Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Snap.do blockiert alles! Programm deinstallieren nicht möglich etc.etc.

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 10.07.2013, 15:58   #1
SusanneK
 
Snap.do blockiert alles! Programm deinstallieren nicht möglich etc.etc. - Unglücklich

Snap.do blockiert alles! Programm deinstallieren nicht möglich etc.etc.



Hallo!
Ich bin absoluter Neuling und Anfänger hier, habe auch schon einige Threads zum Thema Snap.do gelesen. Nur leider half mir keines davon. Ich schildere daher neu:

Meine Tochter wollte sich auf ihrem eigenen PC etwas zum Thema "Minecraft" herunterladen - angeblich ein kostenloser Download. Nach dem Download erschien die Mitteilung, dass auch "SNAP.DO" heruntergeladen wurde. Danach kam ein Sicherheitshinweis von Kaspersky "Bedrohung". Meine Tochter hat das kleine Kaspersky-Pop-Up weggedrückt und ist dann auf "Dateien" gegangen und hat das Programm "Minecraft" wieder gelöscht. Soweit so schlecht.

Nun funktioniert gar nichts mehr. Ich bin stutzig geworden, dass das Kaspersky-Programm deaktiviert wurde. Es funktioniert auch kein Internet Explorer mehr. Die Netzwerkverbindung kommt mir auch dubios vor. Sieht so aus, als ob ich eine Verbindung habe, beim genaueren Hinschauen wird aber angezeigt, dass kein Internetzugriff besteht. Also kann ich auch kein Tool zum Entfernen runterladen, wovon ich schon im Internet so einige gefunden hatte.

Beim Neustart erscheint ein kleines Fenster mit diesem Hinweis:
SnapDo.exe - Fehler beim Initialisieren von NET Framework - Legen Sie den Registrierungsschlüssel HKLMSoftware\Microsoft\.NETFramework\InstallRoot so fest, dass er auf den Installationsort von .NETFramework verweist.

Ich habe auch schon versucht, das Programm zu deinstallieren. Darauf reagiert der PC gar nicht. Unter den Add-Ons habe ich auch snap.do gefunden. Diese habe ich deaktiviert.

Es funktioniert nicht ein einziges Programm mehr. Kein Internet-Explorer, kein Office, kein Kaspersky, nix. Also hier ist ist snap.do nicht nur ein Plagegeist, sondern ein echtes Problem geworden. HILFE!!!

Zum Glück habe ich noch ein unverseuchtes Notebook, mit dem ich euch schreiben kann.
Der PC meiner Tochter ist noch nicht so alt (1 Jahr) und es wäre schade, wenn wir den entsorgen müssten. Einen neuen kann ich mir nicht schon wieder leisten :-(

Liebe Grüße
Susanne

Alt 10.07.2013, 16:11   #2
markusg
/// Malware-holic
 
Snap.do blockiert alles! Programm deinstallieren nicht möglich etc.etc. - Standard

Snap.do blockiert alles! Programm deinstallieren nicht möglich etc.etc.



Hi, kopiere das folgene via stick von deinem pc auf den der Tochter, dann die Logs wieder auf deinen pc.
1.
auf beiden pcs autorun ausschalten, vor dem kopieren.
http://www.trojaner-board.de/83238-a...sschalten.html
2.

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________

Alt 10.07.2013, 17:03   #3
SusanneK
 
Snap.do blockiert alles! Programm deinstallieren nicht möglich etc.etc. - Standard

Snap.do blockiert alles! Programm deinstallieren nicht möglich etc.etc.



OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 10.07.2013 17:48:55 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Giuliana\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = )
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,95 Gb Total Physical Memory | 3,19 Gb Available Physical Memory | 80,85% Memory free
7,89 Gb Paging File | 6,14 Gb Available in Paging File | 77,78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 456,95 Gb Total Space | 398,27 Gb Free Space | 87,16% Space Free | Partition Type: NTFS
Drive D: | 457,46 Gb Total Space | 457,35 Gb Free Space | 99,97% Space Free | Partition Type: NTFS
 
Computer Name: GIULIANA-PC | User Name: Giuliana | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.07.10 17:15:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Giuliana\Downloads\OTL.exe
PRC - [2013.05.10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.05.02 21:21:44 | 000,109,064 | ---- | M] (Wajam) -- C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe
PRC - [2012.12.20 13:41:39 | 000,239,968 | ---- | M] () -- C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
PRC - [2012.08.21 14:44:06 | 000,986,272 | ---- | M] (PC Tools) -- C:\Program Files (x86)\PC Tools Registry Mechanic\SULauncher.exe
PRC - [2012.08.21 14:43:58 | 000,794,272 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2011.11.24 17:31:18 | 001,837,568 | ---- | M] (TerraTec Electronic GmbH) -- C:\Program Files (x86)\Common Files\TerraTec\Remote\TTTvRc.exe
PRC - [2011.05.30 04:54:14 | 000,036,456 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
PRC - [2011.05.20 12:13:06 | 000,120,104 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
PRC - [2011.05.20 12:13:04 | 000,169,352 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
PRC - [2010.12.20 12:30:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2007.09.04 15:14:04 | 000,974,848 | ---- | M] (Hama GmbH & Co KG) -- C:\Program Files (x86)\Hama\Common\RaUI.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.05.20 12:13:04 | 000,206,216 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll
MOD - [2011.05.20 12:13:04 | 000,169,352 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
 
 
========== Services (SafeList) ==========
 
SRV - [2013.07.05 13:18:06 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) [Auto | Stopped] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe -- (AVP)
SRV - [2013.06.11 21:18:09 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.05.23 11:09:59 | 002,827,728 | ---- | M] () [Auto | Stopped] -- C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe -- (BrowserDefendert)
SRV - [2013.05.10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.05.02 21:21:44 | 000,109,064 | ---- | M] (Wajam) [Auto | Running] -- C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe -- (WajamUpdater)
SRV - [2012.12.20 13:41:39 | 000,239,968 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe -- (Mobile Partner. RunOuc)
SRV - [2012.08.21 14:43:58 | 000,794,272 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2011.06.07 13:25:12 | 000,191,752 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.05.30 04:54:14 | 000,036,456 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2011.05.12 17:59:00 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011.04.22 18:44:14 | 000,244,624 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service)
SRV - [2011.04.02 23:09:38 | 000,173,424 | ---- | M] (Egis Technology Inc. ) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe -- (EgisTec Ticket Service)
SRV - [2011.03.14 17:27:34 | 000,346,976 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\HWDeviceService64.exe -- (HWDeviceService64.exe)
SRV - [2010.12.20 12:30:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010.12.20 12:30:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010.11.06 00:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010.10.12 19:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010.09.23 03:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.09.21 23:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [On_Demand | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.09.13 13:58:24 | 000,399,944 | ---- | M] (Elgato Systems GmbH) [Auto | Running] -- C:\Program Files (x86)\Elgato\EyeTV Netstream\EyeTVNetstreamSvc.exe -- (EyeTV Netstream)
SRV - [2010.06.02 00:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010.05.04 21:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Stopped] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.07.05 19:45:36 | 000,178,448 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kneps.sys -- (kneps)
DRV:64bit: - [2013.07.05 19:45:36 | 000,054,368 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kltdi.sys -- (kltdi)
DRV:64bit: - [2013.07.05 19:45:35 | 000,029,528 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2013.07.05 19:45:34 | 000,029,016 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klkbdflt.sys -- (klkbdflt)
DRV:64bit: - [2013.07.05 19:45:32 | 000,620,128 | ---- | M] (Kaspersky Lab ZAO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2012.12.20 13:41:40 | 001,001,472 | ---- | M] (DiBcom SA) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mod7700.sys -- (mod7700)
DRV:64bit: - [2012.12.20 13:41:40 | 000,421,376 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbwwan.sys -- (ewusbmbb)
DRV:64bit: - [2012.12.20 13:41:40 | 000,221,312 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2012.12.20 13:41:40 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV:64bit: - [2012.12.20 13:41:40 | 000,086,016 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV:64bit: - [2012.08.02 15:09:34 | 000,028,504 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2012.06.19 17:28:12 | 000,458,584 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.07.11 12:20:49 | 000,062,776 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2011.07.11 12:20:49 | 000,022,648 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2011.07.11 12:20:49 | 000,020,520 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2011.04.10 05:51:06 | 012,223,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.12.20 19:31:00 | 000,316,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.11.06 00:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.10.19 10:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.10.14 19:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010.10.11 02:17:56 | 000,024,264 | ---- | M] (DiBcom S.A.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\modrc.sys -- (MODRC)
DRV:64bit: - [2010.08.11 05:40:06 | 001,014,624 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2010.07.27 07:14:06 | 001,241,952 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.11.19 17:09:14 | 000,033,792 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2008.11.19 17:09:12 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag)
DRV:64bit: - [2008.11.19 17:09:12 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.delta-search.com/?babsrc=HP_ss&mntrId=16D574DE2B83E747&affID=121529&tsp=4937
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=SnapdoGOblidooYB&co=DE&userid=927b1795-5ed0-438e-8f9e-85daf3a3fda6&searchtype=ds&q={searchTerms}&installDate=08/07/2013
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=SnapdoGOblidooYB&co=DE&userid=927b1795-5ed0-438e-8f9e-85daf3a3fda6&searchtype=ds&q={searchTerms}&installDate=08/07/2013
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page Before = hxxp://search.b1.org/?bsrc=hmior&chid=c167991
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Before = hxxp://search.conduit.com?SearchSource=10&CUI=UN35228772282130472&UM=1&ctid=CT3300854
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=SnapdoGOblidooYB&co=DE&userid=927b1795-5ed0-438e-8f9e-85daf3a3fda6&searchtype=ds&q={searchTerms}&installDate=08/07/2013
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=SnapdoGOblidooYB&co=DE&userid=927b1795-5ed0-438e-8f9e-85daf3a3fda6&searchtype=ds&q={searchTerms}&installDate=08/07/2013
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=SnapdoGOblidooYB&co=DE&userid=927b1795-5ed0-438e-8f9e-85daf3a3fda6&searchtype=ds&q={searchTerms}&installDate=08/07/2013
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=16D574DE2B83E747&affID=121529&tsp=4937
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
 
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\Lyrics@LyricsContainer.co: C:\Program Files (x86)\LyricsContainer\116.xpi [2013.07.08 21:13:36 | 000,005,593 | ---- | M] ()
 
