system32\lsass.exe
22:18:03.0831 1676  Netlogon - ok
22:18:03.0851 1676  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\windows\System32\netman.dll
22:18:03.0892 1676  Netman - ok
22:18:03.0920 1676  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\windows\System32\netprofm.dll
22:18:03.0989 1676  netprofm - ok
22:18:04.0021 1676  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:18:04.0033 1676  NetTcpPortSharing - ok
22:18:04.0249 1676  [ B51E9AD4F4E4F8DBE0AB882756BC5DAB ] NETwNs64        C:\windows\system32\DRIVERS\NETwNs64.sys
22:18:04.0511 1676  NETwNs64 - ok
22:18:04.0553 1676  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\windows\system32\drivers\nfrd960.sys
22:18:04.0560 1676  nfrd960 - ok
22:18:04.0625 1676  [ E127420B7FEB65C7F279EAAC183BBC0E ] NIS             C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe
22:18:04.0643 1676  NIS - ok
22:18:04.0669 1676  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\windows\System32\nlasvc.dll
22:18:04.0699 1676  NlaSvc - ok
22:18:04.0808 1676  [ 5839A8027D6D324A7CD494051A96628C ] NOBU            C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
22:18:04.0857 1676  NOBU - ok
22:18:04.0867 1676  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\windows\system32\drivers\Npfs.sys
22:18:04.0890 1676  Npfs - ok
22:18:04.0904 1676  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\windows\system32\nsisvc.dll
22:18:04.0929 1676  nsi - ok
22:18:04.0953 1676  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\windows\system32\drivers\nsiproxy.sys
22:18:05.0009 1676  nsiproxy - ok
22:18:05.0067 1676  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\windows\system32\drivers\Ntfs.sys
22:18:05.0110 1676  Ntfs - ok
22:18:05.0129 1676  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\windows\system32\drivers\Null.sys
22:18:05.0153 1676  Null - ok
22:18:05.0510 1676  [ 12E18E5F438AAD55DAF77E127C0EA25B ] nvlddmkm        C:\windows\system32\DRIVERS\nvlddmkm.sys
22:18:05.0823 1676  nvlddmkm - ok
22:18:05.0834 1676  [ 186290C63FEB79C199A620E36705F9EE ] nvpciflt        C:\windows\system32\DRIVERS\nvpciflt.sys
22:18:05.0841 1676  nvpciflt - ok
22:18:05.0856 1676  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\windows\system32\drivers\nvraid.sys
22:18:05.0865 1676  nvraid - ok
22:18:05.0901 1676  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\windows\system32\drivers\nvstor.sys
22:18:05.0921 1676  nvstor - ok
22:18:05.0959 1676  [ 33A2052D60D4EA6599CEE1D6853D0A42 ] nvsvc           C:\windows\system32\nvvsvc.exe
22:18:05.0988 1676  nvsvc - ok
22:18:06.0044 1676  [ FD6F5B42DB429FD1AE1A4483DB4DD2E0 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
22:18:06.0074 1676  nvUpdatusService - ok
22:18:06.0109 1676  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\windows\system32\drivers\nv_agp.sys
22:18:06.0128 1676  nv_agp - ok
22:18:06.0139 1676  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\windows\system32\drivers\ohci1394.sys
22:18:06.0165 1676  ohci1394 - ok
22:18:06.0231 1676  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:18:06.0250 1676  ose - ok
22:18:06.0373 1676  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
22:18:06.0449 1676  osppsvc - ok
22:18:06.0469 1676  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\windows\system32\pnrpsvc.dll
22:18:06.0516 1676  p2pimsvc - ok
22:18:06.0528 1676  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\windows\system32\p2psvc.dll
22:18:06.0559 1676  p2psvc - ok
22:18:06.0595 1676  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\windows\system32\drivers\parport.sys
22:18:06.0635 1676  Parport - ok
22:18:06.0668 1676  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\windows\system32\drivers\partmgr.sys
22:18:06.0676 1676  partmgr - ok
22:18:06.0699 1676  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\windows\System32\pcasvc.dll
22:18:06.0727 1676  PcaSvc - ok
22:18:06.0752 1676  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\windows\system32\drivers\pci.sys
22:18:06.0761 1676  pci - ok
22:18:06.0777 1676  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\windows\system32\drivers\pciide.sys
22:18:06.0785 1676  pciide - ok
22:18:06.0798 1676  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\windows\system32\drivers\pcmcia.sys
22:18:06.0808 1676  pcmcia - ok
22:18:06.0818 1676  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\windows\system32\drivers\pcw.sys
22:18:06.0826 1676  pcw - ok
22:18:06.0833 1676  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\windows\system32\drivers\peauth.sys
22:18:06.0883 1676  PEAUTH - ok
22:18:06.0960 1676  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\windows\SysWow64\perfhost.exe
22:18:06.0994 1676  PerfHost - ok
22:18:07.0055 1676  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\windows\system32\pla.dll
22:18:07.0127 1676  pla - ok
22:18:07.0196 1676  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\windows\system32\umpnpmgr.dll
22:18:07.0265 1676  PlugPlay - ok
22:18:07.0290 1676  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\windows\system32\pnrpauto.dll
22:18:07.0327 1676  PNRPAutoReg - ok
22:18:07.0353 1676  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\windows\system32\pnrpsvc.dll
22:18:07.0374 1676  PNRPsvc - ok
22:18:07.0400 1676  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\windows\System32\ipsecsvc.dll
22:18:07.0464 1676  PolicyAgent - ok
22:18:07.0509 1676  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\windows\system32\umpo.dll
22:18:07.0557 1676  Power - ok
22:18:07.0590 1676  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\windows\system32\DRIVERS\raspptp.sys
22:18:07.0636 1676  PptpMiniport - ok
22:18:07.0656 1676  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\windows\system32\drivers\processr.sys
22:18:07.0665 1676  Processor - ok
22:18:07.0689 1676  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\windows\system32\profsvc.dll
22:18:07.0746 1676  ProfSvc - ok
22:18:07.0756 1676  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
22:18:07.0769 1676  ProtectedStorage - ok
22:18:07.0790 1676  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\windows\system32\DRIVERS\pacer.sys
22:18:07.0846 1676  Psched - ok
22:18:07.0883 1676  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\windows\system32\drivers\ql2300.sys
22:18:07.0911 1676  ql2300 - ok
22:18:07.0920 1676  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\windows\system32\drivers\ql40xx.sys
22:18:07.0929 1676  ql40xx - ok
22:18:07.0951 1676  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\windows\system32\qwave.dll
22:18:07.0966 1676  QWAVE - ok
22:18:07.0985 1676  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\windows\system32\drivers\qwavedrv.sys
22:18:08.0014 1676  QWAVEdrv - ok
22:18:08.0036 1676  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\windows\system32\DRIVERS\rasacd.sys
22:18:08.0096 1676  RasAcd - ok
22:18:08.0121 1676  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\windows\system32\DRIVERS\AgileVpn.sys
22:18:08.0164 1676  RasAgileVpn - ok
22:18:08.0205 1676  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\windows\System32\rasauto.dll
22:18:08.0263 1676  RasAuto - ok
22:18:08.0287 1676  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\windows\system32\DRIVERS\rasl2tp.sys
22:18:08.0336 1676  Rasl2tp - ok
22:18:08.0361 1676  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\windows\System32\rasmans.dll
22:18:08.0392 1676  RasMan - ok
22:18:08.0405 1676  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\windows\system32\DRIVERS\raspppoe.sys
22:18:08.0444 1676  RasPppoe - ok
22:18:08.0465 1676  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\windows\system32\DRIVERS\rassstp.sys
22:18:08.0489 1676  RasSstp - ok
22:18:08.0503 1676  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\windows\system32\DRIVERS\rdbss.sys
22:18:08.0529 1676  rdbss - ok
22:18:08.0554 1676  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\windows\system32\drivers\rdpbus.sys
22:18:08.0565 1676  rdpbus - ok
22:18:08.0582 1676  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\windows\system32\DRIVERS\RDPCDD.sys
22:18:08.0623 1676  RDPCDD - ok
22:18:08.0643 1676  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\windows\system32\drivers\rdpencdd.sys
22:18:08.0668 1676  RDPENCDD - ok
22:18:08.0682 1676  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\windows\system32\drivers\rdprefmp.sys
22:18:08.0721 1676  RDPREFMP - ok
22:18:08.0755 1676  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\windows\system32\drivers\RDPWD.sys
22:18:08.0798 1676  RDPWD - ok
22:18:08.0821 1676  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\windows\system32\drivers\rdyboost.sys
22:18:08.0831 1676  rdyboost - ok
22:18:08.0881 1676  [ F3AF2B43F35DBB3A0EB9FEEEC7D62217 ] RegSrvc         C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
22:18:08.0899 1676  RegSrvc - ok
22:18:08.0923 1676  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\windows\System32\mprdim.dll
22:18:08.0991 1676  RemoteAccess - ok
22:18:09.0026 1676  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\windows\system32\regsvc.dll
22:18:09.0073 1676  RemoteRegistry - ok
22:18:09.0101 1676  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\windows\system32\DRIVERS\rfcomm.sys
22:18:09.0134 1676  RFCOMM - ok
22:18:09.0231 1676  [ F12A68ED55053940CADD59CA5E3468DD ] RichVideo       C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
22:18:09.0248 1676  RichVideo ( UnsignedFile.Multi.Generic ) - warning
22:18:09.0248 1676  RichVideo - detected UnsignedFile.Multi.Generic (1)
22:18:09.0256 1676  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\windows\System32\RpcEpMap.dll
22:18:09.0310 1676  RpcEptMapper - ok
22:18:09.0332 1676  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\windows\system32\locator.exe
22:18:09.0345 1676  RpcLocator - ok
22:18:09.0374 1676  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\windows\system32\rpcss.dll
22:18:09.0408 1676  RpcSs - ok
22:18:09.0435 1676  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\windows\system32\DRIVERS\rspndr.sys
22:18:09.0472 1676  rspndr - ok
22:18:09.0514 1676  [ 6CF9DB101A75360E98659F823852E540 ] RTL8167         C:\windows\system32\DRIVERS\Rt64win7.sys
22:18:09.0530 1676  RTL8167 - ok
22:18:09.0540 1676  [ 62DB6CC4B0818F1B5F3441241B098F12 ] SABI            C:\windows\system32\Drivers\SABI.sys
22:18:09.0565 1676  SABI - ok
22:18:09.0581 1676  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\windows\system32\lsass.exe
22:18:09.0589 1676  SamSs - ok
22:18:09.0611 1676  [ B136E29C89CD7234DEC1A4104E5D30CC ] Samsung UPD Service2 C:\windows\System32\SUPDSvc2.exe
22:18:09.0636 1676  Samsung UPD Service2 ( UnsignedFile.Multi.Generic ) - warning
22:18:09.0637 1676  Samsung UPD Service2 - detected UnsignedFile.Multi.Generic (1)
22:18:09.0677 1676  [ 5E66ABD041D76C46CBF55AEF910FCA56 ] SamsungDeviceConfigurationWinService C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe
22:18:09.0691 1676  SamsungDeviceConfigurationWinService - ok
22:18:09.0712 1676  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\windows\system32\drivers\sbp2port.sys
22:18:09.0731 1676  sbp2port - ok
22:18:09.0754 1676  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\windows\System32\SCardSvr.dll
22:18:09.0809 1676  SCardSvr - ok
22:18:09.0833 1676  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\windows\system32\DRIVERS\scfilter.sys
22:18:09.0894 1676  scfilter - ok
22:18:09.0927 1676  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\windows\system32\schedsvc.dll
22:18:09.0981 1676  Schedule - ok
22:18:10.0008 1676  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\windows\System32\certprop.dll
22:18:10.0031 1676  SCPolicySvc - ok
22:18:10.0083 1676  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\windows\System32\SDRSVC.dll
22:18:10.0173 1676  SDRSVC - ok
22:18:10.0377 1676  [ 206387AB881E93A1A6EB89966C8651F1 ] SDScannerService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
22:18:10.0404 1676  SDScannerService - ok
22:18:10.0464 1676  [ A529CFE32565C0B145578FFB2B32C9A5 ] SDUpdateService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
22:18:10.0498 1676  SDUpdateService - ok
22:18:10.0513 1676  [ CB63BDB77BB86549FC3303C2F11EDC18 ] SDWSCService    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
22:18:10.0521 1676  SDWSCService - ok
22:18:10.0551 1676  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\windows\system32\drivers\secdrv.sys
22:18:10.0590 1676  secdrv - ok
22:18:10.0618 1676  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\windows\system32\seclogon.dll
22:18:10.0661 1676  seclogon - ok
22:18:10.0684 1676  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\windows\System32\sens.dll
22:18:10.0708 1676  SENS - ok
22:18:10.0726 1676  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\windows\system32\sensrsvc.dll
