Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Aufforderung die wssetup.exe von Perion zu starten erscheint nach Rechnerstart !

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 10.06.2013, 12:16   #1
HollyT
 
Aufforderung die wssetup.exe von Perion zu starten erscheint nach Rechnerstart ! - Frage

Aufforderung die wssetup.exe von Perion zu starten erscheint nach Rechnerstart !



hallo zusammen,

habe ebenfalls seit kurzer zeit das problem mit der wssetup.exe beim rechnerstart. ich schicke als anhang
OTL.TXT (EXTRAS.TXT wurde nicht erstellt) sowie GMER.TXT als gepacktes archiv.

und hier noch zur info einen kaspersky-bericht:

Code:
ATTFilter
Typ: Schwachstelle (4)	
hxxp://redirect.kaspersky.com/?hl=de-DE&target=securelist&rpe=1&function=advisories&VN=53681	Inaktiv	07.06.2013 14:48:23	C:\Program Files (x86)\Google\Chrome\Application\	old_chrome.exe	
hxxp://redirect.kaspersky.com/?hl=de-DE&target=securelist&rpe=1&function=advisories&VN=53008	Inaktiv	07.06.2013 14:45:34	C:\Program Files\Java\jre7\bin\	java.exe	
hxxp://redirect.kaspersky.com/?hl=de-DE&target=securelist&rpe=1&function=advisories&VN=48347	Inaktiv	07.06.2013 14:44:45	C:\Program Files\e-on software\Vue 11\Application\	python27.dll	
hxxp://redirect.kaspersky.com/?hl=de-DE&target=securelist&rpe=1&function=advisories&VN=49856	Virenfreies Objekt in der Quarantäne	07.06.2013 13:46:13	C:\Program Files (x86)\IrfanView\	i_view32.exe	

Typ: Phishing-Link (1)	
Schädlicher Link	Inaktiv	06.06.2013 20:22:23	hxxp://gogostats.info/	installed?a=f&aff=fried	

Typ: legales Programm, das von einem Angreifer benutzt werden kann, um den Computer oder die Benutzerdaten zu beschädigen (1)	
not-a-virus:WebToolbar.MSIL.Agent.a	Nicht gefunden	22.05.2013 12:16:12	C:\Program Files (x86)\Iminent\	Iminent.exe
         
ich bedanke mich vorab schon einmal fuer die hilfe !

gruss
Holly

Alt 10.06.2013, 12:23   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Aufforderung die wssetup.exe von Perion zu starten erscheint nach Rechnerstart ! - Standard

Aufforderung die wssetup.exe von Perion zu starten erscheint nach Rechnerstart !



Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die jemals fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!


Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 10.06.2013, 12:25   #3
HollyT
 
Aufforderung die wssetup.exe von Perion zu starten erscheint nach Rechnerstart ! - Standard

Aufforderung die wssetup.exe von Perion zu starten erscheint nach Rechnerstart !



Sorry !!!!

Leider im falschen Subforum gepostet. Sollte in "Plagegeister aller Art und deren Bekämpfung" rein. Vielleicht kann der Admin den Thread verschieben Danke !!!

Gruss
Holly

Zitat:
Zitat von cosinus Beitrag anzeigen
Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die jemals fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!


Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Keine weiteren Logs vorhanden !!
Wurde aufgefordert die Log-Dateien als Anhang zu schicken da als Code zu groß.

Gruss
Holly
__________________

Alt 10.06.2013, 12:41   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Aufforderung die wssetup.exe von Perion zu starten erscheint nach Rechnerstart ! - Standard

Aufforderung die wssetup.exe von Perion zu starten erscheint nach Rechnerstart !



Bitte lass die sinnfreien Fullquotes.
Und dieses Subforum ist schon ok für dein Thema.

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Dann bitte jetzt Combofix ausführen:

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 10.06.2013, 15:43   #5
HollyT
 
Aufforderung die wssetup.exe von Perion zu starten erscheint nach Rechnerstart ! - Standard

Aufforderung die wssetup.exe von Perion zu starten erscheint nach Rechnerstart !



hallo cosinus,

hier die Combofix.txt:

Code:
ATTFilter
ComboFix 13-06-08.02 - Holly Thomas 10.06.2013  14:44:08.3.8 - x64
ausgeführt von:: c:\users\Holly Thomas\Desktop\ComboFix.exe
 * Neuer Wiederherstellungspunkt wurde erstellt
.
 ADS - Windows: deleted 0 bytes in 1 streams. 
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1&1
c:\users\Holly Thomas\AppData\Roaming\1&1
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-05-10 bis 2013-06-10  ))))))))))))))))))))))))))))))
.
.
2013-06-10 12:50 . 2013-06-10 12:50	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2013-06-10 12:50 . 2013-06-10 12:50	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-06-07 12:24 . 2013-06-07 12:25	--------	d-----w-	C:\Python33
2013-06-07 12:18 . 2013-06-07 12:18	--------	d-----w-	c:\program files (x86)\Common Files\Java
2013-06-07 12:18 . 2013-06-07 12:17	95648	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-07 12:17 . 2013-06-07 12:17	--------	d-----w-	c:\program files (x86)\Java
2013-06-06 18:36 . 2013-06-06 18:36	--------	d-----w-	c:\users\Holly Thomas\AppData\Roaming\DivX
2013-06-06 18:24 . 2013-06-06 18:24	--------	d-----w-	c:\program files\DivX
2013-06-06 18:24 . 2013-06-06 18:24	--------	d-----w-	c:\program files (x86)\Common Files\DivX Shared
2013-06-06 18:21 . 2013-06-06 18:21	--------	d-----w-	c:\users\Holly Thomas\AppData\Roaming\DealPly
2013-06-06 18:21 . 2013-06-06 18:21	--------	d-----w-	c:\users\Holly Thomas\AppData\Roaming\DSite
2013-06-06 18:21 . 2013-06-07 18:05	--------	d-----w-	c:\programdata\Tarma Installer
2013-06-05 18:07 . 2013-06-05 18:07	--------	d-----w-	c:\program files (x86)\AKVIS
2013-06-05 18:01 . 2013-06-06 18:24	--------	d-----w-	c:\users\Holly Thomas\AppData\Local\Downloaded Installations
2013-06-03 18:49 . 2013-06-03 18:49	--------	d-----w-	c:\windows\SysWow64\jmdp
2013-06-03 18:49 . 2013-06-03 18:49	--------	d-----w-	c:\windows\SysWow64\ARFC
2013-06-03 18:49 . 2013-05-21 13:31	1447728	----a-w-	c:\windows\system32\dmwu.exe
2013-06-03 18:49 . 2013-05-21 13:30	33792	----a-w-	c:\windows\system32\ImHttpComm.dll
2013-06-03 18:49 . 2013-06-06 07:20	--------	d-----w-	c:\windows\SysWow64\WNLT
2013-06-02 18:23 . 2013-06-02 18:32	--------	d-----w-	c:\users\Holly Thomas\AppData\Roaming\Task Coach
2013-06-01 10:19 . 2013-06-10 12:37	--------	d-----w-	c:\users\Holly Thomas\AppData\Roaming\XYplorer
2013-06-01 10:19 . 2013-06-01 10:19	--------	d-----w-	c:\program files (x86)\XYplorer
2013-05-27 16:31 . 2013-05-28 11:10	--------	d-----w-	c:\users\Holly Thomas\AppData\Roaming\1-abc
2013-05-27 16:31 . 2013-05-27 16:31	--------	d-----w-	c:\program files (x86)\1-abc
2013-05-27 12:20 . 2013-05-28 14:11	--------	d-----w-	c:\users\Holly Thomas\AppData\Local\WEKA DVD Interface
2013-05-24 14:00 . 2013-05-11 22:27	262552	----a-w-	c:\program files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
2013-05-22 09:40 . 2012-07-11 15:09	64856	----a-w-	c:\windows\system32\klfphc.dll
2013-05-22 09:39 . 2013-05-22 09:39	--------	d-----w-	c:\windows\ELAMBKUP
2013-05-22 09:39 . 2013-06-10 12:52	--------	d-----w-	c:\programdata\Kaspersky Lab
2013-05-22 09:39 . 2013-05-22 09:39	--------	d-----w-	c:\program files (x86)\Kaspersky Lab
2013-05-22 09:39 . 2013-05-22 10:07	90208	----a-w-	c:\windows\system32\drivers\klflt.sys
2013-05-22 09:39 . 2013-05-22 10:07	620128	----a-w-	c:\windows\system32\drivers\klif.sys
2013-05-18 09:59 . 2013-05-18 10:00	--------	d-----w-	c:\users\Holly Thomas\AppData\Roaming\Steganos VPN
2013-05-18 09:57 . 2013-05-18 09:59	--------	d-----w-	c:\program files (x86)\Steganos Online Shield
2013-05-18 09:57 . 2013-05-18 09:57	--------	d-----w-	c:\program files (x86)\Common Files\Steganos
2013-05-18 09:55 . 2013-05-20 12:00	--------	d-----w-	c:\users\Holly Thomas\AppData\Roaming\Steganos
2013-05-15 22:03 . 2013-05-15 22:03	2653696	----a-w-	c:\windows\SysWow64\python33.dll
2013-05-15 22:03 . 2013-05-15 22:03	94208	----a-w-	c:\windows\pyw.exe
2013-05-15 22:03 . 2013-05-15 22:03	93696	----a-w-	c:\windows\py.exe
2013-05-15 18:20 . 2013-05-16 10:11	--------	d-----w-	c:\program files (x86)\Mozilla Thunderbird
2013-05-15 17:49 . 2013-05-15 18:31	--------	d-----w-	c:\users\Holly Thomas\AppData\Roaming\MS-Buchhalter
2013-05-15 17:49 . 2013-05-15 17:49	--------	d-----w-	c:\programdata\MS-Buchhalter
2013-05-15 17:49 . 2013-05-15 17:49	--------	d-----w-	c:\program files (x86)\MS-Buchhalter
2013-05-15 17:07 . 2013-05-15 17:11	--------	d-----w-	c:\users\Holly Thomas\hob_jportal
2013-05-15 12:49 . 2013-04-10 06:01	265064	----a-w-	c:\windows\system32\drivers\dxgmms1.sys
2013-05-15 10:58 . 2013-05-15 10:58	--------	d-----w-	c:\users\Holly Thomas\AppData\Local\ProSaldo
2013-05-15 10:56 . 2013-05-15 10:56	--------	d-----w-	c:\program files (x86)\ProSaldo
2013-05-14 17:11 . 2013-02-16 23:40	28672	----a-w-	c:\windows\system32\IEUDINIT.EXE
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-07 12:17 . 2012-01-25 20:13	866720	----a-w-	c:\windows\SysWow64\npdeployJava1.dll
2013-06-07 12:17 . 2011-07-18 21:13	788896	----a-w-	c:\windows\SysWow64\deployJava1.dll
2013-05-22 10:07 . 2012-08-13 14:49	178448	----a-w-	c:\windows\system32\drivers\kneps.sys
2013-05-22 10:07 . 2012-07-25 12:53	29528	----a-w-	c:\windows\system32\drivers\klmouflt.sys
2013-05-22 10:07 . 2012-06-08 09:38	55056	----a-w-	c:\windows\system32\drivers\kltdi.sys
2013-05-22 10:07 . 2012-05-25 17:38	29016	----a-w-	c:\windows\system32\drivers\klkbdflt.sys
2013-05-16 17:34 . 2011-03-29 01:36	22240	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-15 14:55 . 2011-07-18 20:31	75016696	----a-w-	c:\windows\system32\MRT.exe
2013-05-15 14:12 . 2012-09-29 13:21	692104	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-15 14:12 . 2011-12-01 21:26	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-13 05:49 . 2013-05-15 12:49	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 12:49	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 12:49	308736	----a-w-	c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 12:49	111104	----a-w-	c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 12:49	474624	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 12:49	2176512	----a-w-	c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-24 07:28	1656680	----a-w-	c:\windows\system32\drivers\ntfs.sys
2013-03-23 01:09 . 2013-03-23 01:09	354656	----a-w-	c:\windows\SysWow64\DivXControlPanelApplet.cpl
2013-03-19 06:04 . 2013-04-10 07:33	5550424	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-10 07:33	43520	----a-w-	c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-10 07:33	3968856	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 07:33	3913560	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-10 07:33	6656	----a-w-	c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-10 07:33	112640	----a-w-	c:\windows\system32\smss.exe
2013-03-18 16:34 . 2013-03-01 18:03	119808	----a-w-	c:\windows\system32\GFilterSvc.exe
2013-03-18 13:16 . 2013-03-18 13:16	72	----a-w-	c:\windows\Vue 7.5 xStream.reg
2013-03-18 13:16 . 2013-03-18 13:16	70	----a-w-	c:\windows\Vue 7 xStream.reg
2013-03-18 13:16 . 2013-03-18 13:16	70	----a-w-	c:\windows\Vue 6 xStream.reg
2013-03-15 05:53 . 2013-04-02 17:12	968408	----a-w-	c:\windows\SysWow64\nvumdshim.dll
2013-03-15 05:53 . 2013-04-02 17:12	9414456	----a-w-	c:\windows\system32\nvcuda.dll
2013-03-15 05:53 . 2013-04-02 17:12	7959000	----a-w-	c:\windows\SysWow64\nvcuda.dll
2013-03-15 05:53 . 2013-04-02 17:12	7573816	----a-w-	c:\windows\system32\nvopencl.dll
2013-03-15 05:53 . 2013-04-02 17:12	6271872	----a-w-	c:\windows\SysWow64\nvopencl.dll
2013-03-15 05:53 . 2013-04-02 17:12	420128	----a-w-	c:\windows\system32\nvEncodeAPI64.dll
2013-03-15 05:53 . 2013-04-02 17:12	364832	----a-w-	c:\windows\SysWow64\nvEncodeAPI.dll
2013-03-15 05:53 . 2013-04-02 17:12	30496	----a-w-	c:\windows\system32\drivers\nvpciflt.sys
2013-03-15 05:53 . 2013-04-02 17:12	2913056	----a-w-	c:\windows\system32\nvcuvid.dll
2013-03-15 05:53 . 2013-04-02 17:12	2728736	----a-w-	c:\windows\SysWow64\nvcuvid.dll
2013-03-15 05:53 . 2013-04-02 17:12	26956576	----a-w-	c:\windows\system32\nvoglv64.dll
2013-03-15 05:53 . 2013-04-02 17:12	2539128	----a-w-	c:\windows\SysWow64\nvapi.dll
2013-03-15 05:53 . 2013-04-02 17:12	25256736	----a-w-	c:\windows\system32\nvcompiler.dll
2013-03-15 05:53 . 2013-04-02 17:12	2355488	----a-w-	c:\windows\system32\nvcuvenc.dll
2013-03-15 05:53 . 2013-04-02 17:12	20542752	----a-w-	c:\windows\SysWow64\nvoglv32.dll
2013-03-15 05:53 . 2013-04-02 17:12	1995552	----a-w-	c:\windows\SysWow64\nvcuvenc.dll
2013-03-15 05:53 . 2013-04-02 17:12	1807136	----a-w-	c:\windows\system32\nvdispco6431422.dll
2013-03-15 05:53 . 2013-04-02 17:12	17990800	----a-w-	c:\windows\system32\nvd3dumx.dll
2013-03-15 05:53 . 2013-04-02 17:12	17560352	----a-w-	c:\windows\SysWow64\nvcompiler.dll
2013-03-15 05:53 . 2013-04-02 17:12	15508512	----a-w-	c:\windows\system32\nvwgf2umx.dll
2013-03-15 05:53 . 2013-04-02 17:12	1510176	----a-w-	c:\windows\system32\nvdispgenco6431422.dll
2013-03-15 05:53 . 2013-04-02 17:12	15042928	----a-w-	c:\windows\SysWow64\nvd3dum.dll
2013-03-15 05:53 . 2013-04-02 17:12	13088000	----a-w-	c:\windows\SysWow64\nvwgf2um.dll
2013-03-15 05:53 . 2013-04-02 17:12	11048736	----a-w-	c:\windows\system32\drivers\nvlddmkm.sys
2013-03-15 05:53 . 2013-04-02 16:35	205184	----a-w-	c:\windows\SysWow64\nvinit.dll
2013-03-15 05:53 . 2012-03-13 04:12	1118776	----a-w-	c:\windows\system32\nvumdshimx.dll
2013-03-15 05:53 . 2012-03-13 04:12	250504	----a-w-	c:\windows\system32\nvinitx.dll
2013-03-15 05:53 . 2012-03-13 04:12	2864144	----a-w-	c:\windows\system32\nvapi64.dll
2013-03-15 04:16 . 2012-03-13 04:13	3477280	----a-w-	c:\windows\system32\nvsvc64.dll
2013-03-15 04:16 . 2012-03-13 04:13	6398240	----a-w-	c:\windows\system32\nvcpl.dll
2013-03-15 04:16 . 2012-03-13 04:13	877856	----a-w-	c:\windows\system32\nvvsvc.exe
2013-03-15 04:16 . 2012-03-13 04:13	76064	----a-w-	c:\windows\system32\nv3dappshextr.dll
2013-03-15 04:16 . 2012-03-13 04:13	63776	----a-w-	c:\windows\system32\nvshext.dll
2013-03-15 04:16 . 2012-03-13 04:13	2555680	----a-w-	c:\windows\system32\nvsvcr.dll
2013-03-15 04:16 . 2012-03-13 04:13	237856	----a-w-	c:\windows\system32\nvmctray.dll
2013-03-15 04:16 . 2012-03-13 04:13	1016096	----a-w-	c:\windows\system32\nv3dappshext.dll
2013-03-14 20:07 . 2013-03-14 20:07	559904	----a-w-	c:\windows\SysWow64\nvStreaming.exe
2013-03-13 23:05 . 2013-03-27 17:53	529392	----a-w-	c:\windows\system32\igfxsrvc.exe
2013-03-13 23:05 . 2013-03-27 17:53	279024	----a-w-	c:\windows\SysWow64\IntelCpHeciSvc.exe
2013-03-13 23:05 . 2013-03-27 17:53	165872	----a-w-	c:\windows\system32\igfxtray.exe
2013-03-13 23:05 . 2013-03-27 17:53	441840	----a-w-	c:\windows\system32\igfxpers.exe
2013-03-13 23:05 . 2013-03-27 17:53	250864	----a-w-	c:\windows\system32\igfxext.exe
2013-03-13 23:05 . 2013-03-27 17:53	7558640	----a-w-	c:\windows\system32\GfxUIEx.exe
2013-03-13 23:05 . 2013-03-27 17:53	745968	----a-w-	c:\windows\system32\GfxUIHotKeyMenu.exe
2013-03-13 23:05 . 2013-03-27 17:53	407536	----a-w-	c:\windows\system32\hkcmd.exe
2013-03-13 23:05 . 2013-03-27 17:53	534000	----a-w-	c:\windows\system32\DPTopologyApp.exe
2013-03-13 23:05 . 2013-03-27 17:53	397808	----a-w-	c:\windows\system32\CustomModeApp.exe
2013-03-13 23:05 . 2013-03-27 17:53	185840	----a-w-	c:\windows\system32\difx64.exe
2013-03-13 16:24 . 2012-03-13 04:13	3065455	----a-w-	c:\windows\system32\nvcoproc.bin
2001-08-14 01:10 . 2013-01-27 17:06	131072	----a-w-	c:\program files (x86)\Uninstal.EXE
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]
"Software4u-System Observer"="c:\program files (x86)\Software4u\Registry CleanUP 5\Software4u.SCObserver.exe" [2011-02-09 95744]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2012-12-16 765200]
"1&1_1&1 Office-Drive Manager"="c:\program files (x86)\1&1\1&1 Office-Drive Manager\DAVSRV.EXE" [2012-09-24 993392]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-12-04 291648]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SweetIM"="c:\program files (x86)\SweetIM\Messenger\SweetIM.exe" [2012-05-29 115032]
"Sweetpacks Communicator"="c:\program files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe" [2012-08-15 231768]
"SearchSettings"="c:\program files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" [2013-02-07 1239360]
"IminentMessenger"="c:\program files (x86)\Iminent\Iminent.Messengers.exe" [2013-01-25 884784]
"UIExec"="c:\program files (x86)\Join Air\UIExec.exe" [2010-04-27 138072]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [2013-05-22 356376]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0SmartDefragBootTime.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 AddonsHelper;AddonsHelper;c:\users\Holly Thomas\AppData\Local\Temp\OCS\Downloads\0674e23d6502b36621d489f1b4fbd22a\8a2438a7aa1e858526caff1f4deab159\AddonsHelper.exe;c:\users\Holly Thomas\AppData\Local\Temp\OCS\Downloads\0674e23d6502b36621d489f1b4fbd22a\8a2438a7aa1e858526caff1f4deab159\AddonsHelper.exe [x]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
R2 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
R2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
R2 PSI_SVC_2_x64;Protexis Licensing V2 x64;c:\program files\Common Files\Protexis\License Service\PsiService_2.exe;c:\program files\Common Files\Protexis\License Service\PsiService_2.exe [x]
R2 Soda PDF 5 Helper Service;Soda PDF 5 Helper Service;c:\program files (x86)\Soda PDF 5\HelperService.exe;c:\program files (x86)\Soda PDF 5\HelperService.exe [x]
R2 Soda PDF 5 Service;Soda PDF 5 Service;c:\program files (x86)\Soda PDF 5\ConversionService.exe;c:\program files (x86)\Soda PDF 5\ConversionService.exe [x]
R2 SystemStoreService;System Store Service;c:\program files (x86)\SelfUpdater\SystemStore.exe  -displayname System Store Service -servicename SystemStoreService;c:\program files (x86)\SelfUpdater\SystemStore.exe  -displayname System Store Service -servicename SystemStoreService [x]
R2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
R3 ampa;ampa;c:\windows\system32\ampa.sys;c:\windows\SYSNATIVE\ampa.sys [x]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protokoll;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [x]
R3 ddmdrv;ddmdrv;c:\windows\system32\ddmdrv.sys;c:\windows\SYSNATIVE\ddmdrv.sys [x]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys;c:\windows\SYSNATIVE\drivers\massfilter.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 RRNetCap;RRNetCap Service;c:\windows\system32\DRIVERS\rrnetcap.sys;c:\windows\SYSNATIVE\DRIVERS\rrnetcap.sys [x]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8192su.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\drivers\iusb3hcs.sys;c:\windows\SYSNATIVE\drivers\iusb3hcs.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys;c:\windows\SYSNATIVE\Drivers\SmartDefragDriver.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]
S1 ui11drdr;ui11drdr;c:\windows\system32\DRIVERS\ui11drdr.sys;c:\windows\SYSNATIVE\DRIVERS\ui11drdr.sys [x]
S1 Uim_VIM;UIM Virtual Image Plugin;c:\windows\system32\Drivers\uim_vimx64.sys;c:\windows\SYSNATIVE\Drivers\uim_vimx64.sys [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 DAZContentManagementService;DAZ Content Management Service;c:\program files\DAZ 3D\Content Management Service\ContentManagementServer.exe ;c:\program files\DAZ 3D\Content Management Service\ContentManagementServer.exe  [x]
S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe;c:\program files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe [x]
S2 GFilterSvc;G-Filter Service;c:\windows\System32\GFilterSvc.exe;c:\windows\SYSNATIVE\GFilterSvc.exe [x]
S2 GFNEXSrv;GFNEX Service;c:\program files (x86)\PHotkey\GFNEXSrv.exe;c:\program files (x86)\PHotkey\GFNEXSrv.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 IBUpdaterService;IBUpdaterService;c:\windows\system32\dmwu.exe;c:\windows\SYSNATIVE\dmwu.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 LiveTunerPM;Ashampoo LiveTuner ProcessMonitor Driver;c:\program files (x86)\Ashampoo\Ashampoo WinOptimizer 9\LiveTunerProcessMonitor64.sys;c:\program files (x86)\Ashampoo\Ashampoo WinOptimizer 9\LiveTunerProcessMonitor64.sys [x]
S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [x]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\nlssrv32.exe;c:\windows\SYSNATIVE\nlssrv32.exe [x]
S2 O&O CleverCache;O&O CleverCache ;c:\program files\OO Software\CleverCache\ooccag.exe;c:\program files\OO Software\CleverCache\ooccag.exe [x]
S2 Online Shield Starter Service;Online Shield Starter Service;c:\program files (x86)\Steganos Online Shield\OnlineShieldService.exe;c:\program files (x86)\Steganos Online Shield\OnlineShieldService.exe [x]
S2 PEGAGFN;PEGAGFN;c:\program files (x86)\PHotkey\PEGAGFN.sys;c:\program files (x86)\PHotkey\PEGAGFN.sys [x]
S2 print64;Filtertreiber Windows der;c:\windows\system32\NlsDatb0816.exe;c:\windows\SYSNATIVE\NlsDatb0816.exe [x]
S2 SearchAnonymizer;SearchAnonymizer;c:\users\Holly Thomas\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe;c:\users\Holly Thomas\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe [x]
S2 SProtection;SProtection;c:\program files (x86)\Common Files\Umbrella\umbrella.exe;c:\program files (x86)\Common Files\Umbrella\umbrella.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 UI Assistant Service;UI Assistant Service;c:\program files (x86)\Join Air\AssistantServices.exe;c:\program files (x86)\Join Air\AssistantServices.exe [x]
S2 WO_LiveService;Ashampoo LiveTuner Service;c:\program files (x86)\Ashampoo\Ashampoo WinOptimizer 9\LiveTunerService.exe;c:\program files (x86)\Ashampoo\Ashampoo WinOptimizer 9\LiveTunerService.exe [x]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed - Virtueller Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe;c:\program files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe [x]
S3 ibtfltcoex;ibtfltcoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
S3 RRNetCapMP;RRNetCapMP;c:\windows\system32\DRIVERS\rrnetcap.sys;c:\windows\SYSNATIVE\DRIVERS\rrnetcap.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-06 07:57	1165776	----a-w-	c:\program files (x86)\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-29 14:12]
.
2013-06-10 c:\windows\Tasks\AmiUpdXp.job
- c:\users\Holly Thomas\AppData\Local\SwvUpdater\Updater.exe [2013-01-22 16:06]
.
2013-06-10 c:\windows\Tasks\DSite.job
- c:\users\HOLLYT~1\AppData\Roaming\DSite\UpdateProc\UpdateTask.exe [2013-06-06 18:21]
.
2013-06-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-25 16:15]
.
2013-06-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-25 16:15]
.
2013-06-07 c:\windows\Tasks\One-Click Optimizer.job
- c:\program files (x86)\Ashampoo\Ashampoo WinOptimizer 9\WO9.exe [2013-02-17 10:20]
.
2013-06-10 c:\windows\Tasks\PC Fresh.job
- c:\program files (x86)\PC Fresh\PC Fresh.exe [2012-10-13 08:09]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ooccctrl.exe"="c:\program files\OO Software\CleverCache\ooccctrl.exe" [2009-12-09 4314440]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"Ocs_SM"="c:\users\Holly Thomas\AppData\Roaming\OCS\SM\SearchAnonymizer.exe" [2013-01-16 106496]
"cFosSpeed"="c:\program files\cFosSpeed\cFosSpeed.exe" [2013-02-14 2000224]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-02-05 13269064]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2013-01-18 1276488]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-03-13 165872]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-03-13 407536]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-03-13 441840]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2013-01-31 36352]
"BLEServicesCtrl"="c:\program files (x86)\Intel\Bluetooth\BleServicesCtrl.exe" [2012-09-17 184112]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshellex.dll" [2012-11-16 11585408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An Bluetooth senden - c:\program files (x86)\Intel\Bluetooth\btSendToObject.htm
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4
FF - ProfilePath - c:\users\Holly Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\k23g37x1.default\
FF - prefs.js: browser.startup.homepage - hxxps://news.google.de/nwshp?hl=de&tab=wn&pog=false
FF - ExtSQL: 2013-04-19 14:15; foxmarks@kei.com; c:\users\Holly Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\k23g37x1.default\extensions\foxmarks@kei.com
FF - ExtSQL: 2013-04-19 14:22; {F8A55C97-3DB6-4961-A81D-0DE0080E53CB}; c:\users\Holly Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\k23g37x1.default\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}.xpi
FF - ExtSQL: 2013-04-19 15:08; {d49175b3-3fd8-43b8-b28e-da5d47f3c398}; c:\users\Holly Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\k23g37x1.default\extensions\{d49175b3-3fd8-43b8-b28e-da5d47f3c398}.xpi
FF - ExtSQL: 2013-04-26 19:12; {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}; c:\users\Holly Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\k23g37x1.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
FF - ExtSQL: 2013-05-22 12:07; anti_banner@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF - ExtSQL: 2013-05-22 12:07; content_blocker@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF - ExtSQL: 2013-05-22 12:07; online_banking@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF - ExtSQL: 2013-05-22 12:07; url_advisor@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF - ExtSQL: 2013-05-22 12:07; virtual_keyboard@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF - ExtSQL: 2013-06-06 20:21; plugin@getwebcake.com; c:\users\Holly Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\k23g37x1.default\extensions\plugin@getwebcake.com
.
.
------- Dateityp-Verknüpfung -------
.
.scr does not exist!
.reg does not exist!
.txt does not exist!
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{03EB0E9C-7A91-4381-A220-9B52B641CDB1} - (no file)
BHO-{03EB0E9C-7A91-4381-A220-9B52B641CDB1} - (no file)
BHO-{11111111-1111-1111-1111-110211301130} - (no file)
BHO-{BBD43808-9D13-4B0B-B023-178FD1FAE442} - (no file)
BHO-{C1AF5FA5-852C-4C90-812E-A7F75E011D87} - (no file)
BHO-{C737F472-1193-4281-BF53-A00B67AB3E19} - (no file)
BHO-{EF7BD87A-8024-11E2-F316-F3E56188709B} - (no file)
Toolbar-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
Toolbar-{03EB0E9C-7A91-4381-A220-9B52B641CDB1} - (no file)
Toolbar-{F335ABA2-FDB4-4644-92B2-5CC4B0FC91D6} - (no file)
Toolbar-{82E1477C-B154-48D3-9891-33D83C26BCD3} - (no file)
ShellIconOverlayIdentifiers-{6A86DAFA-242F-4E90-A4AD-D01E6B56E6EA} - (no file)
ShellIconOverlayIdentifiers-{6A86DAFA-242F-4E90-A4AD-D01E6B56E6EA} - (no file)
AddRemove-DealPly - c:\program files (x86)\DealPly\uninst.exe
AddRemove-GoZ DS4 (64bit) 1.2.1.56 - c:\program files\DAZ 3D\DAZStudio4\Uninstallers\Remove-DS4_GoZ_Win64.exe
AddRemove-{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB2729460 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\setup.exe
AddRemove-{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB2737083 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\setup.exe
AddRemove-{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB2742613 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\setup.exe
AddRemove-{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB2750147 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\setup.exe
AddRemove-{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB2789648 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\setup.exe
AddRemove-{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB2804582 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MpsSvc]
"ImagePath"="."
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OOCC7.00.00.01PROSTATION"="9ACA4C9BCC53D4A4374D5A5C6060FC49478F67AB37A8F3D14B6DD68B3E87BE691FB86D6C68D834CCB29DBCED6CB932B9504A18EE132160A0EFEBA56D97BF813024FEF4B59539562D0766AD6704258E9CC95B42C24A644FB8C729C2C758C8BFBDAA3AB22B5903B2FE26F0751170ECD250B7DAC6A3061C68BE83A647EEA9C6AB1C39F61893FE76A45006F6FE46398FA308A14F2A23B0223BABDF5BF2C778925BA6D83A3C4B140AEC8123ABDC79B1BF884913B7FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A6171C11EC38DE3DA2D97226D213B5558EDD5E5BE2F6E667A60577AA1799EB809D8ABCA6E37D474F4166F911F62978DFDFD76C522C4AD41D7D97A7E57D311557B3215217BE3D9B7536BD76995B91CA6A56E3606FAA1F6887216D8998D07E9C9888139C1D3515EECB1DBE00DA7C12E3F2DAAC733128B11C0F82D9C3F0AADA942A82468423260564087507DD1BA56E971D26A2F0DB75AA15E133C241D085F493E8AF38B2C9D5DD22D163C79DD5023EBFFC97CC65694B06FA226A252FCBC04E33253D7998E06EC7D5C6B1478D3CA36EB79D2FC42185C194FEE7028FFE2D1FBC94A281ADE871FABC2DF7CBDDC33081BD617D153ABA11D7FBCF3E7AA5E7F14969D798F18C99346C0D5DEAC37996C972BFA10E126E891F71B42524769EE4CB495326B42D64E59896591E184D9AA3D4B55D5FB492392CF9530C378C3CC4321F8FCAA716F1134EC0321AA9ECC1564B506C50084D2B02031DA7A1C4DDB678D3086FF60CCFA38E1603DB99404A9ED630EF1BAB8C2410C9B33A7E6A0E7375AC0ED09FD086EBCA5D42EA14F6268404D8BA1C2CCF627B1C2028B449AF5A1DAB69EC7D3CA6CCE3131E2036BE24A265B7AE98EE6C768109CCAE8B25DD0E729CAEC8BDC245191B2B4C7FBD58A3E7812AA13BB7380E2B6578C3ACD059767624A9F97A12891C9EADA26A46EE75715D1203CEFA4F7BA5CC90E6C6E9AB50B32E40702E4240708A02C92405CACA6A36F329957178D4712C90866641C8163F954C9D0E8BF6E34839DFB37AD879AB46E7ED9CFADB56848480FC50FB3F3F4D8D04BE1695FA83D896BAAA38664552B0485D6248400AC9DF55E26E7A23F2D6D15AC947061006E6C39580A7A49CCEE8BEE9D4BA0D65961BAA36F815944AB3AF697313F750F6DCB6083261704BC31C677A556DB74E61C3A9ECAE4CF336D1F8F91DDF73BCDAB8D117D28D9AF204787A08D1672CEAF29BF564F27A4B63759062FCBA55E1D08D3A5A45107D4A7129CB589CF1B4783B67F036D1CB0AC48E6FCFB29252C2B8C3D6511490F18C748198BF4B874E0220629A33AF8B4D007075454E4E2AB948357CA8C83CDBF0F7800C36CD8AC31ECBD2F10128363E0EB367EB1B3EBEC409B87BB2"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\PHotkey\ASLDRSrv.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\PHotkey\GPMTray.exe
c:\program files (x86)\PHotkey\MsgTranAgt.exe
c:\program files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
c:\windows\SysWOW64\jmdp\stij.exe
c:\windows\SysWOW64\nlssrv32.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-06-10  14:58:17 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-06-10 12:58
ComboFix2.txt  2013-06-10 12:13
.
Vor Suchlauf: 19 Verzeichnis(se), 408,014,979,072 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 407,918,460,928 Bytes frei
.
- - End Of File - - E336D01F63FF155355E0FA4EFA93A270
4624822E540EC83CD0819525C65846BA
         