[2013.07.08 20:59:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
 
========== Chrome  ==========
 
CHR - default_search_provider: Web (Enabled)
CHR - default_search_provider: search_url = hxxp://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=SnapdoGOblidooYB&co=DE&userid=927b1795-5ed0-438e-8f9e-85daf3a3fda6&searchtype=ds&q={searchTerms}&installDate=08/07/2013
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com
CHR - Extension: Docs = C:\Users\Giuliana\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: Google Drive = C:\Users\Giuliana\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: YouTube = C:\Users\Giuliana\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Giuliana\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Mail = C:\Users\Giuliana\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {22DFBF5B-A7CD-4B25-9471-3DC68C71855F} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\PROGRA~2\TerraTec\TERRAT~1\THCDES~1.DLL (TerraTec Electronic GmbH)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKCU..\Run: [Browser Infrastructure Helper] C:\Users\Giuliana\AppData\Local\Smartbar\Application\SnapDo.exe (Smartbar)
O4 - HKCU..\Run: [Remote Control Editor] C:\Program Files (x86)\Common Files\TerraTec\Remote\TTTvRc.exe (TerraTec Electronic GmbH)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - ftp Prefix: missing
O13 - gopher Prefix: missing
O13 - home Prefix: missing
O13 - mosaic Prefix: missing
O13 - www Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0D09B0C7-AADE-4E87-9CC7-C092013B59A5}: NameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1EA3FC8F-A38A-4C99-8FC0-2D8571F58C75}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4403E942-7B6F-4323-8EB9-0203908301A3}: NameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{94442ECC-421E-4CCE-88DA-3B91624B076D}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CE3C791E-57EC-4F19-A929-ACAC92651106}: DhcpNameServer = 192.168.43.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E2036B6D-929C-4B58-88CF-20251397EEF0}: DhcpNameServer = 192.168.1.250
O18:64bit: - Protocol\Handler\dssrequest - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest - No CLSID value found
O18 - Protocol\Handler\sacore - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-mfe-ipt - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/x-mfe-ipt - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{333a7460-e897-11e1-8998-c89cdc6d1e38}\Shell - "" = AutoRun
O33 - MountPoints2\{333a7460-e897-11e1-8998-c89cdc6d1e38}\Shell\AutoRun\command - "" = H:\USBAutoRun.exe
O33 - MountPoints2\{6bc9f282-5824-11e2-aae6-c89cdc6d1e38}\Shell - "" = AutoRun
O33 - MountPoints2\{6bc9f282-5824-11e2-aae6-c89cdc6d1e38}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{810af713-4a98-11e2-9e59-c89cdc6d1e38}\Shell - "" = AutoRun
O33 - MountPoints2\{810af713-4a98-11e2-9e59-c89cdc6d1e38}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.07.10 16:24:43 | 000,000,000 | ---D | C] -- C:\inetpub
[2013.07.10 16:24:43 | 000,000,000 | ---D | C] -- \inetpub
[2013.07.10 13:13:09 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\SeaPort
[2013.07.08 21:36:16 | 000,000,000 | ---D | C] -- C:\Users\Giuliana\AppData\Local\Smartbar
[2013.07.08 21:13:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LyricsContainer
[2013.07.08 21:05:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2013.07.08 21:00:37 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins
[2013.07.08 21:00:37 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions
[2013.07.08 21:00:37 | 000,000,000 | ---D | C] -- C:\Users\Giuliana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender
[2013.07.08 21:00:32 | 000,000,000 | ---D | C] -- C:\ProgramData\BrowserDefender
[2013.07.08 20:59:17 | 000,000,000 | ---D | C] -- C:\Users\Giuliana\AppData\Roaming\BabSolution
[2013.07.08 20:59:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Delta
[2013.07.08 20:59:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.07.08 20:59:12 | 000,000,000 | ---D | C] -- C:\Users\Giuliana\AppData\Roaming\Delta
[2013.07.08 20:35:47 | 000,000,000 | ---D | C] -- C:\Users\Giuliana\AppData\Roaming\Babylon
[2013.07.08 20:35:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2013.07.08 20:11:15 | 000,000,000 | ---D | C] -- C:\Users\Giuliana\AppData\Local\B1E
[2013.07.08 20:10:53 | 000,000,000 | ---D | C] -- C:\Users\Giuliana\Neuer Ordner
[2013.07.08 20:04:29 | 000,000,000 | ---D | C] -- C:\Users\Giuliana\AppData\Roaming\B1Toolbar
[2013.07.08 16:11:36 | 001,101,824 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\SysWow64\UniBox210.ocx
[2013.07.08 16:11:36 | 000,880,640 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\SysWow64\UniBox10.ocx
[2013.07.08 16:11:36 | 000,212,992 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\SysWow64\UniBoxVB12.ocx
[2013.07.08 16:11:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools Registry Mechanic
[2013.07.08 16:11:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2013.07.08 14:57:03 | 000,000,000 | ---D | C] -- C:\Users\Giuliana\AppData\Roaming\OpenCandy
[2013.07.08 14:55:51 | 000,000,000 | ---D | C] -- C:\Users\Giuliana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam
[2013.07.08 14:55:51 | 000,000,000 | ---D | C] -- C:\Users\Giuliana\AppData\Local\Wajam
[2013.07.08 14:55:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wajam
[2013.07.05 22:03:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013.07.05 15:22:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.07.05 15:21:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013.07.05 13:14:06 | 000,064,856 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\klfphc.dll
[2013.07.05 13:13:40 | 000,000,000 | ---D | C] -- C:\Windows\ELAMBKUP
[2013.07.05 13:13:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2013.07.05 13:13:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2013.07.05 13:13:27 | 000,620,128 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klif.sys
[2013.07.05 13:13:27 | 000,090,208 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klflt.sys
[2013.07.04 20:49:23 | 000,000,000 | ---D | C] -- C:\Users\Giuliana\Documents\OneNote-Notizbücher
[2013.07.04 18:58:31 | 000,000,000 | ---D | C] -- C:\Users\Giuliana\Desktop\world
[2013.07.04 16:45:59 | 000,000,000 | ---D | C] -- C:\Users\Giuliana\AppData\Local\{D22BE30F-D8F1-4EB4-9573-912479CA40ED}
[2013.07.04 16:31:01 | 000,000,000 | ---D | C] -- C:\Users\Giuliana\AppData\Roaming\Simfy
[2013.07.04 16:31:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\simfy
[2013.06.11 20:32:23 | 000,000,000 | ---D | C] -- C:\Users\Giuliana\AppData\Roaming\.minecraft
[2013.06.11 20:32:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rally Toolbar
[2 C:\Users\Giuliana\Documents\*.tmp files -> C:\Users\Giuliana\Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.07.10 17:48:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.07.10 17:17:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.07.10 17:07:39 | 000,000,000 | ---- | M] () -- C:\Users\Giuliana\defogger_reenable
[2013.07.10 17:01:39 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.07.10 16:32:53 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.07.10 16:32:53 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.07.10 16:28:49 | 000,000,414 | ---- | M] () -- C:\Windows\tasks\LyricsContainer Update.job
[2013.07.10 16:28:34 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.07.10 16:28:33 | 000,000,290 | ---- | M] () -- C:\Windows\tasks\RMAutoUpdate.job
[2013.07.10 16:26:20 | 3177,185,280 | -HS- | M] () -- C:\hiberfil.sys
[2013.07.10 16:25:25 | 001,751,654 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.07.10 16:25:25 | 000,760,534 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.07.10 16:25:25 | 000,704,444 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.07.10 16:25:25 | 000,170,152 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.07.10 16:25:25 | 000,138,592 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.07.10 16:25:19 | 001,656,064 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.07.10 15:02:54 | 000,003,029 | ---- | M] () -- C:\Users\Giuliana\Documents\Microsoft Word 2010.lnk
[2013.07.10 13:14:06 | 000,002,585 | ---- | M] () -- C:\Users\Giuliana\Desktop\Search.lnk
[2013.07.08 21:38:53 | 000,000,716 | ---- | M] () -- C:\Windows\wininit.ini
[2013.07.08 20:11:15 | 000,000,047 | ---- | M] () -- C:\chid
[2013.07.08 19:40:13 | 000,484,992 | ---- | M] () -- C:\Users\Giuliana\Desktop\Minecraft.exe
[2013.07.08 19:22:19 | 000,000,290 | ---- | M] () -- C:\Windows\tasks\RMSchedule.job
[2013.07.08 16:32:43 | 000,005,287 | ---- | M] () -- C:\Users\Giuliana\Documents\Rücknahme Klage gegen Finanzgericht Münster.odt
[2013.07.08 16:23:08 | 000,005,220 | ---- | M] () -- C:\Users\Giuliana\Documents\Klage gegen Deutsche Rentenversicherung Bund vor Sozialgericht Detmold.odt
[2013.07.08 14:57:27 | 000,000,000 | ---- | M] () -- C:\END
[2013.07.06 10:58:17 | 000,416,312 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.07.05 19:45:36 | 000,178,448 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\kneps.sys
[2013.07.05 19:45:36 | 000,054,368 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\kltdi.sys
[2013.07.05 19:45:35 | 000,029,528 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klmouflt.sys
[2013.07.05 19:45:34 | 000,029,016 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klkbdflt.sys
[2013.07.05 19:45:32 | 000,620,128 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klif.sys
[2013.07.05 19:45:31 | 000,090,208 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klflt.sys
[2013.07.05 13:15:42 | 000,002,348 | ---- | M] () -- C:\Users\Giuliana\Desktop\Sicherer Zahlungsverkehr.lnk
[2013.07.04 21:02:57 | 000,002,660 | ---- | M] () -- C:\Users\Giuliana\Desktop\DIE SIEDLER - Das Erbe der Könige - Gold Edition.lnk
[2013.07.04 21:02:35 | 000,004,959 | ---- | M] () -- C:\Users\Giuliana\Documents\Meine Freunde.odt
[2013.07.04 20:49:25 | 000,001,348 | ---- | M] () -- C:\Users\Giuliana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
[2013.07.04 20:45:38 | 000,344,064 | ---- | M] () -- C:\Users\Giuliana\Documents\Database3.accdb
[2013.07.04 18:58:49 | 000,000,555 | ---- | M] () -- C:\Users\Giuliana\Desktop\server.properties
[2013.07.04 16:31:07 | 000,000,032 | ---- | M] () -- C:\Users\Giuliana\.simfy
[2013.06.29 21:16:08 | 000,005,874 | ---- | M] () -- C:\Users\Giuliana\Documents\Name.odt
[2013.06.29 21:16:08 | 000,000,162 | -H-- | M] () -- C:\Users\Giuliana\Documents\~$Name.odt
[2013.06.18 21:10:12 | 000,004,825 | ---- | M] () -- C:\Users\Giuliana\Documents\Opal und Bernstein das erste Paar.odt
[2013.06.18 16:31:20 | 000,004,722 | ---- | M] () -- C:\Users\Giuliana\Documents\Meine Zimmerregeln.odt
[2013.06.17 17:36:17 | 000,006,291 | ---- | M] () -- C:\Users\Giuliana\Documents\Mein Steckbrief.odt
[2013.06.14 18:26:00 | 000,000,296 | ---- | M] () -- C:\Windows\tasks\AppleSoftwareUpdate.job
[2 C:\Users\Giuliana\Documents\*.tmp files -> C:\Users\Giuliana\Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.07.10 17:07:39 | 000,000,000 | ---- | C] () -- C:\Users\Giuliana\defogger_reenable
[2013.07.10 16:25:15 | 001,656,064 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.07.10 15:02:54 | 000,003,029 | ---- | C] () -- C:\Users\Giuliana\Documents\Microsoft Word 2010.lnk
[2013.07.08 21:36:38 | 000,002,632 | ---- | C] () -- C:\Users\Giuliana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
[2013.07.08 21:36:38 | 000,002,585 | ---- | C] () -- C:\Users\Giuliana\Desktop\Search.lnk
[2013.07.08 21:32:20 | 000,002,391 | ---- | C] () -- C:\Users\Giuliana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Qtrax Player.lnk
[2013.07.08 21:13:36 | 000,000,414 | ---- | C] () -- C:\Windows\tasks\LyricsContainer Update.job
[2013.07.08 21:06:11 | 000,000,716 | ---- | C] () -- C:\Windows\wininit.ini
[2013.07.08 20:04:34 | 000,000,047 | ---- | C] () -- C:\chid
[2013.07.08 20:04:34 | 000,000,047 | ---- | C] () -- \chid
[2013.07.08 19:36:58 | 000,484,992 | ---- | C] () -- C:\Users\Giuliana\Desktop\Minecraft.exe
[2013.07.08 16:32:42 | 000,005,287 | ---- | C] () -- C:\Users\Giuliana\Documents\Rücknahme Klage gegen Finanzgericht Münster.odt
[2013.07.08 16:23:07 | 000,005,220 | ---- | C] () -- C:\Users\Giuliana\Documents\Klage gegen Deutsche Rentenversicherung Bund vor Sozialgericht Detmold.odt
[2013.07.08 16:11:47 | 000,000,290 | ---- | C] () -- C:\Windows\tasks\RMSchedule.job
[2013.07.08 16:11:47 | 000,000,290 | ---- | C] () -- C:\Windows\tasks\RMAutoUpdate.job
[2013.07.08 16:11:35 | 000,041,632 | ---- | C] () -- C:\Windows\SysNative\CleanMFT64.exe
[2013.07.08 14:54:51 | 000,000,000 | ---- | C] () -- C:\END
[2013.07.08 14:54:51 | 000,000,000 | ---- | C] () -- \END
[2013.07.05 22:19:09 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013.07.05 22:04:56 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013.07.05 13:15:42 | 000,002,348 | ---- | C] () -- C:\Users\Giuliana\Desktop\Sicherer Zahlungsverkehr.lnk
[2013.07.04 21:02:57 | 000,002,660 | ---- | C] () -- C:\Users\Giuliana\Desktop\DIE SIEDLER - Das Erbe der Könige - Gold Edition.lnk
[2013.07.04 21:02:35 | 000,004,959 | ---- | C] () -- C:\Users\Giuliana\Documents\Meine Freunde.odt
[2013.07.04 20:49:25 | 000,001,348 | ---- | C] () -- C:\Users\Giuliana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
[2013.07.04 20:45:06 | 000,344,064 | ---- | C] () -- C:\Users\Giuliana\Documents\Database3.accdb
[2013.07.04 18:58:31 | 000,000,555 | ---- | C] () -- C:\Users\Giuliana\Desktop\server.properties
[2013.07.04 16:31:07 | 000,000,032 | ---- | C] () -- C:\Users\Giuliana\.simfy
[2013.06.29 21:16:08 | 000,000,162 | -H-- | C] () -- C:\Users\Giuliana\Documents\~$Name.odt
[2013.06.29 21:16:07 | 000,005,874 | ---- | C] () -- C:\Users\Giuliana\Documents\Name.odt
[2013.06.18 21:10:12 | 000,004,825 | ---- | C] () -- C:\Users\Giuliana\Documents\Opal und Bernstein das erste Paar.odt
[2013.06.18 16:31:19 | 000,004,722 | ---- | C] () -- C:\Users\Giuliana\Documents\Meine Zimmerregeln.odt
[2013.06.17 17:29:41 | 000,006,291 | ---- | C] () -- C:\Users\Giuliana\Documents\Mein Steckbrief.odt
[2012.12.29 17:09:47 | 000,000,019 | ---- | C] () -- C:\Windows\popcinfo.dat
[2012.02.02 15:24:47 | 000,103,784 | ---- | C] () -- C:\Users\Giuliana\GoToAssistDownloadHelper.exe
[2011.11.02 06:51:31 | 3177,185,280 | -HS- | C] () -- \hiberfil.sys
[2011.07.11 12:04:39 | 000,008,192 | RHS- | C] () -- \BOOTSECT.BAK
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.07.08 21:36:35 | 000,000,000 | ---D | M] -- C:\Users\Giuliana\AppData\Roaming\.minecraft
[2013.07.08 20:04:29 | 000,000,000 | ---D | M] -- C:\Users\Giuliana\AppData\Roaming\B1Toolbar
[2013.07.08 20:59:19 | 000,000,000 | ---D | M] -- C:\Users\Giuliana\AppData\Roaming\BabSolution
[2013.07.08 20:35:47 | 000,000,000 | ---D | M] -- C:\Users\Giuliana\AppData\Roaming\Babylon
[2012.07.24 15:17:28 | 000,000,000 | ---D | M] -- C:\Users\Giuliana\AppData\Roaming\Canon
[2013.07.08 20:59:12 | 000,000,000 | ---D | M] -- C:\Users\Giuliana\AppData\Roaming\Delta
[2012.02.02 14:45:56 | 000,000,000 | ---D | M] -- C:\Users\Giuliana\AppData\Roaming\FoozKids
[2012.12.29 02:50:27 | 000,000,000 | ---D | M] -- C:\Users\Giuliana\AppData\Roaming\Jewel Match 3
[2012.02.03 16:33:55 | 000,000,000 | ---D | M] -- C:\Users\Giuliana\AppData\Roaming\KIDDINX
[2012.02.02 14:22:22 | 000,000,000 | ---D | M] -- C:\Users\Giuliana\AppData\Roaming\OEM
[2013.07.08 14:57:03 | 000,000,000 | ---D | M] -- C:\Users\Giuliana\AppData\Roaming\OpenCandy
[2012.12.31 17:20:39 | 000,000,000 | ---D | M] -- C:\Users\Giuliana\AppData\Roaming\PlayFirst
[2012.02.25 02:42:16 | 000,000,000 | ---D | M] -- C:\Users\Giuliana\AppData\Roaming\PowerCinema
[2012.12.30 01:13:24 | 000,000,000 | ---D | M] -- C:\Users\Giuliana\AppData\Roaming\runic games
[2013.07.04 16:31:01 | 000,000,000 | ---D | M] -- C:\Users\Giuliana\AppData\Roaming\Simfy
[2012.04.17 16:46:18 | 000,000,000 | ---D | M] -- C:\Users\Giuliana\AppData\Roaming\TerraTec
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2012.06.22 16:06:46 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2011.11.02 06:58:33 | 000,000,000 | ---D | M] -- C:\book
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2012.02.02 14:18:39 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2013.07.10 16:25:47 | 000,000,000 | ---D | M] -- C:\inetpub
[2011.11.02 06:53:20 | 000,000,000 | ---D | M] -- C:\Intel
[2012.02.03 16:08:58 | 000,000,000 | ---D | M] -- C:\Kiddinx
[2012.02.02 14:33:35 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2013.02.22 23:36:51 | 000,000,000 | ---D | M] -- C:\nds spiele
[2012.02.02 14:20:38 | 000,000,000 | -H-D | M] -- C:\OEM
[2009.07.14 05:20:08 | 000,000,000 | -H-D | M] -- C:\PerfLogs
[2013.07.05 22:03:02 | 000,000,000 | R--D | M] -- C:\Program Files
[2013.07.10 14:02:44 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2013.07.08 21:05:32 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2012.02.02 14:18:39 | 000,000,000 | -HSD | M] -- C:\Programme
[2012.02.02 14:18:39 | 000,000,000 | -HSD | M] -- C:\Recovery
[2012.09.19 16:29:33 | 000,000,000 | ---D | M] -- C:\Schroedel
[2013.07.10 16:27:07 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.06.22 16:06:40 | 000,000,000 | R--D | M] -- C:\Users
[2013.07.10 16:24:58 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2009.07.14 03:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2009.07.14 03:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2009.07.14 03:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2009.07.14 03:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2010.11.21 05:23:55 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2009.07.14 07:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009.07.14 07:08:49 | 000,032,618 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.02.03 16:25:59 | 000,000,296 | ---- | C] () -- C:\Windows\Tasks\AppleSoftwareUpdate.job
[2012.02.12 17:53:24 | 000,001,110 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2012.02.12 17:53:25 | 000,001,114 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2012.04.17 16:37:58 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2013.07.08 16:11:47 | 000,000,290 | ---- | C] () -- C:\Windows\Tasks\RMAutoUpdate.job
[2013.07.08 16:11:47 | 000,000,290 | ---- | C] () -- C:\Windows\Tasks\RMSchedule.job
[2013.07.08 21:13:36 | 000,000,414 | ---- | C] () -- C:\Windows\Tasks\LyricsContainer Update.job
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: AHCIX86S.SYS  >
[2010.09.24 03:48:00 | 000,222,288 | ---- | M] (Advanced Micro Devices, Inc) MD5=A3F4FEE7E8C40242FD6CD77DAE51370F -- C:\OEM\Preload\Autorun\DRV\AMD VGA Generic Driver\Packages\Drivers\SBDrv\SB8xx\RAID\W7\ahcix86s.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.21 05:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010.11.21 05:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2010.11.06 00:45:48 | 000,438,808 | ---- | M] (Intel Corporation) MD5=D7921D5A870B11CC1ADAB198A519D50A -- C:\Windows\SysNative\drivers\iaStor.sys
[2010.11.06 00:45:48 | 000,438,808 | ---- | M] (Intel Corporation) MD5=D7921D5A870B11CC1ADAB198A519D50A -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_710b330fb3531234\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.07.14 03:16:13 | 000,163,840 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\scrrun.dll
 