22:18:10.0782 1676  SensrSvc - ok
22:18:10.0846 1676  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\windows\system32\drivers\serenum.sys
22:18:10.0887 1676  Serenum - ok
22:18:10.0932 1676  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\windows\system32\drivers\serial.sys
22:18:10.0953 1676  Serial - ok
22:18:10.0967 1676  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\windows\system32\drivers\sermouse.sys
22:18:11.0005 1676  sermouse - ok
22:18:11.0047 1676  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\windows\system32\sessenv.dll
22:18:11.0101 1676  SessionEnv - ok
22:18:11.0104 1676  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\windows\system32\drivers\sffdisk.sys
22:18:11.0121 1676  sffdisk - ok
22:18:11.0124 1676  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\windows\system32\drivers\sffp_mmc.sys
22:18:11.0139 1676  sffp_mmc - ok
22:18:11.0141 1676  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\windows\system32\drivers\sffp_sd.sys
22:18:11.0151 1676  sffp_sd - ok
22:18:11.0177 1676  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\windows\system32\drivers\sfloppy.sys
22:18:11.0200 1676  sfloppy - ok
22:18:11.0230 1676  [ 2FE1CD3AA602414841DB10AD96C95A5E ] SGDrv           C:\windows\system32\DRIVERS\SGdrv64.sys
22:18:11.0262 1676  SGDrv - ok
22:18:11.0296 1676  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\windows\System32\ipnathlp.dll
22:18:11.0332 1676  SharedAccess - ok
22:18:11.0354 1676  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
22:18:11.0381 1676  ShellHWDetection - ok
22:18:11.0393 1676  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\windows\system32\drivers\SiSRaid2.sys
22:18:11.0401 1676  SiSRaid2 - ok
22:18:11.0404 1676  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\windows\system32\drivers\sisraid4.sys
22:18:11.0412 1676  SiSRaid4 - ok
22:18:11.0429 1676  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
22:18:11.0438 1676  SkypeUpdate - ok
22:18:11.0453 1676  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\windows\system32\DRIVERS\smb.sys
22:18:11.0517 1676  Smb - ok
22:18:11.0550 1676  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\windows\System32\snmptrap.exe
22:18:11.0584 1676  SNMPTRAP - ok
22:18:11.0606 1676  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\windows\system32\drivers\spldr.sys
22:18:11.0616 1676  spldr - ok
22:18:11.0645 1676  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\windows\System32\spoolsv.exe
22:18:11.0680 1676  Spooler - ok
22:18:11.0768 1676  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\windows\system32\sppsvc.exe
22:18:11.0823 1676  sppsvc - ok
22:18:11.0837 1676  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\windows\system32\sppuinotify.dll
22:18:11.0899 1676  sppuinotify - ok
22:18:11.0988 1676  [ 1321A6C3C92BBD3F3BBE1292CFF8E91A ] SRTSP           C:\windows\system32\drivers\NISx64\1301000.01C\SRTSP64.SYS
22:18:12.0016 1676  SRTSP - ok
22:18:12.0029 1676  [ BD129C22C3B8C2E584227269DFA77B09 ] SRTSPX          C:\windows\system32\drivers\NISx64\1301000.01C\SRTSPX64.SYS
22:18:12.0035 1676  SRTSPX - ok
22:18:12.0080 1676  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\windows\system32\DRIVERS\srv.sys
22:18:12.0129 1676  srv - ok
22:18:12.0155 1676  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\windows\system32\DRIVERS\srv2.sys
22:18:12.0190 1676  srv2 - ok
22:18:12.0220 1676  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\windows\system32\DRIVERS\srvnet.sys
22:18:12.0261 1676  srvnet - ok
22:18:12.0304 1676  [ 8F8324ED1DE63FFC7B1A02CD2D963C72 ] ssadbus         C:\windows\system32\DRIVERS\ssadbus.sys
22:18:12.0363 1676  ssadbus - ok
22:18:12.0389 1676  [ 58221EFCB74167B73667F0024C661CE0 ] ssadmdfl        C:\windows\system32\DRIVERS\ssadmdfl.sys
22:18:12.0427 1676  ssadmdfl - ok
22:18:12.0448 1676  [ 4DA7C71BFAC5AD71255B7E4CAB980163 ] ssadmdm         C:\windows\system32\DRIVERS\ssadmdm.sys
22:18:12.0485 1676  ssadmdm - ok
22:18:12.0531 1676  [ D33D1BD3EC0E766211A234F56A12726D ] ssadserd        C:\windows\system32\DRIVERS\ssadserd.sys
22:18:12.0592 1676  ssadserd - ok
22:18:12.0615 1676  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\windows\System32\ssdpsrv.dll
22:18:12.0672 1676  SSDPSRV - ok
22:18:12.0691 1676  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\windows\system32\sstpsvc.dll
22:18:12.0728 1676  SstpSvc - ok
22:18:12.0755 1676  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\windows\system32\drivers\stexstor.sys
22:18:12.0766 1676  stexstor - ok
22:18:12.0786 1676  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\windows\System32\wiaservc.dll
22:18:12.0823 1676  stisvc - ok
22:18:12.0841 1676  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\windows\system32\DRIVERS\swenum.sys
22:18:12.0848 1676  swenum - ok
22:18:12.0879 1676  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\windows\System32\swprv.dll
22:18:12.0928 1676  swprv - ok
22:18:12.0986 1676  [ 8B2430762099598DA40686F754632EFD ] SymDS           C:\windows\system32\drivers\NISx64\1301000.01C\SYMDS64.SYS
22:18:13.0013 1676  SymDS - ok
22:18:13.0039 1676  [ FE29B18BF86FFCD55D8733C9B01E5042 ] SymEFA          C:\windows\system32\drivers\NISx64\1301000.01C\SYMEFA64.SYS
22:18:13.0066 1676  SymEFA - ok
22:18:13.0095 1676  [ 36B77F5C9E21F88A8C8EC67AD5415819 ] SymEvent        C:\windows\system32\Drivers\SYMEVENT64x86.SYS
22:18:13.0103 1676  SymEvent - ok
22:18:13.0111 1676  [ DD70DA422460FDED831D211DF151D560 ] SymIRON         C:\windows\system32\drivers\NISx64\1301000.01C\Ironx64.SYS
22:18:13.0119 1676  SymIRON - ok
22:18:13.0131 1676  [ BCE4EB2EEF05E388959B46FD21388C2D ] SymNetS         C:\windows\system32\drivers\NISx64\1301000.01C\SYMNETS.SYS
22:18:13.0142 1676  SymNetS - ok
22:18:13.0176 1676  [ 7E488378004FF5F9DCD1711522B1241A ] SynTP           C:\windows\system32\DRIVERS\SynTP.sys
22:18:13.0188 1676  SynTP - ok
22:18:13.0223 1676  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\windows\system32\sysmain.dll
22:18:13.0262 1676  SysMain - ok
22:18:13.0283 1676  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
22:18:13.0327 1676  TabletInputService - ok
22:18:13.0358 1676  [ A6AED6B7871EE365174BFB0677A9A681 ] taphss6         C:\windows\system32\DRIVERS\taphss6.sys
22:18:13.0375 1676  taphss6 - ok
22:18:13.0396 1676  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\windows\System32\tapisrv.dll
22:18:13.0455 1676  TapiSrv - ok
22:18:13.0477 1676  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\windows\System32\tbssvc.dll
22:18:13.0502 1676  TBS - ok
22:18:13.0573 1676  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\windows\system32\drivers\tcpip.sys
22:18:13.0616 1676  Tcpip - ok
22:18:13.0638 1676  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\windows\system32\DRIVERS\tcpip.sys
22:18:13.0664 1676  TCPIP6 - ok
22:18:13.0678 1676  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\windows\system32\drivers\tcpipreg.sys
22:18:13.0701 1676  tcpipreg - ok
22:18:13.0724 1676  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\windows\system32\drivers\tdpipe.sys
22:18:13.0774 1676  TDPIPE - ok
22:18:13.0803 1676  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\windows\system32\drivers\tdtcp.sys
22:18:13.0818 1676  TDTCP - ok
22:18:13.0836 1676  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\windows\system32\DRIVERS\tdx.sys
22:18:13.0897 1676  tdx - ok
22:18:13.0926 1676  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\windows\system32\DRIVERS\termdd.sys
22:18:13.0934 1676  TermDD - ok
22:18:13.0963 1676  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\windows\System32\termsrv.dll
22:18:14.0009 1676  TermService - ok
22:18:14.0030 1676  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\windows\system32\themeservice.dll
22:18:14.0071 1676  Themes - ok
22:18:14.0107 1676  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\windows\system32\mmcss.dll
22:18:14.0150 1676  THREADORDER - ok
22:18:14.0178 1676  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\windows\System32\trkwks.dll
22:18:14.0223 1676  TrkWks - ok
22:18:14.0268 1676  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
22:18:14.0309 1676  TrustedInstaller - ok
22:18:14.0319 1676  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\windows\system32\DRIVERS\tssecsrv.sys
22:18:14.0348 1676  tssecsrv - ok
22:18:14.0354 1676  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\windows\system32\drivers\tsusbflt.sys
22:18:14.0372 1676  TsUsbFlt - ok
22:18:14.0385 1676  [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD         C:\windows\system32\drivers\TsUsbGD.sys
22:18:14.0409 1676  TsUsbGD - ok
22:18:14.0446 1676  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\windows\system32\DRIVERS\tunnel.sys
22:18:14.0514 1676  tunnel - ok
22:18:14.0518 1676  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\windows\system32\drivers\uagp35.sys
22:18:14.0530 1676  uagp35 - ok
22:18:14.0550 1676  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\windows\system32\DRIVERS\udfs.sys
22:18:14.0600 1676  udfs - ok
22:18:14.0629 1676  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\windows\system32\UI0Detect.exe
22:18:14.0639 1676  UI0Detect - ok
22:18:14.0657 1676  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\windows\system32\drivers\uliagpkx.sys
22:18:14.0665 1676  uliagpkx - ok
22:18:14.0686 1676  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\windows\system32\DRIVERS\umbus.sys
22:18:14.0716 1676  umbus - ok
22:18:14.0721 1676  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\windows\system32\drivers\umpass.sys
22:18:14.0747 1676  UmPass - ok
22:18:14.0821 1676  [ D80B1075B69B57A3AB78F750CE463ECE ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
22:18:14.0845 1676  UNS - ok
22:18:14.0870 1676  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\windows\System32\upnphost.dll
22:18:14.0920 1676  upnphost - ok
22:18:14.0959 1676  [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64       C:\windows\system32\Drivers\usbaapl64.sys
22:18:15.0006 1676  USBAAPL64 - ok
22:18:15.0044 1676  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\windows\system32\DRIVERS\usbccgp.sys
22:18:15.0104 1676  usbccgp - ok
22:18:15.0128 1676  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\windows\system32\drivers\usbcir.sys
22:18:15.0168 1676  usbcir - ok
22:18:15.0189 1676  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\windows\system32\drivers\usbehci.sys
22:18:15.0224 1676  usbehci - ok
22:18:15.0267 1676  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\windows\system32\DRIVERS\usbhub.sys
22:18:15.0306 1676  usbhub - ok
22:18:15.0341 1676  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\windows\system32\drivers\usbohci.sys
22:18:15.0377 1676  usbohci - ok
22:18:15.0414 1676  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\windows\system32\DRIVERS\usbprint.sys
22:18:15.0436 1676  usbprint - ok
22:18:15.0453 1676  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\windows\system32\DRIVERS\USBSTOR.SYS
22:18:15.0505 1676  USBSTOR - ok
22:18:15.0517 1676  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\windows\system32\drivers\usbuhci.sys
22:18:15.0548 1676  usbuhci - ok
22:18:15.0589 1676  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\windows\system32\Drivers\usbvideo.sys
22:18:15.0617 1676  usbvideo - ok
22:18:15.0651 1676  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\windows\System32\uxsms.dll
22:18:15.0699 1676  UxSms - ok
22:18:15.0722 1676  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\windows\system32\lsass.exe
22:18:15.0733 1676  VaultSvc - ok
22:18:15.0762 1676  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\windows\system32\drivers\vdrvroot.sys
22:18:15.0774 1676  vdrvroot - ok
22:18:15.0792 1676  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\windows\System32\vds.exe
22:18:15.0846 1676  vds - ok
22:18:15.0865 1676  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\windows\system32\DRIVERS\vgapnp.sys
22:18:15.0876 1676  vga - ok
22:18:15.0886 1676  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\windows\System32\drivers\vga.sys
22:18:15.0923 1676  VgaSave - ok
22:18:15.0940 1676  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\windows\system32\drivers\vhdmp.sys
22:18:15.0951 1676  vhdmp - ok
22:18:15.0961 1676  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\windows\system32\drivers\viaide.sys
22:18:15.0969 1676  viaide - ok
22:18:15.0994 1676  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\windows\system32\drivers\volmgr.sys
22:18:16.0002 1676  volmgr - ok
22:18:16.0017 1676  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\windows\system32\drivers\volmgrx.sys
22:18:16.0029 1676  volmgrx - ok
22:18:16.0039 1676  [ DF8126BD41180351A093A3AD2FC8903B ] volsnap         C:\windows\system32\drivers\volsnap.sys
22:18:16.0049 1676  volsnap - ok