habe jetzt aber das Problem, dass ich die Systemsteuerung nicht mehr öffnen kann.
Popup Fehlermeldung:

Fensterüberschrift ::{26EE0668-A00A-44D7-9371-BEB064C98683}

Fehlermeldung Der Datei ist kein Programm zum Ausführen dieserAktion zugeordnet. Installieren Sie ein entsprechendes Programm, oder erstellen Sie in der Systemsteuerung unter "Standartprogramme" eine Zuordnung, wenn bereits ein Programm installiert ist

Drücke ich jetzt den "OK" Button, erscheint ein neues Fenster mit gleicher Meldung aber anderer Überschrift Explorer.EXE

Auch kann ich auf meine Laufwerke weder über das Icon "auf dem Desktop noch über das Startmenü zugreifen. Andere von mir angelegte Ordner öffnen sich auch nicht. Hierbei erscheint aber keine Fehlermeldung, es tut sich einfach nichts

Gruss
Holly


Alt 10.06.2013, 16:01   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Aufforderung die wssetup.exe von Perion zu starten erscheint nach Rechnerstart ! - Standard

Aufforderung die wssetup.exe von Perion zu starten erscheint nach Rechnerstart !



Bitte die drei Tools MBAR / aswMBR / TDSSkiller nun ausführen und die Logs in CODE-Tags posten


MBAR (Malwarebytes Anti-Rootkit)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers


aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
--> Aufforderung die wssetup.exe von Perion zu starten erscheint nach Rechnerstart !

Alt 11.06.2013, 09:41   #7
HollyT
 
Aufforderung die wssetup.exe von Perion zu starten erscheint nach Rechnerstart ! - Standard

Aufforderung die wssetup.exe von Perion zu starten erscheint nach Rechnerstart !



Soweit alles geklappt

mbar-Log:

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.06.0.1003
www.malwarebytes.org

Database version: v2013.06.10.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16576
Holly Thomas :: HOLLYTHOMAS-PC [administrator]

10.06.2013 19:30:44
mbar-log-2013-06-10 (19-30-44).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: Deep Anti-Rootkit Scan | PUP
Objects scanned: 265384
Time elapsed: 9 minute(s), 22 second(s)

Memory Processes Detected: 1
c:\Windows\System32\nlsdatb0816.exe (Adware.Agent) -> 3884 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\print64 (Adware.Agent) -> Delete on reboot.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
c:\Windows\System32\nlsdatb0816.exe (Adware.Agent) -> Delete on reboot.

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         
aswMBR-Log:

Code:
ATTFilter
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-06-10 20:13:05
-----------------------------
20:13:05.101    OS Version: Windows x64 6.1.7601 Service Pack 1
20:13:05.101    Number of processors: 8 586 0x3A09
20:13:05.101    ComputerName: HOLLYTHOMAS-PC  UserName: Holly Thomas
20:13:07.488    Initialize success
20:13:21.362    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000008b
20:13:21.362    Disk 0 Vendor: ATA_____ 0002 Size: 715404MB BusType: 11
20:13:21.612    Disk 0 MBR read error 0
20:13:21.612    Disk 0 MBR scan
20:13:21.612    Disk 0 unknown MBR code
20:13:21.612    MBR BIOS signature not found 0
20:13:21.752    Disk 0 scanning C:\Windows\system32\drivers
20:13:28.367    Service scanning
20:13:37.524    Service kl1 C:\Windows\system32\DRIVERS\kl1.sys **LOCKED** 5
20:13:37.602    Service KLIM6 C:\Windows\system32\DRIVERS\klim6.sys **LOCKED** 5
20:13:37.633    Service klkbdflt C:\Windows\system32\DRIVERS\klkbdflt.sys **LOCKED** 5
20:13:37.649    Service klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys **LOCKED** 5
20:13:37.680    Service kltdi C:\Windows\system32\DRIVERS\kltdi.sys **LOCKED** 5
20:13:37.727    Service kneps C:\Windows\system32\DRIVERS\kneps.sys **LOCKED** 5
20:13:49.162    Modules scanning
20:13:49.162    Disk 0 trace - called modules:
20:13:49.193    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStorF.sys storport.sys hal.dll iaStorA.sys 
20:13:49.209    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007b63790]
20:13:49.209    3 CLASSPNP.SYS[fffff880019b943f] -> nt!IofCallDriver -> [0xfffffa8007a89c50]
20:13:49.224    5 iaStorF.sys[fffff8800249fa2c] -> nt!IofCallDriver -> \Device\0000008b[0xfffffa8005d268f0]
20:13:49.224    Scan finished successfully
20:14:22.593    Disk 0 MBR has been saved successfully to "C:\Users\Holly Thomas\Desktop\MBR.dat"
20:14:22.593    The log file has been saved successfully to "C:\Users\Holly Thomas\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-06-10 20:22:30
-----------------------------
20:22:30.847    OS Version: Windows x64 6.1.7601 Service Pack 1
20:22:30.847    Number of processors: 8 586 0x3A09
20:22:30.847    ComputerName: HOLLYTHOMAS-PC  UserName: Holly Thomas
20:22:32.516    Initialize success
20:42:28.795    AVAST engine defs: 13061001
20:43:13.504    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000008b
20:43:13.504    Disk 0 Vendor: ATA_____ 0002 Size: 715404MB BusType: 11
20:43:13.707    Disk 0 MBR read successfully
20:43:13.723    Disk 0 MBR scan
20:43:13.723    Disk 0 unknown MBR code
20:43:13.738    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
20:43:13.754    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       450000 MB offset 206848
20:43:13.785    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       264276 MB offset 921808896
20:43:13.816    Disk 0 Partition 4 00     12  Compaq diag NTFS         1025 MB offset 1463046144
20:43:13.925    Disk 0 scanning C:\Windows\system32\drivers
20:43:25.532    Service scanning
20:43:54.361    Modules scanning
20:43:54.361    Disk 0 trace - called modules:
20:43:54.423    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStorF.sys storport.sys hal.dll iaStorA.sys 
20:43:54.439    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007b63790]
20:43:54.439    3 CLASSPNP.SYS[fffff880019b943f] -> nt!IofCallDriver -> [0xfffffa8007a89c50]
20:43:54.454    5 iaStorF.sys[fffff8800249fa2c] -> nt!IofCallDriver -> \Device\0000008b[0xfffffa8005d268f0]
20:43:55.531    AVAST engine scan C:\Windows
20:43:59.228    AVAST engine scan C:\Windows\system32
20:46:42.077    AVAST engine scan C:\Windows\system32\drivers
20:46:52.591    AVAST engine scan C:\Users\Holly Thomas
20:52:34.918    AVAST engine scan C:\ProgramData
20:54:14.743    Scan finished successfully
20:55:25.114    Disk 0 MBR has been saved successfully to "C:\Users\Holly Thomas\Desktop\MBR.dat"
20:55:25.114    The log file has been saved successfully to "C:\Users\Holly Thomas\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-06-10 20:22:30
-----------------------------
20:22:30.847    OS Version: Windows x64 6.1.7601 Service Pack 1
20:22:30.847    Number of processors: 8 586 0x3A09
20:22:30.847    ComputerName: HOLLYTHOMAS-PC  UserName: Holly Thomas
20:22:32.516    Initialize success
20:42:28.795    AVAST engine defs: 13061001
20:43:13.504    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000008b
20:43:13.504    Disk 0 Vendor: ATA_____ 0002 Size: 715404MB BusType: 11
20:43:13.707    Disk 0 MBR read successfully
20:43:13.723    Disk 0 MBR scan
20:43:13.723    Disk 0 unknown MBR code
20:43:13.738    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
20:43:13.754    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       450000 MB offset 206848
20:43:13.785    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       264276 MB offset 921808896
20:43:13.816    Disk 0 Partition 4 00     12  Compaq diag NTFS         1025 MB offset 1463046144
20:43:13.925    Disk 0 scanning C:\Windows\system32\drivers
20:43:25.532    Service scanning
20:43:54.361    Modules scanning
20:43:54.361    Disk 0 trace - called modules:
20:43:54.423    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStorF.sys storport.sys hal.dll iaStorA.sys 
20:43:54.439    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007b63790]
20:43:54.439    3 CLASSPNP.SYS[fffff880019b943f] -> nt!IofCallDriver -> [0xfffffa8007a89c50]
20:43:54.454    5 iaStorF.sys[fffff8800249fa2c] -> nt!IofCallDriver -> \Device\0000008b[0xfffffa8005d268f0]
20:43:55.531    AVAST engine scan C:\Windows
20:43:59.228    AVAST engine scan C:\Windows\system32
20:46:42.077    AVAST engine scan C:\Windows\system32\drivers
20:46:52.591    AVAST engine scan C:\Users\Holly Thomas
20:52:34.918    AVAST engine scan C:\ProgramData
20:54:14.743    Scan finished successfully
20:55:25.114    Disk 0 MBR has been saved successfully to "C:\Users\Holly Thomas\Desktop\MBR.dat"
20:55:25.114    The log file has been saved successfully to "C:\Users\Holly Thomas\Desktop\aswMBR.txt"
20:55:38.027    Disk 0 MBR has been saved successfully to "C:\Users\Holly Thomas\Desktop\MBR.dat"
20:55:38.027    The log file has been saved successfully to "C:\Users\Holly Thomas\Desktop\aswMBR.txt"
         

TDSSKiller-Log:


Code:
ATTFilter
09:30:57.0589 2308  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
09:30:57.0589 2308  ============================================================
09:30:57.0589 2308  Current date / time: 2013/06/11 09:30:57.0589
09:30:57.0589 2308  SystemInfo:
09:30:57.0589 2308  
09:30:57.0589 2308  OS Version: 6.1.7601 ServicePack: 1.0
09:30:57.0589 2308  Product type: Workstation
09:30:57.0589 2308  ComputerName: HOLLYTHOMAS-PC
09:30:57.0589 2308  UserName: Holly Thomas
09:30:57.0589 2308  Windows directory: C:\Windows
09:30:57.0589 2308  System windows directory: C:\Windows
09:30:57.0589 2308  Running under WOW64
09:30:57.0589 2308  Processor architecture: Intel x64
09:30:57.0589 2308  Number of processors: 8
09:30:57.0589 2308  Page size: 0x1000
09:30:57.0589 2308  Boot type: Normal boot
09:30:57.0589 2308  ============================================================
09:30:58.0930 2308  Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x12629C6, SectorsPerTrack: 0x1, TracksPerCylinder: 0x4C, Type 'K0', Flags 0x00000040
09:30:58.0946 2308  ============================================================
09:30:58.0946 2308  \Device\Harddisk0\DR0:
09:30:58.0946 2308  MBR partitions:
09:30:58.0946 2308  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
09:30:58.0946 2308  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x36EE8000
09:30:58.0946 2308  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x36F1B000, BlocksNum 0x2042A000
09:30:58.0946 2308  ============================================================
09:30:59.0024 2308  C: <-> \Device\Harddisk0\DR0\Partition2
09:30:59.0071 2308  D: <-> \Device\Harddisk0\DR0\Partition3
09:30:59.0071 2308  ============================================================
09:30:59.0071 2308  Initialize success
09:30:59.0071 2308  ============================================================
09:31:07.0417 4040  ============================================================
09:31:07.0417 4040  Scan started
09:31:07.0417 4040  Mode: Manual; SigCheck; TDLFS; 
09:31:07.0417 4040  ============================================================
09:31:08.0041 4040  ================ Scan system memory ========================
09:31:08.0041 4040  System memory - ok
09:31:08.0041 4040  ================ Scan services =============================
09:31:08.0197 4040  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
09:31:08.0244 4040  1394ohci - ok
09:31:08.0259 4040  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
09:31:08.0275 4040  ACPI - ok
09:31:08.0290 4040  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
09:31:08.0306 4040  AcpiPmi - ok
09:31:08.0400 4040  AddonsHelper - ok
09:31:08.0509 4040  [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
09:31:08.0524 4040  AdobeARMservice - ok
09:31:08.0649 4040  [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
09:31:08.0665 4040  AdobeFlashPlayerUpdateSvc - ok
09:31:08.0758 4040  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
09:31:08.0790 4040  adp94xx - ok
09:31:08.0790 4040  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
09:31:08.0805 4040  adpahci - ok
09:31:08.0805 4040  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
09:31:08.0821 4040  adpu320 - ok
09:31:08.0836 4040  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
09:31:08.0868 4040  AeLookupSvc - ok
09:31:08.0883 4040  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
09:31:08.0899 4040  AFD - ok
09:31:08.0899 4040  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
09:31:08.0914 4040  agp440 - ok
09:31:08.0930 4040  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
09:31:08.0946 4040  ALG - ok
09:31:08.0946 4040  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
09:31:08.0946 4040  aliide - ok
09:31:08.0946 4040  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
09:31:08.0961 4040  amdide - ok
09:31:08.0977 4040  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
09:31:08.0977 4040  AmdK8 - ok
09:31:08.0992 4040  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
09:31:08.0992 4040  AmdPPM - ok
09:31:09.0008 4040  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
09:31:09.0008 4040  amdsata - ok
09:31:09.0055 4040  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
09:31:09.0055 4040  amdsbs - ok
09:31:09.0070 4040  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
09:31:09.0086 4040  amdxata - ok
09:31:09.0102 4040  [ E3C6DAE5493E9B07EE98711D04D863FF ] ampa            C:\Windows\system32\ampa.sys
09:31:09.0148 4040  ampa ( UnsignedFile.Multi.Generic ) - warning
09:31:09.0148 4040  ampa - detected UnsignedFile.Multi.Generic (1)
09:31:09.0211 4040  [ D46391F209DE0A98A97D1D1765F53438 ] AMPPAL          C:\Windows\system32\DRIVERS\AMPPAL.sys
09:31:09.0226 4040  AMPPAL - ok
09:31:09.0242 4040  [ D46391F209DE0A98A97D1D1765F53438 ] AMPPALP         C:\Windows\system32\DRIVERS\amppal.sys
09:31:09.0242 4040  AMPPALP - ok
09:31:09.0336 4040  [ EDFB061F7D553B84731B8263077FD520 ] AMPPALR3        C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
09:31:09.0398 4040  AMPPALR3 - ok
09:31:09.0429 4040  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
09:31:09.0460 4040  AppID - ok
09:31:09.0492 4040  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
09:31:09.0507 4040  AppIDSvc - ok
09:31:09.0538 4040  [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo         C:\Windows\System32\appinfo.dll
09:31:09.0538 4040  Appinfo - ok
09:31:09.0601 4040  [ A21971756255385CB494EF0E76FA653A ] Application Updater C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
09:31:09.0632 4040  Application Updater - ok
09:31:09.0679 4040  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
09:31:09.0694 4040  arc - ok
09:31:09.0694 4040  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
09:31:09.0694 4040  arcsas - ok
09:31:09.0757 4040  [ EFD89582B55DD32DC79C1A4EB54612A1 ] ASLDRService    C:\Program Files (x86)\PHotkey\ASLDRSrv.exe
09:31:09.0819 4040  ASLDRService - ok
09:31:09.0944 4040  [ 108FB6DDB69E537A2EA53F425363FAE5 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
09:31:09.0960 4040  aspnet_state - ok
09:31:09.0991 4040  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
09:31:10.0022 4040  AsyncMac - ok
09:31:10.0022 4040  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
09:31:10.0022 4040  atapi - ok
09:31:10.0069 4040  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
09:31:10.0084 4040  AudioEndpointBuilder - ok
09:31:10.0100 4040  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
09:31:10.0131 4040  AudioSrv - ok
09:31:10.0178 4040  [ 587EFD6A3A30A35A27904D21AE1FB882 ] AVP             C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
09:31:10.0240 4040  AVP - ok
09:31:10.0272 4040  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
09:31:10.0287 4040  AxInstSV - ok
09:31:10.0318 4040  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
09:31:10.0350 4040  b06bdrv - ok
09:31:10.0365 4040  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
09:31:10.0381 4040  b57nd60a - ok
09:31:10.0412 4040  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
09:31:10.0428 4040  BDESVC - ok
09:31:10.0474 4040  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
09:31:10.0521 4040  Beep - ok
09:31:10.0552 4040  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
09:31:10.0584 4040  BFE - ok
09:31:10.0615 4040  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\system32\qmgr.dll
09:31:10.0646 4040  BITS - ok
09:31:10.0677 4040  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
09:31:10.0677 4040  blbdrive - ok
09:31:10.0833 4040  [ 883D931697B804EBA802BE0061E7A902 ] Bluetooth Device Monitor C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
09:31:10.0864 4040  Bluetooth Device Monitor - ok
09:31:11.0083 4040  [ C7A590C6B249B3CB4724F9863ED6D18A ] Bluetooth Media Service C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
09:31:11.0114 4040  Bluetooth Media Service - ok
09:31:11.0145 4040  [ CC1C3137DE8A2C858E450D286A87C6BC ] Bluetooth OBEX Service C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
09:31:11.0161 4040  Bluetooth OBEX Service - ok
09:31:11.0176 4040  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
09:31:11.0176 4040  bowser - ok
09:31:11.0208 4040  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
09:31:11.0208 4040  BrFiltLo - ok
09:31:11.0223 4040  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
09:31:11.0239 4040  BrFiltUp - ok
09:31:11.0286 4040  [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
09:31:11.0317 4040  BridgeMP - ok
09:31:11.0348 4040  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
09:31:11.0364 4040  Browser - ok
09:31:11.0379 4040  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
09:31:11.0395 4040  Brserid - ok
09:31:11.0395 4040  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
09:31:11.0395 4040  BrSerWdm - ok
09:31:11.0410 4040  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
09:31:11.0410 4040  BrUsbMdm - ok
09:31:11.0410 4040  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
09:31:11.0426 4040  BrUsbSer - ok
09:31:11.0457 4040  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
09:31:11.0457 4040  BthEnum - ok
09:31:11.0473 4040  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
09:31:11.0488 4040  BTHMODEM - ok
09:31:11.0488 4040  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
09:31:11.0504 4040  BthPan - ok
09:31:11.0535 4040  [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT         C:\Windows\system32\Drivers\BTHport.sys
09:31:11.0551 4040  BTHPORT - ok
09:31:11.0582 4040  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
09:31:11.0613 4040  bthserv - ok
09:31:11.0644 4040  [ A3BC030FC526643DFDCA27299F75544B ] BTHSSecurityMgr C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
09:31:11.0660 4040  BTHSSecurityMgr - ok
09:31:11.0676 4040  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
09:31:11.0691 4040  BTHUSB - ok
09:31:11.0707 4040  [ 49E91B6E57D0BD0CC590471C276757BC ] btmaux          C:\Windows\system32\DRIVERS\btmaux.sys
09:31:11.0722 4040  btmaux - ok
09:31:11.0769 4040  [ AC249CEB05F96B927FABDF22B6ABEE40 ] btmhsf          C:\Windows\system32\DRIVERS\btmhsf.sys
09:31:11.0785 4040  btmhsf - ok
09:31:11.0800 4040  catchme - ok
09:31:11.0816 4040  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
09:31:11.0847 4040  cdfs - ok
09:31:11.0878 4040  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
09:31:11.0878 4040  cdrom - ok
09:31:11.0910 4040  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
09:31:11.0941 4040  CertPropSvc - ok
09:31:12.0003 4040  [ 7D2146012EA63B13642308FB8E86765F ] cFosSpeed       C:\Windows\system32\DRIVERS\cfosspeed6.sys
09:31:12.0081 4040  cFosSpeed - ok
09:31:12.0128 4040  [ BF198D0369348CF2C037230E686C3976 ] cFosSpeedS      C:\Program Files\cFosSpeed\spd.exe
09:31:12.0206 4040  cFosSpeedS - ok
09:31:12.0222 4040  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
09:31:12.0237 4040  circlass - ok
09:31:12.0268 4040  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
09:31:12.0284 4040  CLFS - ok
09:31:12.0362 4040  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:31:12.0378 4040  clr_optimization_v2.0.50727_32 - ok
09:31:12.0424 4040  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
09:31:12.0440 4040  clr_optimization_v2.0.50727_64 - ok
09:31:12.0502 4040  [ 6D7C8A951AF6AD6835C029B3CB88D333 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:31:12.0502 4040  clr_optimization_v4.0.30319_32 - ok
09:31:12.0518 4040  [ 86329C35FF23CFEF0FB6C0023BA06BCE ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
09:31:12.0534 4040  clr_optimization_v4.0.30319_64 - ok
09:31:12.0565 4040  [ E13A438F9E51DD034730678E33B73290 ] clwvd           C:\Windows\system32\DRIVERS\clwvd.sys
09:31:12.0596 4040  clwvd - ok
09:31:12.0627 4040  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
09:31:12.0643 4040  CmBatt - ok
09:31:12.0658 4040  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
09:31:12.0674 4040  cmdide - ok
09:31:12.0690 4040  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
09:31:12.0705 4040  CNG - ok
09:31:12.0721 4040  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
09:31:12.0736 4040  Compbatt - ok
09:31:12.0752 4040  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
09:31:12.0752 4040  CompositeBus - ok
09:31:12.0752 4040  COMSysApp - ok
09:31:12.0830 4040  [ 12ECF907D1FB4D19D55169D00FB4F907 ] cphs            C:\Windows\SysWow64\IntelCpHeciSvc.exe
09:31:12.0892 4040  cphs - ok
09:31:12.0908 4040  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
09:31:12.0908 4040  crcdisk - ok
09:31:12.0986 4040  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
09:31:13.0002 4040  CryptSvc - ok
09:31:13.0095 4040  [ 958EF96991ABCCFDAC0953C4A24081DC ] DAZContentManagementService C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe
09:31:13.0111 4040  DAZContentManagementService ( UnsignedFile.Multi.Generic ) - warning
09:31:13.0111 4040  DAZContentManagementService - detected UnsignedFile.Multi.Generic (1)
09:31:13.0158 4040  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
09:31:13.0204 4040  DcomLaunch - ok
09:31:13.0220 4040  [ F1BF87B19D32D68DC3A8B1C03F9861B5 ] ddmdrv          C:\Windows\system32\ddmdrv.sys
09:31:13.0267 4040  ddmdrv ( UnsignedFile.Multi.Generic ) - warning
09:31:13.0267 4040  ddmdrv - detected UnsignedFile.Multi.Generic (1)
09:31:13.0298 4040  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
09:31:13.0329 4040  defragsvc - ok
09:31:13.0392 4040  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
09:31:13.0438 4040  DfsC - ok
09:31:13.0454 4040  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
09:31:13.0470 4040  Dhcp - ok
09:31:13.0485 4040  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
09:31:13.0501 4040  discache - ok
09:31:13.0516 4040  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
09:31:13.0516 4040  Disk - ok
09:31:13.0563 4040  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
09:31:13.0579 4040  Dnscache - ok
09:31:13.0610 4040  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
09:31:13.0626 4040  dot3svc - ok
09:31:13.0641 4040  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
09:31:13.0672 4040  DPS - ok
09:31:13.0688 4040  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
09:31:13.0704 4040  drmkaud - ok
09:31:13.0735 4040  [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
09:31:13.0750 4040  DXGKrnl - ok
09:31:13.0782 4040  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
09:31:13.0828 4040  EapHost - ok
09:31:13.0938 4040  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
09:31:13.0953 4040  ebdrv - ok
09:31:13.0984 4040  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
09:31:14.0000 4040  EFS - ok
09:31:14.0078 4040  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
09:31:14.0109 4040  ehRecvr - ok
09:31:14.0109 4040  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
09:31:14.0125 4040  ehSched - ok
09:31:14.0172 4040  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
09:31:14.0187 4040  elxstor - ok
09:31:14.0218 4040  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
09:31:14.0218 4040  ErrDev - ok
09:31:14.0250 4040  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
09:31:14.0281 4040  EventSystem - ok
09:31:14.0390 4040  [ 6EB16C7286FBCD3AB206743BA813EC48 ] EvtEng          C:\Program Files\Intel\WiFi\bin\EvtEng.exe
09:31:14.0421 4040  EvtEng - ok
09:31:14.0437 4040  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
09:31:14.0468 4040  exfat - ok
09:31:14.0484 4040  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
09:31:14.0515 4040  fastfat - ok
09:31:14.0562 4040  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
09:31:14.0577 4040  Fax - ok
09:31:14.0593 4040  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
09:31:14.0608 4040  fdc - ok
09:31:14.0624 4040  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
09:31:14.0655 4040  fdPHost - ok
09:31:14.0671 4040  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
09:31:14.0686 4040  FDResPub - ok
09:31:14.0718 4040  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
09:31:14.0733 4040  FileInfo - ok
09:31:14.0749 4040  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
09:31:14.0780 4040  Filetrace - ok
09:31:14.0858 4040  [ 00907C94641E14F3ADBB2A533EFD8BF3 ] FirebirdGuardianDefaultInstance C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe
09:31:14.0874 4040  FirebirdGuardianDefaultInstance ( UnsignedFile.Multi.Generic ) - warning
09:31:14.0874 4040  FirebirdGuardianDefaultInstance - detected UnsignedFile.Multi.Generic (1)
09:31:14.0983 4040  [ 468AEC7534B7B0A66AC5FE9A2C0020E4 ] FirebirdServerDefaultInstance C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe
09:31:15.0030 4040  FirebirdServerDefaultInstance ( UnsignedFile.Multi.Generic ) - warning
09:31:15.0030 4040  FirebirdServerDefaultInstance - detected UnsignedFile.Multi.Generic (1)
09:31:15.0045 4040  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
09:31:15.0045 4040  flpydisk - ok
09:31:15.0061 4040  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
09:31:15.0076 4040  FltMgr - ok
09:31:15.0139 4040  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
09:31:15.0170 4040  FontCache - ok
09:31:15.0264 4040  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
09:31:15.0279 4040  FontCache3.0.0.0 - ok
09:31:15.0310 4040  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
09:31:15.0326 4040  FsDepends - ok
09:31:15.0342 4040  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
09:31:15.0357 4040  Fs_Rec - ok
09:31:15.0404 4040  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
09:31:15.0404 4040  fvevol - ok
09:31:15.0435 4040  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
09:31:15.0435 4040  gagp30kx - ok
09:31:15.0482 4040  [ 618EF0B56F114309CA2D7152D00A1BF0 ] GFilterSvc      C:\Windows\System32\GFilterSvc.exe
09:31:15.0482 4040  GFilterSvc ( UnsignedFile.Multi.Generic ) - warning
09:31:15.0482 4040  GFilterSvc - detected UnsignedFile.Multi.Generic (1)
09:31:15.0529 4040  [ 4E1D0A246E10CFDDBF856432418DE404 ] GFNEXSrv        C:\Program Files (x86)\PHotkey\GFNEXSrv.exe
09:31:15.0544 4040  GFNEXSrv ( UnsignedFile.Multi.Generic ) - warning
09:31:15.0544 4040  GFNEXSrv - detected UnsignedFile.Multi.Generic (1)
09:31:15.0607 4040  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
09:31:15.0654 4040  gpsvc - ok
09:31:15.0700 4040  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
09:31:15.0716 4040  gupdate - ok
09:31:15.0716 4040  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
09:31:15.0716 4040  gupdatem - ok
09:31:15.0732 4040  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
09:31:15.0747 4040  hcw85cir - ok
09:31:15.0778 4040  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
09:31:15.0778 4040  HdAudAddService - ok
09:31:15.0810 4040  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
09:31:15.0810 4040  HDAudBus - ok
09:31:15.0825 4040  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
09:31:15.0841 4040  HidBatt - ok
09:31:15.0841 4040  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
09:31:15.0856 4040  HidBth - ok
09:31:15.0856 4040  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
09:31:15.0872 4040  HidIr - ok
09:31:15.0888 4040  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\System32\hidserv.dll
09:31:15.0919 4040  hidserv - ok
09:31:15.0934 4040  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
09:31:15.0950 4040  HidUsb - ok
09:31:15.0966 4040  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
09:31:15.0997 4040  hkmsvc - ok
09:31:16.0012 4040  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
09:31:16.0028 4040  HomeGroupListener - ok
09:31:16.0044 4040  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
09:31:16.0059 4040  HomeGroupProvider - ok
09:31:16.0075 4040  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
09:31:16.0075 4040  HpSAMD - ok
09:31:16.0122 4040  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
09:31:16.0153 4040  HTTP - ok
09:31:16.0168 4040  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
09:31:16.0184 4040  hwpolicy - ok
09:31:16.0200 4040  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
09:31:16.0200 4040  i8042prt - ok
09:31:16.0231 4040  [ C224331A54571C8C9162F7714400BBBD ] iaStor          C:\Windows\system32\drivers\iaStor.sys
09:31:16.0262 4040  iaStor - ok
09:31:16.0324 4040  [ FA4C48E36F0B24E7E33D3E7E1844B9C9 ] iaStorA         C:\Windows\system32\DRIVERS\iaStorA.sys
09:31:16.0387 4040  iaStorA - ok
09:31:16.0434 4040  [ D5854F77CEEAFC5A8405F8ECCBEC09DF ] IAStorDataMgrSvc C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
09:31:16.0512 4040  IAStorDataMgrSvc - ok
09:31:16.0543 4040  [ 05E24E2CA39C0D2FAADE8FC603345A7D ] iaStorF         C:\Windows\system32\DRIVERS\iaStorF.sys
09:31:16.0574 4040  iaStorF - ok
09:31:16.0605 4040  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
09:31:16.0621 4040  iaStorV - ok
09:31:16.0636 4040  [ C430482AC892D52CED021EDDD4D368A2 ] ibtfltcoex      C:\Windows\system32\DRIVERS\iBtFltCoex.sys
09:31:16.0683 4040  ibtfltcoex - ok
09:31:16.0746 4040  [ C58305AC412A2DE95D461072E0AF5AAF ] IBUpdaterService C:\Windows\system32\dmwu.exe
09:31:16.0777 4040  IBUpdaterService - ok
09:31:16.0870 4040  [ 83FF82FE209E7997067B375DAD6CF23D ] ICCS            C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
09:31:16.0917 4040  ICCS - ok
09:31:17.0042 4040  [ 829EA5ECCAA623279D94EAEE3B5AD140 ] IconMan_R       C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
09:31:17.0104 4040  IconMan_R - ok
09:31:17.0167 4040  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
09:31:17.0198 4040  idsvc - ok
09:31:17.0338 4040  [ 54FB3B4847B6CD8CE1B448471ADFE02A ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
09:31:17.0370 4040  igfx - ok
09:31:17.0401 4040  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
09:31:17.0416 4040  iirsp - ok
09:31:17.0448 4040  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
09:31:17.0479 4040  IKEEXT - ok
09:31:17.0588 4040  [ 826B707277FECF130AB4B5F156B53837 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
09:31:17.0666 4040  IntcAzAudAddService - ok
09:31:17.0713 4040  [ 0E0B99617ED3FDB6C5F0E2D62709B5DF ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
09:31:17.0744 4040  IntcDAud - ok
09:31:17.0822 4040  [ C6128F2E3DC6156C6F8828F9F1B96010 ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
09:31:17.0853 4040  Intel(R) Capability Licensing Service Interface ( UnsignedFile.Multi.Generic ) - warning
09:31:17.0853 4040  Intel(R) Capability Licensing Service Interface - detected UnsignedFile.Multi.Generic (1)
09:31:17.0884 4040  [ 729AB4F0608E95EFF8FDEF23596283E2 ] Intel(R) Capability Licensing Service TCP IP Interface C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
09:31:17.0916 4040  Intel(R) Capability Licensing Service TCP IP Interface - ok
09:31:17.0931 4040  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
09:31:17.0931 4040  intelide - ok
09:31:17.0962 4040  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\drivers\intelppm.sys
09:31:17.0962 4040  intelppm - ok
09:31:17.0994 4040  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
09:31:18.0025 4040  IPBusEnum - ok
09:31:18.0025 4040  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:31:18.0040 4040  IpFilterDriver - ok
09:31:18.0087 4040  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
09:31:18.0087 4040  iphlpsvc - ok
09:31:18.0103 4040  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
09:31:18.0103 4040  IPMIDRV - ok
09:31:18.0103 4040  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
09:31:18.0134 4040  IPNAT - ok
09:31:18.0150 4040  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
09:31:18.0165 4040  IRENUM - ok
09:31:18.0181 4040  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
09:31:18.0181 4040  isapnp - ok
09:31:18.0228 4040  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
09:31:18.0228 4040  iScsiPrt - ok
09:31:18.0259 4040  [ 7A4D015FF432645C55C162DADAEA143E ] iusb3hcs        C:\Windows\system32\drivers\iusb3hcs.sys
09:31:18.0290 4040  iusb3hcs - ok
09:31:18.0321 4040  [ 5D6164479F6F900ACD287FDC6935532E ] iusb3hub        C:\Windows\system32\DRIVERS\iusb3hub.sys
09:31:18.0368 4040  iusb3hub - ok
09:31:18.0415 4040  [ 9F5687C7EFA906E4F33586D393F7C257 ] iusb3xhc        C:\Windows\system32\DRIVERS\iusb3xhc.sys
09:31:18.0477 4040  iusb3xhc - ok
09:31:18.0524 4040  [ 924019BC58FEDDE04A08C45EC1CF1847 ] jhi_service     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
09:31:18.0602 4040  jhi_service - ok
09:31:18.0633 4040  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
09:31:18.0633 4040  kbdclass - ok
09:31:18.0649 4040  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
09:31:18.0664 4040  kbdhid - ok
09:31:18.0664 4040  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
09:31:18.0680 4040  KeyIso - ok
09:31:18.0711 4040  [ 8B5219318DF5895ABD230C373F2DF18A ] kl1             C:\Windows\system32\DRIVERS\kl1.sys
09:31:18.0774 4040  kl1 - ok
09:31:18.0820 4040  [ 2CBD248370721DCAD632DB70D09C5A6D ] KLIF            C:\Windows\system32\DRIVERS\klif.sys
09:31:18.0867 4040  KLIF - ok
09:31:18.0898 4040  [ 9BD99E1AB3F664120AB95C35F9EC1EB0 ] KLIM6           C:\Windows\system32\DRIVERS\klim6.sys
09:31:18.0930 4040  KLIM6 - ok
09:31:18.0945 4040  [ 2C43FD500522EF3B8C283A5846B7FC41 ] klkbdflt        C:\Windows\system32\DRIVERS\klkbdflt.sys
09:31:18.0976 4040  klkbdflt - ok
09:31:18.0992 4040  [ 70A6D2E292017EC47949696F51ABE18D ] klmouflt        C:\Windows\system32\DRIVERS\klmouflt.sys
09:31:19.0054 4040  klmouflt - ok
09:31:19.0070 4040  [ 982974975E679276F0FA39EFA331A268 ] kltdi           C:\Windows\system32\DRIVERS\kltdi.sys
09:31:19.0101 4040  kltdi - ok
09:31:19.0132 4040  [ 1FCB657B581CC4DF17FD6571F93602DE ] kneps           C:\Windows\system32\DRIVERS\kneps.sys
09:31:19.0164 4040  kneps - ok
09:31:19.0210 4040  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
09:31:19.0226 4040  KSecDD - ok
09:31:19.0226 4040  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
09:31:19.0242 4040  KSecPkg - ok
09:31:19.0257 4040  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
09:31:19.0288 4040  ksthunk - ok
09:31:19.0320 4040  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
09:31:19.0335 4040  KtmRm - ok
09:31:19.0413 4040  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\System32\srvsvc.dll
09:31:19.0444 4040  LanmanServer - ok
09:31:19.0476 4040  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
09:31:19.0507 4040  LanmanWorkstation - ok
09:31:19.0585 4040  [ 101CFC3764C27259847188581B185EA6 ] LiveTunerPM     C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 9\LiveTunerProcessMonitor64.sys
09:31:19.0647 4040  LiveTunerPM - ok
09:31:19.0647 4040  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
09:31:19.0678 4040  lltdio - ok
09:31:19.0725 4040  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
09:31:19.0741 4040  lltdsvc - ok
09:31:19.0756 4040  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
09:31:19.0788 4040  lmhosts - ok
09:31:19.0944 4040  [ DF9ADD70659EA4F2A17075524E043FD8 ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
09:31:20.0006 4040  LMS - ok
09:31:20.0022 4040  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
09:31:20.0022 4040  LSI_FC - ok
09:31:20.0037 4040  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
09:31:20.0037 4040  LSI_SAS - ok
09:31:20.0053 4040  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
09:31:20.0068 4040  LSI_SAS2 - ok
09:31:20.0068 4040  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
09:31:20.0084 4040  LSI_SCSI - ok
09:31:20.0084 4040  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
09:31:20.0115 4040  luafv - ok
09:31:20.0146 4040  [ 23488767CB18FC3FF39E3AF1DB3FB02C ] massfilter      C:\Windows\system32\drivers\massfilter.sys
09:31:20.0146 4040  massfilter - ok
09:31:20.0178 4040  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
09:31:20.0193 4040  Mcx2Svc - ok
09:31:20.0193 4040  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
09:31:20.0209 4040  megasas - ok
09:31:20.0224 4040  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
09:31:20.0240 4040  MegaSR - ok
09:31:20.0271 4040  [ 2BB3EAE2EA641515D4B205CAB29E1624 ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
09:31:20.0302 4040  MEIx64 - ok
09:31:20.0365 4040  [ 8A43D23ACE2E8C95A2D87B6E9599DEDA ] MemeoBackgroundService C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
09:31:20.0365 4040  MemeoBackgroundService - ok
09:31:20.0396 4040  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
09:31:20.0443 4040  MMCSS - ok
09:31:20.0458 4040  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
09:31:20.0490 4040  Modem - ok
09:31:20.0505 4040  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
09:31:20.0505 4040  monitor - ok
09:31:20.0521 4040  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
09:31:20.0521 4040  mouclass - ok
09:31:20.0536 4040  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
09:31:20.0552 4040  mouhid - ok
09:31:20.0599 4040  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
09:31:20.0614 4040  mountmgr - ok
09:31:20.0646 4040  [ 825BF0E46B4470A463AEB641480C5FCA ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
09:31:20.0661 4040  MozillaMaintenance - ok
09:31:20.0692 4040  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
09:31:20.0692 4040  mpio - ok
09:31:20.0724 4040  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
09:31:20.0755 4040  mpsdrv - ok
09:31:20.0770 4040  MpsSvc - ok
09:31:20.0786 4040  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
09:31:20.0802 4040  MRxDAV - ok
09:31:20.0817 4040  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
09:31:20.0817 4040  mrxsmb - ok
09:31:20.0848 4040  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:31:20.0848 4040  mrxsmb10 - ok
09:31:20.0864 4040  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:31:20.0880 4040  mrxsmb20 - ok
09:31:20.0880 4040  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
09:31:20.0880 4040  msahci - ok
09:31:20.0895 4040  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
09:31:20.0895 4040  msdsm - ok
09:31:20.0926 4040  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
09:31:20.0926 4040  MSDTC - ok
09:31:20.0958 4040  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
09:31:20.0973 4040  Msfs - ok
09:31:20.0989 4040  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
09:31:21.0004 4040  mshidkmdf - ok
09:31:21.0020 4040  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
09:31:21.0020 4040  msisadrv - ok
09:31:21.0067 4040  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
09:31:21.0082 4040  MSiSCSI - ok
09:31:21.0082 4040  msiserver - ok
09:31:21.0114 4040  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
09:31:21.0160 4040  MSKSSRV - ok
09:31:21.0160 4040  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
09:31:21.0192 4040  MSPCLOCK - ok
09:31:21.0207 4040  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
09:31:21.0238 4040  MSPQM - ok
09:31:21.0254 4040  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
09:31:21.0254 4040  MsRPC - ok
09:31:21.0270 4040  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
09:31:21.0285 4040  mssmbios - ok
09:31:21.0285 4040  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
09:31:21.0316 4040  MSTEE - ok
09:31:21.0316 4040  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
09:31:21.0316 4040  MTConfig - ok
09:31:21.0332 4040  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
09:31:21.0348 4040  Mup - ok