< %USERPROFILE%\*.* >
[2013.07.04 16:31:07 | 000,000,032 | ---- | M] () -- C:\Users\Giuliana\.simfy
[2013.07.10 17:07:39 | 000,000,000 | ---- | M] () -- C:\Users\Giuliana\defogger_reenable
[2012.02.02 15:24:48 | 000,103,784 | ---- | M] () -- C:\Users\Giuliana\GoToAssistDownloadHelper.exe
[2013.07.10 17:53:37 | 002,621,440 | -HS- | M] () -- C:\Users\Giuliana\ntuser.dat
[2013.07.10 17:53:37 | 000,262,144 | -HS- | M] () -- C:\Users\Giuliana\ntuser.dat.LOG1
[2012.02.02 14:18:50 | 000,000,000 | -HS- | M] () -- C:\Users\Giuliana\ntuser.dat.LOG2
[2012.02.02 14:42:12 | 000,065,536 | -HS- | M] () -- C:\Users\Giuliana\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2012.02.02 14:42:12 | 000,524,288 | -HS- | M] () -- C:\Users\Giuliana\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2012.02.02 14:42:12 | 000,524,288 | -HS- | M] () -- C:\Users\Giuliana\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2013.07.10 13:24:48 | 000,065,536 | -HS- | M] () -- C:\Users\Giuliana\ntuser.dat{9b7fc21a-e951-11e2-aaac-c89cdc6d1e38}.TM.blf
[2013.07.10 13:24:48 | 000,524,288 | -HS- | M] () -- C:\Users\Giuliana\ntuser.dat{9b7fc21a-e951-11e2-aaac-c89cdc6d1e38}.TMContainer00000000000000000001.regtrans-ms
[2013.07.10 13:24:48 | 000,524,288 | -HS- | M] () -- C:\Users\Giuliana\ntuser.dat{9b7fc21a-e951-11e2-aaac-c89cdc6d1e38}.TMContainer00000000000000000002.regtrans-ms
[2012.02.02 14:18:50 | 000,000,020 | -HS- | M] () -- C:\Users\Giuliana\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
<           >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:D1B5B4F1

< End of report >
         
--- --- ---


OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 10.07.2013 17:48:55 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Giuliana\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = )
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,95 Gb Total Physical Memory | 3,19 Gb Available Physical Memory | 80,85% Memory free
7,89 Gb Paging File | 6,14 Gb Available in Paging File | 77,78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 456,95 Gb Total Space | 398,27 Gb Free Space | 87,16% Space Free | Partition Type: NTFS
Drive D: | 457,46 Gb Total Space | 457,35 Gb Free Space | 99,97% Space Free | Partition Type: NTFS
 