22:18:16.0072 1676  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\windows\system32\drivers\vsmraid.sys
22:18:16.0081 1676  vsmraid - ok
22:18:16.0117 1676  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\windows\system32\vssvc.exe
22:18:16.0170 1676  VSS - ok
22:18:16.0189 1676  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\windows\system32\DRIVERS\vwifibus.sys
22:18:16.0211 1676  vwifibus - ok
22:18:16.0242 1676  [ 13A0DECD1794DE60A8427862C8669D27 ] VWiFiFlt        C:\windows\system32\DRIVERS\vwififlt.sys
22:18:16.0278 1676  VWiFiFlt - ok
22:18:16.0306 1676  [ 49003B357D101CDC474937437ECF5ABC ] vwifimp         C:\windows\system32\DRIVERS\vwifimp.sys
22:18:16.0339 1676  vwifimp - ok
22:18:16.0374 1676  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\windows\system32\w32time.dll
22:18:16.0422 1676  W32Time - ok
22:18:16.0439 1676  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\windows\system32\drivers\wacompen.sys
22:18:16.0463 1676  WacomPen - ok
22:18:16.0489 1676  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\windows\system32\DRIVERS\wanarp.sys
22:18:16.0512 1676  WANARP - ok
22:18:16.0515 1676  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\windows\system32\DRIVERS\wanarp.sys
22:18:16.0539 1676  Wanarpv6 - ok
22:18:16.0562 1676  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\windows\system32\wbengine.exe
22:18:16.0615 1676  wbengine - ok
22:18:16.0619 1676  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\windows\System32\wbiosrvc.dll
22:18:16.0633 1676  WbioSrvc - ok
22:18:16.0651 1676  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\windows\System32\wcncsvc.dll
22:18:16.0665 1676  wcncsvc - ok
22:18:16.0673 1676  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
22:18:16.0712 1676  WcsPlugInService - ok
22:18:16.0724 1676  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\windows\system32\drivers\wd.sys
22:18:16.0732 1676  Wd - ok
22:18:16.0757 1676  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\windows\system32\drivers\Wdf01000.sys
22:18:16.0776 1676  Wdf01000 - ok
22:18:16.0798 1676  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\windows\system32\wdi.dll
22:18:16.0881 1676  WdiServiceHost - ok
22:18:16.0887 1676  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\windows\system32\wdi.dll
22:18:16.0908 1676  WdiSystemHost - ok
22:18:16.0917 1676  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\windows\System32\webclnt.dll
22:18:16.0945 1676  WebClient - ok
22:18:16.0975 1676  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\windows\system32\wecsvc.dll
22:18:17.0018 1676  Wecsvc - ok
22:18:17.0038 1676  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\windows\System32\wercplsupport.dll
22:18:17.0063 1676  wercplsupport - ok
22:18:17.0085 1676  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\windows\System32\WerSvc.dll
22:18:17.0128 1676  WerSvc - ok
22:18:17.0155 1676  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\windows\system32\DRIVERS\wfplwf.sys
22:18:17.0179 1676  WfpLwf - ok
22:18:17.0198 1676  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\windows\system32\drivers\wimmount.sys
22:18:17.0205 1676  WIMMount - ok
22:18:17.0218 1676  WinDefend - ok
22:18:17.0221 1676  WinHttpAutoProxySvc - ok
22:18:17.0256 1676  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\windows\system32\wbem\WMIsvc.dll
22:18:17.0282 1676  Winmgmt - ok
22:18:17.0324 1676  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\windows\system32\WsmSvc.dll
22:18:17.0363 1676  WinRM - ok
22:18:17.0395 1676  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\windows\System32\wlansvc.dll
22:18:17.0413 1676  Wlansvc - ok
22:18:17.0536 1676  [ 357CABBF155AFD1D3926E62539D2A3A7 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:18:17.0593 1676  wlidsvc - ok
22:18:17.0599 1676  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\windows\system32\DRIVERS\wmiacpi.sys
22:18:17.0628 1676  WmiAcpi - ok
22:18:17.0659 1676  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\windows\system32\wbem\WmiApSrv.exe
22:18:17.0699 1676  wmiApSrv - ok
22:18:17.0739 1676  WMPNetworkSvc - ok
22:18:17.0755 1676  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\windows\System32\wpcsvc.dll
22:18:17.0779 1676  WPCSvc - ok
22:18:17.0793 1676  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\windows\system32\wpdbusenum.dll
22:18:17.0814 1676  WPDBusEnum - ok
22:18:17.0832 1676  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\windows\system32\drivers\ws2ifsl.sys
22:18:17.0872 1676  ws2ifsl - ok
22:18:17.0882 1676  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\windows\System32\wscsvc.dll
22:18:17.0912 1676  wscsvc - ok
22:18:17.0915 1676  WSearch - ok
22:18:17.0983 1676  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\windows\system32\wuaueng.dll
22:18:18.0045 1676  wuauserv - ok
22:18:18.0078 1676  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\windows\system32\drivers\WudfPf.sys
22:18:18.0128 1676  WudfPf - ok
22:18:18.0163 1676  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\windows\system32\DRIVERS\WUDFRd.sys
22:18:18.0203 1676  WUDFRd - ok
22:18:18.0238 1676  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\windows\System32\WUDFSvc.dll
22:18:18.0267 1676  wudfsvc - ok
22:18:18.0296 1676  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\windows\System32\wwansvc.dll
22:18:18.0329 1676  WwanSvc - ok
22:18:18.0408 1676  [ 74713CB32792F9C7632DAA7DA22CA974 ] ZeroConfigService C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
22:18:18.0435 1676  ZeroConfigService - ok
22:18:18.0456 1676  ================ Scan global ===============================
22:18:18.0470 1676  [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
22:18:18.0510 1676  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\windows\system32\winsrv.dll
22:18:18.0520 1676  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\windows\system32\winsrv.dll
22:18:18.0549 1676  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
22:18:18.0573 1676  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
22:18:18.0578 1676  [Global] - ok
22:18:18.0578 1676  ================ Scan MBR ==================================
22:18:18.0584 1676  [ 2E5DEBB2116B3417023E0D6562D7ED07 ] \Device\Harddisk0\DR0
22:18:18.0949 1676  \Device\Harddisk0\DR0 - ok
22:18:18.0949 1676  ================ Scan VBR ==================================
22:18:18.0974 1676  [ D6AF3BCBFFDBEDF3468F6E7DADB18111 ] \Device\Harddisk0\DR0\Partition1
22:18:18.0976 1676  \Device\Harddisk0\DR0\Partition1 - ok
22:18:18.0988 1676  [ 26A7905620E958BD0F8A361AFCB3E78F ] \Device\Harddisk0\DR0\Partition2
22:18:18.0991 1676  \Device\Harddisk0\DR0\Partition2 - ok
22:18:18.0991 1676  ============================================================
22:18:18.0991 1676  Scan finished
22:18:18.0991 1676  ============================================================
22:18:19.0005 6180  Detected object count: 2
22:18:19.0006 6180  Actual detected object count: 2
22:19:00.0299 6180  RichVideo ( UnsignedFile.Multi.Generic ) - skipped by user
22:19:00.0299 6180  RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:19:00.0302 6180  Samsung UPD Service2 ( UnsignedFile.Multi.Generic ) - skipped by user
22:19:00.0302 6180  Samsung UPD Service2 ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus · 15.05.2013, 21:54

JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Danach eine Kontrolle mit OTL bitte:

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Setze oben mittig den Haken bei Scanne alle Benutzer
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles in CODE-Tags hier in den Thread.

Aristo136 · 15.05.2013, 22:35

So, hier die Logs:

1. Junkware Removal Tool

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by samsung on 15.05.2013 at 22:59:55,37
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-808812791-3364131652-3434471583-1001\Software\Microsoft\Internet Explorer\Main\\Start Page



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] C:\install.res.1028.dll
Successfully deleted: [File] C:\install.res.1031.dll
Successfully deleted: [File] C:\install.res.1033.dll
Successfully deleted: [File] C:\install.res.1036.dll
Successfully deleted: [File] C:\install.res.1040.dll
Successfully deleted: [File] C:\install.res.1041.dll
Successfully deleted: [File] C:\install.res.1042.dll
Successfully deleted: [File] C:\install.res.2052.dll
Successfully deleted: [File] C:\install.res.3082.dll



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files (x86)\filesfrog update checker"
Successfully deleted: [Empty Folder] C:\Users\samsung\appdata\local\{68B8DFEC-F63B-480B-894B-401ADFADD25B}
Successfully deleted: [Empty Folder] C:\Users\samsung\appdata\local\{B2987B00-BD35-4BC2-AB4F-EFD3E259240F}



~~~ FireFox

Successfully deleted: [File] C:\Users\samsung\AppData\Roaming\mozilla\firefox\profiles\6zq7cneh.default\invalidprefs.js
Emptied folder: C:\Users\samsung\AppData\Roaming\mozilla\firefox\profiles\6zq7cneh.default\minidumps [141 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 15.05.2013 at 23:03:36,88
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

2. AdwCleaner (Es öffnete sich direkt der Log, auf Löschen konnte ich nicht klicken. Da die Dateien fortlaufend nummeriert sind und die neue Datei R[5] ist, gab es offenbar vorherige Versionen... die Datei R[4] habe ich gefunden; ich hatte das Programm offenbar am Vorabend schon laufen lassen... das wusste ich leider nicht mehr, sorry. Habe R[4] vorsichtshalber auch beigefügt. R[1]- R[3], die es dann wohl auch gegeben haben müsste, sind nicht mehr auf dem PC)

AdwCleaner Logfile:

Code:

ATTFilter

# AdwCleaner v2.300 - Datei am 14/05/2013 um 23:49:54 erstellt
# Aktualisiert am 28/04/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : samsung - SAMSUNG-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\samsung\Downloads\adwcleaner_2.3.0.0.exe
# Option [Suche]


**** [Dienste] ****

Gefunden : Yontoo Desktop Updater

***** [Dateien / Ordner] *****

Datei Gefunden : C:\Users\samsung\AppData\Roaming\Mozilla\Firefox\Profiles\6zq7cneh.default\foxydeal.sqlite
Ordner Gefunden : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Ordner Gefunden : C:\Program Files (x86)\Conduit
Ordner Gefunden : C:\Program Files (x86)\Yontoo
Ordner Gefunden : C:\ProgramData\BrowserProtect
Ordner Gefunden : C:\Users\samsung\AppData\Roaming\Yontoo

***** [Registrierungsdatenbank] *****

Daten Gefunden : HKLM\..\Windows [AppInit_DLLs] = c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gefunden : HKCU\Software\Conduit
Schlüssel Gefunden : HKCU\Software\delta LTD
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT1561552
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\ConduitUninstaller_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\ConduitUninstaller_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\blaofbhgbmeikidhlkmjhbkbfohpgekf
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Wert Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Yontoo Desktop]
Wert Gefunden : HKCU\Software\Mozilla\Firefox\Extensions [{0F827075-B026-42F3-885D-98981EE7B1AE}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16476

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v20.0.1 (de)

Datei : C:\Users\samsung\AppData\Roaming\Mozilla\Firefox\Profiles\6zq7cneh.default\prefs.js

Gefunden : user_pref("CT1561552_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Gefunden : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Gefunden : user_pref("avg.install.userSPSettings", "Delta Search");
Gefunden : user_pref("extensions.delta.admin", false);
Gefunden : user_pref("extensions.delta.aflt", "babsst");
Gefunden : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Gefunden : user_pref("extensions.delta.autoRvrt", "false");
Gefunden : user_pref("extensions.delta.dfltLng", "en");
Gefunden : user_pref("extensions.delta.excTlbr", false);
Gefunden : user_pref("extensions.delta.id", "2ea89ebc000000000000c485080a7bee");
Gefunden : user_pref("extensions.delta.instlDay", "15758");
Gefunden : user_pref("extensions.delta.instlRef", "sst");
Gefunden : user_pref("extensions.delta.newTab", false);
Gefunden : user_pref("extensions.delta.prdct", "delta");
Gefunden : user_pref("extensions.delta.prtnrId", "delta");
Gefunden : user_pref("extensions.delta.rvrt", "false");
Gefunden : user_pref("extensions.delta.smplGrp", "none");
Gefunden : user_pref("extensions.delta.tlbrId", "base");
Gefunden : user_pref("extensions.delta.tlbrSrchUrl", "");
Gefunden : user_pref("extensions.delta.vrsn", "1.8.10.0");
Gefunden : user_pref("extensions.delta.vrsnTs", "1.8.10.022:23:57");
Gefunden : user_pref("extensions.delta.vrsni", "1.8.10.0");
Gefunden : user_pref("extentions.y2layers.defaultEnableAppsList", "twittube,buzzdock,YontooNewOffers");
Gefunden : user_pref("extentions.y2layers.installId", "22b278cd-b56e-437d-a030-83f3bff6bb52");
Gefunden : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1561552&SearchSource=2&CU[...]