09:31:21.0379 4040  [ 7E11D1788F5B531D49EF0AF97202437B ] MyWiFiDHCPDNS   C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
09:31:21.0394 4040  MyWiFiDHCPDNS - ok
09:31:21.0441 4040  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
09:31:21.0472 4040  napagent - ok
09:31:21.0519 4040  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
09:31:21.0550 4040  NativeWifiP - ok
09:31:21.0597 4040  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
09:31:21.0613 4040  NDIS - ok
09:31:21.0644 4040  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
09:31:21.0691 4040  NdisCap - ok
09:31:21.0706 4040  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
09:31:21.0738 4040  NdisTapi - ok
09:31:21.0753 4040  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
09:31:21.0769 4040  Ndisuio - ok
09:31:21.0800 4040  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
09:31:21.0816 4040  NdisWan - ok
09:31:21.0847 4040  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
09:31:21.0862 4040  NDProxy - ok
09:31:21.0878 4040  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
09:31:21.0909 4040  NetBIOS - ok
09:31:21.0925 4040  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
09:31:21.0940 4040  NetBT - ok
09:31:21.0956 4040  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
09:31:21.0956 4040  Netlogon - ok
09:31:21.0987 4040  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
09:31:22.0018 4040  Netman - ok
09:31:22.0096 4040  [ 5243CFC2E7161C91C2B355240035B9E4 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:31:22.0112 4040  NetMsmqActivator - ok
09:31:22.0128 4040  [ 5243CFC2E7161C91C2B355240035B9E4 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:31:22.0143 4040  NetPipeActivator - ok
09:31:22.0174 4040  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
09:31:22.0206 4040  netprofm - ok
09:31:22.0206 4040  [ 5243CFC2E7161C91C2B355240035B9E4 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:31:22.0221 4040  NetTcpActivator - ok
09:31:22.0221 4040  [ 5243CFC2E7161C91C2B355240035B9E4 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:31:22.0237 4040  NetTcpPortSharing - ok
09:31:22.0486 4040  [ 98CF53F7B23F77D082805D5DBBD99A4E ] NETwNs64        C:\Windows\system32\DRIVERS\Netwsw00.sys
09:31:22.0580 4040  NETwNs64 - ok
09:31:22.0611 4040  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
09:31:22.0627 4040  nfrd960 - ok
09:31:22.0642 4040  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
09:31:22.0642 4040  NlaSvc - ok
09:31:22.0642 4040  nlsX86cc - ok
09:31:22.0674 4040  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
09:31:22.0705 4040  Npfs - ok
09:31:22.0720 4040  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
09:31:22.0752 4040  nsi - ok
09:31:22.0752 4040  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
09:31:22.0783 4040  nsiproxy - ok
09:31:22.0845 4040  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
09:31:22.0876 4040  Ntfs - ok
09:31:22.0892 4040  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
09:31:22.0923 4040  Null - ok
09:31:22.0954 4040  [ A85B4F2EF3A7304A5399EF0526423040 ] NVENETFD        C:\Windows\system32\DRIVERS\nvm62x64.sys
09:31:22.0970 4040  NVENETFD - ok
09:31:23.0204 4040  [ 4EE399576F76D38C04745DB739BBC8C7 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
09:31:23.0344 4040  nvlddmkm - ok
09:31:23.0376 4040  [ 7067753FA8B75A3BDBA5633B4D2A5D0A ] nvpciflt        C:\Windows\system32\DRIVERS\nvpciflt.sys
09:31:23.0422 4040  nvpciflt - ok
09:31:23.0438 4040  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
09:31:23.0454 4040  nvraid - ok
09:31:23.0469 4040  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
09:31:23.0469 4040  nvstor - ok
09:31:23.0532 4040  [ 7335C3D78A7746D76D37F6722CC4A466 ] nvsvc           C:\Windows\system32\nvvsvc.exe
09:31:23.0610 4040  nvsvc - ok
09:31:23.0688 4040  [ B7C53DA1C73FF39F4A6248643EFD979A ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
09:31:23.0766 4040  nvUpdatusService - ok
09:31:23.0781 4040  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
09:31:23.0797 4040  nv_agp - ok
09:31:23.0844 4040  [ 1CCE8E88654E3952859085752F67B3CA ] O&O CleverCache C:\Program Files\OO Software\CleverCache\ooccag.exe
09:31:23.0875 4040  O&O CleverCache - ok
09:31:23.0890 4040  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
09:31:23.0890 4040  ohci1394 - ok
09:31:23.0953 4040  [ EC3916367B10DEA26227DFAF7AA7346A ] Online Shield Starter Service C:\Program Files (x86)\Steganos Online Shield\OnlineShieldService.exe
09:31:23.0984 4040  Online Shield Starter Service - ok
09:31:24.0015 4040  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
09:31:24.0031 4040  p2pimsvc - ok
09:31:24.0062 4040  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
09:31:24.0078 4040  p2psvc - ok
09:31:24.0093 4040  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
09:31:24.0109 4040  Parport - ok
09:31:24.0140 4040  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
09:31:24.0140 4040  partmgr - ok
09:31:24.0156 4040  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
09:31:24.0171 4040  PcaSvc - ok
09:31:24.0202 4040  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
09:31:24.0202 4040  pci - ok
09:31:24.0218 4040  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
09:31:24.0234 4040  pciide - ok
09:31:24.0234 4040  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
09:31:24.0249 4040  pcmcia - ok
09:31:24.0265 4040  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
09:31:24.0265 4040  pcw - ok
09:31:24.0296 4040  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
09:31:24.0343 4040  PEAUTH - ok
09:31:24.0358 4040  [ EE926C59CBD4DC4DC9FBB85014A2F1A5 ] PEGAGFN         C:\Program Files (x86)\PHotkey\PEGAGFN.sys
09:31:24.0405 4040  PEGAGFN - ok
09:31:24.0483 4040  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
09:31:24.0499 4040  PerfHost - ok
09:31:24.0592 4040  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
09:31:24.0655 4040  pla - ok
09:31:24.0670 4040  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
09:31:24.0686 4040  PlugPlay - ok
09:31:24.0702 4040  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
09:31:24.0717 4040  PNRPAutoReg - ok
09:31:24.0733 4040  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
09:31:24.0748 4040  PNRPsvc - ok
09:31:24.0780 4040  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
09:31:24.0811 4040  PolicyAgent - ok
09:31:24.0826 4040  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
09:31:24.0858 4040  Power - ok
09:31:24.0889 4040  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
09:31:24.0904 4040  PptpMiniport - ok
09:31:24.0920 4040  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
09:31:24.0936 4040  Processor - ok
09:31:24.0951 4040  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
09:31:24.0967 4040  ProfSvc - ok
09:31:24.0998 4040  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
09:31:25.0014 4040  ProtectedStorage - ok
09:31:25.0045 4040  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
09:31:25.0060 4040  Psched - ok
09:31:25.0138 4040  [ 543A4EF0923BF70D126625B034EF25AF ] PSI_SVC_2       c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
09:31:25.0154 4040  PSI_SVC_2 - ok
09:31:25.0294 4040  PSI_SVC_2_x64 - ok
09:31:25.0357 4040  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
09:31:25.0388 4040  ql2300 - ok
09:31:25.0404 4040  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
09:31:25.0419 4040  ql40xx - ok
09:31:25.0450 4040  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
09:31:25.0466 4040  QWAVE - ok
09:31:25.0482 4040  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
09:31:25.0497 4040  QWAVEdrv - ok
09:31:25.0497 4040  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
09:31:25.0528 4040  RasAcd - ok
09:31:25.0560 4040  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
09:31:25.0575 4040  RasAgileVpn - ok
09:31:25.0591 4040  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
09:31:25.0622 4040  RasAuto - ok
09:31:25.0638 4040  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
09:31:25.0669 4040  Rasl2tp - ok
09:31:25.0669 4040  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
09:31:25.0700 4040  RasMan - ok
09:31:25.0716 4040  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
09:31:25.0731 4040  RasPppoe - ok
09:31:25.0762 4040  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
09:31:25.0794 4040  RasSstp - ok
09:31:25.0794 4040  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
09:31:25.0825 4040  rdbss - ok
09:31:25.0840 4040  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
09:31:25.0856 4040  rdpbus - ok
09:31:25.0872 4040  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
09:31:25.0887 4040  RDPCDD - ok
09:31:25.0903 4040  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
09:31:25.0934 4040  RDPENCDD - ok
09:31:25.0950 4040  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
09:31:25.0965 4040  RDPREFMP - ok
09:31:25.0996 4040  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
09:31:26.0012 4040  RDPWD - ok
09:31:26.0043 4040  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
09:31:26.0059 4040  rdyboost - ok
09:31:26.0121 4040  [ F09087C51C6AE42AE7DABE1EB3E44C17 ] RegSrvc         C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
09:31:26.0121 4040  RegSrvc - ok
09:31:26.0152 4040  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
09:31:26.0199 4040  RemoteAccess - ok
09:31:26.0262 4040  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
09:31:26.0308 4040  RemoteRegistry - ok
09:31:26.0355 4040  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
09:31:26.0371 4040  RFCOMM - ok
09:31:26.0386 4040  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
09:31:26.0418 4040  RpcEptMapper - ok
09:31:26.0449 4040  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
09:31:26.0449 4040  RpcLocator - ok
09:31:26.0480 4040  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
09:31:26.0496 4040  RpcSs - ok
09:31:26.0527 4040  [ 2ABD2B3BA2EF0C3BA82284C2A5E28675 ] RRNetCap        C:\Windows\system32\DRIVERS\rrnetcap.sys
09:31:26.0574 4040  RRNetCap - ok
09:31:26.0589 4040  [ 2ABD2B3BA2EF0C3BA82284C2A5E28675 ] RRNetCapMP      C:\Windows\system32\DRIVERS\rrnetcap.sys
09:31:26.0636 4040  RRNetCapMP - ok
09:31:26.0652 4040  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
09:31:26.0667 4040  rspndr - ok
09:31:26.0730 4040  [ FC009873CBC12CC6D7045D803D8E8CD3 ] RSUSBSTOR       C:\Windows\system32\Drivers\RtsUStor.sys
09:31:26.0745 4040  RSUSBSTOR - ok
09:31:26.0792 4040  [ 61A04C0C084D560BBEF1D09604608262 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
09:31:26.0839 4040  RTL8167 - ok
09:31:26.0886 4040  [ B3F36B4B3F192EA87DDC119F3A0B3E45 ] RTL8192su       C:\Windows\system32\DRIVERS\RTL8192su.sys
09:31:26.0948 4040  RTL8192su - ok
09:31:26.0964 4040  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
09:31:26.0979 4040  SamSs - ok
09:31:27.0042 4040  [ CCBF62280DAF6D94A4C73E391CDAC68C ] SbieDrv         C:\Program Files\Sandboxie\SbieDrv.sys
09:31:27.0276 4040  SbieDrv - ok
09:31:27.0291 4040  [ 8A1F63C6EC01C56C9EC4C681E593FE34 ] SbieSvc         C:\Program Files\Sandboxie\SbieSvc.exe
09:31:27.0307 4040  SbieSvc - ok
09:31:27.0322 4040  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
09:31:27.0338 4040  sbp2port - ok
09:31:27.0369 4040  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
09:31:27.0400 4040  SCardSvr - ok
09:31:27.0416 4040  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
09:31:27.0432 4040  scfilter - ok
09:31:27.0494 4040  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
09:31:27.0525 4040  Schedule - ok
09:31:27.0556 4040  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
09:31:27.0603 4040  SCPolicySvc - ok
09:31:27.0619 4040  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
09:31:27.0634 4040  SDRSVC - ok
09:31:27.0728 4040  [ 0F4A80438E7286A0E623582F5F2395BD ] SearchAnonymizer C:\Users\Holly Thomas\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
09:31:27.0728 4040  SearchAnonymizer ( UnsignedFile.Multi.Generic ) - warning
09:31:27.0728 4040  SearchAnonymizer - detected UnsignedFile.Multi.Generic (1)
09:31:27.0759 4040  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
09:31:27.0790 4040  secdrv - ok
09:31:27.0822 4040  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
09:31:27.0837 4040  seclogon - ok
09:31:27.0853 4040  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\system32\sens.dll
09:31:27.0868 4040  SENS - ok
09:31:27.0884 4040  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
09:31:27.0884 4040  SensrSvc - ok
09:31:27.0946 4040  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\drivers\serenum.sys
09:31:27.0946 4040  Serenum - ok
09:31:27.0962 4040  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\drivers\serial.sys
09:31:27.0962 4040  Serial - ok
09:31:27.0978 4040  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
09:31:27.0978 4040  sermouse - ok
09:31:28.0009 4040  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
09:31:28.0040 4040  SessionEnv - ok
09:31:28.0040 4040  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
09:31:28.0040 4040  sffdisk - ok
09:31:28.0056 4040  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
09:31:28.0056 4040  sffp_mmc - ok
09:31:28.0071 4040  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
09:31:28.0071 4040  sffp_sd - ok
09:31:28.0087 4040  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
09:31:28.0087 4040  sfloppy - ok
09:31:28.0149 4040  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
09:31:28.0180 4040  SharedAccess - ok
09:31:28.0258 4040  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
09:31:28.0290 4040  ShellHWDetection - ok
09:31:28.0305 4040  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
09:31:28.0305 4040  SiSRaid2 - ok
09:31:28.0352 4040  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
09:31:28.0368 4040  SiSRaid4 - ok
09:31:28.0399 4040  [ DD0443BC6CC78A19FD399817F8C51401 ] SmartDefragDriver C:\Windows\system32\Drivers\SmartDefragDriver.sys
09:31:28.0461 4040  SmartDefragDriver - ok
09:31:28.0477 4040  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
09:31:28.0492 4040  Smb - ok
09:31:28.0524 4040  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
09:31:28.0539 4040  SNMPTRAP - ok
09:31:28.0617 4040  [ 369539B35C79BF15E354F7CBD438D721 ] Soda PDF 5 Helper Service C:\Program Files (x86)\Soda PDF 5\HelperService.exe
09:31:28.0633 4040  Soda PDF 5 Helper Service - ok
09:31:28.0680 4040  [ 69CFDF67E891AB2B6B97886DB5A016DF ] Soda PDF 5 Service C:\Program Files (x86)\Soda PDF 5\ConversionService.exe
09:31:28.0711 4040  Soda PDF 5 Service - ok
09:31:28.0742 4040  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
09:31:28.0742 4040  spldr - ok
09:31:28.0789 4040  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
09:31:28.0789 4040  Spooler - ok
09:31:28.0960 4040  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
09:31:29.0007 4040  sppsvc - ok
09:31:29.0023 4040  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
09:31:29.0054 4040  sppuinotify - ok
09:31:29.0163 4040  [ CEEA05E64C2230BB2B6924132F766272 ] SProtection     C:\Program Files (x86)\Common Files\Umbrella\umbrella.exe
09:31:29.0194 4040  SProtection - ok
09:31:29.0226 4040  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
09:31:29.0241 4040  srv - ok
09:31:29.0257 4040  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
09:31:29.0272 4040  srv2 - ok
09:31:29.0304 4040  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
09:31:29.0304 4040  srvnet - ok
09:31:29.0335 4040  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
09:31:29.0366 4040  SSDPSRV - ok
09:31:29.0382 4040  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
09:31:29.0413 4040  SstpSvc - ok
09:31:29.0475 4040  [ 81F177C1954453AF407604160BD149CB ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
09:31:29.0522 4040  Stereo Service - ok
09:31:29.0553 4040  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
09:31:29.0553 4040  stexstor - ok
09:31:29.0584 4040  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
09:31:29.0616 4040  stisvc - ok
09:31:29.0631 4040  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
09:31:29.0647 4040  swenum - ok
09:31:29.0694 4040  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
09:31:29.0725 4040  swprv - ok
09:31:29.0756 4040  [ BD4F51AEF67AB7D57698BC4AAD983D1F ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
09:31:29.0818 4040  SynTP - ok
09:31:29.0896 4040  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
09:31:29.0928 4040  SysMain - ok
09:31:30.0037 4040  [ 7017BC8488459E3B7BE018B84285CD13 ] SystemStoreService C:\Program Files (x86)\SelfUpdater\SystemStore.exe
09:31:30.0068 4040  SystemStoreService ( UnsignedFile.Multi.Generic ) - warning
09:31:30.0068 4040  SystemStoreService - detected UnsignedFile.Multi.Generic (1)
09:31:30.0115 4040  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
09:31:30.0115 4040  TabletInputService - ok
09:31:30.0177 4040  [ D0B07EED9DDEC5C69521C689B7BF455F ] tap0901         C:\Windows\system32\DRIVERS\tap0901.sys
09:31:30.0240 4040  tap0901 - ok
09:31:30.0255 4040  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
09:31:30.0286 4040  TapiSrv - ok
09:31:30.0318 4040  [ 048CFE7569D6ADCAB9349BB1A566A79E ] tbhsd           C:\Windows\system32\drivers\tbhsd.sys
09:31:30.0380 4040  tbhsd - ok
09:31:30.0411 4040  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
09:31:30.0427 4040  TBS - ok
09:31:30.0520 4040  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
09:31:30.0536 4040  Tcpip - ok
09:31:30.0567 4040  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
09:31:30.0583 4040  TCPIP6 - ok
09:31:30.0614 4040  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
09:31:30.0630 4040  tcpipreg - ok
09:31:30.0645 4040  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
09:31:30.0661 4040  TDPIPE - ok
09:31:30.0692 4040  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
09:31:30.0692 4040  TDTCP - ok
09:31:30.0708 4040  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
09:31:30.0739 4040  tdx - ok
09:31:30.0754 4040  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
09:31:30.0754 4040  TermDD - ok
09:31:30.0801 4040  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
09:31:30.0832 4040  TermService - ok
09:31:30.0832 4040  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
09:31:30.0848 4040  Themes - ok
09:31:30.0879 4040  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
09:31:30.0910 4040  THREADORDER - ok
09:31:30.0926 4040  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
09:31:30.0957 4040  TrkWks - ok
09:31:30.0988 4040  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
09:31:31.0020 4040  TrustedInstaller - ok
09:31:31.0051 4040  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
09:31:31.0066 4040  tssecsrv - ok
09:31:31.0113 4040  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
09:31:31.0113 4040  TsUsbFlt - ok
09:31:31.0144 4040  [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
09:31:31.0160 4040  TsUsbGD - ok
09:31:31.0191 4040  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
09:31:31.0207 4040  tunnel - ok
09:31:31.0222 4040  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
09:31:31.0222 4040  uagp35 - ok
09:31:31.0254 4040  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
09:31:31.0269 4040  udfs - ok
09:31:31.0347 4040  [ 30B78A6296127B7A793CF42CA61B29B0 ] UI Assistant Service C:\Program Files (x86)\Join Air\AssistantServices.exe
09:31:31.0363 4040  UI Assistant Service - ok
09:31:31.0394 4040  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
09:31:31.0410 4040  UI0Detect - ok
09:31:31.0472 4040  [ 4AD47E4A6AEBB8D2D54414BCDAC0AA38 ] ui11drdr        C:\Windows\system32\DRIVERS\ui11drdr.sys
09:31:31.0550 4040  ui11drdr - ok
09:31:31.0566 4040  [ 5357F9507B59C831C5CD79F1F6374A5E ] UimBus          C:\Windows\system32\DRIVERS\uimx64.sys
09:31:31.0612 4040  UimBus - ok
09:31:31.0644 4040  [ 001402EA0FB543F77F91090130FD029D ] Uim_IM          C:\Windows\system32\Drivers\Uim_IMx64.sys
09:31:31.0706 4040  Uim_IM - ok
09:31:31.0722 4040  [ E75B35EEBC923B6DB2DBEA52E71A7892 ] Uim_VIM         C:\Windows\system32\Drivers\uim_vimx64.sys
09:31:31.0753 4040  Uim_VIM - ok
09:31:31.0784 4040  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
09:31:31.0800 4040  uliagpkx - ok
09:31:31.0815 4040  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
09:31:31.0815 4040  umbus - ok
09:31:31.0846 4040  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
09:31:31.0846 4040  UmPass - ok
09:31:31.0909 4040  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
09:31:31.0956 4040  upnphost - ok
09:31:31.0971 4040  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
09:31:31.0987 4040  usbccgp - ok
09:31:32.0002 4040  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
09:31:32.0002 4040  usbcir - ok
09:31:32.0034 4040  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
09:31:32.0034 4040  usbehci - ok
09:31:32.0080 4040  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\drivers\usbhub.sys
09:31:32.0096 4040  usbhub - ok
09:31:32.0096 4040  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
09:31:32.0112 4040  usbohci - ok
09:31:32.0112 4040  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\drivers\usbprint.sys
09:31:32.0127 4040  usbprint - ok
09:31:32.0143 4040  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:31:32.0143 4040  USBSTOR - ok
09:31:32.0158 4040  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
09:31:32.0158 4040  usbuhci - ok
09:31:32.0174 4040  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
09:31:32.0190 4040  usbvideo - ok
09:31:32.0205 4040  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
09:31:32.0236 4040  UxSms - ok
09:31:32.0252 4040  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
09:31:32.0268 4040  VaultSvc - ok
09:31:32.0283 4040  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
09:31:32.0283 4040  vdrvroot - ok
09:31:32.0299 4040  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
09:31:32.0330 4040  vds - ok
09:31:32.0346 4040  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
09:31:32.0346 4040  vga - ok
09:31:32.0377 4040  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
09:31:32.0392 4040  VgaSave - ok
09:31:32.0439 4040  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
09:31:32.0455 4040  vhdmp - ok
09:31:32.0470 4040  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
09:31:32.0470 4040  viaide - ok
09:31:32.0502 4040  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
09:31:32.0502 4040  volmgr - ok
09:31:32.0533 4040  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
09:31:32.0548 4040  volmgrx - ok
09:31:32.0580 4040  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
09:31:32.0595 4040  volsnap - ok
09:31:32.0595 4040  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
09:31:32.0611 4040  vsmraid - ok
09:31:32.0689 4040  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
09:31:32.0720 4040  VSS - ok
09:31:32.0736 4040  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
09:31:32.0736 4040  vwifibus - ok
09:31:32.0751 4040  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
09:31:32.0767 4040  vwififlt - ok
09:31:32.0782 4040  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
09:31:32.0798 4040  vwifimp - ok
09:31:32.0814 4040  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
09:31:32.0845 4040  W32Time - ok
09:31:32.0860 4040  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
09:31:32.0892 4040  WacomPen - ok
09:31:32.0907 4040  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
09:31:32.0938 4040  WANARP - ok
09:31:32.0938 4040  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
09:31:32.0970 4040  Wanarpv6 - ok
09:31:33.0016 4040  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
09:31:33.0032 4040  wbengine - ok
09:31:33.0048 4040  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
09:31:33.0063 4040  WbioSrvc - ok
09:31:33.0079 4040  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
09:31:33.0094 4040  wcncsvc - ok
09:31:33.0126 4040  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
09:31:33.0141 4040  WcsPlugInService - ok
09:31:33.0172 4040  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
09:31:33.0172 4040  Wd - ok
09:31:33.0219 4040  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
09:31:33.0235 4040  Wdf01000 - ok
09:31:33.0266 4040  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
09:31:33.0297 4040  WdiServiceHost - ok
09:31:33.0297 4040  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
09:31:33.0313 4040  WdiSystemHost - ok
09:31:33.0328 4040  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
09:31:33.0344 4040  WebClient - ok
09:31:33.0360 4040  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
09:31:33.0391 4040  Wecsvc - ok
09:31:33.0406 4040  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
09:31:33.0438 4040  wercplsupport - ok
09:31:33.0453 4040  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
09:31:33.0469 4040  WerSvc - ok
09:31:33.0484 4040  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
09:31:33.0516 4040  WfpLwf - ok
09:31:33.0547 4040  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
09:31:33.0547 4040  WIMMount - ok
09:31:33.0578 4040  WinDefend - ok
09:31:33.0594 4040  WinHttpAutoProxySvc - ok
09:31:33.0672 4040  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
09:31:33.0687 4040  Winmgmt - ok
09:31:33.0765 4040  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
09:31:33.0812 4040  WinRM - ok
09:31:33.0906 4040  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
09:31:33.0937 4040  Wlansvc - ok
09:31:33.0984 4040  [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
09:31:33.0984 4040  wlcrasvc - ok
09:31:34.0124 4040  [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
09:31:34.0155 4040  wlidsvc - ok
09:31:34.0171 4040  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
09:31:34.0171 4040  WmiAcpi - ok
09:31:34.0249 4040  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
09:31:34.0249 4040  wmiApSrv - ok
09:31:34.0264 4040  WMPNetworkSvc - ok
09:31:34.0389 4040  [ 94D96F43F7FBECDDEB6D7837FF375611 ] WO_LiveService  C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 9\LiveTunerService.exe
09:31:34.0452 4040  WO_LiveService - ok
09:31:34.0483 4040  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
09:31:34.0483 4040  WPCSvc - ok
09:31:34.0514 4040  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
09:31:34.0514 4040  WPDBusEnum - ok
09:31:34.0530 4040  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
09:31:34.0545 4040  ws2ifsl - ok
09:31:34.0561 4040  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\system32\wscsvc.dll
09:31:34.0576 4040  wscsvc - ok
09:31:34.0592 4040  WSearch - ok
09:31:34.0623 4040  [ 82E8F5AA03DF7DBDB8A33F700D5D8CDA ] wsvd            C:\Windows\system32\DRIVERS\wsvd.sys
09:31:34.0654 4040  wsvd - ok
09:31:34.0732 4040  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
09:31:34.0764 4040  wuauserv - ok
09:31:34.0795 4040  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
09:31:34.0795 4040  WudfPf - ok
09:31:34.0810 4040  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
09:31:34.0826 4040  WUDFRd - ok
09:31:34.0857 4040  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
09:31:34.0873 4040  wudfsvc - ok
09:31:34.0904 4040  [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc         C:\Windows\System32\wwansvc.dll
09:31:34.0904 4040  WwanSvc - ok
09:31:35.0138 4040  [ 5BCB1F6CB749B6826BE1C0F16FF2F600 ] ZeroConfigService C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
09:31:35.0169 4040  ZeroConfigService - ok
09:31:35.0216 4040  [ FF5A03A65B68DB7E02A12880399D40D4 ] ZTEusbmdm6k     C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
09:31:35.0232 4040  ZTEusbmdm6k - ok
09:31:35.0263 4040  [ FF5A03A65B68DB7E02A12880399D40D4 ] ZTEusbnmea      C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
09:31:35.0263 4040  ZTEusbnmea - ok
09:31:35.0310 4040  [ FF5A03A65B68DB7E02A12880399D40D4 ] ZTEusbser6k     C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
09:31:35.0325 4040  ZTEusbser6k - ok
09:31:35.0372 4040  ================ Scan global ===============================
09:31:35.0419 4040  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
09:31:35.0450 4040  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
09:31:35.0466 4040  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
09:31:35.0481 4040  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
09:31:35.0512 4040  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
09:31:35.0512 4040  [Global] - ok
09:31:35.0512 4040  ================ Scan MBR ==================================
09:31:35.0528 4040  [ 4624822E540EC83CD0819525C65846BA ] \Device\Harddisk0\DR0
09:31:37.0213 4040  \Device\Harddisk0\DR0 - ok
09:31:37.0213 4040  ================ Scan VBR ==================================
09:31:37.0213 4040  [ 7D35D0AC034ACCC08154A4C5E3FA97A8 ] \Device\Harddisk0\DR0\Partition1
09:31:37.0213 4040  \Device\Harddisk0\DR0\Partition1 - ok
09:31:37.0244 4040  [ 9374BACCE2DE4F03C0C83079096FE13E ] \Device\Harddisk0\DR0\Partition2
09:31:37.0244 4040  \Device\Harddisk0\DR0\Partition2 - ok
09:31:37.0260 4040  [ 30A3D46D3A456CAE9083F1248960E49B ] \Device\Harddisk0\DR0\Partition3
09:31:37.0260 4040  \Device\Harddisk0\DR0\Partition3 - ok
09:31:37.0260 4040  ============================================================
09:31:37.0260 4040  Scan finished
09:31:37.0260 4040  ============================================================
09:31:37.0260 5928  Detected object count: 10
09:31:37.0260 5928  Actual detected object count: 10
09:31:42.0876 5928  ampa ( UnsignedFile.Multi.Generic ) - skipped by user
09:31:42.0876 5928  ampa ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:31:42.0876 5928  DAZContentManagementService ( UnsignedFile.Multi.Generic ) - skipped by user
09:31:42.0876 5928  DAZContentManagementService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:31:42.0876 5928  ddmdrv ( UnsignedFile.Multi.Generic ) - skipped by user
09:31:42.0876 5928  ddmdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:31:42.0876 5928  FirebirdGuardianDefaultInstance ( UnsignedFile.Multi.Generic ) - skipped by user
09:31:42.0876 5928  FirebirdGuardianDefaultInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:31:42.0876 5928  FirebirdServerDefaultInstance ( UnsignedFile.Multi.Generic ) - skipped by user
09:31:42.0876 5928  FirebirdServerDefaultInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:31:42.0876 5928  GFilterSvc ( UnsignedFile.Multi.Generic ) - skipped by user
09:31:42.0876 5928  GFilterSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:31:42.0876 5928  GFNEXSrv ( UnsignedFile.Multi.Generic ) - skipped by user
09:31:42.0876 5928  GFNEXSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:31:42.0876 5928  Intel(R) Capability Licensing Service Interface ( UnsignedFile.Multi.Generic ) - skipped by user
09:31:42.0876 5928  Intel(R) Capability Licensing Service Interface ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:31:42.0891 5928  SearchAnonymizer ( UnsignedFile.Multi.Generic ) - skipped by user
09:31:42.0891 5928  SearchAnonymizer ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:31:42.0891 5928  SystemStoreService ( UnsignedFile.Multi.Generic ) - skipped by user
09:31:42.0891 5928  SystemStoreService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:31:46.0947 6088  Deinitialize success
         