Computer Name: GIULIANA-PC | User Name: Giuliana | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02C70F74-62C4-4801-874E-F8323488C5AF}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{0D927091-D3F8-45E1-9E8C-E2FA85C07321}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{18A1F10A-E6AC-412D-8649-21CB9DB4F019}" = rport=138 | protocol=17 | dir=out | app=system | 
"{34FA5DDF-48D6-49BE-92A5-D016024E64CF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{3EEDB3C0-C0ED-4E1A-B77C-60633AD6EDDC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3F8B8457-C697-484D-AD2D-7FBB29A049BB}" = lport=139 | protocol=6 | dir=in | app=system | 
"{5616DAB7-EF40-48A1-906E-2BAEC279041E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{5D5359FA-2F56-42B2-BEAE-B2F56DF21F9D}" = lport=445 | protocol=6 | dir=in | app=system | 
"{600BA4A8-53A4-488A-A939-FD6B7E5939A7}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{61289DF8-5FD5-4CD5-85B7-078391B170A0}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{6CF1624F-1BBD-45CC-B379-87A429062D86}" = rport=445 | protocol=6 | dir=out | app=system | 
"{6F867ACB-DBEE-4F63-B195-6488F04CA94B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{74DB732A-0B08-4320-978B-ACE1908BAD8E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{7F12C6CF-81C6-46DA-AC10-95C30405B883}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{8705C47F-81FB-471C-BFB9-A3427B52B73E}" = rport=137 | protocol=17 | dir=out | app=system | 
"{9597C05A-1907-40A9-B1FA-916B94D1DCED}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{9948319E-3E4E-4DC2-8815-CF613314B9A5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9F43FB73-B199-4776-8BF1-4D69440105FA}" = lport=137 | protocol=17 | dir=in | app=system | 
"{ADBA5011-B038-4714-99BC-BC78ED1A1F16}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{AE36FD57-D56A-4C48-A5E3-A3DF64912578}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{BBB8E789-E0AF-40BB-AB5E-37890D06781C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{BDE01194-A649-4FB0-B6E1-DE25D101DF31}" = rport=139 | protocol=6 | dir=out | app=system | 
"{CB6E4A0C-731F-4376-9E15-4DCC595623CB}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{D3AA4125-E443-4C7E-AF38-27FF5D1A62A7}" = lport=138 | protocol=17 | dir=in | app=system | 
"{FAC45F71-408C-494E-B6F9-96F6D9F44AD6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{FF352E8F-0A97-4CB9-A923-E848A8B26949}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{097AA9EF-591F-4057-AB7D-2E1E0968EF54}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{10FCD2C7-4CC5-4A06-8022-88A989512E1B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{129D298F-EB68-44AB-AB46-D4A955736C3D}" = protocol=17 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\versioncheck\versioncheck.exe | 
"{1450DB0F-1B8D-4854-8D68-D3133BCCBDFB}" = protocol=6 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\cinergydvr.exe | 
"{24EE2D67-747D-437A-A06F-2BEC16610CAA}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{258D98E0-04A0-4D41-B667-2D91DF153A3C}" = protocol=17 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\insttool.exe | 
"{332CBA7F-4BA6-4B6D-AD1C-0FBCE516FC70}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\clear.fi.exe | 
"{3444F8F2-B599-4456-B18A-D2699E6F83E4}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{3581F7C4-BF99-4CF0-AB66-8DB897CDEE54}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{3A6B90CE-AE2B-4DA7-AF53-F0CA49FA8706}" = protocol=17 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\cinergydvr.exe | 
"{3BF9CB4B-722B-49A0-AC58-C424B418C490}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe | 
"{3C47A78D-7CCA-4D2E-A2B7-E41DEC3FB628}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{3D6CF1A5-683B-43E5-9B9E-F692A137E691}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{4581ACF9-929A-4C78-8A87-BC1E9DBE593B}" = protocol=6 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\insttool.exe | 
"{4A22FBF1-9F2C-42E0-8F87-A13669D94118}" = protocol=6 | dir=out | app=system | 
"{6082BAE4-ED30-4B55-9B69-965C90891D78}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{67A69C8B-AC0A-4859-90E3-2158D91DF2F7}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe | 
"{67AB4C36-713C-4803-AB38-8283311C5BC6}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{6FC8F29E-37A7-43DB-8CF6-3CD6C20BD6E9}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{760C35DE-B965-45CA-8CBE-181A41181E5C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{77BACBD2-CC56-403D-9979-D48FA02A826A}" = dir=in | app=c:\program files (x86)\acer\clear.fi\movie\touchmovie.exe | 
"{7CAEFA79-5949-432D-B5C5-23DFC5A1B5E2}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{7E9724D4-BBC2-4F08-A50C-B5CB49993F4A}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{81D5FA24-FA0D-4ACD-9A91-92F6315C73A2}" = protocol=6 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\versioncheck\versioncheck.exe | 
"{8B06C237-95C4-4393-8258-B26011AAA8F8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{9B98B02E-A51C-42EB-962D-B2513473F384}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{9CE235BF-CEF8-458A-A43B-42039B1AE58A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{A1C7AAE8-6935-405E-B396-32C44850CD8D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A6267E74-049B-4444-92AD-58D51BC03700}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{AF0FCC83-3C50-4AD7-96D7-4F14104E591A}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{B3F4B83C-83E3-4EBC-A905-46EF707F4BE8}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\clear.fiagent.exe | 
"{B4527B36-F916-41CE-B07F-F9886DEA1094}" = protocol=17 | dir=in | app=%systemroot%\ehome\ehrecvr.exe | 
"{BBE3ACCC-7CE9-40F5-918C-B1FF6469D950}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{BF45DB43-853A-4FCB-BE27-079B50D3B9DC}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe | 
"{C9D242DC-25AF-4AF2-BB94-DAB940B3A60D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{DF1F8FAF-4D0A-44E3-9A1E-CA3C16F4A6D2}" = dir=in | app=c:\program files (x86)\acer\clear.fi\movie\touchmovieservice.exe | 
"{E29D4A2C-4901-4572-B2E2-74A823AB6A40}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{E4B2F098-1EA2-464B-8CB1-7A3D36687B42}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{ED91579B-7073-4D88-BAA2-EF8754A652D9}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{EF2AD903-CA8A-48B8-BA8D-AC8AF551734A}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{F9A04036-3771-43F2-9CFC-89A67F24DA49}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{FA2ABDE1-76BC-4097-AF64-F93200FE06F6}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\clml\clmlsvc.exe | 
"{FAF03E6D-7FDA-4113-B12A-04EAFBD30132}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{FE746973-237B-4DE3-A04D-C6A29160D427}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"TCP Query User{1226C2EE-5BD7-4FA2-8781-F07A47A697BB}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe | 
"TCP Query User{2122F493-DCCF-44BD-8D70-BD2D1D750EB4}C:\program files (x86)\ubisoft\blue byte\die siedler - das erbe der könige - gold edition\bin\settlershok.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\blue byte\die siedler - das erbe der könige - gold edition\bin\settlershok.exe | 
"TCP Query User{8921D0EC-7983-41CF-8DA5-D6994E3CA929}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{8D0030A8-02E2-4C23-A92D-1B483B4FCF00}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe | 
"UDP Query User{361AFD72-0147-42BA-BDD2-99A9DAC3C0A9}C:\program files (x86)\ubisoft\blue byte\die siedler - das erbe der könige - gold edition\bin\settlershok.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\blue byte\die siedler - das erbe der könige - gold edition\bin\settlershok.exe | 
"UDP Query User{6053A83E-5982-4C42-90B3-F4F4DEA31D14}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe | 
"UDP Query User{A7A86E67-49E9-4EC5-B388-5F581E1997E3}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe | 
"UDP Query User{B649C7D7-0E9C-4EDA-BABF-5C7188F480F5}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources
"{0B78ECB0-1A6B-4E6D-89D7-0E7CE77F0427}" = MyWinLocker
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3100_series" = Canon MG3100 series MP Drivers
"{1553D712-B35F-4A82-BC72-D6B11A94BE3E}" = Windows Live Remote Service Resources
"{1685AE50-97ED-485B-80F6-145071EE14B0}" = Windows Live Remote Service Resources
"{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{22AB5CFD-B3DB-414E-9F99-4D024CCF1DA6}" = Windows Live Remote Client Resources
"{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources
"{2C1A6191-9804-4FDC-AB01-6F9183C91A13}" = Windows Live Remote Client Resources
"{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources
"{34384A2A-2CA2-4446-AB0E-1F360BA2AAC5}" = Windows Live Remote Service Resources
"{350FD0E7-175A-4F86-84EF-05B77FCD7161}" = Windows Live Remote Service Resources
"{3921492E-82D2-4180-8124-E347AD2F2DB4}" = Windows Live Remote Client Resources
"{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources
"{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources
"{4C2E49C0-9276-4324-841D-774CCCE5DB48}" = Windows Live Remote Client Resources
"{5141AA6E-5FAC-4473-BFFB-BEE69DDC7F2B}" = Windows Live Remote Service Resources
"{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources
"{57F2BD1C-14A3-4785-8E48-2075B96EB2DF}" = Windows Live Remote Service Resources
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5F44A3A1-5D24-4708-8776-66B42B174C64}" = Windows Live Remote Client Resources
"{5FCD6EFE-C2E7-4D77-8212-4BA223D8DF8E}" = Windows Live Remote Client Resources
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{61407251-7F7D-4303-810D-226A04D5CFF3}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{702A632F-99CE-4E2D-B8F2-BF980E9CF62F}" = Windows Live Remote Client Resources
"{7AEC844D-448A-455E-A34E-E1032196BBCD}" = Windows Live Remote Service Resources
"{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{8F7F2D9C-2DBE-4F10-9C7C-2724110A3339}" = Windows Live Remote Service Resources
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97A295A7-8840-4B35-BB61-27A8F4512CA3}" = Windows Live Remote Service Resources
"{9E9C960F-7F47-46D5-A95D-950B354DE2B8}" = Windows Live Remote Service Resources
"{A060182D-CDBE-4AD6-B9B4-860B435D6CBD}" = Windows Live Remote Client Resources
"{A508D5A2-3AC1-4594-A718-A663D6D3CF11}" = Windows Live Remote Service Resources
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{A6E0F6BE-30AC-4D36-97B0-1AC20E23CB83}" = Windows Live Remote Client Resources
"{B0BF8602-EA52-4B0A-A2BD-EDABB0977030}" = Windows Live Remote Client Resources
"{B680A663-1A15-47A5-A07C-7DF9A97558B7}" = Windows Live Remote Client Resources
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{CFF3C688-2198-4BC3-A399-598226949C39}" = Windows Live Remote Client Resources
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources
"{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
"{ED421F97-E1C3-4E78-9F54-A53888215D58}" = Windows Live Remote Client Resources
"{EFB20CF5-1A6D-41F3-8895-223346CE6291}" = Windows Live Remote Service Resources
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources
"{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources
"{FAD0EC0B-753B-4A97-AD34-32AC1EC8DB69}" = Windows Live Remote Client Resources
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{783f0db7-7cfb-49e5-b9a0-ae7d5cdfb44f}" = Snap.Do Engine
"728181661.portal.qtrax.com" = Qtrax Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 14.06.2013 05:04:44 | Computer Name = Giuliana-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 14.06.2013 06:10:28 | Computer Name = Giuliana-PC | Source = Application Error | ID = 1000
Error - 14.06.2013 07:48:53 | Computer Name = Giuliana-PC | Source = WinMgmt | ID
 = 10
 
Description = 
Error - 14.06.2013 12:24:43 | Computer Name = Giuliana-PC | Source = WinMgmt | ID
 = 10
 
Description = 
Error - 15.06.2013 08:54:53 | Computer Name = Giuliana-PC | Source = WinMgmt | ID
 = 10
 
Description = 
Error - 15.06.2013 09:01:35 | Computer Name = Giuliana-PC | Source = Application
 Error | ID = 1000
 
Description = Name der fehlerhaften Anwendung: mcupdate.EXE, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7af4a
Name des fehlerhaften Moduls: mscorwks.dll, Version: 2.0.50727.5448, Zeitstempel: 0x4e153960
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000010dab4
ID des fehlerhaften Prozesses: 0x105c
Startzeit der fehlerhaften Anwendung: 0x01ce69c7c1a10e2f
Pfad der fehlerhaften Anwendung: C:\Windows\ehome\mcupdate.EXE
Pfad des fehlerhaften Moduls: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorwks.dll
Berichtskennung: b4c0fc40-d5bb-11e2-a9c6-c89cdc6d1e38
Error - 15.06.2013 16:15:07 | Computer Name = Giuliana-PC | Source = WinMgmt | ID
 = 10
 
Description = 
Error - 16.06.2013 05:23:40 | Computer Name = Giuliana-PC | Source = WinMgmt | ID
 = 10
 
Description = 
Error - 16.06.2013 05:44:23 | Computer Name = Giuliana-PC | Source = EyeTV Netstream
 | ID = 5000
 
Description = .NET EXCEPTION
System.Runtime.InteropServices.COMException (0x80004005): Eine Instanz der COM-Komponente mit der CLSID {E2085F28-FEB7-404A-B8E7-E659BDEAAA02} konnte aufgrund des folgenden Fehlers nicht von der IClassFactory erstellt werden: 80004005.
   bei Elgato.EyeTVNetstream.TomaDeviceDiscovery.UPnpFindNetstreamDevices(TomaList& netstreamDevices)
Error - 16.06.2013 05:44:23 | Computer Name = Giuliana-PC | Source = EyeTV Netstream
 | ID = 1000
 
Description = UPnpFindNetstreamDevices() FAILED
Error - 16.06.2013 13:35:27 | Computer Name = Giuliana-PC | Source = WinMgmt | ID
 = 10
 
Description = 
 
Error encountered while reading event logs.
 
< End of report >
         
--- --- ---
__________________

Alt 10.07.2013, 17:12   #4
markusg
/// Malware-holic
 
Snap.do blockiert alles! Programm deinstallieren nicht möglich etc.etc. - Standard

Snap.do blockiert alles! Programm deinstallieren nicht möglich etc.etc.



Hi,
es sind 2 Logs zu posten, poste sie bitte mögleichzeitig.
1.
Chrome:
1.1 suchanbieter ändern:
https://support.google.com/chrome/answer/95653?hl=en
lösche alle Einträge außer google.
1.2. google startseite ändern:
https://support.google.com/chrome/answer/95314?hl=de
wählt euch eine aus :-) Hauptsache die Jetzige wird gelöscht.
2.
otl fix

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:
ATTFilter
:OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.delta-search.com/?babsrc=HP_ss&mntrId=16D574DE2B83E747&affID=121529&tsp=4937
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=SnapdoGOblidooYB&co=DE&userid=927b1795-5ed0-438e-8f9e-85daf3a3fda6&searchtype=ds&q={searchTerms}&installDate=08/07/2013
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=SnapdoGOblidooYB&co=DE&userid=927b1795-5ed0-438e-8f9e-85daf3a3fda6&searchtype=ds&q={searchTerms}&installDate=08/07/2013
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page Before = hxxp://search.b1.org/?bsrc=hmior&chid=c167991
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Before = hxxp://search.conduit.com?SearchSource=10&CUI=UN35228772282130472&UM=1&ctid=CT3300854
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=SnapdoGOblidooYB&co=DE&userid=927b1795-5ed0-438e-8f9e-85daf3a3fda6&searchtype=ds&q={searchTerms}&installDate=08/07/2013
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=SnapdoGOblidooYB&co=DE&userid=927b1795-5ed0-438e-8f9e-85daf3a3fda6&searchtype=ds&q={searchTerms}&installDate=08/07/2013
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=SnapdoGOblidooYB&co=DE&userid=927b1795-5ed0-438e-8f9e-85daf3a3fda6&searchtype=ds&q={searchTerms}&installDate=08/07/2013
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=16D574DE2B83E747&affID=121529&tsp=4937
O4 - HKCU..\Run: [Browser Infrastructure Helper] C:\Users\Giuliana\AppData\Local\Smartbar\Application\SnapDo.exe (Smartbar)
:files
:Commands
[emptytemp]
         
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread

4. nach Neustart prüfen, ob die Chrome einstellungen, also Startseite und Suchanbieter passen.
5. prüfe mal, ob das Inet läuft.
teile mir das Ergebniss mit.
6.
Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 11.07.2013, 11:51   #5
SusanneK
 
Snap.do blockiert alles! Programm deinstallieren nicht möglich etc.etc. - Standard

Snap.do blockiert alles! Programm deinstallieren nicht möglich etc.etc.



Hallo!
Leider bin ich wohl nicht in der Lage eine gezippte Datei hochzuladen. Wo finde ich denn die Möglichkeit überhaupt Anhänge hochzuladen?

Das Internet-Problem bin ich in soweit umgangen, da sich auf dem Rechner zwei MS Internet Explorer befinden. Einmal der ganz normale und dann noch der 64bit. Wo genau der Unterschied ist, weiß ich natürlich auch nicht. Also, bei dem "normelen" wird gar nicht reagiert, nur bei derm 64bit kann ich eine Internet-Verbindung aufbauen. Vorher funktionierten beide.

Liebe Grüße
Susanne


Alt 11.07.2013, 12:02   #6
markusg
/// Malware-holic
 
Snap.do blockiert alles! Programm deinstallieren nicht möglich etc.etc. - Standard

Snap.do blockiert alles! Programm deinstallieren nicht möglich etc.etc.



auf antworten klicken und dann auf datei anhängen, oder das Log einfach reinkopieren, falls zu groß teilen.
__________________
--> Snap.do blockiert alles! Programm deinstallieren nicht möglich etc.etc.

Alt 11.07.2013, 12:07   #7
SusanneK
 
Snap.do blockiert alles! Programm deinstallieren nicht möglich etc.etc. - Standard

Snap.do blockiert alles! Programm deinstallieren nicht möglich etc.etc.