Gefunden : user_pref("smartbar.machineId", "9FXWUZJUODYYIJ1EVRRARFRJEPLKXZC4UFYET+MCVW2GBRJMIFMT+JYFJZM02UYMMSH[...]

-\\ Google Chrome v26.0.1410.64

Datei : C:\Users\samsung\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R3].txt - [10572 octets] - [14/05/2013 22:48:40]
AdwCleaner[R4].txt - [4864 octets] - [14/05/2013 23:49:54]
AdwCleaner[S3].txt - [5651 octets] - [14/05/2013 22:49:00]

########## EOF - C:\AdwCleaner[R4].txt - [4984 octets] ##########

--- --- ---

[/CODE]

AdwCleaner Logfile:

Code:

ATTFilter

# AdwCleaner v2.300 - Datei am 15/05/2013 um 23:06:00 erstellt
# Aktualisiert am 28/04/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : samsung - SAMSUNG-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\samsung\Desktop\adwcleaner(1).exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : C:\Users\samsung\AppData\Roaming\Mozilla\Firefox\Profiles\6zq7cneh.default\foxydeal.sqlite

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\BI
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16476

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v20.0.1 (de)

Datei : C:\Users\samsung\AppData\Roaming\Mozilla\Firefox\Profiles\6zq7cneh.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v26.0.1410.64

Datei : C:\Users\samsung\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R4].txt - [5049 octets] - [14/05/2013 23:49:54]
AdwCleaner[R5].txt - [1199 octets] - [15/05/2013 23:06:00]

########## EOF - C:\AdwCleaner[R5].txt - [1259 octets] ##########

--- --- ---

[/CODE]

3. Schritt: OTL

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 15.05.2013 23:20:13 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\samsung\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,90 Gb Total Physical Memory | 5,43 Gb Available Physical Memory | 68,68% Memory free
15,80 Gb Paging File | 13,19 Gb Available in Paging File | 83,47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 672,31 Gb Total Space | 237,61 Gb Free Space | 35,34% Space Free | Partition Type: NTFS
 
Computer Name: SAMSUNG-PC | User Name: samsung | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\samsung\Desktop\adwcleaner(1).exe ()
PRC - C:\Users\samsung\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe ()
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe ()
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exe (Samsung)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe (SEC)
PRC - C:\Program Files (x86)\Samsung\Easy Support Center\SSCKbdHk.exe (SAMSUNG Electronics)
PRC - C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink)
PRC - C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files (x86)\PrintKey2000\Printkey2000.exe (Fred's Software)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\samsung\Desktop\adwcleaner(1).exe ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Samsung\Easy Software Manager\SWMFuncDLL.dll ()
MOD - C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll ()
MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Program Files (x86)\Samsung\Easy Settings\WinCRT.dll ()
MOD - C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll ()
MOD - C:\Program Files (x86)\Samsung\Easy Settings\HookDllPS2.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (Samsung UPD Service2) -- C:\Windows\SysNative\SUPDSvc2.exe (Samsung Electronics)
SRV:64bit: - (Intel(R) -- C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation)
SRV:64bit: - (ZeroConfigService) -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Intel® Corporation)
SRV:64bit: - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe ()
SRV:64bit: - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV:64bit: - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV:64bit: - (AMPPALR3) -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel Corporation)
SRV:64bit: - (BTHSSecurityMgr) -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel(R) Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe (McAfee, Inc.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (SamsungDeviceConfigurationWinService) -- C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe ()
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe ()
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Bluetooth OBEX Service) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation)
SRV - (Bluetooth Media Service) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation)
SRV - (Bluetooth Device Monitor) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation)
SRV - (NIS) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe (Symantec Corporation)
SRV - (NOBU) -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Symantec Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (taphss6) -- C:\Windows\SysNative\drivers\taphss6.sys (Anchorfree Inc.)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation)
DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation)
DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation)
DRV:64bit: - (intaud_WaveExtensible) -- C:\Windows\SysNative\drivers\intelaud.sys (Intel Corporation)
DRV:64bit: - (iwdbus) -- C:\Windows\SysNative\drivers\iwdbus.sys (Intel Corporation)
DRV:64bit: - (ibtfltcoex) -- C:\Windows\SysNative\drivers\iBtFltCoex.sys (Intel Corporation)
DRV:64bit: - (btmhsf) -- C:\Windows\SysNative\drivers\btmhsf.sys (Intel Corporation)
DRV:64bit: - (btmaux) -- C:\Windows\SysNative\drivers\btmaux.sys (Intel Corporation)
DRV:64bit: - (SABI) -- C:\Windows\SysNative\drivers\SABI.sys (SAMSUNG ELECTRONICS)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (AMPPALP) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (AMPPAL) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation)
DRV:64bit: - (ccSet_NIS) -- C:\Windows\SysNative\drivers\NISx64\1301000.01C\ccSetx64.sys (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\NISx64\1301000.01C\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\NISx64\1301000.01C\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NISx64\1301000.01C\SymEFA64.sys (Symantec Corporation)
DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\NISx64\1301000.01C\symnets.sys (Symantec Corporation)
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\NISx64\1301000.01C\SymDS64.sys (Symantec Corporation)
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\NISx64\1301000.01C\Ironx64.sys (Symantec Corporation)
DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation)
DRV:64bit: - (ssadserd) -- C:\Windows\SysNative\drivers\ssadserd.sys (MCCI Corporation)
DRV:64bit: - (ssadbus) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation)
DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\ssadadb.sys (Google Inc)
DRV:64bit: - (ssadmdfl) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation)
DRV:64bit: - (SGDrv) -- C:\Windows\SysNative\drivers\SGDrv64.sys (Phoenix Technologies Ltd.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20130322.001\BHDrvx64.sys (Symantec Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20130407.007\ex64.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20130407.007\eng64.sys (Symantec Corporation)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20130405.001\IDSviA64.sys (Symantec Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://samsung.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-808812791-3364131652-3434471583-1000\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-808812791-3364131652-3434471583-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung.msn.com
IE - HKU\S-1-5-21-808812791-3364131652-3434471583-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-808812791-3364131652-3434471583-1001\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-808812791-3364131652-3434471583-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-808812791-3364131652-3434471583-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)"
FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.8
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\ [2013.05.15 19:31:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\ [2013.05.15 19:31:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.12 08:49:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.12 08:49:44 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.08.04 16:08:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\samsung\AppData\Roaming\mozilla\Extensions
[2013.05.12 15:24:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\samsung\AppData\Roaming\mozilla\Firefox\Profiles\6zq7cneh.default\extensions
[2013.05.12 15:24:19 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\samsung\AppData\Roaming\mozilla\Firefox\Profiles\6zq7cneh.default\extensions\ich@maltegoetz.de
[2013.04.30 21:40:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013.04.12 08:49:43 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.07.14 02:45:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.13 07:58:22 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.07.14 02:45:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.07.14 02:45:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.14 02:45:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.14 02:45:07 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider:  ()
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - homepage: hxxp://www.delta-search.com/?affID=119776&babsrc=HP_ss&mntrId=2ea89ebc000000000000c485080a7bee
CHR - Extension: No name found = C:\Users\samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Users\samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Users\samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.1.0.30_0\
CHR - Extension: No name found = C:\Users\samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-808812791-3364131652-3434471583-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-808812791-3364131652-3434471583-1001..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O4 - HKLM..\RunOnce: [awde7zip23646]  File not found
O4 - HKLM..\RunOnce: [Z1] C:\windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-808812791-3364131652-3434471583-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-808812791-3364131652-3434471583-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\samsung\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\samsung\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3FE89B9D-FADF-4695-9CF1-21CAEF103537}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7772B2B7-66EB-4000-A9CE-9F6F2323FAA7}: DhcpNameServer = 127.0.0.1 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (c:\windows\syswow64\nvinit.dll) - c:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013.05.14 22:32:17 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{6f2519bc-3f11-11e2-9582-c485080a7bf1}\Shell - "" = AutoRun