Gruss
Holly

Alt 11.06.2013, 10:40   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Aufforderung die wssetup.exe von Perion zu starten erscheint nach Rechnerstart ! - Standard

Aufforderung die wssetup.exe von Perion zu starten erscheint nach Rechnerstart !



Hast du MBAR wiederholt laufen lassen? Es soll so lange gescannt werden, bis es keine Rootkits mehr findet.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 11.06.2013, 11:16   #9
HollyT
 
Aufforderung die wssetup.exe von Perion zu starten erscheint nach Rechnerstart ! - Standard

Aufforderung die wssetup.exe von Perion zu starten erscheint nach Rechnerstart !



habe MBAR zweimal durchfaufen lassen !

hier die 2. Log-Datei:

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.06.0.1003
www.malwarebytes.org

Database version: v2013.06.10.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16576
Holly Thomas :: HOLLYTHOMAS-PC [administrator]

10.06.2013 19:56:46
mbar-log-2013-06-10 (19-56-46).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: Deep Anti-Rootkit Scan | PUP
Objects scanned: 265371
Time elapsed: 9 minute(s), 51 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         

Alt 11.06.2013, 12:00   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Aufforderung die wssetup.exe von Perion zu starten erscheint nach Rechnerstart ! - Standard

Aufforderung die wssetup.exe von Perion zu starten erscheint nach Rechnerstart !



JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 11.06.2013, 13:28   #11
HollyT
 
Aufforderung die wssetup.exe von Perion zu starten erscheint nach Rechnerstart ! - Standard

Aufforderung die wssetup.exe von Perion zu starten erscheint nach Rechnerstart !



Hier die Logfiles

Junkware Removal Tool:
HINWEIS: Während des Scans öffnete sich wieder ein Hinweisfenster
Fensterüberschrift: Explorer.EXE
Meldung: Der Datei ist kein Programm zum Ausführen dieser Aktion zugeordnet. Installieren Sie ein entsprechendes Programm, oder erstellen Sie in der Systemsteuerung unter "Standartprogramme" eine Zuordnung, wenn bereits ein Programm installiert ist
Nach drücken des "OK" Buttons lief der Scan weiter

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by Holly Thomas on 11.06.2013 at 12:41:55.58
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Failed to stop: [Service] ibupdaterservice 



~~~ Registry Values



~~~ Registry Keys

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\datamngr
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\iminent
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\datamngr



~~~ Files