Teil 1
12:33:26.0669 2256 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
12:33:27.0231 2256 ============================================================
12:33:27.0231 2256 Current date / time: 2013/07/11 12:33:27.0231
12:33:27.0231 2256 SystemInfo:
12:33:27.0231 2256
12:33:27.0231 2256 OS Version: 6.1.7601 ServicePack: 1.0
12:33:27.0231 2256 Product type: Workstation
12:33:27.0231 2256 ComputerName: GIULIANA-PC
12:33:27.0231 2256 UserName: Giuliana
12:33:27.0231 2256 Windows directory: C:\Windows
12:33:27.0231 2256 System windows directory: C:\Windows
12:33:27.0231 2256 Running under WOW64
12:33:27.0231 2256 Processor architecture: Intel x64
12:33:27.0231 2256 Number of processors: 2
12:33:27.0231 2256 Page size: 0x1000
12:33:27.0231 2256 Boot type: Normal boot
12:33:27.0231 2256 ============================================================
12:33:27.0605 2256 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:33:27.0621 2256 ============================================================
12:33:27.0621 2256 \Device\Harddisk0\DR0:
12:33:27.0621 2256 MBR partitions:
12:33:27.0621 2256 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2200800, BlocksNum 0x32000
12:33:27.0621 2256 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2232800, BlocksNum 0x391E7000
12:33:27.0621 2256 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x3B419800, BlocksNum 0x392EC800
12:33:27.0621 2256 ============================================================
12:33:27.0636 2256 C: <-> \Device\Harddisk0\DR0\Partition2
12:33:27.0668 2256 D: <-> \Device\Harddisk0\DR0\Partition3
12:33:27.0668 2256 ============================================================
12:33:27.0668 2256 Initialize success
12:33:27.0668 2256 ============================================================
12:33:29.0930 4644 ============================================================
12:33:29.0930 4644 Scan started
12:33:29.0930 4644 Mode: Manual;
12:33:29.0930 4644 ============================================================
12:33:30.0117 4644 ================ Scan system memory ========================
12:33:30.0117 4644 System memory - ok
12:33:30.0117 4644 ================ Scan services =============================
12:33:30.0288 4644 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
12:33:30.0288 4644 1394ohci - ok
12:33:30.0320 4644 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
12:33:30.0320 4644 ACPI - ok
12:33:30.0351 4644 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
12:33:30.0351 4644 AcpiPmi - ok
12:33:30.0460 4644 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
12:33:30.0460 4644 AdobeARMservice - ok
12:33:30.0554 4644 [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
12:33:30.0569 4644 AdobeFlashPlayerUpdateSvc - ok
12:33:30.0585 4644 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
12:33:30.0600 4644 adp94xx - ok
12:33:30.0600 4644 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
12:33:30.0600 4644 adpahci - ok
12:33:30.0616 4644 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
12:33:30.0616 4644 adpu320 - ok
12:33:30.0647 4644 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
12:33:30.0647 4644 AeLookupSvc - ok
12:33:30.0694 4644 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
12:33:30.0694 4644 AFD - ok
12:33:30.0710 4644 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
12:33:30.0710 4644 agp440 - ok
12:33:30.0741 4644 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
12:33:30.0741 4644 ALG - ok
12:33:30.0741 4644 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
12:33:30.0741 4644 aliide - ok
12:33:30.0756 4644 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
12:33:30.0756 4644 amdide - ok
12:33:30.0756 4644 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
12:33:30.0756 4644 AmdK8 - ok
12:33:30.0772 4644 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
12:33:30.0772 4644 AmdPPM - ok
12:33:30.0803 4644 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
12:33:30.0803 4644 amdsata - ok
12:33:30.0834 4644 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
12:33:30.0834 4644 amdsbs - ok
12:33:30.0866 4644 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
12:33:30.0866 4644 amdxata - ok
12:33:30.0881 4644 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
12:33:30.0881 4644 AppID - ok
12:33:30.0881 4644 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
12:33:30.0881 4644 AppIDSvc - ok
12:33:30.0928 4644 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\Windows\System32\appinfo.dll
12:33:30.0928 4644 Appinfo - ok
12:33:30.0944 4644 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
12:33:30.0944 4644 arc - ok
12:33:30.0944 4644 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
12:33:30.0959 4644 arcsas - ok
12:33:31.0006 4644 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
12:33:31.0006 4644 AsyncMac - ok
12:33:31.0006 4644 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
12:33:31.0006 4644 atapi - ok
12:33:31.0037 4644 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:33:31.0053 4644 AudioEndpointBuilder - ok
12:33:31.0053 4644 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
12:33:31.0068 4644 AudioSrv - ok
12:33:31.0256 4644 [ 587EFD6A3A30A35A27904D21AE1FB882 ] AVP C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
12:33:31.0256 4644 AVP - ok
12:33:31.0302 4644 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
12:33:31.0302 4644 AxInstSV - ok
12:33:31.0349 4644 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
12:33:31.0349 4644 b06bdrv - ok
12:33:31.0396 4644 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
12:33:31.0396 4644 b57nd60a - ok
12:33:31.0458 4644 [ 87F3BCF82A63E900AF896CD930BF7E05 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
12:33:31.0458 4644 BBSvc - ok
12:33:31.0490 4644 [ 78779EE07231C658B483B1F38B5088DF ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
12:33:31.0505 4644 BBUpdate - ok
12:33:31.0521 4644 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
12:33:31.0521 4644 BDESVC - ok
12:33:31.0536 4644 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
12:33:31.0536 4644 Beep - ok
12:33:31.0583 4644 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
12:33:31.0583 4644 BFE - ok
12:33:31.0630 4644 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
12:33:31.0630 4644 BITS - ok
12:33:31.0661 4644 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
12:33:31.0661 4644 blbdrive - ok
12:33:31.0708 4644 [ F832F1505AD8B83474BD9A5B1B985E01 ] Bonjour Service C:\Program Files (x86)\Bonjour\mDNSResponder.exe
12:33:31.0708 4644 Bonjour Service - ok
12:33:31.0724 4644 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
12:33:31.0724 4644 bowser - ok
12:33:31.0739 4644 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
12:33:31.0739 4644 BrFiltLo - ok
12:33:31.0739 4644 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
12:33:31.0739 4644 BrFiltUp - ok
12:33:31.0802 4644 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
12:33:31.0802 4644 Browser - ok
12:33:31.0942 4644 [ 013A330F16B1CECBDE5CB6F921689523 ] BrowserDefendert C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe
12:33:31.0958 4644 BrowserDefendert - ok
12:33:31.0989 4644 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
12:33:31.0989 4644 Brserid - ok
12:33:31.0989 4644 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
12:33:31.0989 4644 BrSerWdm - ok
12:33:32.0004 4644 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
12:33:32.0004 4644 BrUsbMdm - ok
12:33:32.0004 4644 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
12:33:32.0004 4644 BrUsbSer - ok
12:33:32.0020 4644 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
12:33:32.0020 4644 BTHMODEM - ok
12:33:32.0036 4644 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
12:33:32.0036 4644 bthserv - ok
12:33:32.0051 4644 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
12:33:32.0051 4644 cdfs - ok
12:33:32.0082 4644 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
12:33:32.0082 4644 cdrom - ok
12:33:32.0114 4644 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
12:33:32.0114 4644 CertPropSvc - ok
12:33:32.0145 4644 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
12:33:32.0145 4644 circlass - ok
12:33:32.0176 4644 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
12:33:32.0176 4644 CLFS - ok
12:33:32.0223 4644 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:33:32.0223 4644 clr_optimization_v2.0.50727_32 - ok
12:33:32.0254 4644 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:33:32.0270 4644 clr_optimization_v2.0.50727_64 - ok
12:33:32.0348 4644 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:33:32.0348 4644 clr_optimization_v4.0.30319_32 - ok
12:33:32.0363 4644 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:33:32.0363 4644 clr_optimization_v4.0.30319_64 - ok
12:33:32.0363 4644 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
12:33:32.0363 4644 CmBatt - ok
12:33:32.0379 4644 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
12:33:32.0379 4644 cmdide - ok
12:33:32.0426 4644 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
12:33:32.0426 4644 CNG - ok
12:33:32.0426 4644 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
12:33:32.0426 4644 Compbatt - ok
12:33:32.0472 4644 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
12:33:32.0472 4644 CompositeBus - ok
12:33:32.0472 4644 COMSysApp - ok
12:33:32.0472 4644 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
12:33:32.0472 4644 crcdisk - ok
12:33:32.0519 4644 [ D8129C49798CBBFB2E4351D4B7B8EF9C ] CryptSvc C:\Windows\system32\cryptsvc.dll
12:33:32.0519 4644 CryptSvc - ok
12:33:32.0550 4644 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
12:33:32.0566 4644 DcomLaunch - ok
12:33:32.0582 4644 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
12:33:32.0582 4644 defragsvc - ok
12:33:32.0582 4644 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
12:33:32.0582 4644 DfsC - ok
12:33:32.0628 4644 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
12:33:32.0628 4644 Dhcp - ok
12:33:32.0628 4644 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
12:33:32.0628 4644 discache - ok
12:33:32.0644 4644 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
12:33:32.0644 4644 Disk - ok
12:33:32.0660 4644 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
12:33:32.0660 4644 Dnscache - ok
12:33:32.0675 4644 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
12:33:32.0675 4644 dot3svc - ok
12:33:32.0675 4644 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
12:33:32.0675 4644 DPS - ok
12:33:32.0706 4644 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
12:33:32.0706 4644 drmkaud - ok
12:33:32.0753 4644 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
12:33:32.0753 4644 DXGKrnl - ok
12:33:32.0800 4644 [ DC1776D086AA9733B1929A3D979D9FDD ] e1cexpress C:\Windows\system32\DRIVERS\e1c62x64.sys
12:33:32.0800 4644 e1cexpress - ok
12:33:32.0831 4644 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
12:33:32.0831 4644 EapHost - ok
12:33:32.0894 4644 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
12:33:32.0909 4644 ebdrv - ok
12:33:32.0956 4644 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
12:33:32.0956 4644 EFS - ok
12:33:32.0987 4644 [ 18DD872DD46ACB24E106DC2C9C270466 ] EgisTec Ticket Service C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
12:33:32.0987 4644 EgisTec Ticket Service - ok
12:33:33.0034 4644 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
12:33:33.0034 4644 ehRecvr - ok
12:33:33.0050 4644 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
12:33:33.0050 4644 ehSched - ok
12:33:33.0081 4644 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
12:33:33.0081 4644 elxstor - ok
12:33:33.0081 4644 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
12:33:33.0081 4644 ErrDev - ok
12:33:33.0112 4644 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
12:33:33.0112 4644 EventSystem - ok
12:33:33.0159 4644 [ 334C907536E815E56CD13108A6D5FB9D ] ewusbmbb C:\Windows\system32\DRIVERS\ewusbwwan.sys
12:33:33.0174 4644 ewusbmbb - ok
12:33:33.0206 4644 [ 86F7951BBCEE4A86E79A97306BD14318 ] ew_hwusbdev C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
12:33:33.0206 4644 ew_hwusbdev - ok
12:33:33.0237 4644 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
12:33:33.0237 4644 exfat - ok
12:33:33.0346 4644 [ E343DFEA029DB97418237DE5AD457FD3 ] EyeTV Netstream C:\Program Files (x86)\Elgato\EyeTV Netstream\EyeTVNetstreamSvc.exe
12:33:33.0346 4644 EyeTV Netstream - ok
12:33:33.0346 4644 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
12:33:33.0346 4644 fastfat - ok
12:33:33.0377 4644 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
12:33:33.0393 4644 Fax - ok
12:33:33.0408 4644 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
12:33:33.0408 4644 fdc - ok
12:33:33.0424 4644 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
12:33:33.0424 4644 fdPHost - ok
12:33:33.0424 4644 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
12:33:33.0424 4644 FDResPub - ok
12:33:33.0440 4644 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
12:33:33.0440 4644 FileInfo - ok
12:33:33.0455 4644 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
12:33:33.0455 4644 Filetrace - ok
12:33:33.0471 4644 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
12:33:33.0471 4644 flpydisk - ok
12:33:33.0471 4644 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
12:33:33.0486 4644 FltMgr - ok
12:33:33.0533 4644 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
12:33:33.0533 4644 FontCache - ok
12:33:33.0580 4644 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:33:33.0580 4644 FontCache3.0.0.0 - ok
12:33:33.0596 4644 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
12:33:33.0596 4644 FsDepends - ok
12:33:33.0611 4644 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
12:33:33.0611 4644 Fs_Rec - ok
12:33:33.0642 4644 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
12:33:33.0642 4644 fvevol - ok
12:33:33.0658 4644 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
12:33:33.0658 4644 gagp30kx - ok
12:33:33.0720 4644 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
12:33:33.0720 4644 GamesAppService - ok
12:33:33.0752 4644 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
12:33:33.0752 4644 gpsvc - ok
12:33:33.0798 4644 [ C9B2D1D3F86FD3673EF847DEF73B6F9E ] GREGService C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
12:33:33.0798 4644 GREGService - ok
12:33:33.0908 4644 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:33:33.0908 4644 gupdate - ok
12:33:33.0923 4644 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:33:33.0923 4644 gupdatem - ok
12:33:33.0970 4644 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
12:33:33.0986 4644 gusvc - ok
12:33:34.0001 4644 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
12:33:34.0001 4644 hcw85cir - ok
12:33:34.0032 4644 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:33:34.0048 4644 HdAudAddService - ok
12:33:34.0079 4644 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
12:33:34.0079 4644 HDAudBus - ok
12:33:34.0079 4644 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
12:33:34.0079 4644 HidBatt - ok
12:33:34.0079 4644 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
12:33:34.0079 4644 HidBth - ok
12:33:34.0095 4644 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
12:33:34.0095 4644 HidIr - ok
12:33:34.0095 4644 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
12:33:34.0095 4644 hidserv - ok
12:33:34.0142 4644 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
12:33:34.0142 4644 HidUsb - ok
12:33:34.0157 4644 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
12:33:34.0157 4644 hkmsvc - ok
12:33:34.0157 4644 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
12:33:34.0173 4644 HomeGroupListener - ok
12:33:34.0188 4644 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
12:33:34.0188 4644 HomeGroupProvider - ok
12:33:34.0220 4644 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
12:33:34.0220 4644 HpSAMD - ok
12:33:34.0220 4644 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
12:33:34.0235 4644 HTTP - ok
12:33:34.0266 4644 [ 1642C62F1FD5E1FF44608283994A7BB8 ] huawei_enumerator C:\Windows\system32\DRIVERS\ew_jubusenum.sys
12:33:34.0266 4644 huawei_enumerator - ok
12:33:34.0298 4644 [ 04D1DE1E8ACE40CA396502C90524E945 ] hwdatacard C:\Windows\system32\DRIVERS\ewusbmdm.sys
12:33:34.0298 4644 hwdatacard - ok
12:33:34.0391 4644 [ E90DA42B87D684DEBFB73B38A718A006 ] HWDeviceService64.exe C:\ProgramData\DatacardService\HWDeviceService64.exe
12:33:34.0391 4644 HWDeviceService64.exe - ok
12:33:34.0391 4644 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
12:33:34.0391 4644 hwpolicy - ok
12:33:34.0438 4644 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
12:33:34.0438 4644 i8042prt - ok
12:33:34.0454 4644 [ D7921D5A870B11CC1ADAB198A519D50A ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
12:33:34.0454 4644 iaStor - ok
12:33:34.0516 4644 [ 8FFF9083252C16FE3960173722605E9E ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
12:33:34.0516 4644 IAStorDataMgrSvc - ok
12:33:34.0563 4644 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
12:33:34.0563 4644 iaStorV - ok
12:33:34.0625 4644 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:33:34.0625 4644 idsvc - ok
12:33:34.0859 4644 [ 174BCAC474DE13B2650E444CF124828E ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
12:33:34.0922 4644 igfx - ok
12:33:34.0937 4644 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
12:33:34.0937 4644 iirsp - ok
12:33:34.0968 4644 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
12:33:34.0968 4644 IKEEXT - ok
12:33:35.0031 4644 [ 82D0C8C47F6A52B695F405661D1DF50E ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
12:33:35.0046 4644 IntcAzAudAddService - ok
12:33:35.0109 4644 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
12:33:35.0109 4644 IntcDAud - ok
12:33:35.0124 4644 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
12:33:35.0124 4644 intelide - ok
12:33:35.0140 4644 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
12:33:35.0156 4644 intelppm - ok
12:33:35.0171 4644 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
12:33:35.0171 4644 IPBusEnum - ok
12:33:35.0171 4644 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:33:35.0171 4644 IpFilterDriver - ok
12:33:35.0218 4644 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
12:33:35.0218 4644 iphlpsvc - ok
12:33:35.0218 4644 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
12:33:35.0218 4644 IPMIDRV - ok
12:33:35.0249 4644 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
12:33:35.0249 4644 IPNAT - ok
12:33:35.0265 4644 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
12:33:35.0265 4644 IRENUM - ok
12:33:35.0265 4644 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
12:33:35.0265 4644 isapnp - ok
12:33:35.0296 4644 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
12:33:35.0296 4644 iScsiPrt - ok
12:33:35.0312 4644 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
12:33:35.0312 4644 kbdclass - ok
12:33:35.0327 4644 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
12:33:35.0327 4644 kbdhid - ok
12:33:35.0358 4644 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
12:33:35.0358 4644 KeyIso - ok
12:33:35.0390 4644 [ 8B5219318DF5895ABD230C373F2DF18A ] kl1 C:\Windows\system32\DRIVERS\kl1.sys
12:33:35.0405 4644 kl1 - ok
12:33:35.0483 4644 [ 2CBD248370721DCAD632DB70D09C5A6D ] KLIF C:\Windows\system32\DRIVERS\klif.sys
12:33:35.0499 4644 KLIF - ok
12:33:35.0514 4644 [ 9BD99E1AB3F664120AB95C35F9EC1EB0 ] KLIM6 C:\Windows\system32\DRIVERS\klim6.sys
12:33:35.0514 4644 KLIM6 - ok
12:33:35.0514 4644 [ 2C43FD500522EF3B8C283A5846B7FC41 ] klkbdflt C:\Windows\system32\DRIVERS\klkbdflt.sys
12:33:35.0514 4644 klkbdflt - ok
12:33:35.0546 4644 [ 70A6D2E292017EC47949696F51ABE18D ] klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys
12:33:35.0546 4644 klmouflt - ok
12:33:35.0546 4644 [ 45ECF097BC6330C2054D7D43B7AD822B ] kltdi C:\Windows\system32\DRIVERS\kltdi.sys
12:33:35.0546 4644 kltdi - ok
12:33:35.0561 4644 [ 1FCB657B581CC4DF17FD6571F93602DE ] kneps C:\Windows\system32\DRIVERS\kneps.sys
12:33:35.0577 4644 kneps - ok
12:33:35.0592 4644 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
12:33:35.0592 4644 KSecDD - ok
12:33:35.0608 4644 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
12:33:35.0624 4644 KSecPkg - ok
12:33:35.0624 4644 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
12:33:35.0624 4644 ksthunk - ok
12:33:35.0655 4644 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
12:33:35.0655 4644 KtmRm - ok
12:33:35.0702 4644 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
12:33:35.0702 4644 LanmanServer - ok
12:33:35.0717 4644 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:33:35.0717 4644 LanmanWorkstation - ok
12:33:35.0780 4644 [ B705C7097F9A0EC941D02DCE7C7D426C ] Live Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe
12:33:35.0795 4644 Live Updater Service - ok
12:33:35.0795 4644 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
12:33:35.0795 4644 lltdio - ok
12:33:35.0842 4644 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
12:33:35.0842 4644 lltdsvc - ok
12:33:35.0858 4644 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
12:33:35.0858 4644 lmhosts - ok
12:33:35.0904 4644 [ 2ED1786B7542CDA261029F6B526EDF44 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
12:33:35.0904 4644 LMS - ok
12:33:35.0920 4644 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
12:33:35.0920 4644 LSI_FC - ok
12:33:35.0936 4644 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
12:33:35.0936 4644 LSI_SAS - ok
12:33:35.0936 4644 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