O33 - MountPoints2\{6f2519bc-3f11-11e2-9582-c485080a7bf1}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.15 22:59:51 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
[2013.05.15 22:59:20 | 000,000,000 | ---D | C] -- C:\JRT
[2013.05.15 22:58:56 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\samsung\Desktop\JRT.exe
[2013.05.15 22:14:44 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\samsung\Desktop\tdsskiller.exe
[2013.05.15 21:39:55 | 000,000,000 | ---D | C] -- C:\Users\samsung\Desktop\mbar
[2013.05.15 20:10:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2013.05.15 20:10:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2013.05.15 19:51:27 | 000,000,000 | ---D | C] -- C:\Users\samsung\Local Settings
[2013.05.14 23:58:05 | 000,000,000 | ---D | C] -- C:\Users\samsung\AppData\Roaming\Malwarebytes
[2013.05.14 23:57:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.05.14 23:57:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.05.14 23:57:55 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2013.05.14 23:57:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.05.14 23:24:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013.05.14 23:23:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013.05.14 23:23:51 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\windows\SysNative\sdnclean64.exe
[2013.05.14 23:23:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2013.05.14 23:23:15 | 000,000,000 | ---D | C] -- C:\Users\samsung\AppData\Local\Programs
[2013.05.14 22:31:58 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2013.05.14 22:31:58 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013.05.14 21:52:53 | 000,000,000 | ---D | C] -- C:\Users\samsung\Desktop\Bibi Blocksberg - 96 - Das traurige Einhorn
[2013.05.13 23:15:05 | 000,000,000 | ---D | C] -- C:\ProgramData\eMule
[2013.05.13 23:14:46 | 000,000,000 | ---D | C] -- C:\Users\samsung\AppData\Local\eMule
[2013.05.05 23:21:58 | 000,000,000 | ---D | C] -- C:\tödliche versprechen
[2013.05.05 22:09:55 | 000,000,000 | ---D | C] -- C:\big Miracle
[2013.04.28 00:21:16 | 000,000,000 | ---D | C] -- C:\Users\samsung\AppData\Roaming\cef-cache
[2013.04.21 13:39:30 | 000,000,000 | ---D | C] -- C:\Users\samsung\Documents\Bank
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.15 23:17:00 | 000,000,328 | ---- | M] () -- C:\windows\tasks\Xerox PhotoCafe Communicator.job
[2013.05.15 23:05:16 | 000,628,743 | ---- | M] () -- C:\Users\samsung\Desktop\adwcleaner(1).exe
[2013.05.15 22:59:00 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\samsung\Desktop\JRT.exe
[2013.05.15 22:47:00 | 000,001,112 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.15 22:31:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013.05.15 22:14:46 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\samsung\Desktop\tdsskiller.exe
[2013.05.15 22:11:54 | 000,000,512 | ---- | M] () -- C:\Users\samsung\Desktop\MBR.dat
[2013.05.15 20:15:10 | 000,028,280 | ---- | M] () -- C:\Users\samsung\Desktop\logfiles.7z
[2013.05.15 19:55:44 | 000,000,000 | ---- | M] () -- C:\Users\samsung\defogger_reenable
[2013.05.15 19:36:53 | 000,020,992 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.15 19:36:53 | 000,020,992 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.15 19:35:45 | 001,498,506 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013.05.15 19:35:45 | 000,654,166 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2013.05.15 19:35:45 | 000,616,008 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013.05.15 19:35:45 | 000,130,006 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2013.05.15 19:35:45 | 000,106,388 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013.05.15 19:29:24 | 000,001,108 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.15 19:29:02 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013.05.15 19:29:00 | 4187,361,279 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.15 19:28:59 | 702,712,688 | ---- | M] () -- C:\windows\MEMORY.DMP
[2013.05.14 23:23:55 | 000,002,133 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013.05.14 22:32:17 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2013.05.14 20:49:26 | 141,796,035 | ---- | M] () -- C:\Users\samsung\Desktop\Botswana.pdf
[2013.05.14 20:32:11 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2013.05.14 20:32:11 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.05.11 11:51:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
[2013.05.06 21:22:34 | 000,000,837 | ---- | M] () -- C:\Users\samsung\AppData\Local\recently-used.xbel
[2013.05.06 20:00:39 | 001,247,726 | ---- | M] () -- C:\Users\samsung\Desktop\blumen.png
[2013.05.02 22:50:58 | 000,039,618 | ---- | M] () -- C:\Users\samsung\Desktop\Zara_C9704_106246.pdf
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.05.15 23:05:12 | 000,628,743 | ---- | C] () -- C:\Users\samsung\Desktop\adwcleaner(1).exe
[2013.05.15 22:11:54 | 000,000,512 | ---- | C] () -- C:\Users\samsung\Desktop\MBR.dat
[2013.05.15 20:15:10 | 000,028,280 | ---- | C] () -- C:\Users\samsung\Desktop\logfiles.7z
[2013.05.15 19:55:44 | 000,000,000 | ---- | C] () -- C:\Users\samsung\defogger_reenable
[2013.05.14 23:23:55 | 000,002,145 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013.05.14 23:23:55 | 000,002,133 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013.05.14 22:32:17 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2013.05.14 21:52:19 | 041,492,827 | ---- | C] () -- C:\Users\samsung\Desktop\94 - Bibi Blocksberg - Die verhexte Zeitreise.mp3
[2013.05.14 21:51:55 | 078,266,089 | ---- | C] () -- C:\Users\samsung\Desktop\93 - Bibi Blocksberg - Bibi braucht Hilfe.mp3
[2013.05.14 21:51:22 | 039,627,513 | ---- | C] () -- C:\Users\samsung\Desktop\92 - Bibi Blocksberg - Das Geheimnisvolle Schloss.mp3
[2013.05.14 20:49:27 | 141,796,035 | ---- | C] () -- C:\Users\samsung\Desktop\Botswana.pdf
[2013.05.12 15:20:58 | 000,054,964 | ---- | C] () -- C:\Users\samsung\Desktop\proxtube_gesperrte_youtube_videos_schauen-1.4.8-fx.xpi
[2013.05.06 21:22:34 | 000,000,837 | ---- | C] () -- C:\Users\samsung\AppData\Local\recently-used.xbel
[2013.05.06 20:00:38 | 001,247,726 | ---- | C] () -- C:\Users\samsung\Desktop\blumen.png
[2013.05.02 22:50:58 | 000,039,618 | ---- | C] () -- C:\Users\samsung\Desktop\Zara_C9704_106246.pdf
[2012.08.26 17:14:37 | 001,558,432 | ---- | C] () -- C:\windows\TotalUninstaller.exe
[2012.03.02 16:17:08 | 000,307,200 | ---- | C] () -- C:\windows\SetDisplayResolution.exe
[2012.03.02 15:30:00 | 000,001,340 | ---- | C] () -- C:\windows\HotFixList.ini
[2012.02.06 04:29:35 | 000,734,772 | ---- | C] () -- C:\windows\SysWow64\igkrng700.bin
[2012.02.06 04:29:30 | 000,557,476 | ---- | C] () -- C:\windows\SysWow64\igfcg700m.bin
[2012.02.06 04:29:27 | 000,058,880 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
[2012.02.06 04:29:25 | 012,978,688 | ---- | C] () -- C:\windows\SysWow64\ig7icd32.dll
[2012.02.02 15:08:26 | 000,001,536 | ---- | C] () -- C:\windows\SysWow64\IusEventLog.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

--- --- ---

[/CODE]

OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 15.05.2013 23:20:13 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\samsung\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,90 Gb Total Physical Memory | 5,43 Gb Available Physical Memory | 68,68% Memory free
15,80 Gb Paging File | 13,19 Gb Available in Paging File | 83,47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 672,31 Gb Total Space | 237,61 Gb Free Space | 35,34% Space Free | Partition Type: NTFS
 
Computer Name: SAMSUNG-PC | User Name: samsung | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-808812791-3364131652-3434471583-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{032F0593-D9CA-4313-A65B-A4D807D946B8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{0A1C72D0-609B-4F26-BEAA-4C937D9907B1}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{0D6EC47C-752C-41B9-A807-D12A4B374A95}" = rport=138 | protocol=17 | dir=out | app=system | 
"{0EBA4A18-2019-414F-AA87-C9CB06391DFD}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{1B537D47-F894-4F9B-B0A1-E5F8F291FA09}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{24BDFCD8-B9D6-480A-838C-F843B88087BF}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{30632E76-D621-40BA-B351-3F0D0C5E79F2}" = lport=138 | protocol=17 | dir=in | app=system | 
"{3EA91949-8BF2-4E67-8523-8F728D3D7DA0}" = lport=445 | protocol=6 | dir=in | app=system | 
"{53DC60CE-5E10-498F-B491-518BF2E9AC4A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{542CCF13-37CB-431A-9811-CE6DF442E6F9}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{575EC890-8A74-4B59-9C96-6E2D4BF6E997}" = lport=139 | protocol=6 | dir=in | app=system | 
"{59831124-7479-4BAC-9DE2-DC157CA56D06}" = rport=445 | protocol=6 | dir=out | app=system | 
"{7B5A4852-6F01-4AB8-A084-EDE0BD919849}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{802AB5C0-88F3-4951-A75D-264DD3717D79}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{8CB29E2B-2A9E-4DC1-ABA4-93A6111DB202}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{9B5BA163-4028-44A5-8254-87EA66AEFEAB}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{B1E1449F-6BF5-49E2-8096-143229FD6C10}" = rport=139 | protocol=6 | dir=out | app=system | 
"{D1227C7F-7555-42FD-B79A-CBB1017A1F6B}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{D2FC454A-687C-4D52-B8DA-4E842590D17A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D55D9C6C-97E4-4ACB-9227-FF315E260816}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{D96F16D6-A974-44CA-97DE-172D1479F0F8}" = lport=137 | protocol=17 | dir=in | app=system | 
"{DAE75AF0-0E5F-4B0A-AA29-E8446ED5EDF0}" = rport=137 | protocol=17 | dir=out | app=system | 
"{E874848F-981A-4670-A80D-A5396FD13616}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1B3573F2-DEB6-451C-84AD-44F766D4464C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{1BD61F8C-28BA-4224-9B44-749D27D1A4D4}" = protocol=6 | dir=out | app=system | 
"{29B26E0B-452B-4BC5-BB34-D7F83F2EFBEF}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{2E45DD3D-4B62-4D72-BE5B-C3F16D3B4C24}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{2F14D253-5CD9-4B48-A2CA-8BFF255A815F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{317EC8A0-CB0F-4FBB-8260-B8CB4A250FE3}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{34370226-AC95-4B0A-A561-643668CCE33D}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{3885B114-BCF6-4A97-B34F-0EFCC99D80E6}" = dir=in | app=c:\program files (x86)\intel corporation\intel widi\widiapp.exe | 