~~~ Folders

Failed to delete: [Folder] "C:\Program Files (x86)\iminent"
Failed to delete: [Folder] "C:\Program Files (x86)\software4u"
Failed to delete: [Folder] "C:\Program Files (x86)\sweetim"
Failed to delete: [Folder] "C:\Program Files (x86)\Common Files\spigot"



~~~ FireFox

Emptied folder: C:\Users\Holly Thomas\AppData\Roaming\mozilla\firefox\profiles\k23g37x1.default\minidumps [5 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 11.06.2013 at 12:44:05.99
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
AdwCleaner:

Code:
ATTFilter
# AdwCleaner v2.303 - Datei am 11/06/2013 um 12:50:25 erstellt
# Aktualisiert am 08/06/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Holly Thomas - HOLLYTHOMAS-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Holly Thomas\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****

Gestoppt & Gelöscht : GFilterSvc
Gestoppt & Gelöscht : IBUpdaterService
Gestoppt & Gelöscht : SearchAnonymizer

***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Windows\Tasks\AmiUpdXp.job
Datei Gelöscht : C:\Windows\Tasks\DSite.job
Ordner Gelöscht : C:\Program Files (x86)\Ad Optimizer (am) v2
Ordner Gelöscht : C:\Program Files (x86)\Common Files\spigot
Ordner Gelöscht : C:\Program Files (x86)\Iminent
Ordner Gelöscht : C:\Program Files (x86)\IObit Apps Toolbar
Ordner Gelöscht : C:\Program Files (x86)\software4u
Ordner Gelöscht : C:\Program Files (x86)\SweetIM
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent
Ordner Gelöscht : C:\Users\Holly Thomas\AppData\Local\Ad Optimizer (am) v2
Ordner Gelöscht : C:\Users\Holly Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\eaapdpmcjlaghfomgnghcphammlfnhbp
Ordner Gelöscht : C:\Users\Holly Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Ordner Gelöscht : C:\Users\Holly Thomas\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\Holly Thomas\AppData\Roaming\DesktopIconForAmazon
Ordner Gelöscht : C:\Users\Holly Thomas\AppData\Roaming\DSite
Ordner Gelöscht : C:\Users\Holly Thomas\AppData\Roaming\HELPER
Ordner Gelöscht : C:\Users\Holly Thomas\AppData\Roaming\OCS
Ordner Gelöscht : C:\Windows\Installer\{118D6CE9-5F18-42F9-958A-14676A629FDE}
Ordner Gelöscht : C:\Windows\Installer\{7683B745-6060-41FD-AA75-0BBB383FEAD4}
Ordner Gelöscht : C:\Windows\Installer\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}
Ordner Gelöscht : C:\Windows\SysWOW64\WNLT

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Delta
Schlüssel Gelöscht : HKCU\Software\Iminent
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{206a7328-437f-4bd9-b53e-12bfee24d588}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Search Settings
Schlüssel Gelöscht : HKCU\Software\WNLT
Schlüssel Gelöscht : HKCU\Software\596da8ab76fbf41
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\Delta
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Schlüssel Gelöscht : HKLM\Software\Search Settings
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fmfnfnpmhcllokmkepffndflpnadjmma
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0AF350D9-3916-454B-AC53-0B0B65F41301}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF7BD87A-8024-11E2-F316-F3E56188709B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{118D6CE9-5F18-42F9-958A-14676A629FDE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7683B745-6060-41FD-AA75-0BBB383FEAD4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D85FFE92-BF14-4E9B-BCCD-E5C16069E65F}_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E55E7026-EF2A-4A17-AAA7-DB98EA3FD1B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WNLT
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DesktopIconAmazon
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchAnonymizer
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [BrowserMngr Start Page]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [BrowserMngrDefaultScope]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{03EB0E9C-7A91-4381-A220-9B52B641CDB1}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{03EB0E9C-7A91-4381-A220-9B52B641CDB1}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}]

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16576

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v21.0 (de)

Datei : C:\Users\Holly Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\k23g37x1.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v27.0.1453.110

Datei : C:\Users\Holly Thomas\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [389 octets] - [11/06/2013 12:50:14]
AdwCleaner[S2].txt - [7228 octets] - [11/06/2013 12:50:25]

########## EOF - C:\AdwCleaner[S2].txt - [7288 octets] ##########
         
OTL:

Code:
ATTFilter
OTL logfile created on: 11.06.2013 12:59:44 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Holly Thomas\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5.90 Gb Total Physical Memory | 4.10 Gb Available Physical Memory | 69.44% Memory free
11.80 Gb Paging File | 9.87 Gb Available in Paging File | 83.71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 439.45 Gb Total Space | 379.18 Gb Free Space | 86.28% Space Free | Partition Type: NTFS
Drive D: | 258.08 Gb Total Space | 190.77 Gb Free Space | 73.92% Space Free | Partition Type: NTFS
 
Computer Name: HOLLYTHOMAS-PC | User Name: Holly Thomas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Holly Thomas\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
PRC - C:\Program Files (x86)\Steganos Online Shield\OnlineShieldService.exe (Steganos Software GmbH)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe (Firebird Project)
PRC - C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe (Firebird Project)
PRC - C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 9\LiveTunerService.exe ()
PRC - C:\Program Files (x86)\PHotkey\PHotkey.exe ()
PRC - C:\Program Files (x86)\PHotkey\GPMTray.exe (TODO: <公司名稱>)
PRC - C:\Windows\SysWOW64\nlssrv32.exe (Nalpeiron Ltd.)
PRC - C:\Program Files (x86)\Join Air\UIExec.exe ()
PRC - C:\Program Files (x86)\Join Air\AssistantServices.exe ()
PRC - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Program Files (x86)\PHotkey\MsgTranAgt.exe ()
PRC - C:\Program Files (x86)\PHotkey\ASLDRSrv.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servf73e6522#\5829bdd91a092eefbd310a54965e4d05\System.ServiceModel.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\ae4ece84c702ac6c77ad3d9fefb460da\System.IdentityModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\48c8bc21c2933feb49fe400a1a5d5fda\System.ServiceModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\ac75f3ab477cbd11c9b006da280d4afc\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\213a5e78cf78cb4643782fbbe4749631\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\cd135f4c2e6e3fb8c1932939c04904e2\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\f1d702efac188b6774d5134b13fc341a\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\130613a664d9a4237b5b22c3c80f6d96\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\186f94773130bc17c5b86c0c7d491a91\System.Runtime.Serialization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\ff27928194bf78f0cd9eaecd152d3b1a\SMDiagnostics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\f31ac8665f9f5d8e6ad4abd29f913386\System.ServiceModel.Internals.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\d8e2d3037c3d36f5a7c763970400e79c\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\84371136df209abcd5fbf89db89f2e97\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\506bcca8d286f754825f3f1b0bf64894\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll ()
MOD - C:\Program Files (x86)\Join Air\UIExec.exe ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (PSI_SVC_2_x64) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe File not found
SRV:64bit: - (cFosSpeedS) -- C:\Program Files\cFosSpeed\spd.exe (cFos Software GmbH)
SRV:64bit: - (IAStorDataMgrSvc) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV:64bit: - (SbieSvc) -- C:\Program Files\Sandboxie\SbieSvc.exe (SANDBOXIE L.T.D)
SRV:64bit: - (Intel(R) -- C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe (Intel(R) Corporation)
SRV:64bit: - (Intel(R) -- C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation)
SRV:64bit: - (ZeroConfigService) -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Intel® Corporation)
SRV:64bit: - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe ()
SRV:64bit: - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV:64bit: - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV:64bit: - (BTHSSecurityMgr) -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel(R) Corporation)
SRV:64bit: - (AMPPALR3) -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel Corporation)
SRV:64bit: - (DAZContentManagementService) -- C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe ()
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (O&O CleverCache) -- C:\Program Files\OO Software\CleverCache\ooccag.exe (O&O Software GmbH)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
SRV - (Online Shield Starter Service) -- C:\Program Files (x86)\Steganos Online Shield\OnlineShieldService.exe (Steganos Software GmbH)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (Soda PDF 5 Helper Service) -- C:\Program Files (x86)\Soda PDF 5\HelperService.exe (LULU Software)
SRV - (Soda PDF 5 Service) -- C:\Program Files (x86)\Soda PDF 5\ConversionService.exe (LULU Software)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
SRV - (SystemStoreService) -- C:\Program Files (x86)\SelfUpdater\SystemStore.exe ()
SRV - (Bluetooth OBEX Service) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Motorola Solutions, Inc.)
SRV - (Bluetooth Media Service) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Motorola Solutions, Inc.)
SRV - (Bluetooth Device Monitor) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Motorola Solutions, Inc.)
SRV - (FirebirdGuardianDefaultInstance) -- C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe (Firebird Project)
SRV - (FirebirdServerDefaultInstance) -- C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe (Firebird Project)
SRV - (IconMan_R) -- C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe (Realsil Microelectronics Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (WO_LiveService) -- C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 9\LiveTunerService.exe ()
SRV - (ICCS) -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe (Intel Corporation)
SRV - (GFNEXSrv) -- C:\Program Files (x86)\PHotkey\GFNEXSrv.exe ()
SRV - (MemeoBackgroundService) -- C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe (Memeo)
SRV - (nlsX86cc) -- C:\Windows\SysWOW64\nlssrv32.exe (Nalpeiron Ltd.)
SRV - (UI Assistant Service) -- C:\Program Files (x86)\Join Air\AssistantServices.exe ()
SRV - (PSI_SVC_2) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (ASLDRService) -- C:\Program Files (x86)\PHotkey\ASLDRSrv.exe ()
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (kneps) -- C:\Windows\SysNative\drivers\kneps.sys (Kaspersky Lab ZAO)
DRV:64bit: - (kltdi) -- C:\Windows\SysNative\drivers\kltdi.sys (Kaspersky Lab ZAO)
DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab)
DRV:64bit: - (klkbdflt) -- C:\Windows\SysNative\drivers\klkbdflt.sys (Kaspersky Lab)
DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab ZAO)
DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (cFosSpeed) -- C:\Windows\SysNative\drivers\cfosspeed6.sys (cFos Software GmbH)
DRV:64bit: - (tbhsd) -- C:\Windows\SysNative\drivers\tbhsd.sys (RapidSolution Software AG)
DRV:64bit: - (RRNetCapMP) -- C:\Windows\SysNative\drivers\rrnetcap.sys (RapidSolution Software AG)
DRV:64bit: - (RRNetCap) -- C:\Windows\SysNative\drivers\rrnetcap.sys (RapidSolution Software AG)
DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project)
DRV:64bit: - (iaStorA) -- C:\Windows\SysNative\drivers\iaStorA.sys (Intel Corporation)
DRV:64bit: - (iaStorF) -- C:\Windows\SysNative\drivers\iaStorF.sys (Intel Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (SbieDrv) -- C:\Program Files\Sandboxie\SbieDrv.sys (SANDBOXIE L.T.D)
DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\Netwsw00.sys (Intel Corporation)
DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation)
DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation)
DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation)
DRV:64bit: - (btmhsf) -- C:\Windows\SysNative\drivers\btmhsf.sys (Motorola Solutions, Inc.)
DRV:64bit: - (btmaux) -- C:\Windows\SysNative\drivers\btmaux.sys (Motorola Solutions, Inc.)
DRV:64bit: - (ui11drdr) -- C:\Windows\SysNative\drivers\ui11drdr.SYS (1&1 Internet AG)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (ibtfltcoex) -- C:\Windows\SysNative\drivers\iBtFltCoex.sys (Intel Corporation)
DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV:64bit: - (kl1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV:64bit: - (UimBus) -- C:\Windows\SysNative\drivers\uimx64.sys (Windows (R) 2000 DDK provider)
DRV:64bit: - (Uim_IM) -- C:\Windows\SysNative\drivers\Uim_IMx64.sys (Paragon)
DRV:64bit: - (Uim_VIM) -- C:\Windows\SysNative\drivers\uim_vimx64.sys (Paragon)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (AMPPALP) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (AMPPAL) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (ampa) -- C:\Windows\SysNative\ampa.sys ()
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (ddmdrv) -- C:\Windows\SysNative\ddmdrv.sys ()
DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (SmartDefragDriver) -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys ()
DRV:64bit: - (RTL8192su) -- C:\Windows\SysNative\drivers\RTL8192su.sys (Realtek Semiconductor Corporation                           )
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (wsvd) -- C:\Windows\SysNative\drivers\wsvd.sys (CyberLink)
DRV:64bit: - (ZTEusbser6k) -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys (ZTE Incorporated)
DRV:64bit: - (ZTEusbnmea) -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys (ZTE Incorporated)
DRV:64bit: - (ZTEusbmdm6k) -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys (ZTE Incorporated)
DRV:64bit: - (massfilter) -- C:\Windows\SysNative\drivers\massfilter.sys (ZTE Incorporated)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (ampa) -- C:\Windows\SysWOW64\ampa.sys ()
DRV - (ddmdrv) -- C:\Windows\SysWOW64\ddmdrv.sys ()
DRV - (LiveTunerPM) -- C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 9\LiveTunerProcessMonitor64.sys ()
DRV - (PEGAGFN) -- C:\Program Files (x86)\PHotkey\PEGAGFN.sys (PEGATRON)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{721061fb-eb79-4568-a03c-3ce26d68dae9}: "URL" = hxxp://de.search.yahoo.com/search/?p={searchTerms}&fr=vc_trans_de_8197
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://startpage24.com
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://startpage24.com
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-1250718090-1537509961-2586294136-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1250718090-1537509961-2586294136-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1250718090-1537509961-2586294136-1001\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-1250718090-1537509961-2586294136-1001\..\SearchScopes\{5A3D93CA-089F-4350-981F-CCD332E30493}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=902615&p={searchTerms}
IE - HKU\S-1-5-21-1250718090-1537509961-2586294136-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E676F6F676C652E636F6D2F7365617263683F713D7B7365617263685465726D737D26726C733D636F6D2E6D6963726F736F66743A7B6C616E67756167657D3A7B72656665727265723A736F757263653F7D2669653D7B696E707574456E636F64696E677D266F653D7B6F7574707574456E636F64696E677D26736F7572636569643D696537&st={searchTerms}&clid=2c5e4066-cfbe-46b7-b6bf-c6798b4bbde2&pid=freewarede&k=0
IE - HKU\S-1-5-21-1250718090-1537509961-2586294136-1001\..\SearchScopes\{721061fb-eb79-4568-a03c-3ce26d68dae9}: "URL" = hxxp://de.search.yahoo.com/search/?p={searchTerms}&fr=vc_trans_de_8197
IE - HKU\S-1-5-21-1250718090-1537509961-2586294136-1001\..\SearchScopes\{9E9583F9-14A1-43B4-AD7A-757768D9C682}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=2c5e4066-cfbe-46b7-b6bf-c6798b4bbde2&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-1250718090-1537509961-2586294136-1001\..\SearchScopes\{A2DC3FEF-AB4D-442c-8517-34EC6E125C8D}: "URL" = hxxp://search.webwebweb.com/index.html?query={searchTerms}&lang={language}&zip=&town=&site=&country=&safe=[safe,off,strict]
IE - HKU\S-1-5-21-1250718090-1537509961-2586294136-1001\..\SearchScopes\{BD5DEC50-F97F-4430-9611-3F635D04F9CC}: "URL" = hxxp://www.google.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E676F6F676C652E636F6D2F7365617263683F713D7B7365617263685465726D737D26726C733D636F6D2E6D6963726F736F66743A7B6C616E67756167657D3A7B72656665727265723A736F757263653F7D2669653D7B696E707574456E636F64696E677D266F653D7B6F7574707574456E636F64696E677D26736F7572636569643D69653726726C7A3D3149374D444E465F64654445353033&st={searchTerms}&clid=2c5e4066-cfbe-46b7-b6bf-c6798b4bbde2&pid=freewarede&k=0
IE - HKU\S-1-5-21-1250718090-1537509961-2586294136-1001\..\SearchScopes\{C02B9DEC-8D4E-4B92-A22D-6903BD8BF1CD}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=2c5e4066-cfbe-46b7-b6bf-c6798b4bbde2&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-1250718090-1537509961-2586294136-1001\..\SearchScopes\{C1B33A0D-1764-42D4-A6F1-B96220D8C9E5}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=2c5e4066-cfbe-46b7-b6bf-c6798b4bbde2&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-1250718090-1537509961-2586294136-1001\..\SearchScopes\{DB729DA9-48FE-43D4-82B0-C5A3D6093CDC}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=2c5e4066-cfbe-46b7-b6bf-c6798b4bbde2&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-1250718090-1537509961-2586294136-1001\..\SearchScopes\{E135BCFE-3973-463C-A5A9-BE82F5BB2B93}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=2c5e4066-cfbe-46b7-b6bf-c6798b4bbde2&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-1250718090-1537509961-2586294136-1001\..\SearchScopes\{E88A2311-BA37-4985-A383-D90109A94239}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=2c5e4066-cfbe-46b7-b6bf-c6798b4bbde2&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-1250718090-1537509961-2586294136-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "https://news.google.de/nwshp?hl=de&tab=wn&pog=false"
FF - prefs.js..extensions.enabledAddons: %7BF8A55C97-3DB6-4961-A81D-0DE0080E53CB%7D:0.9.8
FF - prefs.js..extensions.enabledAddons: %7B19503e42-ca3c-4c27-b1e2-9cdb2170ee34%7D:1.5.5.4
FF - prefs.js..extensions.enabledAddons: anti_banner%40kaspersky.com:13.0.1.4307
FF - prefs.js..extensions.enabledAddons: %7Bd49175b3-3fd8-43b8-b28e-da5d47f3c398%7D:1.0.49
FF - prefs.js..extensions.enabledAddons: foxmarks%40kei.com:4.2.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@startpage24.com/npLin64;Version=4: C:\Program Files (x86)\Startpage24\Plugin\Version_861\firefox\plugins\nplink64.dll (Link64 GmbH)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2013.05.22 12:07:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2013.05.22 12:07:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2013.05.22 12:07:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2013.05.22 12:07:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2013.05.22 12:07:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.05.15 20:20:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.05.15 20:20:43 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2013.04.19 14:12:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Holly Thomas\AppData\Roaming\mozilla\Extensions
[2013.06.07 20:04:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Holly Thomas\AppData\Roaming\mozilla\Firefox\Profiles\k23g37x1.default\extensions
[2013.05.24 14:40:07 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Holly Thomas\AppData\Roaming\mozilla\Firefox\Profiles\k23g37x1.default\extensions\foxmarks@kei.com
[2013.05.14 15:49:29 | 000,350,626 | ---- | M] () (No name found) -- C:\Users\Holly Thomas\AppData\Roaming\mozilla\firefox\profiles\k23g37x1.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
[2013.05.24 14:39:56 | 000,395,933 | ---- | M] () (No name found) -- C:\Users\Holly Thomas\AppData\Roaming\mozilla\firefox\profiles\k23g37x1.default\extensions\{d49175b3-3fd8-43b8-b28e-da5d47f3c398}.xpi
[2013.04.19 14:22:20 | 000,125,320 | ---- | M] () (No name found) -- C:\Users\Holly Thomas\AppData\Roaming\mozilla\firefox\profiles\k23g37x1.default\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}.xpi
[2013.06.10 19:07:46 | 000,002,120 | ---- | M] () -- C:\Users\Holly Thomas\AppData\Roaming\mozilla\firefox\profiles\k23g37x1.default\searchplugins\MyStart.xml
[2013.05.24 16:00:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013.05.24 16:00:48 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013.05.22 12:07:17 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2013\FFEXT\ANTI_BANNER@KASPERSKY.COM
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.de/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin:  (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin:  (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: Java(TM) Platform SE 7 U21 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Startpage24 Startpage (Enabled) = C:\Program Files (x86)\Startpage24\Plugin\Version_861\firefox\plugins\nplink64.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - Extension: Google Docs = C:\Users\Holly Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Holly Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Holly Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google-Suche = C:\Users\Holly Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Modul zur Link-Untersuchung = C:\Users\Holly Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\
CHR - Extension: Sicherer Zahlungsverkehr = C:\Users\Holly Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0\
CHR - Extension: Ebay Shopping Assistant by Spigot = C:\Users\Holly Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj\1.0_0\
CHR - Extension: Domain Error Assistant = C:\Users\Holly Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj\1.1_0\
CHR - Extension: Virtuelle Tastatur = C:\Users\Holly Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4292_0\
CHR - Extension: Savings-Slider = C:\Users\Holly Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.3_0\
CHR - Extension: Amazon Shopping Assistant by Spigot = C:\Users\Holly Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp\1.0_0\
CHR - Extension: Google Mail = C:\Users\Holly Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Anti-Banner = C:\Users\Holly Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0\
 
O1 HOSTS File: ([2013.06.10 14:53:46 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (no name) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - No CLSID value found.
O2:64bit: - BHO: (no name) - {73455575-E40C-433C-9784-C78DC7761455} - No CLSID value found.
O2:64bit: - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - No CLSID value found.
O2:64bit: - BHO: (no name) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - No CLSID value found.
O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2:64bit: - BHO: (no name) - {E33CF602-D945-461A-83F0-819F76A199F8} - No CLSID value found.
O2 - BHO: (no name) - {2e250b90-0e7a-42a3-9d65-e39f9f227fa4} - No CLSID value found.
O2 - BHO: (no name) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - No CLSID value found.
O2 - BHO: (no name) - {73455575-E40C-433C-9784-C78DC7761455} - No CLSID value found.
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - No CLSID value found.
O2 - BHO: (no name) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - No CLSID value found.
O2 - BHO: (no name) - {BBD43808-9D13-4B0B-B023-178FD1FAE442} - No CLSID value found.
O2 - BHO: (no name) - {C737F472-1193-4281-BF53-A00B67AB3E19} - No CLSID value found.
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2 - BHO: (no name) - {E33CF602-D945-461A-83F0-819F76A199F8} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {353e2a48-6254-4bd3-88f4-3b51a0ca7870} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {F335ABA2-FDB4-4644-92B2-5CC4B0FC91D6} - No CLSID value found.
O3 - HKU\S-1-5-21-1250718090-1537509961-2586294136-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [BLEServicesCtrl] C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll (Motorola Solutions, Inc.)
O4:64bit: - HKLM..\Run: [cFosSpeed] C:\Program Files\cFosSpeed\cFosSpeed.exe (cFos Software GmbH)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Ocs_SM] C:\Users\Holly Thomas\AppData\Roaming\OCS\SM\SearchAnonymizer.exe File not found
O4:64bit: - HKLM..\Run: [ooccctrl.exe] C:\Program Files\OO Software\CleverCache\ooccctrl.exe (O&O Software GmbH)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [UIExec] C:\Program Files (x86)\Join Air\UIExec.exe ()
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKU\S-1-5-21-1250718090-1537509961-2586294136-1001..\Run: [1&1_1&1 Office-Drive Manager] C:\Program Files (x86)\1&1\1&1 Office-Drive Manager\DAVSRV.EXE (1&1 Internet AG)
O4 - HKU\S-1-5-21-1250718090-1537509961-2586294136-1001..\Run: [Power2GoExpress] NA File not found
O4 - HKU\S-1-5-21-1250718090-1537509961-2586294136-1001..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - HKU\S-1-5-21-1250718090-1537509961-2586294136-1001..\Run: [Software4u-System Observer] C:\Program Files (x86)\Software4u\Registry CleanUP 5\Software4u.SCObserver.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1250718090-1537509961-2586294136-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1250718090-1537509961-2586294136-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-21-1250718090-1537509961-2586294136-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-21-1250718090-1537509961-2586294136-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-21-1250718090-1537509961-2586294136-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: An Bluetooth senden - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm ()
O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
O8 - Extra context menu item: An Bluetooth senden - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm ()
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
O9:64bit: - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9:64bit: - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9:64bit: - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - Reg Error: Key error. File not found
O9:64bit: - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - Reg Error: Key error. File not found
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - Reg Error: Key error. File not found
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - Reg Error: Key error. File not found
O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - Reg Error: Key error. File not found
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Reg Error: Key error.)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Reg Error: Key error.)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EA097411-4510-4DFA-B6A7-5381BC083969}: DhcpNameServer = 8.8.8.8
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (SmartDefragBootTime.exe)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.11 12:37:09 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.06.11 12:36:50 | 000,000,000 | ---D | C] -- C:\JRT
[2013.06.11 12:35:55 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Holly Thomas\Desktop\JRT.exe
[2013.06.10 16:49:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.06.10 16:29:39 | 000,000,000 | ---D | C] -- C:\Users\Holly Thomas\Desktop\mbar
[2013.06.10 16:27:43 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Holly Thomas\Desktop\aswMBR.exe
[2013.06.10 16:27:37 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Holly Thomas\Desktop\tdsskiller.exe
[2013.06.10 15:08:43 | 000,000,000 | ---D | C] -- C:\Users\Holly Thomas\AppData\Roaming\1&1
[2013.06.10 15:08:43 | 000,000,000 | ---D | C] -- C:\ProgramData\1&1
[2013.06.10 14:53:56 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.06.10 13:03:51 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.06.10 13:03:51 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.06.10 13:03:51 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.06.10 13:03:44 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.06.10 13:03:28 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.06.10 12:55:36 | 005,078,680 | R--- | C] (Swearware) -- C:\Users\Holly Thomas\Desktop\ComboFix.exe
[2013.06.09 20:39:49 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Holly Thomas\Desktop\OTL.exe
[2013.06.07 14:25:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 3.3
[2013.06.07 14:24:46 | 000,000,000 | ---D | C] -- C:\Python33
[2013.06.07 14:18:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.06.07 14:18:29 | 000,263,584 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.06.07 14:18:10 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.06.07 14:18:10 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.06.07 14:18:10 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.06.07 14:17:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013.06.06 20:36:13 | 000,000,000 | ---D | C] -- C:\Users\Holly Thomas\AppData\Roaming\DivX
[2013.06.06 20:24:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus
[2013.06.06 20:24:33 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2013.06.06 20:24:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared
[2013.06.06 20:22:46 | 000,000,000 | ---D | C] -- C:\Users\Holly Thomas\AppData\Roaming\Codec Pack Packages
[2013.06.06 20:22:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ffdshow
[2013.06.06 20:22:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DivX
[2013.06.06 20:22:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid
[2013.06.06 20:22:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ffdshow
[2013.06.06 20:22:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xvid
[2013.06.06 20:22:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter
[2013.06.06 20:22:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DirectVobSub
[2013.06.06 20:22:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DirectVobSub
[2013.06.06 20:22:18 | 000,000,000 | ---D | C] -- C:\Users\Holly Thomas\AppData\Roaming\LavFilters
[2013.06.06 20:22:18 | 000,000,000 | ---D | C] -- C:\Users\Holly Thomas\AppData\Roaming\CDXReader
[2013.06.06 20:22:17 | 000,000,000 | ---D | C] -- C:\Users\Holly Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter
[2013.06.06 20:22:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Haali
[2013.06.06 20:22:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lame For Audacity
[2013.06.06 20:22:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DSP-worx
[2013.06.06 20:22:16 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2013.06.06 20:22:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenSource Flash Video Splitter
[2013.06.05 20:09:02 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\AKVIS
[2013.06.05 20:07:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AKVIS
[2013.06.05 20:07:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AKVIS
[2013.06.05 20:01:42 | 000,000,000 | ---D | C] -- C:\Users\Holly Thomas\AppData\Local\Downloaded Installations
[2013.06.03 20:49:26 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\jmdp
[2013.06.03 20:49:26 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ARFC
[2013.06.03 20:49:23 | 000,033,792 | ---- | C] (IncrediMail, Ltd.) -- C:\Windows\SysNative\ImHttpComm.dll
[2013.06.02 20:23:53 | 000,000,000 | ---D | C] -- C:\Users\Holly Thomas\AppData\Roaming\Task Coach
[2013.06.02 20:13:51 | 000,000,000 | ---D | C] -- C:\Users\Holly Thomas\Documents\Efficient Organizer AutoBackup
[2013.06.01 12:19:22 | 000,000,000 | ---D | C] -- C:\Users\Holly Thomas\AppData\Roaming\XYplorer
[2013.06.01 12:19:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XYplorer
[2013.06.01 12:19:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\XYplorer
[2013.06.01 11:20:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Franzis
[2013.05.27 18:31:18 | 000,000,000 | ---D | C] -- C:\Users\Holly Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\1-abc
[2013.05.27 18:31:18 | 000,000,000 | ---D | C] -- C:\Users\Holly Thomas\AppData\Roaming\1-abc
[2013.05.27 18:31:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\1-abc
[2013.05.27 14:20:31 | 000,000,000 | ---D | C] -- C:\Users\Holly Thomas\AppData\Local\WEKA DVD Interface
[2013.05.22 11:41:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2013
[2013.05.22 11:40:54 | 000,064,856 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\klfphc.dll
[2013.05.22 11:39:45 | 000,000,000 | ---D | C] -- C:\Windows\ELAMBKUP
[2013.05.22 11:39:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2013.05.22 11:39:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2013.05.22 11:39:26 | 000,620,128 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klif.sys
[2013.05.22 11:39:26 | 000,090,208 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klflt.sys
[2013.05.18 11:59:17 | 000,000,000 | ---D | C] -- C:\Users\Holly Thomas\AppData\Roaming\Steganos VPN
[2013.05.18 11:57:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steganos Online Shield
[2013.05.18 11:57:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steganos Online Shield
[2013.05.18 11:57:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steganos