12:33:35.0951 4644 LSI_SAS2 - ok
12:33:35.0951 4644 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
12:33:35.0951 4644 LSI_SCSI - ok
12:33:35.0967 4644 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
12:33:35.0967 4644 luafv - ok
12:33:35.0998 4644 McAWFwk - ok
12:33:36.0014 4644 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
12:33:36.0014 4644 Mcx2Svc - ok
12:33:36.0014 4644 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
12:33:36.0014 4644 megasas - ok
12:33:36.0029 4644 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
12:33:36.0029 4644 MegaSR - ok
12:33:36.0045 4644 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
12:33:36.0045 4644 MEIx64 - ok
12:33:36.0076 4644 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
12:33:36.0092 4644 MMCSS - ok
12:33:36.0216 4644 [ 60AC73EB57682F361E07AE26A62DFD6A ] Mobile Partner. RunOuc C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe
12:33:36.0216 4644 Mobile Partner. RunOuc - ok
12:33:36.0279 4644 [ 15E399875C850B54FC253A2323AD8021 ] mod7700 C:\Windows\system32\DRIVERS\mod7700.sys
12:33:36.0279 4644 mod7700 - ok
12:33:36.0279 4644 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
12:33:36.0279 4644 Modem - ok
12:33:36.0326 4644 [ 7286C9DEC4A13A402FD4F9C99332B048 ] MODRC C:\Windows\system32\DRIVERS\modrc.sys
12:33:36.0326 4644 MODRC - ok
12:33:36.0357 4644 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
12:33:36.0357 4644 monitor - ok
12:33:36.0372 4644 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
12:33:36.0372 4644 mouclass - ok
12:33:36.0388 4644 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
12:33:36.0388 4644 mouhid - ok
12:33:36.0404 4644 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
12:33:36.0404 4644 mountmgr - ok
12:33:36.0435 4644 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
12:33:36.0435 4644 mpio - ok
12:33:36.0450 4644 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
12:33:36.0450 4644 mpsdrv - ok
12:33:36.0466 4644 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
12:33:36.0466 4644 MpsSvc - ok
12:33:36.0482 4644 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
12:33:36.0482 4644 MRxDAV - ok
12:33:36.0497 4644 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
12:33:36.0497 4644 mrxsmb - ok
12:33:36.0513 4644 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:33:36.0513 4644 mrxsmb10 - ok
12:33:36.0528 4644 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:33:36.0528 4644 mrxsmb20 - ok
12:33:36.0528 4644 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
12:33:36.0528 4644 msahci - ok
12:33:36.0544 4644 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
12:33:36.0544 4644 msdsm - ok
12:33:36.0560 4644 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
12:33:36.0560 4644 MSDTC - ok
12:33:36.0575 4644 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
12:33:36.0591 4644 Msfs - ok
12:33:36.0591 4644 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
12:33:36.0591 4644 mshidkmdf - ok
12:33:36.0606 4644 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
12:33:36.0606 4644 msisadrv - ok
12:33:36.0622 4644 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
12:33:36.0622 4644 MSiSCSI - ok
12:33:36.0622 4644 msiserver - ok
12:33:36.0638 4644 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
12:33:36.0638 4644 MSKSSRV - ok
12:33:36.0638 4644 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
12:33:36.0638 4644 MSPCLOCK - ok
12:33:36.0653 4644 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
12:33:36.0653 4644 MSPQM - ok
12:33:36.0669 4644 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
12:33:36.0669 4644 MsRPC - ok
12:33:36.0669 4644 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
12:33:36.0669 4644 mssmbios - ok
12:33:36.0684 4644 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
12:33:36.0684 4644 MSTEE - ok
12:33:36.0700 4644 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
12:33:36.0700 4644 MTConfig - ok
12:33:36.0700 4644 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
12:33:36.0700 4644 Mup - ok
12:33:36.0700 4644 [ C009123B206C56854F4E88596035231D ] mwlPSDFilter C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
12:33:36.0700 4644 mwlPSDFilter - ok
12:33:36.0716 4644 [ BF3739EEB9F008B1DEBAC115089A53F8 ] mwlPSDNServ C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
12:33:36.0716 4644 mwlPSDNServ - ok
12:33:36.0716 4644 [ 38DD143D95E7A01B86F219DDA9C28779 ] mwlPSDVDisk C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
12:33:36.0716 4644 mwlPSDVDisk - ok
12:33:36.0747 4644 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
12:33:36.0747 4644 napagent - ok
12:33:36.0794 4644 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
12:33:36.0794 4644 NativeWifiP - ok
12:33:36.0840 4644 [ 9D1CCE440552500DED3A62F9D779CDB4 ] NAUpdate C:\Program Files (x86)\Nero\Update\NASvc.exe
12:33:36.0840 4644 NAUpdate - ok
12:33:36.0903 4644 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
12:33:36.0903 4644 NDIS - ok
12:33:36.0934 4644 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
12:33:36.0934 4644 NdisCap - ok
12:33:36.0950 4644 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
12:33:36.0950 4644 NdisTapi - ok
12:33:36.0965 4644 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
12:33:36.0996 4644 Ndisuio - ok
12:33:36.0996 4644 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
12:33:36.0996 4644 NdisWan - ok
12:33:36.0996 4644 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
12:33:36.0996 4644 NDProxy - ok
12:33:37.0012 4644 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
12:33:37.0012 4644 NetBIOS - ok
12:33:37.0012 4644 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
12:33:37.0028 4644 NetBT - ok
12:33:37.0043 4644 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
12:33:37.0059 4644 Netlogon - ok
12:33:37.0090 4644 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
12:33:37.0090 4644 Netman - ok
12:33:37.0106 4644 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
12:33:37.0106 4644 netprofm - ok
12:33:37.0168 4644 [ 5EB01F698C4E2C11598934D4540047CA ] netr28ux C:\Windows\system32\DRIVERS\netr28ux.sys
12:33:37.0184 4644 netr28ux - ok
12:33:37.0230 4644 [ AF5F224A600F50B7D2B77F4AE59C1ABE ] netr28x C:\Windows\system32\DRIVERS\netr28x.sys
12:33:37.0246 4644 netr28x - ok
12:33:37.0262 4644 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:33:37.0262 4644 NetTcpPortSharing - ok
12:33:37.0293 4644 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
12:33:37.0293 4644 nfrd960 - ok
12:33:37.0324 4644 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
12:33:37.0340 4644 NlaSvc - ok
12:33:37.0418 4644 [ 5839A8027D6D324A7CD494051A96628C ] NOBU C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
12:33:37.0449 4644 NOBU - ok
12:33:37.0449 4644 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
12:33:37.0449 4644 Npfs - ok
12:33:37.0464 4644 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
12:33:37.0464 4644 nsi - ok
12:33:37.0480 4644 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
12:33:37.0480 4644 nsiproxy - ok
12:33:37.0527 4644 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
12:33:37.0542 4644 Ntfs - ok
12:33:37.0558 4644 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
12:33:37.0558 4644 Null - ok
12:33:37.0574 4644 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
12:33:37.0574 4644 nvraid - ok
12:33:37.0605 4644 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
12:33:37.0605 4644 nvstor - ok
12:33:37.0620 4644 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
12:33:37.0620 4644 nv_agp - ok
12:33:37.0620 4644 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
12:33:37.0620 4644 ohci1394 - ok
12:33:37.0652 4644 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:33:37.0652 4644 ose - ok
12:33:37.0823 4644 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
12:33:37.0854 4644 osppsvc - ok
12:33:37.0901 4644 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
12:33:37.0901 4644 p2pimsvc - ok
12:33:37.0917 4644 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
12:33:37.0932 4644 p2psvc - ok
12:33:37.0932 4644 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
12:33:37.0932 4644 Parport - ok
12:33:37.0964 4644 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
12:33:37.0979 4644 partmgr - ok
12:33:37.0979 4644 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
12:33:37.0979 4644 PcaSvc - ok
12:33:37.0995 4644 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
12:33:37.0995 4644 pci - ok
12:33:38.0026 4644 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
12:33:38.0026 4644 pciide - ok
12:33:38.0042 4644 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
12:33:38.0042 4644 pcmcia - ok
12:33:38.0120 4644 [ 4678535614BD147D1ED6F0830EA0E540 ] PCToolsSSDMonitorSvc C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
12:33:38.0135 4644 PCToolsSSDMonitorSvc - ok
12:33:38.0135 4644 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
12:33:38.0135 4644 pcw - ok
12:33:38.0166 4644 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
12:33:38.0166 4644 PEAUTH - ok
12:33:38.0244 4644 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
12:33:38.0244 4644 PerfHost - ok
12:33:38.0291 4644 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
12:33:38.0307 4644 pla - ok
12:33:38.0354 4644 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
12:33:38.0354 4644 PlugPlay - ok
12:33:38.0369 4644 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
12:33:38.0369 4644 PNRPAutoReg - ok
12:33:38.0400 4644 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
12:33:38.0400 4644 PNRPsvc - ok
12:33:38.0416 4644 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
12:33:38.0416 4644 PolicyAgent - ok
12:33:38.0447 4644 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
12:33:38.0447 4644 Power - ok
12:33:38.0447 4644 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
12:33:38.0463 4644 PptpMiniport - ok
12:33:38.0478 4644 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
12:33:38.0478 4644 Processor - ok
12:33:38.0494 4644 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
12:33:38.0494 4644 ProfSvc - ok
12:33:38.0525 4644 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
12:33:38.0525 4644 ProtectedStorage - ok
12:33:38.0556 4644 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
12:33:38.0556 4644 Psched - ok
12:33:38.0588 4644 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
12:33:38.0588 4644 ql2300 - ok
12:33:38.0603 4644 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
12:33:38.0603 4644 ql40xx - ok
12:33:38.0619 4644 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
12:33:38.0634 4644 QWAVE - ok
12:33:38.0634 4644 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
12:33:38.0634 4644 QWAVEdrv - ok
12:33:38.0634 4644 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
12:33:38.0634 4644 RasAcd - ok
12:33:38.0666 4644 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
12:33:38.0666 4644 RasAgileVpn - ok
12:33:38.0681 4644 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
12:33:38.0681 4644 RasAuto - ok
12:33:38.0681 4644 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
12:33:38.0681 4644 Rasl2tp - ok
12:33:38.0697 4644 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
12:33:38.0697 4644 RasMan - ok
12:33:38.0697 4644 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
12:33:38.0712 4644 RasPppoe - ok
12:33:38.0712 4644 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
12:33:38.0728 4644 RasSstp - ok
12:33:38.0728 4644 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
12:33:38.0728 4644 rdbss - ok
12:33:38.0728 4644 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
12:33:38.0728 4644 rdpbus - ok
12:33:38.0744 4644 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
12:33:38.0744 4644 RDPCDD - ok
12:33:38.0759 4644 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
12:33:38.0759 4644 RDPENCDD - ok
12:33:38.0759 4644 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
12:33:38.0759 4644 RDPREFMP - ok
12:33:38.0790 4644 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
12:33:38.0790 4644 RDPWD - ok
12:33:38.0790 4644 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
12:33:38.0790 4644 rdyboost - ok
12:33:38.0822 4644 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
12:33:38.0822 4644 RemoteAccess - ok
12:33:38.0837 4644 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
12:33:38.0837 4644 RemoteRegistry - ok
12:33:38.0853 4644 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
12:33:38.0853 4644 RpcEptMapper - ok
12:33:38.0884 4644 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
12:33:38.0884 4644 RpcLocator - ok
12:33:38.0900 4644 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
12:33:38.0900 4644 RpcSs - ok
12:33:38.0915 4644 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
12:33:38.0915 4644 rspndr - ok
12:33:38.0915 4644 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
12:33:38.0915 4644 SamSs - ok
12:33:38.0931 4644 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
12:33:38.0931 4644 sbp2port - ok
12:33:38.0946 4644 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
12:33:38.0946 4644 SCardSvr - ok
12:33:38.0962 4644 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
12:33:38.0978 4644 scfilter - ok
12:33:39.0009 4644 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
12:33:39.0009 4644 Schedule - ok
12:33:39.0024 4644 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
12:33:39.0040 4644 SCPolicySvc - ok
12:33:39.0040 4644 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
12:33:39.0040 4644 SDRSVC - ok
12:33:39.0056 4644 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
12:33:39.0056 4644 secdrv - ok
12:33:39.0056 4644 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
12:33:39.0056 4644 seclogon - ok
12:33:39.0056 4644 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
12:33:39.0056 4644 SENS - ok
12:33:39.0071 4644 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
12:33:39.0071 4644 SensrSvc - ok
12:33:39.0087 4644 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
12:33:39.0087 4644 Serenum - ok
12:33:39.0102 4644 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
12:33:39.0102 4644 Serial - ok
12:33:39.0102 4644 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
12:33:39.0102 4644 sermouse - ok
12:33:39.0149 4644 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
12:33:39.0149 4644 SessionEnv - ok
12:33:39.0149 4644 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
12:33:39.0149 4644 sffdisk - ok
12:33:39.0149 4644 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
12:33:39.0149 4644 sffp_mmc - ok
12:33:39.0165 4644 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
12:33:39.0165 4644 sffp_sd - ok
12:33:39.0165 4644 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
12:33:39.0165 4644 sfloppy - ok
12:33:39.0196 4644 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
12:33:39.0196 4644 SharedAccess - ok
12:33:39.0212 4644 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:33:39.0212 4644 ShellHWDetection - ok
12:33:39.0212 4644 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
12:33:39.0212 4644 SiSRaid2 - ok
12:33:39.0227 4644 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
12:33:39.0227 4644 SiSRaid4 - ok
12:33:39.0243 4644 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
12:33:39.0243 4644 Smb - ok
12:33:39.0243 4644 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
12:33:39.0243 4644 SNMPTRAP - ok
12:33:39.0243 4644 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
12:33:39.0258 4644 spldr - ok
12:33:39.0290 4644 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
12:33:39.0290 4644 Spooler - ok
12:33:39.0368 4644 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
12:33:39.0383 4644 sppsvc - ok
12:33:39.0399 4644 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
12:33:39.0399 4644 sppuinotify - ok
12:33:39.0414 4644 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
12:33:39.0430 4644 srv - ok
12:33:39.0430 4644 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
12:33:39.0430 4644 srv2 - ok
12:33:39.0446 4644 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
12:33:39.0446 4644 srvnet - ok
12:33:39.0461 4644 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
12:33:39.0461 4644 SSDPSRV - ok
12:33:39.0461 4644 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
12:33:39.0461 4644 SstpSvc - ok
12:33:39.0477 4644 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
12:33:39.0477 4644 stexstor - ok
12:33:39.0524 4644 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
12:33:39.0524 4644 stisvc - ok
12:33:39.0539 4644 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
12:33:39.0539 4644 swenum - ok
12:33:39.0555 4644 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
12:33:39.0570 4644 swprv - ok
12:33:39.0586 4644 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
12:33:39.0602 4644 SysMain - ok
12:33:39.0602 4644 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:33:39.0602 4644 TabletInputService - ok
12:33:39.0617 4644 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
12:33:39.0617 4644 TapiSrv - ok
12:33:39.0633 4644 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
12:33:39.0633 4644 TBS - ok
12:33:39.0711 4644 [ 9849EA3843A2ADBDD1497E97A85D8CAE ] Tcpip C:\Windows\system32\drivers\tcpip.sys
12:33:39.0726 4644 Tcpip - ok
12:33:39.0804 4644 [ 9849EA3843A2ADBDD1497E97A85D8CAE ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
12:33:39.0820 4644 TCPIP6 - ok
12:33:39.0836 4644 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
12:33:39.0836 4644 tcpipreg - ok
12:33:39.0867 4644 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
12:33:39.0867 4644 TDPIPE - ok
12:33:39.0882 4644 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
12:33:39.0882 4644 TDTCP - ok
12:33:39.0898 4644 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
12:33:39.0898 4644 tdx - ok
12:33:39.0914 4644 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
12:33:39.0914 4644 TermDD - ok
12:33:39.0929 4644 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
12:33:39.0945 4644 TermService - ok
12:33:39.0945 4644 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
12:33:39.0945 4644 Themes - ok
12:33:39.0960 4644 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
12:33:39.0960 4644 THREADORDER - ok
12:33:39.0976 4644 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
12:33:39.0976 4644 TrkWks - ok
12:33:40.0023 4644 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:33:40.0023 4644 TrustedInstaller - ok
12:33:40.0023 4644 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
12:33:40.0023 4644 tssecsrv - ok
12:33:40.0054 4644 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
12:33:40.0054 4644 TsUsbFlt - ok
12:33:40.0054 4644 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
12:33:40.0054 4644 TsUsbGD - ok
12:33:40.0070 4644 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
12:33:40.0070 4644 tunnel - ok
12:33:40.0085 4644 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
12:33:40.0085 4644 uagp35 - ok
12:33:40.0085 4644 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
12:33:40.0085 4644 udfs - ok
12:33:40.0101 4644 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
12:33:40.0101 4644 UI0Detect - ok
12:33:40.0101 4644 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
12:33:40.0101 4644 uliagpkx - ok
12:33:40.0116 4644 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
12:33:40.0116 4644 umbus - ok
12:33:40.0116 4644 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
12:33:40.0116 4644 UmPass - ok
12:33:40.0179 4644 [ 7E5E1603D0FF2D240AE70295C5C3FEFC ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
12:33:40.0210 4644 UNS - ok
12:33:40.0226 4644 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
12:33:40.0226 4644 upnphost - ok
12:33:40.0257 4644 [ 5FCC71487888589A9244AF54CFEFAB29 ] usbbus C:\Windows\system32\DRIVERS\lgx64bus.sys
12:33:40.0257 4644 usbbus - ok
12:33:40.0288 4644 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
12:33:40.0288 4644 usbccgp - ok
12:33:40.0288 4644 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
12:33:40.0304 4644 usbcir - ok
12:33:40.0350 4644 [ 3FB6E423F7567C92C32EA786F5FD0C69 ] UsbDiag C:\Windows\system32\DRIVERS\lgx64diag.sys
12:33:40.0350 4644 UsbDiag - ok
12:33:40.0350 4644 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
12:33:40.0366 4644 usbehci - ok
12:33:40.0382 4644 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
12:33:40.0382 4644 usbhub - ok
12:33:40.0397 4644 [ 78D551F5B93488B4666F5FC8DD4815F3 ] USBModem C:\Windows\system32\DRIVERS\lgx64modem.sys
12:33:40.0397 4644 USBModem - ok
12:33:40.0413 4644 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
12:33:40.0413 4644 usbohci - ok
12:33:40.0444 4644 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
12:33:40.0444 4644 usbprint - ok
12:33:40.0475 4644 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
12:33:40.0475 4644 usbscan - ok
12:33:40.0491 4644 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:33:40.0491 4644 USBSTOR - ok
12:33:40.0506 4644 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
12:33:40.0506 4644 usbuhci - ok
12:33:40.0522 4644 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
12:33:40.0538 4644 UxSms - ok
12:33:40.0538 4644 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
12:33:40.0538 4644 VaultSvc - ok
12:33:40.0569 4644 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
12:33:40.0569 4644 vdrvroot - ok
12:33:40.0584 4644 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
12:33:40.0600 4644 vds - ok