"{3E2117FF-497A-4EAE-8878-321BE3C0BEB8}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{3FE11C16-478D-471D-9918-1FDDA069C9D1}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{403A821C-5047-44C2-A76D-5B229A6A1C7E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{41380786-D32C-441B-84E8-531663A784CC}" = dir=in | app=c:\users\samsung\appdata\local\microsoft\skydrive\skydrive.exe | 
"{4310D0D5-1699-4745-A523-47A7F39BE698}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{43E96249-6472-4286-BC24-D8D798F24307}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{5FDC43EC-51CA-4844-B778-CCF4692C77B6}" = protocol=17 | dir=in | app=c:\windows\system32\supdsvc2.exe | 
"{66D8F063-713D-4AE4-B048-1341FBE7EA25}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{724F1430-0247-4498-B5B4-619F8C478BF5}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{85148758-87C1-4ECE-B623-5DCDE24D1B4D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{8899D98E-E4DD-44C7-A022-9CDB023AADD2}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{89DE5B8C-A207-470D-A712-AE43A5650AB2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{8FF28049-4444-499B-9A71-40F3FE6EB609}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{9A60ECEB-025B-412A-AC82-8E460F2A8CD1}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{B1D564E1-3BEB-4640-9FAC-97B03B7AEC9A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{BCC3F805-1531-4BD5-ACF0-11790F8F7CCE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{BD3E3541-9508-4C38-8ED0-1B36C3DE4860}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr8.exe | 
"{C4FC189D-BC19-405E-ABAB-149810FF2F87}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{C7074C2F-9F05-4A6F-9271-D8EC3E3BA2EA}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{C717D449-B108-4AA6-A0A0-856C717664B6}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{C7721DA7-B7F9-4B7B-8C01-5E9D7B4E6929}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{CA9034F0-C133-41BC-A05F-951D3E3EEB04}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{CCDF8D22-7C15-4C41-B410-4EB1092C81D8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{D13368C6-546E-48B0-B6FD-103AA5A1E6B7}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{D18BE736-AB38-4243-839D-42F222AA095A}" = protocol=6 | dir=in | app=c:\windows\system32\supdsvc2.exe | 
"{D4B8A113-045C-4B39-ACD8-FD86848A385B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{DFDD9375-CDC0-4D52-B65F-1E120F96543A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{EB4747F7-8EC3-4C22-9ECF-36AE03E83C56}" = dir=in | app=c:\program files (x86)\cyberlink\media+player10\media+player10.exe | 
"{F2AEC4EA-ABFB-46EA-8236-E2E93A525CFC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F37D2CC6-ABAE-42A0-9CA2-5C7239CA0ADB}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | 
"{FED95060-0118-480F-839E-298DCB421709}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"TCP Query User{FE033FB9-BB2B-4C5A-AB89-CD3C8A386B34}C:\program files (x86)\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files (x86)\emule\emule.exe | 
"UDP Query User{06B741DD-94C4-48A9-BD01-512F6D44C368}C:\program files (x86)\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files (x86)\emule\emule.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{09536BA1-E498-4CC3-B834-D884A67D7E34}" = Intel® Trusted Connect Service Client
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel(R) Wireless Display
"{2C0E6BD4-65B1-4E82-B2AC-43EFFC8F100C}" = Intel(R) PROSet/Wireless for Bluetooth(R) 3.0 + High Speed
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5F611ADA-B98C-4DBB-ADDE-414F08457ECF}" = Windows Live Family Safety
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 295.55
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 295.55
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.7.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.11.1111
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DF7756DD-656A-45C3-BA71-74673E8259A9}" = Intel® PROSet/Wireless WiFi Software
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F0932859-AA60-459E-B843-0BDECA34E2C7}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6822EFD-3F7D-4B35-8845-757A26AEC8E2}" = Windows Live MIME IFilter
"Bullzip PDF Printer_is1" = Bullzip PDF Printer 8.4.0.1425
"GIMP-2_is1" = GIMP 2.8.2
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000AD938-EEBB-46F5-BD33-23CB34A57C54}" = Movie Maker
"{00476F3E-3C4D-4E02-B8BB-125350157EB9}" = Windows Live Mail
"{017E337D-D709-437C-83DB-71F82AA78BF6}" = 照片库
"{01944037-D136-45EE-A007-403EAD929FC7}" = Windows Live Writer
"{01ABAEC3-8F96-4D00-9672-E49AAFDC0685}" = Windows Live Writer Resources
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{022C7C52-B294-4346-88BC-C7C2FF7FF1B7}" = Movie Maker
"{03426ED9-9D9C-4F71-B293-BBE6493367A2}" = Windows Live Mail
"{03CC9D58-B132-4CC0-A521-4F3660AA43C7}" = Movie Maker
"{03E2EED4-368D-49EA-B1AC-8B615E37E16D}" = Windows Live Messenger
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{048C8498-C20B-4AF7-9978-7A79E567D74C}" = Photo Common
"{04CCBB46-37C1-4623-9477-C65A32DFD023}" = Photo Common
"{058EDEC8-1873-4B49-9A08-54ADE9CC129B}" = Movie Maker
"{0618FAAA-E236-4F74-924F-837A5592E506}" = Windows Live Writer Resources
"{061FF8F3-5226-4278-8AAB-282C1B024F58}" = Photo Common
"{06EED60F-7FFC-43A7-936E-AA4A8BD948B4}" = Windows Live Writer
"{087D261B-73AE-4B8A-8F18-2EE80DD2ED8B}" = Фотоальбом
"{0AD576A7-EDCE-469E-ADD7-1AC9DB200C6B}" = Windows Live Mail
"{0B660563-2836-49A3-AEDE-928D13ECC19A}" = Windows Live Writer
"{0B783100-6F04-4E2F-B83D-0A9B4EEDE47A}" = Windows Live Writer Resources
"{0BC39E89-506A-4ADA-8924-27AEE2C97618}" = Windows Live Writer
"{0BFF2188-2D8E-4BE2-95D0-B3CCD4C6A0C9}" = Photo Common
"{0DF95460-2887-4011-9344-1959CDF18ADC}" = Photo Common
"{0E1BB4B4-00FF-45B1-914B-AB8D8B9862B3}" = Windows Live UX Platform Language Pack
"{0E3A4650-A873-4D53-A9DE-E84D57F6A085}" = Windows Live Messenger
"{0F6A576E-C6E3-437E-B389-262EBC86B09A}" = Windows Live UX Platform Language Pack
"{1026DF85-1C0F-4839-888E-EB9D5B73CF46}" = Windows Live Writer
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{12F81925-F3C1-40DB-91F7-777817974319}" = Easy File Share
"{13F3CEA5-9E2C-4C4E-9F0F-D0DB389CF4A9}" = Movie Maker
"{144113A4-1A98-452F-8506-60F8C811D316}" = Movie Maker
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 5
"{1532CEFF-ADB4-4230-BF03-30A6B3182663}" = Movie Maker
"{1590089E-44E5-4334-BA45-869E194F1D5B}" = Windows Live 메일
"{15F32CAE-4504-4F33-89F8-182FF38CA036}" = Windows Live Family Safety
"{15F3A6F5-06AE-4332-AE3E-21CD0416827A}" = Windows Live Mail
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Settings
"{18272881-CFC0-434D-A975-E5BE44206AA0}" = Windows Live UX Platform Language Pack
"{182D3167-FE80-4DF6-96C2-84AC0ABA20D8}" = Windows Live Writer Resources
"{184A0D4F-4BCF-40EF-A73C-F0313FDB5CCD}" = Windows Live Messenger
"{187A0FCA-2FE2-4827-83CA-D4887E965047}" = Photo Common
"{193464D1-D974-4456-949F-28ED63610126}" = Windows Live Family Safety
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{19AFD9A4-B584-41C8-91EA-38EB2FC1BD50}" = Windows Live Messenger
"{1A79A578-4277-48AF-98A6-F9E48CF1B6D8}" = Windows Live Writer
"{1D03A585-879D-45DB-B77A-C4D5A04E7286}" = Windows Live Family Safety
"{1D485014-D9A4-42DE-B04C-2DB691ABDE02}" = Windows Live Writer
"{1D6F9A9A-DCF3-45A7-9B14-46DDA778313F}" = Windows Liven sähköposti
"{1DA74ED3-BAE9-4A89-B24E-18B4E78E075F}" = Movie Maker
"{1EA7C505-E6DA-4B85-9432-EBD3C70D510D}" = Windows Live Messenger
"{1F0C818D-4A41-4E40-BAFB-BB940C82A518}" = Fotogalerija
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite
"{1FEE19BC-6F0C-42E4-82FF-FB597F6141DF}" = Windows Live Essentials
"{207E9B4C-48A9-47CE-BBC8-ACF0B2006351}" = Windows Live Mail
"{2177152C-83DD-4540-B2F0-970F7303B7BA}" = Windows Live Writer Resources
"{2329E182-DFC8-4C1E-AF2C-758F25347F69}" = „Windows Live Essentials“
"{23A3E560-069F-4CFC-8F6C-1B526EC735FC}" = Windows Live Writer Resources
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{241F87F6-CEA4-4493-B4EE-0973C6088FEC}" = Windows Live Family Safety
"{24DF33E0-F924-4D0D-9B96-11F28F0D602D}" = Windows Live UX Platform Language Pack
"{252D22BA-FD4A-48C0-A937-C0E0B799F1EF}" = Windows Live Family Safety
"{254F7574-53A7-43D1-BC4D-B1E894AEE175}" = Windows Live Writer
"{25CD4B12-8CC5-433E-B723-C9CB41FA8C5A}" = Windows Live Writer
"{262E7632-72F9-4CBE-9461-937F24106EF2}" = Windows Live Essentials
"{26A24AE4-039D-4CA4-87B4-2F83217015FF}" = Java 7 Update 15
"{28B2947F-FC0B-4450-80E3-6DF698E824A6}" = Windows Liven peruspaketti
"{2A078A2B-E2C8-43A3-862C-DC57090AB7C2}" = Movie Maker
"{2AC4C6D7-512D-4B78-A85B-2C16E748AB8E}" = Movie Maker
"{2AEAFC79-79E6-4784-9CF9-D9D82932BF88}" = Windows Live Family Safety
"{2B068A64-F867-44E9-8827-A795647C8730}" = Фотографии (общедоступная версия)
"{2B919309-7052-45A4-B1C8-5B4894E8648B}" = Windows Live Writer
"{2BD71DFE-604F-411A-92B6-B957983B81C6}" = Windows Live Family Safety
"{2E50E321-4747-4EB5-9ECB-BBC6C3AC0F31}" = Windows Live Writer Resources
"{2FE8AE4C-1B6E-4F70-A639-14FD881F559F}" = „Windows Live Mail“
"{306C7AEF-16C7-428D-93AA-99D4A4090243}" = Movie Maker
"{30B984FC-F436-4666-AAEF-10FF2453478E}" = Windows Live Mail
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{3123396C-3EFE-4DCB-8033-F5D182D6597D}" = Windows Live Essentials
"{31846283-C955-4CE1-9297-8670BD0C9A7E}" = Windows Live Messenger
"{32AA7594-09A9-437F-9541-5F760509B752}" = Фотогалерия
"{330BBA5F-4A63-4545-900F-8446F205BA52}" = Windows Live Writer Resources
"{34FBC7C4-CD31-4D93-A428-0E524EAC4586}" = CyberLink Media+ Player10
"{35CB7C2D-B421-46FC-89CF-3B630628876F}" = Windows Live Writer Resources
"{36BEC461-B58A-414D-993E-E2BDD1F1A14B}" = Movie Maker
"{373EF285-A2DC-44EB-8D79-18918F33CB3A}" = Windows Live Messenger
"{37FDD121-C443-4FD3-A213-2449B397C068}" = Windows Live Messenger
"{381AAE35-6FB5-437E-8DD9-9C5C733943ED}" = Windows Live Family Safety
"{38814879-FCE1-491C-AC22-D0659921F53F}" = Windows Live Family Safety
"{3A9ECD64-DE00-4779-A89E-C878513B2B37}" = Windows Live Writer Resources
"{3C3DCD2B-6FC7-41BF-BB80-40A936E1A785}" = Windows Live Writer
"{3C41298B-A3F5-40C8-8BE3-A9A3F0644B0A}" = Windows Live Writer
"{3C63F944-803E-49A7-B3A2-B8AB3313E883}" = Windows Live UX Platform Language Pack
"{3CBD94C1-BA15-488C-888B-D8DD296CC6DC}" = Fotogalerie
"{3D44D783-D027-4135-AC39-81E320ED2D3A}" = Windows Live Family Safety
"{3D4F3F4C-E364-4E46-BFB1-A00BF9777422}" = Windows Live UX Platform Language Pack
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F459DA9-0D88-452E-97A4-5B69C8C8C6B5}" = Windows Live Family Safety
"{3FD0036E-236A-4EDD-894D-4374BEE64464}" = Windows Live UX Platform Language Pack
"{400C31E4-796F-4E86-8FDC-C3C4FACC6847}" = Junk Mail filter update
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{42B6C7E0-0DAE-488D-8DAF-838898102F19}" = Windows Live Writer
"{43CCAC37-4E31-495F-9077-471E4E92DCEA}" = Windows Live Messenger