[2013.05.18 11:55:28 | 000,000,000 | ---D | C] -- C:\Users\Holly Thomas\AppData\Roaming\Steganos
[2013.05.16 11:58:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013.05.16 00:03:50 | 002,653,696 | ---- | C] (Python Software Foundation) -- C:\Windows\SysWow64\python33.dll
[2013.05.16 00:03:06 | 000,094,208 | ---- | C] (Python Software Foundation) -- C:\Windows\pyw.exe
[2013.05.16 00:03:06 | 000,093,696 | ---- | C] (Python Software Foundation) -- C:\Windows\py.exe
[2013.05.15 21:08:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.0
[2013.05.15 20:20:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2013.05.15 19:49:15 | 000,000,000 | ---D | C] -- C:\Users\Holly Thomas\AppData\Roaming\MS-Buchhalter
[2013.05.15 19:49:15 | 000,000,000 | ---D | C] -- C:\ProgramData\MS-Buchhalter
[2013.05.15 19:49:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MS-Buchhalter Start
[2013.05.15 19:49:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MS-Buchhalter
[2013.05.15 19:07:58 | 000,000,000 | ---D | C] -- C:\Users\Holly Thomas\hob_jportal
[2013.05.15 16:54:32 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.05.15 16:54:32 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.05.15 16:54:32 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.05.15 16:54:31 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.05.15 16:54:31 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.05.15 16:54:31 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.05.15 16:54:31 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013.05.15 16:54:31 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013.05.15 16:54:31 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013.05.15 16:54:31 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.05.15 16:54:31 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013.05.15 16:54:31 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.05.15 16:54:29 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.05.15 16:54:29 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.05.15 16:54:28 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.05.15 14:49:44 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2013.05.15 14:49:44 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2013.05.15 14:49:30 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2013.05.15 14:49:30 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2013.05.15 14:49:29 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2013.05.15 14:49:29 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2013.05.15 14:49:26 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll
[2013.05.15 14:30:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ProSaldo
[2013.05.15 12:59:54 | 000,000,000 | ---D | C] -- C:\Users\Holly Thomas\Documents\ProSaldo
[2013.05.15 12:58:13 | 000,000,000 | ---D | C] -- C:\Users\Holly Thomas\AppData\Local\ProSaldo
[2013.05.15 12:56:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ProSaldo
[2013.05.14 19:11:58 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEUDINIT.EXE
[2013.05.14 19:06:23 | 001,054,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013.05.14 19:06:23 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013.05.14 19:06:23 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013.05.14 19:06:23 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013.05.14 19:06:23 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013.05.14 19:06:23 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013.05.14 19:06:23 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013.05.14 19:06:23 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013.05.14 19:06:23 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.05.14 19:06:23 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013.05.14 19:06:22 | 001,509,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.05.14 19:06:22 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.05.14 19:06:22 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013.05.14 19:06:22 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013.05.14 19:06:22 | 000,905,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013.05.14 19:06:22 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013.05.14 19:06:22 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013.05.14 19:06:22 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.05.14 19:06:22 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013.05.14 19:06:22 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013.05.14 19:06:22 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013.05.14 19:06:22 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013.05.14 19:06:22 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.05.14 19:06:22 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.05.14 19:06:22 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013.05.14 19:06:22 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013.05.14 19:06:22 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.05.14 19:06:22 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013.05.14 19:06:22 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013.05.14 19:06:22 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013.05.14 19:06:22 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.05.14 19:06:22 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013.05.14 19:06:22 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013.05.14 19:06:22 | 000,125,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013.05.14 19:06:22 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013.05.14 19:06:22 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013.05.14 19:06:22 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013.05.14 19:06:22 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.05.14 19:06:22 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013.05.14 19:06:22 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013.05.14 19:06:22 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013.05.14 19:06:22 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013.05.14 19:06:22 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013.05.14 19:06:22 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013.05.14 19:06:22 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013.05.14 19:06:22 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013.05.14 19:06:22 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013.05.14 19:06:22 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013.05.14 19:06:22 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013.05.14 19:06:22 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013.05.14 19:06:22 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013.05.14 19:06:22 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013.05.14 19:06:22 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.11 13:00:17 | 000,016,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.11 13:00:17 | 000,016,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.11 12:57:13 | 001,624,178 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.06.11 12:57:13 | 000,700,736 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.06.11 12:57:13 | 000,655,534 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.06.11 12:57:13 | 000,150,342 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.06.11 12:57:13 | 000,122,904 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.06.11 12:57:12 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.06.11 12:53:31 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.06.11 12:53:29 | 000,000,264 | ---- | M] () -- C:\Windows\tasks\PC Fresh.job
[2013.06.11 12:52:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.11 12:51:51 | 455,733,247 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.11 12:12:34 | 000,648,201 | ---- | M] () -- C:\Users\Holly Thomas\Desktop\adwcleaner.exe
[2013.06.11 12:12:00 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Holly Thomas\Desktop\JRT.exe
[2013.06.11 12:11:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.10 20:55:38 | 000,000,512 | ---- | M] () -- C:\Users\Holly Thomas\Desktop\MBR.dat
[2013.06.10 16:22:24 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Holly Thomas\Desktop\tdsskiller.exe
[2013.06.10 16:21:18 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Holly Thomas\Desktop\aswMBR.exe
[2013.06.10 14:53:46 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.06.10 12:55:56 | 005,078,680 | R--- | M] (Swearware) -- C:\Users\Holly Thomas\Desktop\ComboFix.exe
[2013.06.10 11:08:33 | 791,311,310 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.06.10 09:57:36 | 000,377,856 | ---- | M] () -- C:\Users\Holly Thomas\Desktop\gmer_2.1.19163.exe
[2013.06.10 09:54:38 | 000,000,000 | ---- | M] () -- C:\Users\Holly Thomas\defogger_reenable
[2013.06.10 09:54:04 | 000,050,477 | ---- | M] () -- C:\Users\Holly Thomas\Desktop\Defogger.exe
[2013.06.09 20:39:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Holly Thomas\Desktop\OTL.exe
[2013.06.07 16:22:38 | 000,000,418 | ---- | M] () -- C:\Windows\tasks\One-Click Optimizer.job
[2013.06.07 14:17:55 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.06.07 14:17:53 | 000,263,584 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.06.07 14:17:53 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.06.07 14:17:53 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.06.07 14:17:52 | 000,866,720 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npdeployJava1.dll
[2013.06.07 14:17:52 | 000,788,896 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013.06.06 20:24:57 | 000,001,182 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2013.06.06 20:22:14 | 000,002,003 | ---- | M] () -- C:\Windows\unins000.dat
[2013.06.06 20:22:05 | 000,715,038 | ---- | M] () -- C:\Windows\unins000.exe
[2013.06.06 19:40:33 | 000,001,714 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2013.06.05 20:07:18 | 000,000,945 | ---- | M] () -- C:\Users\Public\Desktop\AKVIS Sketch.lnk
[2013.06.04 14:07:03 | 000,004,583 | ---- | M] () -- C:\Users\Holly Thomas\AppData\Local\recently-used.xbel
[2013.06.03 21:12:33 | 001,851,392 | ---- | M] () -- C:\Users\Holly Thomas\Documents\MyCalendar.ecfx
[2013.06.02 20:19:23 | 001,851,392 | ---- | M] () -- C:\Users\Holly Thomas\Documents\MyDiary.edfx
[2013.06.01 18:43:12 | 000,001,430 | ---- | M] () -- C:\Users\Holly Thomas\Desktop\XYplorer.lnk
[2013.05.22 12:07:16 | 000,178,448 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\kneps.sys
[2013.05.22 12:07:15 | 000,055,056 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\kltdi.sys
[2013.05.22 12:07:15 | 000,029,528 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klmouflt.sys
[2013.05.22 12:07:15 | 000,029,016 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klkbdflt.sys
[2013.05.22 12:07:14 | 000,620,128 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klif.sys
[2013.05.22 12:07:14 | 000,090,208 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klflt.sys
[2013.05.21 15:31:12 | 001,447,728 | ---- | M] () -- C:\Windows\SysNative\dmwu.exe
[2013.05.21 15:30:18 | 000,033,792 | ---- | M] (IncrediMail, Ltd.) -- C:\Windows\SysNative\ImHttpComm.dll
[2013.05.16 12:31:15 | 000,002,053 | ---- | M] () -- C:\Users\Holly Thomas\Desktop\DAZ 3D Install Manager 1.lnk
[2013.05.16 00:03:50 | 002,653,696 | ---- | M] (Python Software Foundation) -- C:\Windows\SysWow64\python33.dll
[2013.05.16 00:03:06 | 000,094,208 | ---- | M] (Python Software Foundation) -- C:\Windows\pyw.exe
[2013.05.16 00:03:06 | 000,093,696 | ---- | M] (Python Software Foundation) -- C:\Windows\py.exe
[2013.05.15 17:54:38 | 000,490,240 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.05.15 16:12:50 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.05.15 16:12:50 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.05.14 19:06:23 | 001,054,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013.05.14 19:06:23 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013.05.14 19:06:23 | 000,226,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013.05.14 19:06:23 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013.05.14 19:06:23 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013.05.14 19:06:23 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013.05.14 19:06:23 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013.05.14 19:06:23 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013.05.14 19:06:23 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.05.14 19:06:23 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013.05.14 19:06:22 | 001,509,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.05.14 19:06:22 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.05.14 19:06:22 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013.05.14 19:06:22 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013.05.14 19:06:22 | 000,905,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013.05.14 19:06:22 | 000,762,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013.05.14 19:06:22 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013.05.14 19:06:22 | 000,599,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.05.14 19:06:22 | 000,452,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013.05.14 19:06:22 | 000,441,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013.05.14 19:06:22 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013.05.14 19:06:22 | 000,281,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013.05.14 19:06:22 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.05.14 19:06:22 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.05.14 19:06:22 | 000,216,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013.05.14 19:06:22 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013.05.14 19:06:22 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.05.14 19:06:22 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013.05.14 19:06:22 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013.05.14 19:06:22 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013.05.14 19:06:22 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.05.14 19:06:22 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013.05.14 19:06:22 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013.05.14 19:06:22 | 000,125,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013.05.14 19:06:22 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013.05.14 19:06:22 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013.05.14 19:06:22 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013.05.14 19:06:22 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.05.14 19:06:22 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013.05.14 19:06:22 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013.05.14 19:06:22 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013.05.14 19:06:22 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013.05.14 19:06:22 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013.05.14 19:06:22 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013.05.14 19:06:22 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013.05.14 19:06:22 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013.05.14 19:06:22 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013.05.14 19:06:22 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013.05.14 19:06:22 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013.05.14 19:06:22 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.05.14 19:06:22 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013.05.14 19:06:22 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013.05.14 19:06:22 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013.05.14 19:06:22 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013.05.14 19:06:22 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013.05.12 18:28:33 | 000,010,515 | ---- | M] () -- C:\Windows\Q-Dir.ini
[2 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.06.11 12:35:59 | 000,648,201 | ---- | C] () -- C:\Users\Holly Thomas\Desktop\adwcleaner.exe
[2013.06.10 20:14:22 | 000,000,512 | ---- | C] () -- C:\Users\Holly Thomas\Desktop\MBR.dat
[2013.06.10 13:03:51 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.06.10 13:03:51 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.06.10 13:03:51 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.06.10 13:03:51 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.06.10 13:03:51 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.06.10 09:57:36 | 000,377,856 | ---- | C] () -- C:\Users\Holly Thomas\Desktop\gmer_2.1.19163.exe
[2013.06.10 09:54:38 | 000,000,000 | ---- | C] () -- C:\Users\Holly Thomas\defogger_reenable
[2013.06.10 09:54:03 | 000,050,477 | ---- | C] () -- C:\Users\Holly Thomas\Desktop\Defogger.exe
[2013.06.06 20:24:57 | 000,001,182 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2013.06.06 20:22:30 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2013.06.06 20:22:29 | 000,696,832 | ---- | C] () -- C:\Windows\SysNative\xvidcore.dll
[2013.06.06 20:22:29 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2013.06.06 20:22:29 | 000,255,488 | ---- | C] () -- C:\Windows\SysNative\xvidvfw.dll
[2013.06.06 20:22:29 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2013.06.06 20:22:29 | 000,173,568 | ---- | C] () -- C:\Windows\SysNative\xvid.ax
[2013.06.06 20:22:29 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\xvid.ax
[2013.06.06 20:22:21 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2013.06.06 20:22:13 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll
[2013.06.06 20:22:11 | 000,148,992 | ---- | C] ( ) -- C:\Windows\SysNative\lagarith.dll
[2013.06.06 20:22:09 | 000,715,038 | ---- | C] () -- C:\Windows\unins000.exe
[2013.06.06 20:22:07 | 000,002,003 | ---- | C] () -- C:\Windows\unins000.dat
[2013.06.05 20:07:18 | 000,000,945 | ---- | C] () -- C:\Users\Public\Desktop\AKVIS Sketch.lnk
[2013.06.04 14:07:03 | 000,004,583 | ---- | C] () -- C:\Users\Holly Thomas\AppData\Local\recently-used.xbel
[2013.06.03 20:49:23 | 001,447,728 | ---- | C] () -- C:\Windows\SysNative\dmwu.exe
[2013.06.01 18:42:10 | 000,001,430 | ---- | C] () -- C:\Users\Holly Thomas\Desktop\XYplorer.lnk
[2013.05.14 19:06:22 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.05.14 19:06:22 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013.05.10 16:42:32 | 000,313,918 | ---- | C] () -- C:\Users\Holly Thomas\test.flame
[2013.05.10 16:42:32 | 000,310,980 | ---- | C] () -- C:\Users\Holly Thomas\test.bak
[2013.04.26 21:31:55 | 000,003,584 | ---- | C] () -- C:\Users\Holly Thomas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.04.24 15:52:54 | 000,000,251 | ---- | C] () -- C:\Users\Holly Thomas\AppData\Roaming\gmic_faves
[2013.04.24 15:44:26 | 000,001,392 | ---- | C] () -- C:\Users\Holly Thomas\AppData\Roaming\gmic_sources.cimgz
[2013.04.24 12:52:55 | 000,010,515 | ---- | C] () -- C:\Windows\Q-Dir.ini
[2013.04.23 16:33:55 | 000,000,035 | ---- | C] () -- C:\Users\Holly Thomas\.gtk-bookmarks
[2013.04.22 16:14:16 | 000,000,161 | ---- | C] () -- C:\Users\Holly Thomas\.gtkrc-2.0
[2013.04.19 15:20:36 | 000,002,942 | ---- | C] () -- C:\Users\Holly Thomas\j-wildfire.properties
[2013.04.19 15:20:26 | 000,000,058 | ---- | C] () -- C:\Users\Holly Thomas\j-wildfire-launcher.properties
[2013.04.15 21:28:03 | 000,003,143 | ---- | C] () -- C:\Users\Holly Thomas\Flames.flame
[2013.04.10 16:32:04 | 000,000,046 | ---- | C] () -- C:\Users\Holly Thomas\AppData\Roaming\ApoPluginSrc.dat
[2013.03.27 19:53:12 | 019,587,072 | ---- | C] () -- C:\Windows\SysWow64\igdfcl32.dll
[2013.03.27 19:53:12 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2013.03.27 19:53:12 | 000,103,936 | ---- | C] () -- C:\Windows\SysWow64\igdail32.dll
[2013.03.03 13:52:44 | 000,001,714 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2013.03.02 19:08:27 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\CIUtils.dll
[2013.03.01 19:54:44 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2013.03.01 19:54:44 | 000,110,080 | ---- | C] () -- C:\Windows\SysWow64\advd.dll
[2013.03.01 19:54:44 | 000,023,040 | ---- | C] () -- C:\Windows\SysWow64\auth.dll
[2013.02.03 13:46:24 | 000,012,728 | ---- | C] () -- C:\Windows\SysWow64\ddmdrv.sys
[2013.02.03 13:46:23 | 001,293,240 | ---- | C] () -- C:\Windows\ddmmain.exe
[2013.02.03 13:46:18 | 000,012,728 | ---- | C] () -- C:\Windows\SysWow64\ampa.sys
[2013.02.03 13:46:17 | 001,645,496 | ---- | C] () -- C:\Windows\ampa.exe
[2013.01.27 19:07:13 | 000,000,741 | ---- | C] () -- C:\Windows\ydownloaderlibpr.ini
[2013.01.27 19:06:55 | 000,131,072 | ---- | C] () -- C:\Program Files (x86)\Uninstal.EXE
[2013.01.27 19:06:55 | 000,006,023 | ---- | C] () -- C:\Program Files (x86)\Uninstal.INI
[2013.01.16 11:14:55 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll
[2012.10.10 20:13:58 | 000,002,738 | ---- | C] () -- C:\Users\Holly Thomas\dbSThumb.CFG
[2012.09.28 16:48:23 | 001,598,458 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.09.28 16:38:46 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2012.09.28 12:51:50 | 000,598,780 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin
[2012.09.28 12:51:32 | 000,755,048 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin
[2012.09.27 21:03:37 | 000,000,075 | RHS- | C] () -- C:\Windows\FFSSET.BIN
[2012.03.13 05:53:58 | 000,734,772 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin
[2012.03.13 05:53:56 | 000,559,780 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin
[2012.02.03 07:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:EC77041F
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:054B9966

< End of report >
         

Alt 11.06.2013, 13:52   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Aufforderung die wssetup.exe von Perion zu starten erscheint nach Rechnerstart ! - Standard

Aufforderung die wssetup.exe von Perion zu starten erscheint nach Rechnerstart !



Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
:reg
[-HKEY_LOCAL_MACHINE\Software\datamngr]
[-HKEY_CURRENT_USER\Software\iminent]
[-HKEY_LOCAL_MACHINE\Software\Wow6432Node\datamngr]
:OTL
IE - HKU\S-1-5-21-1250718090-1537509961-2586294136-1001\..\SearchScopes\{5A3D93CA-089F-4350-981F-CCD332E30493}: "URL" = http://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=902615&p={searchTerms}
IE - HKU\S-1-5-21-1250718090-1537509961-2586294136-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E676F6F676C652E636F6D2F7365617263683F713D7B7365617263685465726D737D26726C733D636F6D2E6D6963726F736F66743A7B6C616E67756167657D3A7B72656665727265723A736F757263653F7D2669653D7B696E707574456E636F64696E677D266F653D7B6F7574707574456E636F64696E677D26736F7572636569643D696537&st={searchTerms}&clid=2c5e4066-cfbe-46b7-b6bf-c6798b4bbde2&pid=freewarede&k=0
IE - HKU\S-1-5-21-1250718090-1537509961-2586294136-1001\..\SearchScopes\{721061fb-eb79-4568-a03c-3ce26d68dae9}: "URL" = http://de.search.yahoo.com/search/?p={searchTerms}&fr=vc_trans_de_8197
IE - HKU\S-1-5-21-1250718090-1537509961-2586294136-1001\..\SearchScopes\{9E9583F9-14A1-43B4-AD7A-757768D9C682}: "URL" = http://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=2c5e4066-cfbe-46b7-b6bf-c6798b4bbde2&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-1250718090-1537509961-2586294136-1001\..\SearchScopes\{A2DC3FEF-AB4D-442c-8517-34EC6E125C8D}: "URL" = http://search.webwebweb.com/index.html?query={searchTerms}&lang={language}&zip=&town=&site=&country=&safe=[safe,off,strict]
IE - HKU\S-1-5-21-1250718090-1537509961-2586294136-1001\..\SearchScopes\{BD5DEC50-F97F-4430-9611-3F635D04F9CC}: "URL" = http://www.google.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E676F6F676C652E636F6D2F7365617263683F713D7B7365617263685465726D737D26726C733D636F6D2E6D6963726F736F66743A7B6C616E67756167657D3A7B72656665727265723A736F757263653F7D2669653D7B696E707574456E636F64696E677D266F653D7B6F7574707574456E636F64696E677D26736F7572636569643D69653726726C7A3D3149374D444E465F64654445353033&st={searchTerms}&clid=2c5e4066-cfbe-46b7-b6bf-c6798b4bbde2&pid=freewarede&k=0
IE - HKU\S-1-5-21-1250718090-1537509961-2586294136-1001\..\SearchScopes\{C02B9DEC-8D4E-4B92-A22D-6903BD8BF1CD}: "URL" = http://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=2c5e4066-cfbe-46b7-b6bf-c6798b4bbde2&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-1250718090-1537509961-2586294136-1001\..\SearchScopes\{C1B33A0D-1764-42D4-A6F1-B96220D8C9E5}: "URL" = http://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=2c5e4066-cfbe-46b7-b6bf-c6798b4bbde2&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-1250718090-1537509961-2586294136-1001\..\SearchScopes\{DB729DA9-48FE-43D4-82B0-C5A3D6093CDC}: "URL" = http://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=2c5e4066-cfbe-46b7-b6bf-c6798b4bbde2&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-1250718090-1537509961-2586294136-1001\..\SearchScopes\{E135BCFE-3973-463C-A5A9-BE82F5BB2B93}: "URL" = http://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=2c5e4066-cfbe-46b7-b6bf-c6798b4bbde2&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-1250718090-1537509961-2586294136-1001\..\SearchScopes\{E88A2311-BA37-4985-A383-D90109A94239}: "URL" = http://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=2c5e4066-cfbe-46b7-b6bf-c6798b4bbde2&pid=freewarede&mode=bounce&k=0
[2013.06.10 19:07:46 | 000,002,120 | ---- | M] () -- C:\Users\Holly Thomas\AppData\Roaming\mozilla\firefox\profiles\k23g37x1.default\searchplugins\MyStart.xml
O2:64bit: - BHO: (no name) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - No CLSID value found.
O2:64bit: - BHO: (no name) - {73455575-E40C-433C-9784-C78DC7761455} - No CLSID value found.
O2:64bit: - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - No CLSID value found.
O2:64bit: - BHO: (no name) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - No CLSID value found.
O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2:64bit: - BHO: (no name) - {E33CF602-D945-461A-83F0-819F76A199F8} - No CLSID value found.
O2 - BHO: (no name) - {2e250b90-0e7a-42a3-9d65-e39f9f227fa4} - No CLSID value found.
O2 - BHO: (no name) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - No CLSID value found.
O2 - BHO: (no name) - {73455575-E40C-433C-9784-C78DC7761455} - No CLSID value found.
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - No CLSID value found.
O2 - BHO: (no name) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - No CLSID value found.
O2 - BHO: (no name) - {BBD43808-9D13-4B0B-B023-178FD1FAE442} - No CLSID value found.
O2 - BHO: (no name) - {C737F472-1193-4281-BF53-A00B67AB3E19} - No CLSID value found.
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2 - BHO: (no name) - {E33CF602-D945-461A-83F0-819F76A199F8} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {353e2a48-6254-4bd3-88f4-3b51a0ca7870} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {F335ABA2-FDB4-4644-92B2-5CC4B0FC91D6} - No CLSID value found.
O3 - HKU\S-1-5-21-1250718090-1537509961-2586294136-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKU\S-1-5-21-1250718090-1537509961-2586294136-1001..\Run: [Software4u-System Observer] C:\Program Files (x86)\Software4u\Registry CleanUP 5\Software4u.SCObserver.exe File not found
FF - user.js - File not found
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:EC77041F
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:054B9966
:Files
C:\Program Files (x86)\iminent
C:\Program Files (x86)\software4u
C:\Program Files (x86)\sweetim
C:\Program Files (x86)\Common Files\spigot
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
         
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 11.06.2013, 14:50   #13
HollyT
 
Aufforderung die wssetup.exe von Perion zu starten erscheint nach Rechnerstart ! - Standard

Aufforderung die wssetup.exe von Perion zu starten erscheint nach Rechnerstart !



Logfile nach dem fixen mit OTL:

Code:
ATTFilter
All processes killed
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\Software\datamngr\ not found.
Registry key HKEY_CURRENT_USER\Software\iminent\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Wow6432Node\datamngr\ not found.
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-1250718090-1537509961-2586294136-1001\Software\Microsoft\Internet Explorer\SearchScopes\{5A3D93CA-089F-4350-981F-CCD332E30493}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5A3D93CA-089F-4350-981F-CCD332E30493}\ not found.
Registry key HKEY_USERS\S-1-5-21-1250718090-1537509961-2586294136-1001\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_USERS\S-1-5-21-1250718090-1537509961-2586294136-1001\Software\Microsoft\Internet Explorer\SearchScopes\{721061fb-eb79-4568-a03c-3ce26d68dae9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{721061fb-eb79-4568-a03c-3ce26d68dae9}\ not found.
Registry key HKEY_USERS\S-1-5-21-1250718090-1537509961-2586294136-1001\Software\Microsoft\Internet Explorer\SearchScopes\{9E9583F9-14A1-43B4-AD7A-757768D9C682}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9E9583F9-14A1-43B4-AD7A-757768D9C682}\ not found.
Registry key HKEY_USERS\S-1-5-21-1250718090-1537509961-2586294136-1001\Software\Microsoft\Internet Explorer\SearchScopes\{A2DC3FEF-AB4D-442c-8517-34EC6E125C8D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A2DC3FEF-AB4D-442c-8517-34EC6E125C8D}\ not found.
Registry key HKEY_USERS\S-1-5-21-1250718090-1537509961-2586294136-1001\Software\Microsoft\Internet Explorer\SearchScopes\{BD5DEC50-F97F-4430-9611-3F635D04F9CC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BD5DEC50-F97F-4430-9611-3F635D04F9CC}\ not found.
Registry key HKEY_USERS\S-1-5-21-1250718090-1537509961-2586294136-1001\Software\Microsoft\Internet Explorer\SearchScopes\{C02B9DEC-8D4E-4B92-A22D-6903BD8BF1CD}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C02B9DEC-8D4E-4B92-A22D-6903BD8BF1CD}\ not found.
Registry key HKEY_USERS\S-1-5-21-1250718090-1537509961-2586294136-1001\Software\Microsoft\Internet Explorer\SearchScopes\{C1B33A0D-1764-42D4-A6F1-B96220D8C9E5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C1B33A0D-1764-42D4-A6F1-B96220D8C9E5}\ not found.
Registry key HKEY_USERS\S-1-5-21-1250718090-1537509961-2586294136-1001\Software\Microsoft\Internet Explorer\SearchScopes\{DB729DA9-48FE-43D4-82B0-C5A3D6093CDC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DB729DA9-48FE-43D4-82B0-C5A3D6093CDC}\ not found.
Registry key HKEY_USERS\S-1-5-21-1250718090-1537509961-2586294136-1001\Software\Microsoft\Internet Explorer\SearchScopes\{E135BCFE-3973-463C-A5A9-BE82F5BB2B93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E135BCFE-3973-463C-A5A9-BE82F5BB2B93}\ not found.
Registry key HKEY_USERS\S-1-5-21-1250718090-1537509961-2586294136-1001\Software\Microsoft\Internet Explorer\SearchScopes\{E88A2311-BA37-4985-A383-D90109A94239}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E88A2311-BA37-4985-A383-D90109A94239}\ not found.
C:\Users\Holly Thomas\AppData\Roaming\mozilla\firefox\profiles\k23g37x1.default\searchplugins\MyStart.xml moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{73455575-E40C-433C-9784-C78DC7761455}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73455575-E40C-433C-9784-C78DC7761455}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9E6D0D23-3D72-4A94-AE1F-2D167624E3D9}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9E6D0D23-3D72-4A94-AE1F-2D167624E3D9}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E33CF602-D945-461A-83F0-819F76A199F8}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2e250b90-0e7a-42a3-9d65-e39f9f227fa4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2e250b90-0e7a-42a3-9d65-e39f9f227fa4}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{73455575-E40C-433C-9784-C78DC7761455}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73455575-E40C-433C-9784-C78DC7761455}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9E6D0D23-3D72-4A94-AE1F-2D167624E3D9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9E6D0D23-3D72-4A94-AE1F-2D167624E3D9}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BBD43808-9D13-4B0B-B023-178FD1FAE442}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BBD43808-9D13-4B0B-B023-178FD1FAE442}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C737F472-1193-4281-BF53-A00B67AB3E19}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C737F472-1193-4281-BF53-A00B67AB3E19}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E33CF602-D945-461A-83F0-819F76A199F8}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{353e2a48-6254-4bd3-88f4-3b51a0ca7870} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{353e2a48-6254-4bd3-88f4-3b51a0ca7870}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{F335ABA2-FDB4-4644-92B2-5CC4B0FC91D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F335ABA2-FDB4-4644-92B2-5CC4B0FC91D6}\ not found.
Registry value HKEY_USERS\S-1-5-21-1250718090-1537509961-2586294136-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-21-1250718090-1537509961-2586294136-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Software4u-System Observer deleted successfully.
ADS C:\ProgramData\Temp:EC77041F deleted successfully.
ADS C:\ProgramData\Temp:054B9966 deleted successfully.
========== FILES ==========
File\Folder C:\Program Files (x86)\iminent not found.
File\Folder C:\Program Files (x86)\software4u not found.
File\Folder C:\Program Files (x86)\sweetim not found.
File\Folder C:\Program Files (x86)\Common Files\spigot not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Holly Thomas\Desktop\cmd.bat deleted successfully.