Teil 2
12:33:40.0600 4644 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
12:33:40.0600 4644 vga - ok
12:33:40.0616 4644 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
12:33:40.0616 4644 VgaSave - ok
12:33:40.0616 4644 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
12:33:40.0616 4644 vhdmp - ok
12:33:40.0631 4644 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
12:33:40.0631 4644 viaide - ok
12:33:40.0647 4644 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
12:33:40.0647 4644 volmgr - ok
12:33:40.0647 4644 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
12:33:40.0647 4644 volmgrx - ok
12:33:40.0647 4644 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
12:33:40.0662 4644 volsnap - ok
12:33:40.0678 4644 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
12:33:40.0678 4644 vsmraid - ok
12:33:40.0709 4644 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
12:33:40.0725 4644 VSS - ok
12:33:40.0725 4644 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
12:33:40.0725 4644 vwifibus - ok
12:33:40.0740 4644 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
12:33:40.0740 4644 vwififlt - ok
12:33:40.0756 4644 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
12:33:40.0756 4644 vwifimp - ok
12:33:40.0772 4644 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
12:33:40.0772 4644 W32Time - ok
12:33:40.0772 4644 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
12:33:40.0772 4644 WacomPen - ok
12:33:40.0834 4644 [ 4AA2CC5979AFF984227364F2C23B04F3 ] WajamUpdater C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe
12:33:40.0834 4644 WajamUpdater - ok
12:33:40.0865 4644 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
12:33:40.0865 4644 WANARP - ok
12:33:40.0865 4644 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
12:33:40.0865 4644 Wanarpv6 - ok
12:33:40.0912 4644 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
12:33:40.0928 4644 wbengine - ok
12:33:40.0928 4644 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
12:33:40.0943 4644 WbioSrvc - ok
12:33:40.0943 4644 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
12:33:40.0943 4644 wcncsvc - ok
12:33:40.0959 4644 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:33:40.0974 4644 WcsPlugInService - ok
12:33:40.0974 4644 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
12:33:40.0974 4644 Wd - ok
12:33:41.0021 4644 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
12:33:41.0021 4644 Wdf01000 - ok
12:33:41.0052 4644 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
12:33:41.0052 4644 WdiServiceHost - ok
12:33:41.0052 4644 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
12:33:41.0068 4644 WdiSystemHost - ok
12:33:41.0084 4644 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
12:33:41.0084 4644 WebClient - ok
12:33:41.0099 4644 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
12:33:41.0099 4644 Wecsvc - ok
12:33:41.0115 4644 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
12:33:41.0115 4644 wercplsupport - ok
12:33:41.0130 4644 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
12:33:41.0130 4644 WerSvc - ok
12:33:41.0146 4644 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
12:33:41.0146 4644 WfpLwf - ok
12:33:41.0162 4644 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
12:33:41.0162 4644 WIMMount - ok
12:33:41.0177 4644 WinDefend - ok
12:33:41.0193 4644 WinHttpAutoProxySvc - ok
12:33:41.0240 4644 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
12:33:41.0240 4644 Winmgmt - ok
12:33:41.0286 4644 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
12:33:41.0302 4644 WinRM - ok
12:33:41.0364 4644 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
12:33:41.0364 4644 WinUsb - ok
12:33:41.0427 4644 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
12:33:41.0427 4644 Wlansvc - ok
12:33:41.0489 4644 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
12:33:41.0489 4644 wlcrasvc - ok
12:33:41.0567 4644 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:33:41.0583 4644 wlidsvc - ok
12:33:41.0630 4644 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
12:33:41.0630 4644 WmiAcpi - ok
12:33:41.0645 4644 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
12:33:41.0645 4644 wmiApSrv - ok
12:33:41.0676 4644 WMPNetworkSvc - ok
12:33:41.0708 4644 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
12:33:41.0708 4644 WPCSvc - ok
12:33:41.0739 4644 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
12:33:41.0739 4644 WPDBusEnum - ok
12:33:41.0770 4644 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
12:33:41.0770 4644 ws2ifsl - ok
12:33:41.0770 4644 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
12:33:41.0770 4644 wscsvc - ok
12:33:41.0770 4644 WSearch - ok
12:33:41.0832 4644 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
12:33:41.0864 4644 wuauserv - ok
12:33:41.0895 4644 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
12:33:41.0895 4644 WudfPf - ok
12:33:41.0926 4644 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
12:33:41.0926 4644 WUDFRd - ok
12:33:41.0957 4644 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
12:33:41.0973 4644 wudfsvc - ok
12:33:41.0988 4644 [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc C:\Windows\System32\wwansvc.dll
12:33:41.0988 4644 WwanSvc - ok
12:33:42.0066 4644 ================ Scan global ===============================
12:33:42.0082 4644 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
12:33:42.0113 4644 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
12:33:42.0129 4644 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
12:33:42.0160 4644 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
12:33:42.0176 4644 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
12:33:42.0176 4644 [Global] - ok
12:33:42.0176 4644 ================ Scan MBR ==================================
12:33:42.0191 4644 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
12:33:42.0394 4644 \Device\Harddisk0\DR0 - ok
12:33:42.0410 4644 ================ Scan VBR ==================================
12:33:42.0410 4644 [ 364395C5034DE061F71ADFE9B31127BA ] \Device\Harddisk0\DR0\Partition1
12:33:42.0410 4644 \Device\Harddisk0\DR0\Partition1 - ok
12:33:42.0425 4644 [ 1FD9B1B86EEF826CE712D0209D724240 ] \Device\Harddisk0\DR0\Partition2
12:33:42.0425 4644 \Device\Harddisk0\DR0\Partition2 - ok
12:33:42.0441 4644 [ F5B06E09899B587C2075ED13864E0985 ] \Device\Harddisk0\DR0\Partition3
12:33:42.0456 4644 \Device\Harddisk0\DR0\Partition3 - ok
12:33:42.0456 4644 ============================================================
12:33:42.0456 4644 Scan finished
12:33:42.0456 4644 ============================================================
12:33:42.0456 4868 Detected object count: 0
12:33:42.0456 4868 Actual detected object count: 0
12:34:34.0888 4348 Deinitialize success