"{446CC8CE-0E90-44F7-ADD0-774B243EF090}" = Galerie de photos
"{44A3A561-AE74-472D-A51C-43F4C9E7B5E5}" = Windows Live 软件包
"{46A648D2-C097-41A3-A517-E709F045B6CD}" = Movie Maker
"{46ED2B64-85C7-4E1F-920C-A555B21F2E4C}" = NVIDIA PhysX
"{46EF173F-A437-48B9-B950-A13F5619E7C6}" = Windows Live Mail
"{476C5E21-9418-4A76-80A3-0C6A470AC637}" = Windows Live Essentials
"{47CF356B-5EC9-46C2-91F1-19DCAA990A34}" = Windows Live Writer Resources
"{4848ECCF-2AF6-413D-BD62-2447BBF2B547}" = Windows Live Family Safety
"{49B666FA-917B-48D7-B81D-E7F829CFC713}" = Windows Live Family Safety
"{49F068F2-4323-417B-AFC8-1E43F479D46C}" = Windows Live Essentials
"{49F8A207-E3A3-4DAF-A0CC-9A787F1D8424}" = Windows Live Family Safety
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AA2A466-8031-403A-8236-5301B4E391FB}" = Windows Live UX Platform Language Pack
"{4AA72B0D-F42C-43BE-A8D9-7E2D993D7FE5}" = „Windows Live Messenger“
"{4AF53C99-315D-4536-873F-029D2D274AE2}" = Photo Common
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{4E55905B-849D-4633-9267-3EC77E24221A}" = Poczta usługi Windows Live
"{5006FD66-7E9B-4F92-BD36-275AD7712348}" = معرض الصور
"{5078CEC3-A56F-4080-8CD4-ED7BCBE5686B}" = Photo Common
"{50849B2C-097E-47A5-A076-6F11A939E093}" = Windows Live Mail
"{51449A7F-4820-4757-9236-87A3BE7B6F27}" = Windows Live Writer
"{51EF51B6-0D9F-4977-8F9D-A1E15017D2B7}" = Windows Live Mail
"{525E7EA7-481F-499D-A7F7-4682AC46A454}" = Movie Maker
"{537B16E0-A39F-47CB-9C1E-50978862B108}" = Windows Live UX Platform Language Pack
"{55268806-FC27-4CA2-9CCA-1269FD4831FE}" = Windows Live Writer
"{56232E3D-7EA9-45E0-A371-26CD80510AF7}" = Windows Live UX Platform Language Pack
"{5681FEA2-1CF8-461E-B611-55D2C50FC4EF}" = بريد Windows Live
"{5917D694-AFC3-46BF-8CAB-0DABAF9D6FCB}" = Windows Live UX Platform Language Pack
"{5A30E103-9FA6-4A23-A107-E1F5F174BB62}" = Windows Live Temel Parçalar
"{5BABDA39-61CF-41EE-992D-4054B6649A9B}" = Movie Maker
"{5C2F5C1B-9732-4F81-8FBF-6711627DC508}" = Windows Live Fotogalleri
"{5D6D7C60-FE76-43E7-A135-8B0CD15914C7}" = Windows Live UX Platform Language Pack
"{5FE3BC4E-2BD5-4D6B-8BC4-640A42626AAD}" = Почта Windows Live
"{6209125A-46C5-4099-96DC-72FD55B07C1C}" = Windows Live Writer Resources
"{62BBCDDC-4979-4E59-9D97-5B8E874C3191}" = Movie Maker
"{62CC9AF4-EDD9-43C8-9856-FFD60362CFA9}" = Windows Live Messenger
"{631C4E4F-6FDC-4CC0-A067-E9876A9BA7FD}" = 影像中心
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{66DB6D91-BF91-480B-933D-7CB8B1E64D74}" = Windows Live Messenger
"{685EE156-6B74-4F0D-BF87-9A15AAA1D9A3}" = Windows Live 필수 패키지
"{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials
"{69D48C91-CCC2-4305-89DE-D1F8122EDBF4}" = Photo Common
"{69FCA957-224F-4623-8BE0-6295CFB2C3E4}" = Windows Live Mail
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{6B8F13E2-F02B-445C-9A31-3C0E5D547CBA}" = Photo Common
"{6D9DD7D9-4167-4541-8DA8-619B9B802D72}" = Fotogalerija
"{6DA675F3-B549-4BDE-90FA-BEF8C3B87F00}" = Windows Live Mail
"{701FE1BC-834A-4857-AF62-6EBA50CFBC78}" = Movie Maker
"{70854FE6-3BF1-4C69-94D0-BEB821102E34}" = Windows Live Mail
"{70BF63A5-DE6A-417C-AB93-5E31D0DA994E}" = Windows Live Writer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{715F9B21-2817-402A-9BF0-BDA764D21F09}" = Windows Live Essentials
"{719E4DA1-A17B-4B46-9D5D-925D4FBE4D69}" = Movie Maker
"{7211F448-F865-4D37-B905-24D84E6C3E5E}" = Windows Live Writer Resources
"{72DFDA9F-C07B-40B6-BA5C-C4C04AFF883D}" = Windows Live Family Safety
"{733EC941-EDAF-4DB8-920A-6CD70488676A}" = Windows Live Writer
"{73669388-1011-4B57-A90F-8B0415093AB2}" = Windows Live Writer
"{743FD554-A73F-4FE8-BE7B-C283D16297F9}" = Photo Common
"{751EB657-3F22-4150-8CE4-D79A262F1D92}" = Movie Maker
"{7595CAD2-87D0-4D01-AC02-3FDD3A891BB8}" = Galeria fotografii
"{7607440C-FDCA-4210-9CD9-13D8F0DDAD0C}" = Windows Live Writer Resources
"{76E62ACD-1536-4AC7-9A2E-B7DB4F2ACE5E}" = Windows Live Family Safety
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{794D971F-7EC1-4F71-A51C-773074CAB8DA}" = Windows Live Writer
"{797DC296-ADC5-4A08-8CBC-AEB0D6F4B249}" = Windows Live Essentials
"{79A1AF43-BD17-4A81-B38A-6D6535D3F377}" = Windows Live Writer
"{7A83618D-879A-4258-8B5E-5AD8B5F3EDD0}" = Windows Live Writer
"{7ADFA72D-2A9F-4DEC-80A5-2FAA27E23F0F}" = Windows Live Photo Common
"{7B0C5EF6-DE4C-4E20-8889-C17604FFE5CD}" = Windows Live Family Safety
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7E41F42B-7ED8-4E15-A492-B93B287C027F}" = Windows Live Writer Resources
"{7E63F102-A9E9-4F4C-8004-BC62974736BF}" = Movie Maker
"{7E9A63B3-8572-4A4B-9F87-3C2A873BBC55}" = Windows Live UX Platform Language Pack
"{80136E5C-7CB8-4534-B263-FE622BC9C782}" = Windows Live Writer
"{802E137D-DA8F-47CC-AC21-6DD075CD948C}" = Windows Live UX Platform Language Pack
"{8030AE22-7FA0-4880-A538-8906EDBF49F4}" = Windows Live Writer Resources
"{8063EB67-E777-4A56-9C1E-FAD75C2F5EC2}" = Photo Common
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{8146445E-B14D-4CBA-AB9A-728CF166DAC9}" = Windows Live Messenger
"{8176B9CA-F037-49C0-BD77-661B1DDCA6F3}" = Movie Maker
"{81CF4226-47C1-418C-8718-1B3ED2C37878}" = Windows Live Essentials
"{824F9823-9F10-4032-8666-DCF5CFF4113E}" = Windows Live Writer Resources
"{83C9377F-5ED1-4AD8-B113-7C876AEAF3AB}" = Windows Live Messenger
"{8502F597-4852-48BB-99E5-824AC4C057F0}" = Windows Live Family Safety
"{854A24E3-A0EF-472A-B1D6-A2E9D43D5D8B}" = Windows Live Writer Resources
"{857BC375-BCFB-474E-9BD9-7EBB18EC55E0}" = Windows Live Essentials
"{85CE9026-C02A-46B4-B08C-4C77CCCC54FF}" = Windows Live Family Safety
"{862780DF-67D4-40B4-BDC7-E82B3F116504}" = Movie Maker
"{86C40513-B5A4-476E-9EAB-EC118DCF4502}" = Windows Live Writer
"{87425773-10F4-4858-8CBF-465093FA43DE}" = Windows Live Mail
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{88809C3E-8C92-4454-AEB7-B26166E3D6CD}" = Windows Live UX Platform Language Pack
"{8913AC02-67B8-4B52-91B2-BBA7B9C265B5}" = Windows Live Writer Resources
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8AAEB5A5-A397-46B6-8AF3-B6DC790C4E48}" = Windows Live Messenger
"{8B37F794-E318-44BA-9A13-233344202ABA}" = Photo Common
"{8D813AFF-D91D-4EE0-821F-B901FC2E89FA}" = Windows Live
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8E241C05-52BF-4862-AD1F-AAE465C0075B}" = Windows Live Mail
"{8E31695A-4694-4DC4-8BEF-F8F22520D38D}" = Windows Live Writer
"{8E6AB06E-FE46-433B-85D5-BC27ABE06570}" = Photo Common
"{8F7FECEC-088F-431D-A5FB-2B59E1E69943}" = Galería de fotos
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{902C4E0E-89CE-43B9-BCC0-F3A91E987F99}" = Windows Live Writer
"{9093B0D5-EA59-4C9E-A2E3-CC130138DFCD}" = Fotogaléria
"{90993BD9-C7D9-4C2F-B56C-2F7AFEBD4CD0}" = Windows Live UX Platform Language Pack
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{924B4D82-1B97-48EB-8F1E-55C4353C22DB}" = Windows Live Mail
"{9341E0BE-ADA3-4590-BB51-5D916D8FAE65}" = Windows Live Mail
"{93F34C5C-ACAA-48F3-9B26-70359A117F12}" = Intel(R) WiDi
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95D78710-DEE9-4577-9FC6-35BE431898DC}" = Windows Live Family Safety
"{96361BC7-B7C8-4594-AD89-813C371F4246}" = Windows Live Writer Resources
"{9636FF74-65AF-4714-90A4-08982C368100}" = Windows Live Family Safety
"{96914829-DF65-40AE-8A31-6F3E96BAEBBD}" = Windows Live Mail
"{97368584-CA0D-45C6-8151-AE96A33A867B}" = Fotoattēlu galerija
"{97C79BEC-43F7-4BD8-A6A7-85C0257E488A}" = Windows Live Writer
"{9869099A-6A44-4590-9430-BF7AC74EBCC6}" = Windows Live UX Platform Language Pack
"{989889A7-D13D-4DA4-B059-B250784DFABC}" = Photo Common
"{9939B8FF-7D2D-4258-B5B9-B6BA8DD59905}" = Windows Live Mail
"{99AA6730-54CD-4B9E-B05B-0A5196743923}" = Windows Live UX Platform Language Pack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B4D3AFE-8679-4704-AA4C-BAB0E41870EF}" = Windows Live Essentials
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C60D080-84E7-43A5-8ECA-28253D253BD7}" = Windows Live Essentials
"{9D204CE2-C8D8-4CC9-A74B-F2768DBC1E3B}" = Photo Common
"{9EDF46F0-2D4E-4C00-B2B6-0660666E9F60}" = Movie Maker
"{9F470E17-4FC3-4091-A508-D5347A16A2B9}" = Fotogalleriet
"{9F9F5784-1E5A-47D2-BB82-21F89352859B}" = Windows Live Family Safety
"{A035950F-15BA-41C0-9D8F-165FC0536012}" = Movie Maker
"{A0E4C4A6-1CC7-4442-8CAE-2D825B7BC1C1}" = Windows Live Writer Resources
"{A132CE8A-79EA-4BB5-9A24-4348B4DDD48A}" = Photo Common
"{A17946CA-18E5-4CF0-8D55-A56D804718F8}" = Movie Maker
"{A19A8C25-272A-4CD6-8BA8-3772321A021B}" = Συλλογή φωτογραφιών
"{A1FBD2B3-6768-472D-BA46-C00EACBCE16C}" = Fotogalerie
"{A37F2060-813A-4325-9456-272B10EE75EF}" = Windows Live Essentials
"{A3D995FA-C9A0-4E7D-B430-3F7A6731B4D5}" = Windows Live UX Platform Language Pack
"{A412D7BD-FD86-461D-B385-CD8062F34131}" = Windows Live Messenger
"{A47EA9D4-BB87-415E-9239-28860434E5A0}" = Movie Maker
"{A58FCEF4-3191-466C-8949-0FFFFFB7631D}" = Windows Live Writer Resources
"{A5DC64EE-2FC4-4C35-9975-639DD8499369}" = Windows Live Family Safety
"{A6C48A9F-694A-4234-B3AA-62590B668927}" = Intel(R) Manageability Engine Firmware Recovery Agent
"{A72739F4-3E29-457C-AFB0-D5B75AB782A5}" = Windows Live Messenger
"{A7E73DE5-E5FD-4923-9D88-E09ECD1F3545}" = Podstawowe programy Windows Live
"{A86C7338-BE18-4770-AA25-138513D89B0D}" = Multimedia POP
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96A855B-89F7-40D4-A57E-580DFD4235B3}" = Windows Live UX Platform Language Pack
"{AA82E5EF-70C2-41CB-8432-309078304CBB}" = Photo Common
"{ABAF6F07-0D84-4700-948E-EC5042B9D978}" = Windows Live Mail
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AD86049C-3D9C-43E1-BE73-643F57D83D50}" = Easy Migration
"{ADE1F206-1365-4B14-9A24-4B1A7DD58BAC}" = Windows Live UX Platform Language Pack
"{AE364ACC-B9DF-466B-B4EA-AEECD0CD581E}" = Windows Live Messenger
"{AE8044B5-FCA3-4EBE-AC78-0FB3A6E8DC76}" = Movie Maker
"{AEC637CC-78F4-4746-9707-56B37105B799}" = Windows Live Messenger
"{B096A0E4-26A1-4E9F-8548-577964B9434B}" = Windows Live Essentials
"{B20502AB-2A3F-48F9-AD09-9FB61689A6D4}" = Windows Live Writer
"{B27EDD14-869E-4A44-905A-5DE652F7278F}" = Windows Live Messenger
"{B306F739-A414-4698-BFAD-0AB23F73D14F}" = Windows Live Messenger
"{B328282C-DCE9-49B7-8B98-C08D9AA28C46}" = Windows Live Mail
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B413088F-F01D-467A-8F39-94F6EE473321}" = 사진 갤러리
"{B474FC1C-4619-4C99-8ECE-382D71627CCA}" = Windows Live Family Safety
"{B625668D-34AA-462D-AA32-44BFA70F08E7}" = Windows Live Messenger
"{B66CFC88-6729-4A0F-8610-258413159C35}" = Windows Live UX Platform Language Pack
"{B67B2671-2981-466B-BA14-25538AA871DC}" = Windows Live Messenger
"{B693A4C3-B708-4F25-978E-56CA2517914C}" = Windows Live UX Platform Language Pack
"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack
"{B750B5C2-CC17-4967-905B-29F4EB986131}" = Software Launcher
"{B77D2795-23C0-4DBD-B7B5-CFB542D1FA3F}" = Windows Live Writer Resources