C:\Users\Holly Thomas\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56475 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Holly Thomas
->Temp folder emptied: 91458144 bytes
->Temporary Internet Files folder emptied: 88408784 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 6790049 bytes
->Google Chrome cache emptied: 349511017 bytes
->Flash cache emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56475 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 119808 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 933596 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 1017047 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes
RecycleBin emptied: 13178222 bytes
 
Total Files Cleaned = 526.00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 06112013_142823

Files\Folders moved on Reboot...
C:\Users\Holly Thomas\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Holly Thomas\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
C:\Windows\temp\master36321 moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         
INFO: Habe zuvor die OTL Extras.Txt Datei vergessen zu posten. Hier ist sie

Code:
ATTFilter
OTL Extras logfile created on: 11.06.2013 12:59:44 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Holly Thomas\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5.90 Gb Total Physical Memory | 4.10 Gb Available Physical Memory | 69.44% Memory free
11.80 Gb Paging File | 9.87 Gb Available in Paging File | 83.71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 439.45 Gb Total Space | 379.18 Gb Free Space | 86.28% Space Free | Partition Type: NTFS
Drive D: | 258.08 Gb Total Space | 190.77 Gb Free Space | 73.92% Space Free | Partition Type: NTFS
 
Computer Name: HOLLYTHOMAS-PC | User Name: Holly Thomas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.cpl [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.hlp [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.hta [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.ini [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.url [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.jse [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.reg [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.scr [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.txt [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.vbe [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.wsf [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.wsh [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
 
[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[HKEY_USERS\S-1-5-21-1250718090-1537509961-2586294136-1001\SOFTWARE\Classes\<extension>]
.txt [@ = txt_auto_file] -- C:\Program Files (x86)\LibreOffice 4.0\program\sdraw.exe (The Document Foundation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- Reg Error: Key error.
batfile [open] -- "%1" %*
batfile [print] -- Reg Error: Key error.
cmdfile [edit] -- Reg Error: Key error.
cmdfile [open] -- "%1" %*
cmdfile [print] -- Reg Error: Key error.
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- Reg Error: Key error.
htafile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [print] -- Reg Error: Key error.
inifile [open] -- Reg Error: Key error.
inifile [print] -- Reg Error: Key error.
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- Reg Error: Key error.
jsfile [print] -- Reg Error: Key error.
jsefile [edit] -- Reg Error: Key error.
jsefile [open] -- Reg Error: Key error.
jsefile [print] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [edit] -- Reg Error: Key error.
regfile [merge] -- Reg Error: Key error.
regfile [print] -- Reg Error: Key error.
scrfile [config] -- Reg Error: Key error.
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- Reg Error: Key error.
txtfile [print] -- Reg Error: Key error.
txtfile [printto] -- Reg Error: Key error.
vbefile [edit] -- Reg Error: Key error.
vbefile [print] -- Reg Error: Key error.
vbsfile [edit] -- Reg Error: Key error.
vbsfile [print] -- Reg Error: Key error.
wsffile [edit] -- Reg Error: Key error.
wsffile [open] -- Reg Error: Key error.
wsffile [print] -- Reg Error: Key error.
wshfile [open] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Folder [open] -- Reg Error: Key error.
Folder [explore] -- Reg Error: Key error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- Reg Error: Key error.
batfile [open] -- "%1" %*
batfile [print] -- Reg Error: Key error.
cmdfile [edit] -- Reg Error: Key error.
cmdfile [open] -- "%1" %*
cmdfile [print] -- Reg Error: Key error.
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- Reg Error: Key error.
htafile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [print] -- Reg Error: Key error.
inifile [open] -- Reg Error: Key error.
inifile [print] -- Reg Error: Key error.
jsfile [edit] -- Reg Error: Key error.
jsfile [print] -- Reg Error: Key error.
jsefile [edit] -- Reg Error: Key error.
jsefile [open] -- Reg Error: Key error.
jsefile [print] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [edit] -- Reg Error: Key error.
regfile [merge] -- Reg Error: Key error.
regfile [print] -- Reg Error: Key error.
scrfile [config] -- Reg Error: Key error.
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- Reg Error: Key error.
txtfile [print] -- Reg Error: Key error.
txtfile [printto] -- Reg Error: Key error.
vbefile [edit] -- Reg Error: Key error.
vbefile [print] -- Reg Error: Key error.
vbsfile [edit] -- Reg Error: Key error.
vbsfile [print] -- Reg Error: Key error.
wsffile [edit] -- Reg Error: Key error.
wsffile [open] -- Reg Error: Key error.
wsffile [print] -- Reg Error: Key error.
wshfile [open] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Folder [open] -- Reg Error: Key error.
Folder [explore] -- Reg Error: Key error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09A9A7E5-9E3A-498F-9063-B4CC3EDA5269}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{13F0CE2B-7C19-4996-8CD5-3711C73A9554}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{160262DC-2365-4B45-89A4-B7D41E9134C2}" = rport=137 | protocol=17 | dir=out | app=system | 
"{1A4FAA52-8D93-4A32-B2EB-4919539CFFE2}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{2320C600-F142-47B8-ABEE-37A3CE74235D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{23B2C8BD-63E3-4C6A-8782-642E34FE38CC}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{2ECFC2AC-D738-45C7-B0FA-585EEDDAC548}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{30BD14D3-8AAE-468F-93AF-20CFD96D09B5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{3AE1A3CE-3E45-4366-8C47-9080DC637CDC}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{3F0CB73A-4640-4B7B-A0AC-524E66E23823}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{48A44CCA-170A-4558-B873-D74EB36B3CF2}" = lport=137 | protocol=17 | dir=in | app=system | 
"{5967AC1D-FB02-4C0A-9D65-5122A422366B}" = lport=445 | protocol=6 | dir=in | app=system | 
"{6FCE6F3B-B7D1-45FE-A6EE-223D41140190}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{9A2B1D48-56AF-4B0B-95BC-596E694DB724}" = rport=445 | protocol=6 | dir=out | app=system | 
"{AC8EC265-7856-4A01-9889-830F8F225F05}" = lport=138 | protocol=17 | dir=in | app=system | 
"{B5583CD1-6BF0-4727-B29A-98CB6406E5F0}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B5F9D0F0-6E52-4D0C-A150-C88269D1ADE7}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C64C7A83-2EE3-4EC8-A328-4B128C1ADD4B}" = rport=139 | protocol=6 | dir=out | app=system | 
"{D1EA1AD2-E0B2-4B0F-BED5-C65A10244517}" = rport=138 | protocol=17 | dir=out | app=system | 
"{D63C74F5-9DCE-4F49-A501-D838905BB8A3}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{DE9CB128-0AD3-42DE-A6B4-71A94D50780A}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{FD562115-D34B-4988-B11A-C15A5925BE5C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{FEF28EEC-A41B-4C55-99FC-BBC39DCDCE83}" = lport=139 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{080F5C83-07CF-4F4E-A825-CC7B5C99056C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{18E13C25-17E6-478D-B92E-E94CA873B8BE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{2F7F41FA-8A20-44A2-98EB-3D53C5D85866}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{438DCD5D-9DC1-4009-B154-3382FD1974D7}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{47AEDD1A-CCFC-4768-9F72-4BAE02AC9B29}" = protocol=6 | dir=out | app=system | 
"{4DC15C81-A35B-49D5-9180-CD8EBAD84F19}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{62BC519E-F03E-422B-994A-03D6AD40E6C0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{6C98C599-5E87-49D6-8E75-43B8A6E26E76}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | 
"{744BFF9C-7E4C-4454-9BAF-483273D333D1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7BC52A14-7F99-4444-A30D-974410118714}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{82119DB7-2463-4659-8764-C6401C83C38A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{85832019-5E10-4687-9BE8-ECC6260C4DFB}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{87F0D76D-2A46-4C14-AD23-8DE6B6A05510}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
"{9850B9F1-FC4B-43BF-8F1D-E9D496977206}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{9EF67116-BDE0-4310-A476-0761785E79DE}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{ADCFFC1B-840F-4E24-B5E5-9B7E2DD55C3C}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{B097F56D-452F-4E9C-BB8D-4643D3C12CD4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C0B4056E-B896-435C-BBE5-FF8029F17959}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{CAB9A42F-D988-445B-A9D2-4F40A99530AD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{CB2332EA-77AC-41DE-AD54-8B1B22BDC0F9}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{CF989236-702C-4938-B9F3-6378435B1662}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{D235C2BC-59DE-4A01-83DC-137AD522FB22}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{D306708B-9D06-41FD-84C3-5DD57153EA36}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{D6EC845A-F2AD-4235-A4E3-45C547C7206F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{DE9DA040-A308-4D92-A45D-EDDF48D45978}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{F16D6580-6300-4A38-95E6-8E2D6CD61630}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
"{F75681F3-51F6-46B3-84EE-334401999272}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1551A29F-B1B0-43CA-90B5-E6E5186F683E}" = PSPPro64
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{181BBF43-CA17-4E1A-A78D-81E67A57B8A4}" = Intel® PROSet/Wireless WiFi-Software
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1}" = Microsoft .NET Framework 4.5
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources
"{26A24AE4-039D-4CA4-87B4-2F86417002FF}" = Java(TM) 7 Update 2 (64-bit)
"{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources
"{409CB30E-E457-4008-9B1A-ED1B9EA21140}" = Intel(R) Rapid Storage Technology
"{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources
"{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6BD8753C-D71C-4918-83D7-89886BEF8FF8}" = Tacitus Rendering Infrastructure (x64)
"{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{7629623D-F0D0-4AC6-A763-FBE06ED8288C}" = Intel(R) Rapid Storage Technology
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.12.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.12.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{BEE86606-EFB5-4353-9F34-29E0C59CDCFA}" = Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources
"{D285FC5F-3021-32E9-9C59-24CA325BDC5C}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA2600C1-6BDF-4FD1-1211-148929CC1385}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E520EB70-A071-4A1A-9BD2-B28CC6D9DB22}" = O&O CleverCache
"{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources
"{FA00A3CC-7440-4938-A271-F186F50DD40D}" = Intel® Trusted Connect Service Client
"12031B46-075F-4028-A7B6-CA6218BB65E2_is1" = INCENDIA EX V
"CCleaner" = CCleaner
"cFosSpeed" = cFosSpeed v9.02
"HDR projects elements_is1" = HDR projects elements (64-Bit)
"PhotomatixPro42x64_is1" = Photomatix Pro version 4.2.6
"ProInst" = Intel PROSet Wireless
"Q-Dir" = Q-Dir
"Sandboxie" = Sandboxie 3.76 (64-bit)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{1563C6F2-E9B5-42DE-9EA6-207C9A8C2DFB}" = Corel PaintShop Pro X5
"_{AE4364BD-ED09-4D94-8DA2-315C10A57CD1}" = Ultimate Creative Collection (X5)
"_{BA7B3A61-EB8C-4C70-8179-93DDA248AA49}" = Nik Color Efex Pro 3.0
"{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam 5
"{02F850ED-FD0E-4ED1-BE0B-5498165BF300}_is1" = AOMEI Partition Assistant Pro Edition 5.1
"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{062E4D94-8306-46D5-81B6-45E6AD09C799}" = Windows Live Messenger
"{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
"{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0D8E6567-7082-48DB-A305-293873AC8B39}_is1" = Preispilot für Firefox
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
"{11464943-4682-4F6B-A96D-D4E8C26DD111}_is1" = Kalenderchen 5
"{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{15002A1B-C1E7-4E91-A3EC-5502BF924A32}" = Setup
"{15180A90-1FC0-47E4-A150-3AECEF07B3B6}" = Corel PaintShop Pro X5
"{1522E36C-3739-41E4-8CD3-A4AFEA70086A}" = PSPPContent
"{153DD765-C8C6-4893-8CEF-D965351D82EC}" = PSPPHelp
"{154B0B16-ABCD-4A06-B0B7-8146B7A89B25}" = IPM_PSP_COM
"{1563C6F2-E9B5-42DE-9EA6-207C9A8C2DFB}" = ICA
"{15A0F110-4A57-4C8B-9F19-28C024D4AA9D}" = IObit Apps Toolbar v6.8
"{1600A56F-253A-4D00-851F-6DCC9796FDC7}_is1" = dbSThumb - Bilderdatenbank
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema
"{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{241E7104-937A-4366-AD57-8FDDDB003939}" = Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
"{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{29258311-EA49-11DE-967C-005056C00008}" = Paragon Festplatten Manager™ 2012 Kompakt
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2DC240EA-51B1-4CC4-A0E5-4E4399CD7302}" = Serif PagePlus X4
"{2EC5640C-A426-4CFA-8737-656D1FE58128}_is1" = concept/design online.TiVi
"{2F54E453-8C93-4B3B-936A-233C909E6CAC}" = Windows Live Messenger
"{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources
"{33311EA4-0ECA-4E7F-83E5-8A92CD760152}" = Serif DrawPlus Starter Edition
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35EDE682-4AE5-47D6-B44F-103F859951DC}" = Serif PanoramaPlus X4
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{37569A10-CB38-4615-8B32-0BF9FF5D887D}_is1" = concept/design Video Jukebox
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{385E6A4D-A440-43E2-9BAF-A012FB5FC2E2}" = Perfect Effects 4.0.1
"{394C2C3E-CA18-4216-B430-ACDD82C26973}" = ArtRage 2 Starter Edition
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{3FF8E8A7-5BA8-4D9E-B976-B05B2B00B0AE}" = Microsoft Expression Web 4
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials
"{4209F371-29A2-6661-598F-36C7BBD65D31}_is1" = Ashampoo WinOptimizer 9 v.9.04.31
"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
"{443B561F-DE1B-4DEF-ADD9-484B684653C7}" = Windows Live Messenger
"{458C704E-19EA-4673-9ED1-14669657636E}" = COMPUTERBILD-Abzockschutz
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4B744C85-DBB1-4038-B989-4721EB22C582}" = Windows Live Messenger
"{4C650FBF-A043-45B0-B8A3-4221D92E6652}_is1" = Radiobattler 2013.1.3
"{4D141929-141B-4605-95D6-2B8650C1C6DA}" = Windows Live UX Platform Language Pack
"{4E9B5BFE-856B-4C3A-BE90-4547DC255B22}" = Soda PDF 5
"{500F4898-C705-4B91-9C98-3D125330A022}_is1" = Password Depot 7
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{523DF2BB-3A85-4047-9898-29DC8AEB7E69}" = Windows Live UX Platform Language Pack
"{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"{57220148-3B2B-412A-A2E0-82B9DF423696}" = Windows Live Mesh ActiveX-objekt til fjernforbindelser
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{60597b3f-d714-4f4e-8094-be088a31ff25}" = TubeBox
"{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{63B7AC7E-0178-4F4F-A79B-08D97ADD02D7}" = System Requirements Lab for Intel
"{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail
"{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker
"{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common
"{6B68D0AD-880A-4862-928A-2830037BE50E}" = TubeBox
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}" = Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz
"{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer
"{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh
"{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7430B12A-3B67-4191-B0C5-59E57344CB1F}" = iClone v4.31 PRO
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
"{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources
"{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common
"{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{896614ED-00BD-4E0C-99AB-01C76EE416D9}" = Steganos Online Shield
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E666407-AC41-46a2-9692-6C7BFCBFDD37}" = Memeo Instant Backup
"{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger
"{92389de9-939e-341b-a076-1d52d7dbca71}" = Python 3.3.2
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{96A9A1C8-FBAD-4703-ABF1-E93AA8FE85A0}_is1" = Artweaver Free 3.1
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A7056D45-C63A-4FE4-A69D-FB54EF9B21BB}" = Windows Live Messenger
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8D93648-9F7F-407D-915C-62044644C3DA}" = MSI to redistribute MS VS2005 CRT libraries
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = Join Air
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AC0BAA05-28E6-4911-B3F3-0AE2EB0F54A1}" = AKVIS Sketch
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{AC76BA86-7AD7-5464-3428-A00000000004}" = Spelling Dictionaries Support For Adobe Reader X
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{AE4364BD-ED09-4D94-8DA2-315C10A57CD1}" = Ultimate Creative Collection (X5)
"{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}" = Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2E90616-C50D-4B89-A40D-92377AC669E5}" = Windows Live Messenger
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B722FBCA-350B-4B54-B465-D183421D3401}" = Click-Crypt
"{B7E68A6D-1C9B-4F18-B021-949115021714}" = COMPUTERBILD Vorteil-Center
"{B8F4A45C-581C-4707-8EF2-2B9E6722270C}" = SketchUp 8
"{BA7B3A61-EB8C-4C70-8179-93DDA248AA49}" = Nik Color Efex Pro 3.0
"{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CA227A9D-09BE-4BFB-9764-48FED2DA5454}" = Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave
"{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2AC7034-15AC-4F62-85BD-1E48021E45D6}_is1" = concept/design onlineTV 8
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E50C224A-BBF2-428D-9DCF-DBF9DF85C40E}" = PHotkey
"{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas
"{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer
"{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E83BD122-F7F1-4AA3-8140-DAE1F54E7B4F}_is1" = Registry CleanUp 5 Installation & Registrierung
"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{E9AD2143-26D5-4201-BED1-19DCC03B407D}" = Windows Live Messenger
"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EDF6CEF3-8415-4868-8B1F-8D9E5FF8FC23}" = Microsoft Expression Design 4
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F59205C8-E5FB-43F5-AAB2-16C1760D4F59}" = FaceFilter Studio 2
"{F59AC46C-10C3-4023-882C-4212A92283B3}_is1" = Lagarith Lossless Codec (1.3.27)
"{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}" = Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις
"{F77ED0CD-2E5E-4FC7-82E0-BB7D461E739F}" = LibreOffice 4.0.3.3
"{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) SDK for OpenCL - CPU Only Runtime Package
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"1&1 Mail & Media GmbH Toolbar FF" = WEB.DE MailCheck für Mozilla Firefox
"1&1 Office-Drive Manager" = 1&1 Office-Drive Manager
"1-abc.net Password Organizer" = 1-abc.net Password Organizer (Remove only)
"247C9365-9617-43EE-934F-84A8ADCB89D7_is1" = Registry CleanUP 5
"35A39AB0-5E9F-4B70-98DA-4B8158C89C4B" = Mandelbulber
"Ad Optimizer (am) v2" = Ad Optimizer (am) v2
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Aqsis" = Aqsis Renderer 1.8.2
"Ashampoo Burning Studio 2013_is1" = Ashampoo Burning Studio 2013 v.11.0.5
"AVS Audio Converter_is1" = AVS Audio Converter 7
"AVS Audio Editor_is1" = AVS Audio Editor 7.1
"AVS Audio Recorder_is1" = AVS Audio Recorder version 4.0
"AVS Document Converter_is1" = AVS Document Converter 2.2.5
"AVS Image Converter_is1" = AVS Image Converter 2.3.2.248
"AVS Media Player_is1" = AVS Media Player 4.1.10.99
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS Video Editor_is1" = AVS Video Editor 6
"AVS Video ReMaker_is1" = AVS Video ReMaker 4.1.3.149
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 8
"Batch Picture Resizer_is1" = Batch Picture Resizer 4.0
"ChaosPro 4.0" = ChaosPro
"Cut Out_is1" = Cut Out 3.0
"DAGOBERT-DACHS" = DAGOBERT-DACHS
"DAZ 3D Install Manager 1 1.0.1.59" = DAZ 3D Install Manager 1
"DAZ Content Management Service 4.8.1.7" = DAZ Content Management Service
"DAZ Studio 4.6 (64bit) 4.6.0.18" = DAZ Studio 4.6 (64bit)
"DC-Bass Source" = DC-Bass Source 1.3.0
"Decimator DS4 (64bit) 1.3.1.56" = Decimator DS4 (64bit)
"Decimator DS4 (64bit) 1.4.0.18" = Decimator DS4 (64bit)
"Design_8.0.31217.1" = Microsoft Expression Design 4
"DPP" = Canon Utilities Digital Photo Professional 3.6
"Driver Genius Professional Edition_is1" = Driver Genius Professional Edition
"Efficient Calendar Free_is1" = Efficient Calendar Free 3.50
"Efficient Diary_is1" = Efficient Diary 3.50
"FBDBServer_2_5_is1" = Firebird 2.5.2.26539 (Win32)
"ffdshow_is1" = ffdshow v1.1.4399 [2012-03-22]
"Gimp" = Gimp 2.8.4
"Google Chrome" = Google Chrome
"GoZ DS4 (64bit) 1.2.1.56" = GoZ DS4 (64bit)
"HaaliMkx" = Haali Media Splitter
"HDR Photo Pro 5" = HDR Photo Pro 5
"Inkscape" = Inkscape 0.48.4
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam 5
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"IrfanView" = IrfanView (remove only)
"JPG-Illuminator" = JPG-Illuminator 4.4.4
"LAME_is1" = LAME v3.99.3 (for Windows)
"Makehuman" = Makehuman
"MediaMonkey_is1" = MediaMonkey 4.0
"Mixxx (1.10.1)" = Mixxx 1.10.1 (64-bit)
"MonKey Office 2013_is1" = MonKey Office 2013, Version 10.1.2
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"Mozilla Thunderbird 17.0.6 (x86 de)" = Mozilla Thunderbird 17.0.6 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MS-Buchhalter Start" = MS-Buchhalter Start 3.0
"MyKeyFinder_is1" = MyKeyFinder
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenSource Flash Video Splitter" = OpenSource Flash Video Splitter 1.0.0.5
"PC Fresh_is1" = PC Fresh
"PhotoZoom Classic 4" = BenVista PhotoZoom Classic 4.0.4
"PortraitProfessional10_is1" = Portrait Professional 10.8
"QR-Code Generator" = QR-Code Generator 1.12.0
"Revo Uninstaller" = Revo Uninstaller 1.94
"Secure Eraser_is1" = Secure Eraser
"Smart Defrag 2_is1" = Smart Defrag 2
"Startpage24" = Startpage24
"Stepok's One Click Wipe und Recomposit_is1" = One Click Wipe 3
"Tacitus Rendering Infrastructure (x64)" = Tacitus Rendering Infrastructure
"Task Coach_is1" = Task Coach 1.3.29
"Tradingtagebuch für Trader_is1" = Tradingtagebuch für Trader Version 8.0.0.1
"VertusBlingIt" = Vertus Bling! It 1.1.5
"vsfilter_is1" = DirectVobSub 2.40.4209
"Vue 11 64bit" = Vue 11 64bit
"Web_4.0.1460.0" = Microsoft Expression Web 4
"WinLiveSuite" = Windows Live Essentials
"XenoDream v2.4_is1" = XenoDream 2.401 TRIAL
"Xvid Video Codec 1.3.2" = Xvid Video Codec
"XYplorer" = XYplorer 12.30
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1250718090-1537509961-2586294136-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Codec Pack Packages" = Codec Pack Packages
"DSite" = Update for Codec Pack
"FileZilla Client" = FileZilla Client 3.7.0.2
"PhotoFiltre Studio X" = PhotoFiltre Studio X
"TwistedBrush Open Studio" = TwistedBrush Open Studio
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 11.06.2013 06:50:15 | Computer Name = HollyThomas-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: adwcleaner.exe, Version: 2.3.0.3,
 Zeitstempel: 0x4f25baec  Name des fehlerhaften Moduls: adwcleaner.exe, Version: 2.3.0.3,
 Zeitstempel: 0x4f25baec  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000111c9  ID des fehlerhaften
 Prozesses: 0x630  Startzeit der fehlerhaften Anwendung: 0x01ce66916d826abf  Pfad der
 fehlerhaften Anwendung: C:\Users\Holly Thomas\Desktop\adwcleaner.exe  Pfad des fehlerhaften
 Moduls: C:\Users\Holly Thomas\Desktop\adwcleaner.exe  Berichtskennung: b2426cd0-d284-11e2-bf22-e840f2d2fb19
 
Error - 11.06.2013 06:52:47 | Computer Name = HollyThomas-PC | Source = MemeoBackgroundService | ID = 0
Description = Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException:
 Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException:
 Manche oder alle Identitätsverweise konnten nicht übersetzt werden.     bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object
 data)     bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary
 properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)

   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties,
 IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)

   --- Ende der internen Ausnahmestapelüberwachung ---     bei System.RuntimeMethodHandle._InvokeConstructor(Object[]
 args, SignatureStruct& signature, IntPtr declaringType)     bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags
 invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)     bei System.RuntimeType.CreateInstanceImpl(BindingFlags
 bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)

   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry
 entry)     bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData
 configData, Boolean ensureSecurity)     bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData
 configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData
 configData, Boolean ensureSecurity)     bei System.Runtime.Remoting.RemotingConfiguration.Configure(String
 filename, Boolean ensureSecurity)     bei RemoteServerService.MemeoBackgroundService.OnStart(String[]
 args)
 
Error - 11.06.2013 06:55:16 | Computer Name = HollyThomas-PC | Source = SecurityCenter | ID = 3
Description = Das Windows-Sicherheitscenter konnte keine Ereignisabfragen mit der
 WMI herstellen, um Antiviren, AntiSpyware- und Firewallprogramme von Drittanbietern
 zu überwachen.
 
[ System Events ]
Error - 11.06.2013 06:55:07 | Computer Name = HollyThomas-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Bluetooth Media Service erreicht.
 
Error - 11.06.2013 06:55:07 | Computer Name = HollyThomas-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Bluetooth Media Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
Error - 11.06.2013 06:55:08 | Computer Name = HollyThomas-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Bluetooth OBEX Service erreicht.
 
Error - 11.06.2013 06:55:08 | Computer Name = HollyThomas-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Bluetooth OBEX Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
Error - 11.06.2013 06:55:08 | Computer Name = HollyThomas-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service erreicht.
 
Error - 11.06.2013 06:55:08 | Computer Name = HollyThomas-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed
 Security Service" wurde aufgrund folgenden Fehlers nicht gestartet:   %%1053
 
Error - 11.06.2013 06:55:14 | Computer Name = HollyThomas-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Intel(R) Management and Security Application Local Management Service erreicht.
 
Error - 11.06.2013 06:55:14 | Computer Name = HollyThomas-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Intel(R) Management and Security Application Local Management
 Service" wurde aufgrund folgenden Fehlers nicht gestartet:   %%1053
 
Error - 11.06.2013 06:55:14 | Computer Name = HollyThomas-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 11.06.2013 06:55:14 | Computer Name = HollyThomas-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
 
< End of report >
         

Alt 11.06.2013, 15:09   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Aufforderung die wssetup.exe von Perion zu starten erscheint nach Rechnerstart ! - Standard

Aufforderung die wssetup.exe von Perion zu starten erscheint nach Rechnerstart !



Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Vollscan mit Malwarebytes Anti-Malware (MBAM) (falls du vor kurzem erst einen Vollscan gemacht hast, reicht auch ein Quickscan (spart Zeit), das dann mir bitte auch mitteilen)

Hinweis: Denk bitte vorher daran, Malwarebytes Anti-Malware über den Updatebutton zu aktualisieren!

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 12.06.2013, 10:10   #15
HollyT
 
Aufforderung die wssetup.exe von Perion zu starten erscheint nach Rechnerstart ! - Standard

Aufforderung die wssetup.exe von Perion zu starten erscheint nach Rechnerstart !



Guten Morgen,

hier meine Logs

MBAM:

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.06.11.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16576
Holly Thomas :: HOLLYTHOMAS-PC [Administrator]

Schutz: Aktiviert

11.06.2013 15:48:03
MBAM-log-2013-06-11 (16-45-39).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 456636
Laufzeit: 56 Minute(n), 45 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 2
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211301130} (PUP.215Apps) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211301130} (PUP.215Apps) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Sandbox\Holly_Thomas\DefaultBox\user\current\AppData\Local\Temp\OCS\Downloads\0674e23d6502b36621d489f1b4fbd22a\ad436001f5fd38f69bd6676517882b7c\gutscheinfilter_r686.exe (Adware.Dropper) -> Keine Aktion durchgeführt.

(Ende)
         
ESET:

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=3b306a0e0a40554297d21b4d39f419e3
# engine=14049
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-06-11 07:15:50
# local_time=2013-06-11 09:15:50 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1286 16777213 100 98 8051 25748072 0 0
# compatibility_mode=5893 16776574 100 94 18588736 122608000 0 0
# scanned=237310
# found=0
# cleaned=0
# scan_time=6710
ESETSmartInstaller@High as downloader log:
all ok
         

Antwort

Themen zu Aufforderung die wssetup.exe von Perion zu starten erscheint nach Rechnerstart !
angreifer, anhang, aufforderung, benutzerdaten, code, computer, ebenfalls, erscheint, erstell, erstellt, files, google, hallo zusammen, java, legales programm, problem, program, programm, rechners, rechnerstart, schicke, software, starte, starten, web, zusammen



Ähnliche Themen: Aufforderung die wssetup.exe von Perion zu starten erscheint nach Rechnerstart !


  1. Windows7: Sperrbildschirm (Bundeskriminalamt+Aufforderung 100€ zu zahlen) erscheint direkt nach der Anmeldung.
    Plagegeister aller Art und deren Bekämpfung - 28.05.2014 (3)
  2. Fenster mit wssetup.exe Perion Ltd. geht nach dem Hochfahren auf und ich soll installieren ?
    Log-Analyse und Auswertung - 29.07.2013 (27)
  3. Problem mit wssetup Perion Network
    Plagegeister aller Art und deren Bekämpfung - 12.07.2013 (24)
  4. wssetup.exe von Perion erscheint nach Computerstart - wie kann ich dies entfernen
    Plagegeister aller Art und deren Bekämpfung - 06.07.2013 (14)
  5. wssetup.exe von Perion Network Ltd.
    Log-Analyse und Auswertung - 03.07.2013 (12)
  6. wssetup.exe von Perion Ltd. bei jedem Neustart
    Plagegeister aller Art und deren Bekämpfung - 25.06.2013 (7)
  7. Entfernen von wssetup.exe von Perion
    Plagegeister aller Art und deren Bekämpfung - 25.06.2013 (22)
  8. wssetup.exe von Perion Network Ltd. fragt nach jedem Hochfahren des Computers nach Bestätigung
    Plagegeister aller Art und deren Bekämpfung - 20.06.2013 (10)
  9. wssetup von perion network ltd kommt immer nach Start des PC
    Plagegeister aller Art und deren Bekämpfung - 16.06.2013 (7)
  10. Perion Network - wssetup.exe
    Plagegeister aller Art und deren Bekämpfung - 15.06.2013 (7)
  11. wssetup.exe Perion Network Ltd.
    Plagegeister aller Art und deren Bekämpfung - 14.06.2013 (7)
  12. wssetup.exe erscheint beim Starten
    Plagegeister aller Art und deren Bekämpfung - 12.06.2013 (11)
  13. wssetup.exe von Perion erscheint nach Computerstart
    Plagegeister aller Art und deren Bekämpfung - 12.06.2013 (9)
  14. Hab ich mir was eingefangen? wssetup.exe Perion Network Ltd.
    Log-Analyse und Auswertung - 11.06.2013 (10)
  15. nach booten soll wssetup.exe (Hersteller Perion Network Ltd.) installiert werden
    Plagegeister aller Art und deren Bekämpfung - 11.06.2013 (15)
  16. Probleme mit wssetup.exe Perion Network Ltd.
    Log-Analyse und Auswertung - 08.06.2013 (9)
  17. wssetup.exe Perion Network Ltd.
    Plagegeister aller Art und deren Bekämpfung - 08.06.2013 (11)

Zum Thema Aufforderung die wssetup.exe von Perion zu starten erscheint nach Rechnerstart ! - hallo zusammen, habe ebenfalls seit kurzer zeit das problem mit der wssetup.exe beim rechnerstart. ich schicke als anhang OTL.TXT (EXTRAS.TXT wurde nicht erstellt) sowie GMER.TXT als gepacktes archiv. und hier - Aufforderung die wssetup.exe von Perion zu starten erscheint nach Rechnerstart !...
Archiv
Du betrachtest: Aufforderung die wssetup.exe von Perion zu starten erscheint nach Rechnerstart ! auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.