Alt 11.07.2013, 12:13   #8
markusg
/// Malware-holic
 
Snap.do blockiert alles! Programm deinstallieren nicht möglich etc.etc. - Standard

Snap.do blockiert alles! Programm deinstallieren nicht möglich etc.etc.



Hi,
tdss killer nicht nach Anleitung konfiguriert.
außerdem fehlt noch alles ab 1. (erfolgsmeldung oder Prolemmeldung)
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 13.07.2013, 22:59   #9
SusanneK
 
Snap.do blockiert alles! Programm deinstallieren nicht möglich etc.etc. - Standard

Snap.do blockiert alles! Programm deinstallieren nicht möglich etc.etc.



Hallo,

ich bin es noch einmal. Ich habe die letzte Anweisung, glaub ich, überhaupt nicht richtig ausgeführt bzw. irgendwelche Schritte übersprungen oder, oder, oder.... Ich bin verzweifelt.

Eben habe ich hier auf meinem Notebook mal in die installierten Programme geschaut und muss voller Schrecken feststellen, dass auf dem PC meiner Tochter nix mehr drauf ist. Auf dem Notebook befinden sich diverse Programme von Microsoft sowie INTEL drauf. Bei meiner Tochter ist reineweg gar nichts mehr zu finden ausser Snap.do und qtraxplayer.

Soll ich die Hoffnung lieber aufgeben?

Susanne

Alt 15.07.2013, 19:28   #10
markusg
/// Malware-holic
 
Snap.do blockiert alles! Programm deinstallieren nicht möglich etc.etc. - Standard

Snap.do blockiert alles! Programm deinstallieren nicht möglich etc.etc.



Hi.
na sind denn noch Programme verfügbar? browser etc.
ob du schritte übersprungen hast, weis ich nicht, führ sie halt noch mal aus, wenn möglich.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 17.07.2013, 16:14   #11
ryder
/// TB-Ausbilder
 
Snap.do blockiert alles! Programm deinstallieren nicht möglich etc.etc. - Standard

Snap.do blockiert alles! Programm deinstallieren nicht möglich etc.etc.



Hallo brauchst du weiterhin Hilfe?
__________________
Digitale Freibeuter gegen Malware!
Keine Hilfe per PM!

Alt 20.07.2013, 12:04   #12
ryder
/// TB-Ausbilder
 
Snap.do blockiert alles! Programm deinstallieren nicht möglich etc.etc. - Standard

Snap.do blockiert alles! Programm deinstallieren nicht möglich etc.etc.



Fehlende Rückmeldung
Dieses Thema wurde aus den Abos gelöscht. Somit bekomm ich keine Benachrichtigung über neue Antworten.
PM an mich falls Du denoch weiter machen willst. Keine Logfiles einsenden, nur kurzer Hinweis, nachdem du deine Logfiles hier eingestellt hast.

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen
__________________
Digitale Freibeuter gegen Malware!
Keine Hilfe per PM!

Antwort

Themen zu Snap.do blockiert alles! Programm deinstallieren nicht möglich etc.etc.
anfänger, blockiert, dateien, deaktiviert, entfernen, explorer, fehler, funktioniert, funktioniert nicht, hilfe!, internet, internet explorer, internet-explorer, kaspersky, kein internet, kein internetzugriff, microsoft, netzwerkverbindung, neue, neustart, nicht möglich, notebook, office, problem, programm, tool, zugriff



Ähnliche Themen: Snap.do blockiert alles! Programm deinstallieren nicht möglich etc.etc.


  1. Kann Snap.do & Snap.do engine gar nicht deinstallieren?
    Plagegeister aller Art und deren Bekämpfung - 12.09.2015 (3)
  2. kann Avira Antivir nicht deinstallieren (Errorcode 7), update nicht möglich.
    Antiviren-, Firewall- und andere Schutzprogramme - 15.06.2015 (28)
  3. Snap.do auf Laptop: erscheint in Systemprogramme, lässt sich jedoch nicht deinstallieren
    Log-Analyse und Auswertung - 26.04.2015 (22)
  4. Programm Zombie Invasion lässt sich nicht deinstallieren
    Plagegeister aller Art und deren Bekämpfung - 25.04.2015 (20)
  5. Zombienews - Programm läßt sich nicht deinstallieren
    Plagegeister aller Art und deren Bekämpfung - 12.03.2015 (3)
  6. Snap.do lässt sich nicht deinstallieren - taucht immer wieder in allen Browsern auf - Win 8.1 x64
    Log-Analyse und Auswertung - 23.10.2014 (15)
  7. Snap.Do Engine lässt sich unter Systemsteuerung nicht deinstallieren
    Plagegeister aller Art und deren Bekämpfung - 03.09.2014 (9)
  8. Snap.Do Engine läßt sich nicht deinstallieren
    Plagegeister aller Art und deren Bekämpfung - 27.10.2013 (19)
  9. snap.do lässt sich GAR NICHT deinstallieren
    Plagegeister aller Art und deren Bekämpfung - 24.10.2013 (13)
  10. Snap.do Engine lässt sich nicht deinstallieren
    Plagegeister aller Art und deren Bekämpfung - 16.10.2013 (23)
  11. Quick Share und Snap.do lassen sich nicht deinstallieren
    Plagegeister aller Art und deren Bekämpfung - 20.09.2013 (13)
  12. Iminent Programm lässt sich nicht deinstallieren
    Log-Analyse und Auswertung - 09.09.2013 (6)
  13. Snap Do Suchemaschine/Toolbar nicht zu deinstallieren und in Systemsteuerung unter Programmen nicht zu finden
    Plagegeister aller Art und deren Bekämpfung - 02.09.2013 (34)
  14. Snap.Do lässt sich nicht aus Systemsteuerung deinstallieren...
    Plagegeister aller Art und deren Bekämpfung - 23.08.2013 (36)
  15. QuickShare & Snap.do auf Rechner: Deinstallation nicht möglich
    Plagegeister aller Art und deren Bekämpfung - 23.06.2013 (33)
  16. Kann die Software "Snap.do" nicht deinstallieren?
    Plagegeister aller Art und deren Bekämpfung - 08.03.2013 (41)
  17. Antivirus Deinstallieren nicht möglich!?!
    Antiviren-, Firewall- und andere Schutzprogramme - 17.02.2009 (7)

Zum Thema Snap.do blockiert alles! Programm deinstallieren nicht möglich etc.etc. - Hallo! Ich bin absoluter Neuling und Anfänger hier, habe auch schon einige Threads zum Thema Snap.do gelesen. Nur leider half mir keines davon. Ich schildere daher neu: Meine Tochter wollte - Snap.do blockiert alles! Programm deinstallieren nicht möglich etc.etc....
Archiv
Du betrachtest: Snap.do blockiert alles! Programm deinstallieren nicht möglich etc.etc. auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.