"{B7F31B9C-8775-4500-8E9D-6ABE9AE17CF4}" = Windows Live Essentials
"{B80D3EA9-A252-4AE5-AC51-81729F5C586F}" = Windows Live Mail
"{BA068968-594F-40BE-8EE8-99119123C991}" = Windows Live UX Platform Language Pack
"{BAD4B8FA-4BDA-4A59-BE64-9741031680C7}" = Movie Maker
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{BE5650DD-D298-421B-B7A7-3A18DC55565B}" = Windows Live Messenger
"{BE5FFB4F-FA58-48DF-BDA9-E7AE79DA9C3E}" = Windows Live Family Safety
"{BEA0C361-4CEF-4132-AA16-86E95AE9293E}" = Windows Live Essentials
"{BFA6D5AD-25EA-475F-AD80-ECD408C674AB}" = Movie Maker
"{C034A6F9-6569-491B-B3BF-F5D15221A708}" = Windows Live Essentials
"{C08D0804-1DB0-4375-AF23-7120F4C121E1}" = Windows Live Family Safety
"{C0AA1615-49F8-4580-A329-63693C7C5127}" = Windows Live Family Safety
"{C2F1EBBF-9AC4-4E0B-A7F4-74C9C7AD4813}" = Galerie foto
"{C32D87E1-6310-4CD5-8D6D-865AFE0E9B4E}" = Movie Maker
"{C32F4F5A-C9FB-427C-9F6F-9DB157611FFF}" = Valokuvavalikoima
"{C346ACB1-BD21-402E-8F2D-E08E58AD1105}" = Windows Live Family Safety
"{C40D110E-0718-4E11-A69B-D4EC7BF2EB04}" = Windows Live UX Platform Language Pack
"{C41A3B9E-A238-4E83-AD37-D1EDD1105F5A}" = Windows Live Writer
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C4D82144-B2D5-4A0E-A470-16F13EBC5BCB}" = Windows Live Essentials
"{C4E8BC59-BD60-4B73-999B-758890DF4E62}" = Windows Live Writer Resources
"{C595F480-788A-4F8F-8277-1A91F32CA879}" = Windows Live Writer
"{C5B383EB-B85B-481C-9946-34FBF021678B}" = Galerija fotografija
"{C67BC332-A59A-4D40-977F-664F60AB21D8}" = Photo Common
"{C7929038-EDFB-416D-A2C9-CC65416DA0DF}" = Photo Common
"{C8BBA220-8549-462A-B411-1AF44DE098B5}" = Photo Common
"{C9A99D28-EE86-4D0F-B3E1-25EB87BFFEB1}" = Windows Live Messenger
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{C9D08433-5FDD-43C6-8482-7AFA7D891D98}" = Windows Live UX Platform Language Pack
"{CA5C4498-C7E7-4808-AB41-A2B534A476AF}" = Windows Live Messenger
"{CAACAA13-42A3-4FFD-A0AC-B2C6D8626A89}" = Windows Live Writer
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CB294330-450C-4704-8F88-06E4C8C97181}" = Windows Live Messenger
"{CB51B0C8-57D5-411E-8A69-3F55D3FC8857}" = Windows Live Writer Resources
"{CB5CC924-4B5C-4682-BB21-F160C12F56AB}" = Foto-galerija
"{CD442136-9115-4236-9C14-278F6A9DCB3F}" = Windows Live Movie Maker
"{CE44687E-BC21-4B69-B0AE-6BDFD6B5C327}" = Windows Live Messenger
"{CE542E0D-E056-4426-9F98-084C13E18641}" = Windows Live UX Platform Language Pack
"{CE7773A5-8556-44A3-84AB-B95F67E8D766}" = Photo Common
"{D04EBB49-C985-4A38-8695-62000861293A}" = Raccolta foto
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D0F03C35-6196-4992-8621-6F390DFA9073}" = Windows Live Messenger
"{D16E0F0C-5D10-45CF-A585-CE3689B5A913}" = Windows Live Writer
"{D1952E4A-9F67-4693-A06D-DA8E0FB2B00D}" = Windows Live Essentials
"{D1F5A388-09C9-4998-A793-B15DCDEB3B42}" = Photo Common
"{D201E6C1-1A5C-4816-B2C1-89CB6E6C7B3B}" = Windows Live Mail
"{D2C146B1-948D-47EF-8387-5D1C6B980F7C}" = Windows Live Writer
"{D4EA8070-20E0-4BAF-BC44-D166C292FEBE}" = Windows Live Writer Resources
"{D5082B89-2E86-447E-A02C-922534592FA8}" = Photo Common
"{D824AFCC-3408-4FB2-A6C9-28C660700DD4}" = Photo Common
"{D888F114-7537-4D48-AF03-5DA9C82D7540}" = Photo Common
"{D9D4D271-609F-440D-A9EC-A66B0815CFE2}" = Windows Live Essentials
"{DAD85607-2C8E-43D5-B068-4B218F1A7DB8}" = Windows Live Mail
"{DB169E8F-5332-4DBF-B085-84AA2C373304}" = Windows Live Messenger
"{DB7B6508-2AAB-4F26-99D4-74559A2F5E42}" = Fotoğraf Galerisi
"{DC8D03B1-FAEA-41AE-82FE-7AA42F77398D}" = Windows Live Family Safety
"{DCA5D0DE-F6AC-4E24-A924-03561D26BE97}" = Windows Live Essentials
"{DDFF51C0-A729-49E2-B777-8432C0F74FD9}" = Windows Live Mail
"{DE256D8B-D971-456D-BC02-CB64DA24F115}" = Easy Software Manager
"{DF2B3089-8B7A-4CBC-87D0-8AD60CAED564}" = Windows Live Writer
"{DF9A76D9-BBFA-483C-AD7F-7D6E7627AD0E}" = Windows Live Family Safety
"{DFB0E1FE-B5DE-42D7-97A9-2A69FB530A73}" = Windows Live Messenger
"{DFBFFB0C-EB8A-46C9-9316-202005551897}" = Windows Live Family Safety
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0AEFDEF-9BC4-4D6F-BE11-B4BD7E3B8816}" = Windows Live Writer
"{E0B5FDF0-6940-44B2-8204-CFA746A6B4AF}" = Movie Maker
"{E0E0FB88-D570-463E-A98E-733B7B656867}" = Photo Gallery
"{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common
"{E18F981B-401C-4D90-BC57-D8903564D558}" = Windows Live UX Platform Language Pack
"{E22E95E7-0A26-4AEC-A907-390C568C5BC1}" = Windows Live Messenger
"{E2F4F742-0172-4306-B32E-66DF9CB57992}" = Windows Live Writer Resources
"{E354D495-5DA4-4CCF-AB39-080F6A4141BE}" = Fotogalleri
"{E37CD6E8-BC51-4D48-9840-803EC3B418D3}" = גלריית התמונות
"{E50E3DBC-46AA-4827-B2A6-F995D81DF526}" = Fotótár
"{E570053D-8ABC-4938-9E23-C634E08E7490}" = Windows Live Mail
"{E6A3F960-E593-4DDE-B9F2-66885D973A26}" = Pošta Windows Live
"{E7AE39C6-B669-433F-A351-CA132C611310}" = Windows Live UX Platform Language Pack
"{E800ADC4-F459-42F5-89A2-E754634B010A}" = Windows Live Writer Resources
"{EA2BE047-FF29-4336-BB70-6AF201085BAF}" = Windows Live 程式集
"{EA348D4B-FB4D-4449-8749-654CA51F56A6}" = Windows Live UX Platform Language Pack
"{EB570008-46BB-4126-9016-529FC5D85127}" = Windows Live Pošta
"{EB91007A-0110-42A6-B869-2709955A9B2A}" = Photo Common
"{EC33D375-5164-4374-9061-43F5C6073219}" = Photo Common
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{EE2E1BED-0821-4244-ABDC-149E9F9750C3}" = Photo Common
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}" = E-POP
"{F09DD76B-D3D3-4558-B5BC-F1EEA6E00162}" = Windows Live UX Platform Language Pack
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F0F9505B-3ACF-4158-9311-D0285136AA00}" = Windows Live Essentials
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1CA7DAE-F998-499C-8CA5-FC58CA2416EC}" = Windows Live Essentials
"{F2235E5E-7881-4293-9B6F-04B2609FBFF0}" = Windows Live Messenger
"{F29C9CFE-350A-42AC-A7C8-04154D5FE8A9}" = Windows Live Writer
"{F341F73D-0D6E-4D37-995D-74F28EBD406C}" = Windows Live Writer Resources
"{F5248B7E-779A-4FA4-8134-D1933D8680FA}" = Galeria de Fotos
"{F5261248-C4EB-43AD-B07C-9FF9B940896C}" = Photo Gallery
"{F54030F3-14B6-432D-9361-78DCB1473920}" = Photo Common
"{F54A07A9-9716-4094-9E79-F5E929679FFF}" = Windows Live Writer Resources
"{F5E338CE-E1C6-4F7D-8300-44DBD05B9F14}" = Galeria de Fotografias
"{F67CA22C-C11F-4573-8406-57F75BA06B51}" = Photo Gallery
"{F687E657-F636-44DF-8125-9FEEA2C362F5}" = Easy Support Center 1.0
"{F7304CCF-B4A0-49C7-88A8-CD3F28FFBF9A}" = Основные компоненты Windows Live
"{F9B257B6-0DA2-40E1-BAE4-0D64A2C9EE5E}" = Windows Live Essentials
"{FA75723A-BF4A-40A2-BFCB-BBC320C27DC9}" = Windows Live Mail
"{FB0145BF-B1CD-4681-8ED1-095A7827E2E4}" = Windows Live Writer Resources
"{FC1900CF-AC11-49EA-867A-F2AE5830F43A}" = Windows Live Writer Resources
"{FC5EAB7E-8898-44C6-85D9-5BC7DAFD80A3}" = Movie Maker
"{FC6C7107-7D72-41A1-A031-3CE751159BAB}" = Photo Gallery
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) OpenCL CPU Runtime
"{FE5B524F-CD89-4457-B8C1-9299F17E6634}" = Windows Live UX Platform Language Pack
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"{FEFD91C5-A25D-48D9-89DA-0FB7BB8B3EF7}" = Windows Live Writer Resources
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFC2BC49-3A72-409C-8176-B3E972DB8603}" = Windows Live Family Safety
"{FFFA0584-8E3D-4195-8283-CCA3AD73C746}" = Windows Live Messenger
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Audacity_is1" = Audacity 2.0.2
"bi_uninstaller" = Bundled software uninstaller
"DVD Shrink_is1" = DVD Shrink 3.2
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.35.1031
"Google Chrome" = Google Chrome
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite
"InstallShield_{34FBC7C4-CD31-4D93-A428-0E524EAC4586}" = CyberLink Media+ Player10
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NIS" = Norton Internet Security
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"PartyPoker" = PartyPoker
"Picasa 3" = Picasa 3
"PrintKey2000" = PrintKey2000
"Samsung Universal Print Driver" = Samsung Universal Print Driver
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.20 (32-Bit)
"Xerox PhotoCafe" = Xerox PhotoCafe
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-808812791-3364131652-3434471583-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"SkyDriveSetup.exe" = Microsoft SkyDrive
 
========== Last 20 Event Log Errors ==========
 
[ Spybot - Search and Destroy Events ]
Error - 14.05.2013 17:48:11 | Computer Name = samsung-PC | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
 
 
< End of report >

--- --- ---

[/CODE]

cosinus · 16.05.2013, 12:37

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Vollscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Aristo136 · 18.05.2013, 16:50

Hi,

Malwarebytes hat nichts gefunden:

Code:

ATTFilter

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.05.16.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
samsung :: SAMSUNG-PC [Administrator]

16.05.2013 20:14:34
mbam-log-2013-05-16 (20-14-34).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 399403
Laufzeit: 43 Minute(n), 11 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Der ESET Scanner hingegen hat drei Sachen gefunden:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=4dfd388151ff9a49b89d538757344abb
# engine=13855
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-05-18 08:56:20
# local_time=2013-05-18 10:56:20 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3591 16777213 100 96 24634719 131492764 0 0
# compatibility_mode=5893 16776573 100 94 48695 120497230 0 0
# scanned=172609
# found=3
# cleaned=0
# scan_time=5024
sh=4ECAEAA68000FEE2E12DE83896A5609B94A1F52B ft=0 fh=0000000000000000 vn="JS/Adware.Yontoo.A application" ac=I fn="C:\$Recycle.Bin\S-1-5-21-808812791-3364131652-3434471583-1001\$RO59M76.crx"
sh=56778DC1BFE9E1FA49DF14F166D81F59B6F392A8 ft=1 fh=8c8191f651417f2e vn="a variant of Win32/Adware.Yontoo.A application" ac=I fn="C:\$Recycle.Bin\S-1-5-21-808812791-3364131652-3434471583-1001\$ROZ1OU6.dll"
sh=97DE410CA61D4251AFF13C02B6A6362C8C447639 ft=1 fh=fdd990f8020c5088 vn="Win32/Adware.1ClickDownload.W application" ac=I fn="C:\Users\samsung\Downloads\hdplugin_firefox.exe"

Danke und viele Grüße

cosinus · 19.05.2013, 02:36

Was soll das für ein Plugin für den Firefox sein? Liegt bei dir im Download-Ordner
Der andere Kram ist Müll, liegt im Papierkorb. Bitte mal TFC anwenden:

TFC - Temp File Cleaner

Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop.
Schließe nun alle offenen Programme und trenne Dich von dem Internet.
Doppelklick auf die TFC.exe und drücke auf Start.
Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.

Hilfe bei der Entfernung von Spyhunter!

Plagegeister aller Art und deren Bekämpfung: Hilfe bei der Entfernung von Spyhunter!